CVE-2021-27648

Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors...

CVE-2021-27648

Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors...

Design/Logic Flaw

Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors...

CVE-2021-27648

Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors...

CVE-2020-36326

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...

Remote Code Execution and download tracking in Mintegral SDK

"This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google...

py vulnerable to Regular Expression Denial of Service

A denial of service via regular expression in the py.path.svnwc component of py aka python-py through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality...

SUSE: Security Advisory (SUSE-SU-2016:2904-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:2544-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:2613-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Nextcloud: Default Nextcloud Server and Android Client leak sharee searches to Nextcloud

On a clean Nextcloud setup the functionality "Search global and public address book for users" is enabled. Now when searching for a sharee to share with. The lookup parameter is not passed to the server. Resulting in...

Design/Logic Flaw

An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability...

CVE-2020-27228

OpenClinic GA 5.173.3 is affected by an installation-time privilege-escalation vulnerability (CVE-2020-27228). The underlying issue is an incorrect default permissions setup that permits modification of the OpenClinic MySQL service binary (example path: c:\projects\openclinic\mysql5\bin\mysqld.ex...

Cross site scripting

IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396...

Denial Of Service (DoS)

github.com/containers/storage/commit is vulnerable to Denial Of Service DoS. The decompression functionality allows an attacker to crash the application by pulling in malicious tools that resembles podman or cri-o during container image pulls...

CVE-2021-3487

There's a flaw in the BFD library of binutils. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption...

CVE-2021-30146

CVE-2021-30146 affects Seafile Server 7.0.5 (2019). The vulnerability is a Persistent XSS in the"share of library" feature, enabling malicious JavaScript execution. The attack path described in sources indicates an attacker with a local account can create a shared library containing injected scri...

CVE-2021-30140

CVE-2021-30140 affects LiquidFiles 3.4.15, which contains a stored cross-site scripting (XSS) vulnerability in the "+send email" feature when sending a file to an administrator. If the attached file has no extension and contains malicious HTML/JavaScript content (e.g., SVG with HTML), the payload...

Exploit for Cross-site Scripting in Seafile

CVE-2021-30146 Seafile 7.0.5 Persistent XSS Suggested descri...

PT-2021-18627 · Unknown · Liquidfiles

Name of the Vulnerable Software and Affected Versions: LiquidFiles versions 3.4.15 Description: The issue is related to stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML/JavaScript content,...