UBUNTU-CVE-2021-27018

The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source...

Druid ingestion system Authenticated users can read data from other sources than intended

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...

CVE-2021-38137

creationtimestamp| type| source ---|---|--- 2021-08-06 18:32:28+00:00| seen| https://t.me/cibsecurity/26936...

USN-5030-1 libdbi-perl vulnerabilities

It was discovered that the Perl DBI module incorrectly opened files outside of the folder specified in the data source name. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2014-10402 It was discovered that the Perl DBI module incorrectly handled certain long...

AVEVA System Platform 访问控制错误漏洞

AVEVA System Platform is an application from AVEVA UK. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications. AVEVA System Platform is vulnerable to an Access Control Error vulnerability that arises from the software not properly...

The vulnerability of the Adobe Flash Player, related to a data source validation error, allows for the execution of arbitrary code.

The vulnerability of the Adobe Flash Player is related to a data source validation error. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of software such as Google Chrome, Firefox, Firefox ESR, and Thunderbird lies in a data source confirmation error, which allows attackers to gain access to confidential data.

The vulnerability of the Google Chrome, Firefox, Firefox ESR, and Thunderbird software lies in a data source confirmation error. Exploiting this vulnerability allows an attacker to gain access to confidential data remotely...

Privilege escalation

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...

CVE-2021-26920

The CVE-2021-26920 issue affects Apache Druid’s ingestion system: the HTTP InputSource can be used by authenticated users to read data from sources other than intended (e.g., local files) with the Druid server’s privileges. This is not a privilege elevation when accessed directly, since a Local I...

CVE-2021-32691

Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within t...

CVE-2021-32691

Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within t...

Information disclosure

Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within t...

CVE-2021-32691

CVE-2021-32691 affects Apollos Apps prior to v2.20.0, where new user registrations can access anyone’s account using only basic profile information (name, birthday, gender, etc.). This grants access to all app functionality and Rock-based links (e.g., giving, events). A patch exists in v2.20.0. A...

Monitor Windows Registry Changes with Qualys File Integrity Monitoring

With Windows registries storing a large number of programs and OS security settings and a large amount of raw data, threat actors have begun to use those registries as a data store for their malicious activity. It is therefore imperative for organizations to monitor changes in Windows registries ...

The vulnerability of the Data Source component of the Oracle CRM Technical Foundation system, which allows a malicious actor to gain unauthorized access to the device and disclose protected information.

The vulnerability of the Data Source component in the Oracle CRM Technical Foundation system relates to code errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device and disclose sensitive information through HTTP requests...

GHSA-58QP-5328-V7MH cumulative-distribution-function Infinite Loop vulnerability

Impact Apps using this library on improper data may crash or go into an infinite-loop In the case of a nodejs server-app using this library to act on invalid non-numeric data, the nodejs server may crash. This may affect other users of this server and/or require the server to be rebooted for prop...

Authorization Bypass

grafana is vulnerable to authorization bypass. A dashboard editor is able to bypass a permission check concerning a restricted data source...

CVE-2021-2251

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite component: Data Source. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM...

Design/Logic Flaw

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite component: Data Source. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM...

CVE-2021-2251

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite component: Data Source. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM...