3094 matches found
holz-becker.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1142773 Security Researcher Hchabik Helped patch 2358 vulnerabilities Received 5 Coordinated Disclosure badges Received 2 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting holz-becker.com website and...
CVE-2018-21073
An issue was discovered on Samsung mobile devices with N7.x and O8.0 Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8. There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 May 2018...
Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-32823)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A security vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to successfully boot a Samsung Galaxy Note8 device with root...
tweaksguide.com Cross Site Scripting vulnerability
Security Researcher geeknik Helped patch 8505 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting tweaksguide.com website and its users. Following coordinat...
Threat Analysis Unit (TAU) Threat Intelligence Notification: CoronaVirus Ransomware
"CoronaVirus" Ransomware has been found distributed via a phishing website. The malicious website will distribute a trojan downloader which then leads to downloading additional malicious payloads: the Kpot InfoStealer and Coronavirus Ransomware. "CoronaVirus" Ransomware will perform the deletion ...
Design/Logic Flaw
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature...
PT-2020-12447 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 8.10 through 12.9 Description: The issue is related to a Server-Side Request Forgery SSRF in the project import note feature. This allows an attacker to forge requests from the server, potentially leading to unauthorized acces...
AZL-6791 CVE-2019-20633 affecting package patch 2.7.6-8
GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...
CVE-2020-10847
An issue was discovered on Samsung mobile devices with P9.0 Galaxy S8 and Note8 software. Facial recognition can be spoofed. The Samsung ID is SVE-2019-16614 February 2020...
Microsoft RCE Vulnerabilities Affecting Windows, Windows Server
Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating systems. A remote attacker can exploit these vulnerabilities to take control of an affected...
GitLab: SSRF on project import via the remote_attachment_url on a Note
Summary The Note model has an attachment which is provided by a CarrierWave uploader: ruby mountuploader :attachment, AttachmentUploader One of the features this provides is the ability to download and attach a file via a url, see...
Avast Secure Browser 76.0.1659.101 Local Privilege Escalation Vulnerability
A local privilege escalation issue was discovered in Avast Secure Browser version 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe which is running as NT AUTHORITY\SYSTEM when AvastSecureBrowser.exe checks for new updates. Avast Secure Browser...
ONAP DCAE Access Control Error Vulnerability
The ONAP DCAE is a data collection, analysis, and event subsystem within the ONAP Project's suite of ONAP network management platforms. An Access Control Error vulnerability exists in ONAP DCAE Dublin and prior versions that stems from an access control error in the program. An attacker could...
Researchers Warn of Novel PXJ Ransomware Strain
Researchers have discovered a new strain of ransomware, dubbed “PXJ,” which emerged in the wild in early 2020. While PXJ performs functions similar to other ransomware variants, it does not appear to share the same underlying code with most known ransomware families, researchers said. They first...
Researchers Warn of Novel PXJ Ransomware Strain
Researchers have discovered a new strain of ransomware, dubbed “PXJ,” which emerged in the wild in early 2020. While PXJ performs functions similar to other ransomware variants, it does not appear to share the same underlying code with most known ransomware families, researchers said. They first...
Microsoft Server Message Block RCE Vulnerability
Microsoft has released a security advisory to address a remote code execution vulnerability CVE-2020-0796 in Microsoft Server Message Block 3.1.1 SMBv3. A remote attacker can exploit this vulnerability to take control of an affected system. SMB is a network file-sharing protocol that allows clien...
Design/Logic Flaw
nwbcext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbcext2int/ URI...
CVE-2015-7968
nwbcext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbcext2int/ URI...
tiberius is unmaintained
The author of tiberius has archived the GitHub repository and left the following note: I do not have the time to overhaul the library and do not intend to further maintain the 0.3 version relying on the old futures ecosystem. Suggested alternatives are: - odbc - sqlx forthcoming...
CVE-2013-3587
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of...