Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.

...

CVE-2021-22226

Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9...

CVE-2021-22226

CVE-2021-22226 affects GitLab CE/EE where, under certain conditions, users could push to protected branches restricted to deploy keys. The fixed versions are GitLab 13.11.6, 13.12.6, and 14.0.2 (the issue exists in earlier 13.x/14.x releases). Impact centers on unintended bypass of branch protect...

GitLab访问控制错误漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An Access Control Error vulnerability exists in GitLab...

Advisory ROSA-SA-2021-1824

Software: dovecot 2.2.36 OS: Cobalt 7.9 CVE-ID: CVE-2019-10691 CVE-Crit: HIGH CVE-DESC: The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly cause the authentication service to fail by attempting to authenticate with an invalid UTF-8 sequence as the username. CVE-STATUS:...

Windows 11's Security Push Leaves Scores of PCs Behind

The minimum hardware requirements for Microsoft’s next operating system will leave plenty of PCs stranded...

SUSE: Security Advisory (SUSE-SU-2021:14753-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:14570-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-28713

Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The we...

CVE-2020-28713

Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The we...

CVE-2020-28713

Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The we...

Improper access control

Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The we...

UBUNTU-CVE-2020-28713

Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The we...

CVE-2020-28713

Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The we...

CVE-2020-28713

Night Owl Smart Doorbell FW 20190505 is affected by CVE-2020-28713 due to incorrect access control in the push notification service (PNS). The web service does not authenticate requests, allowing remote attackers to send push notification events to a user’s mobile app by replaying or crafting fal...

Night Owl Smart Doorbell FW 安全漏洞

Night Owl Smart Doorbell FW is a smart doorbell from Night Owl USA. A security vulnerability exists in Night Owl Smart Doorbell FW version 20190505 that allows a remote user to send push notification events via an exposed PNS server...

GHSA-X345-32RC-8H85 Denial of service attack via push rule patterns in matrix-synapse

Impact "Push rules" can specify conditions under which they will match, including eventmatch, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length...

Denial of service attack via push rule patterns in matrix-synapse

Impact "Push rules" can specify conditions under which they will match, including eventmatch, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length...

FreeBSD : py-matrix-synapse -- malicious push rules may be used for a denial of service attack. (278561d7-b261-11eb-b788-901b0e934d69)

Matrix developers report : 'Push rules' can specify conditions under which they will match, including eventmatch, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when...

DEBIAN-CVE-2021-29471

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...