CVE-2020-35202

Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS...

CVE-2020-35200

Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability

Ignite Realtime Openfire is a cross-platform open source Real-Time Collaboration RTC server developed by the Ignite Realtime community in Java and based on XMPP formerly known as Jabber, Instant Messaging Protocol, which is capable of building efficient instant messaging servers and supporting te...

app.ariadust.dendrobium:app.ariadust.dendrobium.gradle.plugin (>=1.0.0 <=1.0.4), aspectj.AspectjGradlePlugin:aspectj.AspectjGradlePlugin.gradle.plugin (>=0.0.2 <=0.0.3) +3232 more potentially affected by CVE-2020-17521 via org.codehaus.groovy:groovy-all (>=2.0.0 <=2.4.20)

org.codehaus.groovy:groovy-all MAVEN version =2.0.0, =1.0.0, =0.0.2, =0.2.DEV, =0.2.DEV, =2.1.10, =2.0.0, =2.0.0, =3.5.4-rc.0, =3.5.9, =3.5.9, =3.5.15, =3.5.15, =3.6.0-rc.1 - au.com.dius:pact-jvm-consumer-junit2.10 =2.4.20 and more Source cves: CVE-2020-17521 Source advisory: OSV:GHSA-RCJJ-H6GH-J...

cn.ibizlab.plugin:ibiz-cloud-ai-baichuanai (>=8.1.0.371 <=8.1.0.578.187), cn.ibizlab.plugin:ibiz-cloud-ai-core (>=8.1.0.304 <=8.1.0.578.187) +438 more potentially affected by CVE-2020-17521 via org.codehaus.groovy:groovy-all (>=2.5.0 <=2.5.13)

org.codehaus.groovy:groovy-all MAVEN version =2.5.0, =8.1.0.371, =8.1.0.304, =8.1.0.371, =8.1.0.516, =8.1.0.304, =8.1.0.286, =8.1.0.286, =8.1.0.371, =8.1.0.371, =8.1.0.286, =8.1.0.286, =8.1.0.371, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.567.22 and more Source cves: CVE-2020-17521 Source...

CVE-2020-29595

PlugIns\IDEACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mode Write AV starting at IDEACDStd!JPEGTransW+0x00000000000031aa...

Fedora 33 : pacemaker (2020-3d0e38b9e7)

Wed Nov 18 2020 Klaus Wenninger - 2.0.5-0.7.rc3 - a little more syncing with upstream spec-file Tue Nov 17 2020 Klaus Wenninger - 2.0.5-0.6.rc3 - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc3 for full details, see included ChangeLog file or...

Fedora 32 : pacemaker (2020-2cbe0089e2)

Wed Nov 18 2020 Klaus Wenninger - 2.0.5-0.7.rc3 - a little more syncing with upstream spec-file - Tue Nov 17 2020 Klaus Wenninger - 2.0.5-0.6.rc3 - Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc3 for full details, see included ChangeLog file or...

WordPress Multiple Plugins / Themes Directory Traversal / File Download Vulnerability (HTTP)

Multiple WordPress Plugins / Themes are prone to a directory traversal or file download vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Remote Code Execution

unomi-plugins-base is vulnerable to arbitrary code execution. An insufficient fix for CVE-2020-11975 allows an attacker to bypass the allowlist and blocklist and remotely execute arbitrary code...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.11.318 jenkins-2-plugins security update

An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 7 : OpenShift Container Platform 3.11.318 jenkins-2-plugins (RHSA-2020:5102)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5102 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

HackerOne: Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos

@nagli found a misconfiguration in an interstitial page that could lead to a link to be indexed by a 3rd party. This could have exposed links to proof of concepts that HackerOne users had posted on hackerone.com. This affected a specific set of customers, which HackerOne worked together with to...

CVE-2019-7357

Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins...

Cross site request forgery (csrf)

Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins...

GNOME security, bug fix, and enhancement update

dleyna-renderer 0.6.0-3 - Add a manual Resolves: 1612579 frei0r-plugins 1.6.1-7 - Rebuild with newer annobin to fix rpmdiff problems - Fix the build with a newer opencv - Resolves: rhbz1703994 gdm 3.28.3-34 - Fix file descriptor leak Resolves: 1877853 3.28.3-33 - Fix problem with Xorg fallback...

ShowStopper - Anti-Debug tricks exploration tool

The ShowStopper project is a tool to help malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods. With this tool, you can attach a debugger to its process and research the debugger’s behavior for the...

Moderate: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

container-tools:2.0 bug fix update

An update is available for fuse-overlayfs, container-selinux, udica, toolbox, conmon, skopeo, python-podman-api, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

container-tools:1.0 bug fix and enhancement update

An update is available for fuse-overlayfs, container-selinux, oci-umount, runc, skopeo, slirp4netns, oci-systemd-hook, containernetworking-plugins, buildah, criu. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...