Design/Logic Flaw

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient...

CVE-2021-43200

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient...

Jetbrains JetBrains TeamCity 安全漏洞

TeamCity, a Java-based build management and continuous integration server from JetBrains, has a security vulnerability in the "agent push" feature in versions prior to JetBrains TeamCity 2021.1.2. No details of the vulnerability are currently available...

Jetbrains JetBrains TeamCity 输入验证错误漏洞

TeamCity is a Java-based build management and continuous integration server from JetBrains. A remote code execution vulnerability exists in JetBrains TeamCity versions prior to 2021.1.2. The vulnerability can be exploited to achieve remote code execution via the "proxy push" feature...

Integrating Akamai mPulse with Consent Management Providers

Akamai mPulse is a real user monitoring solution, providing detailed information about the user experiences delivered by your web applications. mPulse can be configured within your Akamai property to automatically start collecting data from your customer visits. This initial setup will gather the...

CVE-2021-21940

A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2021-21941

A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution...

Anker Eufy Homebase 缓冲区错误漏洞

Anker Eufy Homebase is a wireless home security camera system from Eufy USA. A buffer error vulnerability exists in Anker Eufy Homebase that stems from the product's pushMuxer processRtspInfo failing to properly handle incoming special network packets. An attacker could cause a buffer overflow vi...

Telegram-powered bots circumvent 2FA

Two-factor authentication is a great way to protect your online accounts, and we always recommend you turn it on. But where users put up walls, you can be sure there are cybercriminals trying to break them down. Yesterday, security intelligence firm, Intel 147, revealed it had noticed an uptick o...

XML External Entity (XXE) Injection

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to XML External Entity XXE Injection. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: - Nokogiri::XML::SAX::Parse -...

DEBIAN-CVE-2021-39520

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service...

Apprise 资源管理错误漏洞

Apprise is used for push notifications on almost all platforms. Apprise suffers from a resource management error vulnerability that allows attackers to conduct ReDoS Regular Expression Denial of Service attacks...

The vulnerability of the push rules on the Synapse home server, related to uncontrolled resource consumption, allows a violator to trigger a service failure.

The vulnerability of the push rules on the Synapse home server is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Cross site scripting

The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedifymsg parameter found in the /includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8...

CVE-2021-38352 Feedify – Web Push Notifications <= 2.1.8 Reflected Cross-Site Scripting

The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedifymsg parameter found in the /includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8...

CVE-2021-38352

The CVE-2021-38352 entry concerns the WordPress plugin Feedify – Web Push Notifications . The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw triggered via the feedify_msg parameter in the file includes/base.php , affecting versions up to and including 2.1.8 . Successful exploitation...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

CVE-2021-32724

check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the...

check-spelling 日志信息泄露漏洞

check-spelling is a spell checker. check-spelling suffers from a log information disclosure vulnerability that allows an attacker to bypass the standard approval process to push commits to the repository, commits to the repository can then steal any/all secrets available to the repository...

Security update for SUSE Manager Client Tools (moderate)

openSUSE Security Update: Security update for SUSE Manager Client Tools Announcement ID: openSUSE-SU-2021:2675-1 Rating: moderate References: 1175478 1186242 1186508 1186581 1186650 1188846 SLE-18254 Cross-References: CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-29622 CVSS...