Amazon Linux 2 : xorg-x11-server (ALAS-2020-1433)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1433 advisory. It was discovered that libX11 does not properly validate input coming from the server, causing XListExtensions and XGetFontPath functions to produce an invalid list of elements that in turn make...

IP Whitelisting Bypass

verbb/knock-knock is vulnerable to IP Whitelisting Bypass. It is due to the use of a flawed IP-Whitelisting mechanism of getting User IP , allowing bypass of IP whitelisting through X-Forwarded-For header manipulation...

Emercoin has a flawed logic vulnerability

Emercoin is a cryptocurrency. A security vulnerability exists in Emercoin 0.7 and earlier versions. An attacker could exploit the vulnerability to cause a denial of service...

Extreme CMS has a flawed logic vulnerability

Extreme CMS is an open source and free PHPCMS web content management system. Extreme CMS has a logic flaw vulnerability that can be exploited by attackers to obtain sensitive information...

Bluetooth Impersonation Attacks Affect Legions of Devices

Academic researchers have uncovered security vulnerabilities in Bluetooth Classic that allows attackers to spoof paired devices: They found that the bugs allow an attacker to insert a rogue device into an established Bluetooth pairing, masquerading as a trusted endpoint. This allows attackers to...

Cool Music for Android has a flawed logic vulnerability

Cool Music is an online digital music platform. A logic flaw vulnerability exists in CoolMusic for Android. An attacker can exploit the vulnerability to perform unauthorized operations...

CVE-2020-6861

A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host PC...

CVE-2020-6861

A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host PC...

Design/Logic Flaw

A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host PC...

CVE-2020-6861

A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host PC...

Hyperledger Iroha has a flawed logic vulnerability

Hyperledger Iroha is a distributed system for asset creation and management based on blockchain technology. A security vulnerability exists in Hyperledger Iroha versions 1.0beta and 1.0.0beta-1. An attacker can exploit the vulnerability by sending a specially crafted request to bypass signature...

DateMe has a flawed logic vulnerability

DateMe DMX is an Ether-based digital currency. An integer overflow vulnerability exists in the 'sell' function of DMX's smart contract implementation. An attacker could exploit the vulnerability to prevent the seller from accessing the assets due to the exchange...

Crowdnext has a flawed logic vulnerability

Crowdnext CNX is an Ether-based digital currency. An integer overflow vulnerability exists in the 'sell' function of CNX's smart contract implementation. An attacker could exploit the vulnerability to prevent the seller from accessing the assets due to the exchange...

Osmand Code Issue Vulnerability

Osmand is a mapping and navigation application for mobile platforms. A code issue vulnerability exists in Osmand 2.0.0 and prior versions. The vulnerability stems from an improperly designed or implemented code development process for a networked system or product. No detailed vulnerability detai...

CatfishCMS has a flawed logic vulnerability

CatfishCMS is open source and free PHP CMS web content management system. CatfishCMS has a logic flaw vulnerability that can be exploited by attackers to delete database information...

Cross-site Scripting (XSS)

johnpbloch/wordpress is vulnerable to cross-site scripting XSS. The vulnerability exists through a flawed sanitizing mechanism where wpfilterpostkses is used instead of wpfilterkses, allowing HTML tags to be passed and interpreted...

OTRS Code Issue Vulnerability

Open-source Ticket Request System OTRS is an open-source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the...

OSSEC-HIDS Code Issue Vulnerability

OSSEC-HIDS is an open source intrusion detection tool. OSSEC-HIDS is vulnerable to a code issue. The vulnerability stems from an improperly designed or implemented code development process for a network system or product. An attacker could exploit this vulnerability to cause a denial of service...

DSMall has a flawed logic vulnerability

DSMALL is a large B2B2C multi-user mall system , enterprise-class e-commerce mall system , code open source . DSMall there are logical flaws vulnerabilities , attackers can exploit the vulnerability to delete any account invoice information...

Easy XML Editor Code Problem Vulnerability

Easy XML Editor is an XML editor. A code issue vulnerability exists in Easy XML Editor v1.7.8 and prior versions. The vulnerability stems from an improperly designed or implemented code development process for a web-based system or product. No detailed vulnerability details are provided at this...