CVE-2021-36542

CVE-2021-36542 is a CSRF vulnerability in SeedDMS affecting op/LockDocument.php for SeedDMS 5.1.x below 5.1.23 and 6.0.x below 6.0.16. An authenticated user who visits a malicious page can cause the application to lock any document without the user’s knowledge. The NVD entry documents a CVSSv3.1 ...

Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results fr...

GHSA-9Q94-V7CH-MXQW Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results fr...

CVE-2021-24484

The getreports function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

Sql injection

The getreports function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

CVE-2021-24484

The CVE-2021-24484 entry concerns the WordPress plugin Secure Copy Content Protection and Content Locking (versions before 2.6.7). The vulnerability arises in the plugin’s get_reports() function, which did not whitelist/validate the orderby parameter before it is used in SQL statements passed to ...

CVE-2021-3667

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...

3xlogic 3xLogic Infinias eIDC32 信任管理问题漏洞

The 3xlogic 3xLogic Infinias eIDC32 is an access control controller from 3xLogic 3xlogic USA. A security vulnerability exists in the 3xLogic Infinias eIDC32, which allows an attacker to exploit the vulnerability to intercept channels that control the application of door locking policies...

CVE-2021-2402

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

UBUNTU-CVE-2021-2402

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-54391)

Oracle MySQL is an open source relational database management system from Oracle Corporation. A denial-of-service vulnerability exists in the Server: Locking component of Oracle MySQL Server 8.0.25 and earlier versions. An attacker can exploit this vulnerability to cause MySQL Server to hang or...

SUSE SLED15 / SLES15 Security Update : caribou (SUSE-SU-2021:2414-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2414-1 advisory. - A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications...

CVE-2021-2402

CVE-2021-2402 affects Oracle MySQL Server (component: Server: Locking); vulnerable in 8.0.25 and earlier. Description from connected advisories indicates an easily exploitable network-accessible issue that can cause a hang or crash (DoS) of MySQL Server with high privileges. Remediation is to app...

ALSA-2021:2714 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: sizet-to-int conversion vulnerability in the filesystem layer CVE-2021-33909 kernel: race condition for removal of the HCI controller CVE-2021-32399 For more details about the security...

RLSA-2021:2714 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: sizet-to-int conversion vulnerability in the filesystem layer CVE-2021-33909 kernel: race condition for removal of the HCI controller CVE-2021-32399 For more details about the security...

Oracle MySQL 输入验证错误漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation. A denial-of-service vulnerability exists in the Server: Locking component of Oracle MySQL Server 8.0.25 and earlier versions. An attacker can exploit this vulnerability to cause MySQL Server to hang or...

Amazon Linux 2 : grub2 (ALAS-2021-1684)

The version of grub2 installed on the remote host is prior to 2.06-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1684 advisory. 2024-02-29: CVE-2019-14865 was added to this advisory. A flaw was found in the grub2-set-bootflag utility of grub2. A local...

Apple iOS < 13.1 Multiple Vulnerabilities (HT210603)

Binary data appleios131check.nbin...

Malicious router can block cross-chain-transfers

Handle cmichel Vulnerability details Vulnerability Details The agreement between the user and the router seems to already happen off-chain because all the fields are required for the initial InvariantTransactionData call already. A router could pretend to take on a user's cross-chain transfer, th...

WordPress Secure Copy Content Protection and Content Locking plugin <= 2.6.6 - Authenticated Blind SQL Injection (SQLi) vulnerability

Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Secure Copy Content Protection and Content Locking plugin versions = 2.6.6. Solution Update the WordPress Secure Copy Content Protection and Content Locking plugin to the latest available version at lea...