Information disclosure

DISPUTED An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. NOTE: third parties report that this is a site-specific problem...

LDAP authentication failed with error code 4003 and Group length is very large

One user cannot login Gateway with LDAP authentication and other users can login normally...

Qualcomm RFA Security Vulnerability

Qualcomm RFA is a Qualcomm Incorporated USA support component used in chips. A security vulnerability exists in Qualcomm RFA due to improper authentication of SPC code settings and device locking...

CVE-2020-23360

oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/passwordreset.php...

Identity governance: The power of “Why not?”

Innovation requires the courage to take risks and the leadership skills to show others that risks are worth taking. That’s why I love working with people like Joe Dadzie, a partner group program manager in identity governance. Joe has a long history of championing disruptive technology...

SUSE SLES15 Security Update : stunnel (SUSE-SU-2021:0194-1)

This update for stunnel fixes the following issues : Security issue fixed : The 'redirect' option was fixed to properly handle 'verifyChain = yes' bsc1177580. Non-security issues fixed : Fix startup problem of the stunnel daemon bsc1178533 update to 5.57 : - Security bugfixes - New features - New...

openSUSE Security Update : the Linux Kernel (openSUSE-2021-60)

The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2020-27835: A use after free in the Linux kernel infiniband hfi1 driver was found in the way user calls Ioctl after open dev file and fork. A local user could use thi...

SUSE-SU-2021:0194-1 Security update for stunnel

This update for stunnel fixes the following issues: Security issue fixed: - The 'redirect' option was fixed to properly handle 'verifyChain = yes' bsc1177580. Non-security issues fixed: - Fix startup problem of the stunnel daemon bsc1178533 - update to 5.57: Security bugfixes New features - New...

Design/Logic Flaw

The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version 1.0.336 and Xiaomi route RM1800 root version 1.0.26...

Receiver didn't send out ICA connection request to the VDA after getting Launch.ica file. Got error "Unknow client error 1110" after 3 or more minutes.

When try to launch desktop, we find ICA file can be downloaded successfully, but CD Viewer doesn't pop up or sometimes CD Viewer can pop up 3 minutes later but show unknown client error 1110 immediately. The only solution is to reset the user profile in the client. The issue is related to specifi...

Code injection

The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object including all metadata upon login via the REST API aam/v1/authenticate or aam/v2/authenticate. This is a security problem if this object stores information that the user is not supposed to have e.g.,...

CVE-2020-35934

The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object including all metadata upon login via the REST API aam/v1/authenticate or aam/v2/authenticate. This is a security problem if this object stores information that the user is not supposed to have e.g.,...

CS Money: Cookie poisoning leads to DOS and Privacy Violation

Summary, submitted by gatolouco requires no additions by us and fully expresses impact and reasons behind the vulnerability. Summary By change the value of the cookie avatar, a hacker could not only get information of the support agent IP address, but also disconnect all the supports without...

EulerOS 2.0 SP5 : cairo (EulerOS-SA-2020-2540)

According to the versions of the cairo packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in cairo 1.16.0. There is an assertion problem in the function cairoarcindirection in the file cairo-arc.c.CVE-2019-6461 ...

Huawei EulerOS: Security Advisory for cairo (EulerOS-SA-2020-2540)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-27825

A use-after-free flaw was found in kernel/trace/ringbuffer.c in Linux kernel before 5.10-rc1. There was a race problem in traceopen and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem DOS. This flaw could even allow a local attacker with special use...

Design/Logic Flaw

A use-after-free flaw was found in kernel/trace/ringbuffer.c in Linux kernel before 5.10-rc1. There was a race problem in traceopen and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem DOS. This flaw could even allow a local attacker with special use...

CVE-2020-27825

A use-after-free flaw was found in kernel/trace/ringbuffer.c in Linux kernel before 5.10-rc1. There was a race problem in traceopen and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem DOS. This flaw could even allow a local attacker with special use...

CVE-2020-27825

A use-after-free flaw was found in kernel/trace/ringbuffer.c in Linux kernel before 5.10-rc1. There was a race problem in traceopen and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem DOS. This flaw could even allow a local attacker with special use...

CVE-2020-27825

CVE-2020-27825: A use-after-free in Linux kernel kernel/trace/ring_buffer.c (before 5.10-rc1) enables a race between trace_open and cpu-buffer resize, allowing local DOS and potential information leaks. Affected: Linux kernel’s tracing ring buffer; root cause is a race on parallel CPU access. Mit...