CVE-2021-33605

Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 Vaadin 12.0.0 prior to 14.0.0, 2.0.0 prior to 3.0.0 Vaadin 14.0.0 prior to 14.5.0, 3.0.0 through 4.0.1 Vaadin 15.0.0 through 17.0.11, 14.5.0 through 14.6.7 Vaadin 14.5.0 through 14.6.7, and 18.0.0...

GSD-2021-1001237 KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow

KVM: PPC: Book3S: Fix HRTAS rets buffer overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.54 by commit...

in polonel/trudesk

💥 BUG Unprivileged user can subscribs others to a ticket 💥 IMPACT user with lower level permission can subscribe others to a ticket 💥 STEP TO REPRODUCE 1. First from admin goto http://localhost:8118/teams and create a team called team2.\ Now goto http://localhost:8118/accounts/agents and add new...

GSD-2021-1000334 dmaengine: idxd: Fix potential null dereference on pointer status

dmaengine: idxd: Fix potential null dereference on pointer status This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.38 by commit...

CVE-2018-9332

K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The impact is: gain privileges local...

CVE-2019-14477

AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is readable by low-privileged users and passwords in the database are weakly encoded or encrypted...

CVE-2020-8737

Improper buffer restrictions in the IntelR StratixR 10 FPGA firmware provided with the IntelR QuartusR Prime Pro software before version 20.1 may allow an unauthenticated user to potentially enable escalation of privilege and/or information disclosure via physical access...

8x8: Default Creds Spring Boot Admin

An instance hosting Spring Boot Admin was left exposed with default credentials set...

Path Traversal

There is a vulnerability in actionpackpage-caching that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

CVE-2020-7646

CVE-2020-7646 affects the curlrequest npm package up to version 1.0.1. The vulnerability arises from the file parameter being populated with user input, enabling reading of arbitrary files. NVD/NVD-derived metrics indicate a high to critical impact (CVSSv2 base score 7.5; CVSSv3.1 base score 9.8)...

Pandora FMS 7.0NG Remote Code Execution

Exploit Title: Pandora FMS 7.0NG - 'nettools.php' Remote Code Execution Build: PC170324 - MR 0 Date: 2020-03-30 Exploit Author: Basim Alabdullah Vendor homepage: http://pandorafms.org/ Version: 7.0 Software link: https://pandorafms.org/features/free-download-monitoring-software/ Tested on: CentOS...

galilea3.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1097894 Security Researcher kartikadak8 Helped patch 47 vulnerabilities Received 1 Coordinated Disclosure badges , a holder of 1 badges for responsible and coordinated disclosure, found a security vulnerability affecting galilea3.com website and its users. Following...

CVE-2020-3758

CVE-2020-3758 applies to Magento: affected versions include 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier. The issue is a stored cross-site scripting vulnerability that could lead to sensitive information disclosure. Multiple connected records confirm the sa...

singaporehardware.com.sg Cross Site Scripting vulnerability

Security Researcher NasurUllah Helped patch 1 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting singaporehardware.com.sg website and its users. Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Op...

Cross site scripting

Out of bound write can happen in WMI firmware event handler due to lack of validation of data received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &...

ohioleadership.org Cross Site Scripting vulnerability

Security Researcher Gh05tPT Helped patch 6836 vulnerabilities Received 10 Coordinated Disclosure badges Received 48 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting ohioleadership.org website and its users. Following...

10id.thor-hammer.me Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1024025 Security Researcher geeknik Helped patch 8847 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting 10id.thor-hammer.me websit...

CVE-2013-2255

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...

CVE-2019-17672

WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements...

CVE-2019-13309

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c...