CVE-2021-3421

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This...

CVE-2021-3421

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This...

CVE-2021-24289

There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin...

loewe.com Cross Site Scripting vulnerability OBB-2014944

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| loewe.com ---|--- Open Bug Bounty...

Code injection

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. ...

CVE-2021-21424

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. ...

CVE-2021-21424 Prevent user enumeration using Guard or the new Authenticator-based Security

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. ...

SUSE-SU-2021:1554-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.11+9 April 2021 CPU CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms bsc1185055 CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder...

Cross site scripting

An out-of-bounds write vulnerability exists in the importstl.cc:importstl functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-23012

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash...

Insecure Proxy Configuration in Hubs Cloud Reticulum — Mozilla

Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service...

CVE-2021-31411

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 Vaadin 14.0.3 through Vaadin 14.5.2, 3.0 prior to 6.0 Vaadin 15 prior to 19, and 6.0.0 through 6.0.5 Vaadin 19.0.0 through 19.0.4 allows local users to inject malicious code...

CVE-2021-31411

The CVE-2021-31411 issue affects com.vaadin:flow-server in these ranges: 2.0.9–2.5.2 (Vaadin 14.0.3–14.5.2), 3.0 before 6.0 (Vaadin 15 before 19), and 6.0.0–6.0.5 (Vaadin 19.0.0–19.0.4). Its root cause is insecure temporary directory usage during frontend rebuilds, allowing local users to inject ...

[SECURITY] Fedora 33 Update: libtpms-0.8.2-0.20210426git729fc6a4ca.fc33

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

Authentication flaw

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access...

Server side request forgery (ssrf)

An Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI =6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Sinc...

CVE-2020-22782

Etherpad 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance...

CVE-2020-22782

Etherpad 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance...

Design/Logic Flaw

Etherpad 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance...

CVE-2020-22782

Etherpad 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance...