Ella Core has a UE Security Capability bypass on NGAP PathSwitchRequest

Summary Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities for any UE with arbitrary values by sending a single crafted PathSwitchRequest...

Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and interpolated...

ink! 安全漏洞

ink! is an eDSL that writes smart contracts for blockchains built on the Substrate framework. A security vulnerability exists in ink! version 4.0.0 and earlier that stems from incorrect decoding of stored values when using DelegateCall...

UBUNTU-CVE-2020-35132

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via getrequest in lib/function.php...