CVE-2021-41790

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment...

CVE-2021-35632

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Data Dictionary. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQ...

AZL-6724 CVE-2021-35632 affecting package mysql for versions less than 8.0.28-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Data Dictionary. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQ...

UBUNTU-CVE-2021-35632

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Data Dictionary. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQ...

CVE-2021-35632

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Data Dictionary. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQ...

CVE-2021-35632

CVE-2021-35632 affects Oracle MySQL Server (Server: Data Dictionary). Affected: MySQL 8.0.26 and earlier. Description from the CVE notes an easily exploitable, local-privilege path that can cause a hang or complete DoS of MySQL Server. Connected documents corroborate that this CVE lies in the Dat...

Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-80243)

Oracle MySQL Server, a relational database from Oracle Corporation, has a security vulnerability in the Server: Data Dictionary component of Oracle MySQL Server 8.0.26 and earlier versions. An attacker could exploit this vulnerability to perform a denial of service DoS attack...

Oracle MySQL 输入验证错误漏洞

Oracle MySQL Server, a relational database from Oracle Corporation, has a security vulnerability in the Server: Data Dictionary component of Oracle MySQL Server 8.0.26 and earlier versions. An attacker could exploit this vulnerability to perform a denial of service DoS attack...

PT-2021-4711 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.26 and prior Description: The issue is related to insufficient input validation in the MySQL Server component, specifically the Data Dictionary. This can be exploited by a high-privileged attacker with logon to the...

Reconky - A Great Content Discovery Bash Script For Bug Bounty Hunters Which Automate Lot Of Task And Organized It

Reconky is a script written in bash to automate the task of recon and information gathering.This Bash Script allows you to collect some information that will help you identify what to do next and where to look for the required target. Usage ./reconky.sh Main-Features It will Gathers Subdomains wi...

Python < 3.5.10, 3.6.x < 3.6.12, 3.7.x < 3.7.9, 3.8.x < 3.8.4 Python Issue (bpo-41004) - Mac OS X

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

CVE-2021-37151

CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one aka Username...

CVE-2021-38567

An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. It mishandles missing dictionary entries, leading to a NULL pointer dereference, aka CNVD-C-2021-95204...

CVE-2021-38567

An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. It mishandles missing dictionary entries, leading to a NULL pointer dereference, aka CNVD-C-2021-95204...

PT-2021-22216 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Editor versions prior to 11.0.1 Foxit PDF Reader versions prior to 11.0.1 Description: The issue arises from the mishandling of missing dictionary entries, resulting in a NULL pointer dereference. Recommendations: For Foxit PDF Edit...

Foxit PDF Editor 代码问题漏洞

Foxit PDF Editor is a PDF editor from Foxit, a Chinese company. versions before Foxit PDF Reader 11.0.1 and PDF Editor 11.0.1 have a security vulnerability that stems from the application's incorrect handling of missing dictionary entries, which could be exploited by an attacker to cause NULL...

Using “Master Faces” to Bypass Face-Recognition Authenticating Systems

Fascinating research: "Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution." Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high...

EVlink City, EVlink Parking, EVlink Smart Wallbox Information Disclosure Vulnerability (CNVD-2021-62192)

Schneider Electric EVlink City, among others, is a charging solution for electric vehicle charging stations from the French company Schneider Electric. The EVlink City, EVlink Parking, and EVlink Smart Wallbox information disclosure vulnerability can be exploited by an attacker to gain knowledge ...

CVE-2021-22774

A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could lead an...

CVE-2021-22774

A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could lead an...