257 matches found
Atlassian Jira 安全漏洞
Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Server and Data Center versions prior to 8.13.3 and versions 8.14.0 through...
Atlassian Jira 授权问题漏洞
Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira that stems from a bad access control vulnerability in the Issue Notification...
CVE-2021-26084
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before...
ObjectPlanet Opinio 安全漏洞
ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in ObjectPlanet Opinio versions prior to 7.14, which stems from the program allowing the injection of expression language via an administrative privilege list, which can be used to retrieve...
emlog SQL Injection Vulnerability
emlog is a powerful blog and CMS builder based on PHP and MySQL. A SQL injection vulnerability exists in emlog version 6.0.0-stable. An attacker can exploit this vulnerability to execute arbitrary SQL statements and query sensitive server data via admin/navbar.php?action=addpage...
resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling
A flaw was found in the RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. This flaw allows client users to obtain the server's potentially sensitive information when the server receives the WebApplicationException from the RESTEasy client call. The highest threat from this...
Information Disclosure using JQL function membersOf - CVE-2020-36286
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to a publicly...
resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling
A flaw was found in the RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. This flaw allows client users to obtain the server's potentially sensitive information when the server receives the WebApplicationException from the RESTEasy client call. The highest threat from this...
AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage
In the plugin, the file "resource/frontend/product/product-shortcode.php" responsible for the accessallyorderform shortcode is dumping serialize$SERVER, which contains all environment variables. The leakage occurs on all public facing pages containing the accessallyorderform shortcode, no login o...
wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...
CVE-2021-26956
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value...
OESA-2021-1008 freerdp security update
FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp.\r\n\r\n Security Fixes:\r\n\r\n libfreerdp/core/update.c in FreeRDP versions 1.1 through 2.0.0-rc4 has an...
resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling
A flaw was found in the RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. This flaw allows client users to obtain the server's potentially sensitive information when the server receives the WebApplicationException from the RESTEasy client call. The highest threat from this...
resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling
A flaw was found in the RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. This flaw allows client users to obtain the server's potentially sensitive information when the server receives the WebApplicationException from the RESTEasy client call. The highest threat from this...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
PT-2021-14078
Name of the Vulnerable Software and Affected Versions: acmailer versions 4.0.1 and earlier acmailer DB versions 1.1.3 and earlier Description: The issue allows remote attackers to execute an arbitrary OS command or gain administrative privilege, potentially resulting in the obtaining of sensitive...
VulnCheck KEV: CVE-2019-11581
Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution...
LSQuery - License Server Data Collection Tool
Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide access to the download location. LSQuery Created Date: April 24, 2012 Updated Date: September 13, 20...
The vulnerability of the smb_fdata() function in the tcpdump utility for intercepting and analyzing network traffic allows a hacker to induce a service failure.
The vulnerability of the smbfdata function smbutil.c in the tool for capturing and analyzing network traffic, tcpdump, is caused by an uncontrolled recursion. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
freerdp: double free in update_read_cache_bitmap_v3_order function
In FreeRDP greater than 1.2 and before 2.0.0, a double free in updatereadcachebitmapv3order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0...