7 matches found
Incorrect Authorization
Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Incorrect Authorization via the defVals parameter in the Edit Document Controller. An attacker can insert unauthorized data into restricted database fields by...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990242)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990242 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: betop: check shape of output reports betopffinit only checks the total sum of the report...
CVE-2020-11212
Out of bounds reads while parsing NAN beacons attributes and OUIs due to improper length of field check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...
GHSA-99VM-5V2H-H6R6 Directus allows updates to non-allowed fields due to overlapping policies
Summary If there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allowed to update the superset of fields allowed by any of the policies. E.g. have one policy...
Improper Input Validation
froxlor/froxlor is vulnerable to Improper Input Validation. The vulnerability is due to validation.js which does not effectively handle whitespace inputs in the form fields, which allowed users to escape the mandatory field checks...
OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...