CVE-2021-22352

There is a Configuration Defect Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands...

Design/Logic Flaw

There is a Configuration Defect Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands...

CVE-2021-22352

CVE-2021-22352 describes a configuration defect vulnerability affecting Huawei smartphones running EMUI and Magic UI. The issue allows an attacker to hijack the device and forge the UI to induce users to execute malicious commands. Connected sources consistently reference a UI-forgery/processing‑...

CVE-2021-22352

There is a Configuration Defect Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands...

CVE-2021-22373

There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability...

isc-dhcp -- remotely exploitable vulnerability

Michael McNally reports: Program code used by the ISC DHCP package to read and parse stored leases has a defect that can be exploited by an attacker to cause one of several undesirable outcomes...

CVE-2021-28665

Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service...

SUSE: Security Advisory (SUSE-SU-2018:0694-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms

Summary TXSeries for Multiplatforms has addressed the following vulnerability reported by IBM® Runtime Environment Java™ Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to...

GHSA-7MPX-VG3C-CMR4 Improper Authentication in react-adal

This affects versions of react-adal 0.5.1. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is caused by h...

Kagemai Cross-Site Request Forgery Vulnerability

Kagemai is a defect tracking system used to share information about defects in software under development between development teams. A cross-site request forgery vulnerability exists in Kagemai 0.8.8. An attacker can exploit this vulnerability to hijack administrator authentication...

Redmine Cross-Site Scripting Vulnerability (CNVD-2021-27365)

Redmine is an open source, web-based project management and defect tracking tool. A cross-site scripting vulnerability exists in Redmine. An attacker can exploit this vulnerability via the backurl field to conduct a cross-site scripting attack...

Atlassian Jira Server and Data Center Cross-Site Scripting Vulnerability

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA. validation, an attacker could exploit the...

MantisBT Cross-Site Scripting Vulnerability (CNVD-2021-14399)

MantisBT is MantisBT Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations. A security vulnerability exists in MantisBT 2.24.3 and earlier versions, which stems from a custom field name n...

Security Bulletin: IBM Cloud Private is vulnerable to etcd vulnerabilities (CVE-2020-15106, CVE-2020-15112, CVE-2020-15113)

Summary IBM Cloud Private is vulnerable to etcd vulnerabilities Vulnerability Details CVEID: CVE-2020-15106 DESCRIPTION: etcd is vulnerable to a denial of service, caused by improper data validation in the decodeRecord method. By sending a specially crafted data, a remote authenticated attacker...

Atlassian Jira Cross-Site Scripting Vulnerability (CNVD-2021-13210)

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A cross-site scripting vulnerability exists in Atlassian Jira Server and Data Center, which stems from a lack of proper validati...

Atlassian Jira Information Disclosure Vulnerability (CNVD-2021-13209)

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. An information disclosure vulnerability exists in Atlassian Jira Server and Data Center, which arises from errors such as...

Atlassian Jira Server Template Injection Vulnerability

Atlassian JIRA Server is the server version of a defect tracking management system from Atlassian Australia. The system is mainly used for tracking and managing all kinds of issues and defects in the workplace. Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 suffer...

CVE-2021-22292

There is a denial of service DoS vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS...

Denial of service

There is a denial of service DoS vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS...