Unable to see the analytics on ADM

Analytics data not visible on ADM...

CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

CVE-2020-36476

An issue was discovered in Mbed TLS before 2.24.0 and before 2.16.8 LTS and before 2.7.17 LTS. There is missing zeroization of plaintext buffers in mbedtlssslread to erase unused application data from memory...

Mitel MiCollab Man-in-the-Middle Attack Vulnerability

Mitel MiCollab is an enterprise collaboration software and tools platform solution. A man-in-the-middle attack vulnerability exists in the AWV and MiCollab Client Service components in Mitel MiCollab versions prior to 9.3. The vulnerability stems from insufficient control over TLS sessions. An...

Improper access control

The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users...

CVE-2021-32072

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information disclosing sensitive application data due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods...

CVE-2021-32071

The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users...

How to capture trace on ADM

How to capture trace on ADM...

Atlassian Jira 8.14.x < 8.15.1 Multiple Vulnerabilities (1/2)

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.12, 8.6.x 8.13.4 or 8.14.x 8.15.1. It is, therefore, affected by multiple vulnerabilities: - A DOM based Cross-Site Scripting XSS vulnerability caused by parameter...

Atlassian Jira 8.6.x < 8.13.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.12, 8.6.x 8.13.4 or 8.14.x 8.15.1. It is, therefore, affected by multiple vulnerabilities: - A DOM based Cross-Site Scripting XSS vulnerability caused by parameter...

CVE-2021-28805

Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versio...

Code injection

Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versio...

CVE-2021-28805 Inclusion of Sensitive Information in QSS

Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versio...

Reddit: XSS

hi security team i have found a XSS in old.reddit.com and in reddit.com Description: Cross-site scripting also known as XSS is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the...

Atlassian Jira Server and Data Center has an unspecified vulnerability (CNVD-2021-55942)

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA, which is a security vulnerability that could be...

The vulnerability of the Microsoft Quantum Development Kit for Visual Studio Code, related to the lack of data protection for service data, allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft Quantum Development Kit for Visual Studio Code, which is used for developing and optimizing quantum computing applications, relates to the lack of protection for application data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Directory traversal

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...

CVE-2021-26714

The CVE-2021-26714 entry affects Mitel MiContact Center Enterprise’s Enterprise License Manager portal prior to version 9.4, where insufficient access control allows Directory Traversal to view/modify application data. The issue is confirmed by multiple sources (NVD entry, Red Hat advisory, and M...

CVE-2021-26753

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

CVE-2021-26752

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...