Design/Logic Flaw

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel...

CVE-2021-28931

Fork CMS 5.9.2 has an arbitrary file upload vulnerability that lets an attacker create or replace arbitrary files in the /themes directory by uploading a crafted ZIP via the Themes panel. CVSS metrics indicate a high impact (CVSS-3.1 base score 8.8, high confidentiality/ integrity/ availability i...

CVE-2021-28931

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel...

GitLab Access Control Error Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An access control error vulnerability exists in GitLab...

Fork CMS 代码问题漏洞

Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . Fork CMS has an arbitrary file upload vulnerability that can be exploited to create or replace arbitrary files in the themes directory with...

CVE-2021-22229

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member...

CVE-2021-22229

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member...

UBUNTU-CVE-2021-22229

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member...

Race condition

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member...

PT-2021-6483 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.8 and later Description: An issue has been discovered affecting GitLab CE/EE, where under a special condition, it was possible to access data of an internal repository through a project fork done by a project member...

Cross-Site Request Forgery in forkcms

Cross-site request forgery CSRF in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators...

GHSA-82XF-8H9P-C6QJ Cross-Site Request Forgery in forkcms

Cross-site request forgery CSRF in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators...

DEBIAN-CVE-2021-31317

Telegram Android 7.1.0 2090, Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device via a malicious animated...

CVE-2021-31318

Telegram Android 7.1.0 2090, Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a...

CVE-2021-31323

Telegram Android 7.1.0 2090, Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Heap Buffer Overflow in the LottieParserImpl::parseDashProperty function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via ...

DEBIAN-CVE-2021-31321

Telegram Android 7.1.0 2090, Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Stack Based Overflow in the graysplitcubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram's stack memory out-of-bounds on a victim device via a...

UBUNTU-CVE-2021-31323

Telegram Android 7.1.0 2090, Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Heap Buffer Overflow in the LottieParserImpl::parseDashProperty function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via ...

kernel: child process is able to access parent mm through hfi dev file handle

A flaw use after free in the Linux kernel infiniband hfi1 driver was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system...

kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...