7442 matches found
Free School Management Software 代码问题漏洞
Free School Management Software is a free and open source school software by Gosfem Individual Developer. A code issue vulnerability exists in Free school management software that stems from an unrestricted file upload vulnerability. An attacker could use this vulnerability to enable remote code...
VulnCheck KEV: CVE-2011-2474
Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.../../\ sequence in a path...
CVE-2021-43053
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another...
Design/Logic Flaw
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another...
Privilege escalation
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected...
CVE-2021-43053 TIBCO FTL Secret Exposure Vulnerability
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another...
KLA12421 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in .NET Framework can be exploited remotely to cause...
GSD-2022-1000008 faker.js 6.6.6 is broken and the developer has wiped the original GitHub repo
faker.js had it's version updated to 6.6.6 in NPM which reports it as having 2,571 dependent packages that rely upon it and the GitHub repo has been wiped of content. This appears to have been done intentionally as the repo only has a single commit so it was likjely deleted, recreated and a singl...
GSD-2022-1000007 colors.js 1.4.1 has an infinite loop added by the primary developer
colors.js had an infinite loop added by the primary developer in version 1.4.1 and 6.6.6 which was released on GitHub and NPM which reports it as having 3,179 dependent packages that rely upon it. Additionally the GitHub repo was wiped of all files. This appears to have been done intentionally in...
TIBCO Security Advisory: January 11, 2022 - TIBCO eFTL -2021-43055
TIBCO eFTL Token Caching Vulnerability Original release date: January 11, 2022 Last revised:--- CVE-2021-43055 Source: TIBCO SoftwareInc. Products Affected TIBCO eFTL - Community Edition versions 6.7.2 and below TIBCO eFTL - Developer Edition versions 6.7.2 and below TIBCO eFTL - Enterprise Editi...
TIBCO Security Advisory: January 11, 2022 - TIBCO eFTL -2021-43055
TIBCO eFTL Token Caching Vulnerability Original release date: January 11, 2022 Last revised:--- CVE-2021-43055 Source: TIBCO SoftwareInc. Products Affected TIBCO eFTL - Community Edition versions 6.7.2 and below TIBCO eFTL - Developer Edition versions 6.7.2 and below TIBCO eFTL - Enterprise Editi...
TIBCO Security Advisory: January 11, 2022 - TIBCO FTL -2021-43053
TIBCO FTL Secret Exposure Vulnerability Original release date: January 11, 2022 Last revised:--- CVE-2021-43053 Source: TIBCO SoftwareInc. Products Affected TIBCO FTL - Community Edition versions 6.7.2 and below TIBCO FTL - Developer Edition versions 6.7.2 and below TIBCO FTL - Enterprise Edition...
TIBCO Security Advisory: January 11, 2022 - TIBCO FTL -2021-43052
TIBCO FTL Secret Generation Vulnerability Original release date: January 11, 2022 Last revised:--- CVE-2021-43052 Source: TIBCO SoftwareInc. Products Affected TIBCO FTL - Community Edition versions 6.7.2 and below TIBCO FTL - Developer Edition versions 6.7.2 and below TIBCO FTL - Enterprise Editi...
PT-2022-1813 · Microsoft · Edge
Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to insufficient access controls in Microsoft Edge, allowing a remote attacker to elevate privileges in the system. This can enable the execution o...
Rearrange Woocommerce Products < 3.0.8 - Subscriber+ SQL Injection
The plugin does not have proper access controls in the saveallorder AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to modify arbitrary post content for example with an XSS...
WPLegalPages < 2.7.1 - Subscriber+ Arbitrary Settings Update to Stored XSS
The plugin does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting Run the below command in...
Pixel Update Bulletin—January 2022Stay organized with collectionsSave and categorize content based on your preferences.
The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2022-01-05 or later address all issues in this bulletin and all issues in the January 2022 Android...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:1632-1 Rating: important References: 1192310 1192734 1193519 1193713 Cross-References: CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012...
CVE-2021-4063
Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
DEBIAN-CVE-2021-4063
Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...