CVE-2021-0317

In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10...

FUEL CMS SQL注入漏洞

FUEL CMS is a content management system based on CodeIgniter. FUEL CMS 1.4.11 suffers from a SQL injection vulnerability. The vulnerability can be exploited by an attacker via the 'name' parameter in /fuel/permissions/create/ to compromise an application, access or modify data, or exploit a...

Rust Security Vulnerabilities

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in rusqlite crate before 0.23.0 for Rust, which stems from the ability to violate memory safety via the create module...

Zammad Account Enumeration Vulnerability

Zammad is a Web-based open source helpdesk/customer support system. An account enumeration vulnerability exists in Zammad versions prior to 3.4.1. The vulnerability can be exploited to guess valid user e-mail addresses via the "Create User" feature...

CVE-2020-26034

An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as...

Zammad 安全漏洞

Zammad is a Web-based open source helpdesk/customer support system. An account enumeration vulnerability exists in Zammad versions prior to 3.4.1. The vulnerability can be exploited to guess valid user e-mail addresses via the "Create User" feature...

The vulnerability of the llcp_sock_create function in the net/nfc/llcp_sock.c module of the AF_NFC module in the Linux operating system, related to default access rights settings, allows a attacker to compromise data integrity.

The vulnerability of the llcpsockcreate function in the net/nfc/llcpsock.c module of the AFNFC module in the Linux operating system is related to a lack of mechanisms for standard permissions. Exploiting this vulnerability could allow an attacker to compromise data integrity...

RHEL 8 : postgresql:9.6 (RHSA-2020:5661)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5661 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

RHEL 8 : postgresql:12 (RHSA-2020:5620)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5620 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

postgresql:12 security update

An update is available for pgaudit, postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database...

Google Asylo Buffer Error Vulnerability

Google Asylo is a framework for developing trusted applications from Google Inc. in the United States. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A security vulnerability exists in Google Asylo version 0.6.0 and...

CVE-2020-0440

In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Gallagher Group Command Centre Access Control Error Vulnerability

Gallagher Group Command Centre is a centralized control tool for Gallagher access control systems from Gallagher Group of New Zealand. An Access Control Error vulnerability exists in Gallagher Command Centre, which stems from an improper authentication vulnerability that allows an unauthenticated...

CVE-2020-35201

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS...

CVE-2020-35199

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS...

CVE-2020-35199

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS...

Cross site scripting

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS...

Cross site scripting

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS...

PT-2020-17288 · Ignite Realtime · Openfire

Name of the Vulnerable Software and Affected Versions: Ignite Realtime Openfire version 4.6.0 Description: The issue is related to a Stored XSS in the create-bookmark.jsp file, specifically with the groupchatJID parameter. This allows for potential malicious script execution. Recommendations: For...

PT-2020-17290 · Ignite Realtime · Ignite Realtime Openfire

Name of the Vulnerable Software and Affected Versions: Ignite Realtime Openfire version 4.6.0 Description: The issue is related to a Stored XSS in the create-bookmark.jsp file, affecting users. Recommendations: For Ignite Realtime Openfire version 4.6.0, consider restricting access to the...