389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. The highest threat from this vulnerability is t...

CVE-2021-2330

Vulnerability in the Core RDBMS component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this...

CVE-2021-2330

Vulnerability in the Core RDBMS component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this...

CVE-2021-27338

Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter...

OPENSUSE-SU-2021:1058-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization bsc1173641 - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated...

CVE-2021-34190

A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module...

Cross site scripting

A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module...

CVE-2021-34190

A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module...

Issabel PBX 跨站脚本漏洞

Issabel PBX is a software application. A free and open source software that allows you to build communication tools for your organization. A cross-site scripting vulnerability exists in Issabel PBX that allows an attacker to execute arbitrary web scripts or HTML New Rates modules by entering a...

Cross site scripting

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module...

CMS Made Simple 跨站脚本漏洞

CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...

CVE-2021-28563

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by an Improper Authorization vulnerability via the 'Create Customer' endpoint. Successful exploitation could lead to unauthorized modification of customer data by an unauthenticated attacker. Access to...

CVE-2021-28563

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by an Improper Authorization vulnerability via the 'Create Customer' endpoint. Successful exploitation could lead to unauthorized modification of customer data by an unauthenticated attacker. Access to...

Authorization

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by an Improper Authorization vulnerability via the 'Create Customer' endpoint. Successful exploitation could lead to unauthorized modification of customer data by an unauthenticated attacker. Access to...

CVE-2021-28563 Magento Commerce improper Authorization via the 'Create Customer' endpoint

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by an Improper Authorization vulnerability via the 'Create Customer' endpoint. Successful exploitation could lead to unauthorized modification of customer data by an unauthenticated attacker. Access to...

GHSA-52QP-GWWH-QRG4 Missing Handler in @scandipwa/magento-scripts

Impact After changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec and logs commands, effectively making them unusable. Patches Version 1.5.3 contains patches for the problems described above. Workarounds Upgrade to patched or latest...

Missing Handler in @scandipwa/magento-scripts

Impact After changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec and logs commands, effectively making them unusable. Patches Version 1.5.3 contains patches for the problems described above. Workarounds Upgrade to patched or latest...

Auto-merging Person Records Compromised

Impact New user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within the app, as well as any authenticated links to Rock-based webpages such as giving and events. Patches We have...

CVE-2020-20467

White Shark System WSS 1.3.2 is vulnerable to sensitive information disclosure via defaulttaskadd.php, remote attackers can exploit the vulnerability to create a task...

Information disclosure

White Shark System WSS 1.3.2 is vulnerable to sensitive information disclosure via defaulttaskadd.php, remote attackers can exploit the vulnerability to create a task...