CVE-2020-35907

An issue was discovered in the futures-task crate before 0.3.5 for Rust. futurestask::noopwakerref allows a NULL pointer dereference...

Rust 资源管理错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. futures-task crate before 0.3.6 for Rust contains a security vulnerability that can be exploited by an attacker to potentially cause use-after-free in the case of non-static types...

Rust Code Issues Vulnerabilities

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A code issue vulnerability exists in Rust futures-task crate before 0.3.5, which stems from a noop waker ref that allows null pointer dereferencing...

Workspace App 1912.1000 - Workspace App Update removes user created shortcuts from Desktop

Consider the following scenario: Users have created shortcuts of published applications manually on their Desktop and have also pinned it to the task bar. When the Receiver is upgraded from 4.9.6001 to Workspace App for Windows 1912 or 2006, on the first launch of a published app, the shortcuts...

nopCommerce 跨站脚本漏洞

nopCommerce is a set of open source general e-commerce platform. A cross-site scripting vulnerability exists in nopCommerce Store version 4.30, which stems from the Schedule tasks name field not being effectively filtered for XSS statements. This vulnerability allows an attacker to inject an XSS...

XXL-JOB cross-site scripting vulnerability (CNVD-2021-44699)

XXL-JOB is a distributed task scheduling platform whose core design goals are rapid development, simple learning, lightweight and easy to extend. A stored cross-site scripting vulnerability exists in XXL-JOB 2.2.0 in the "Add User" section, which can be exploited to bypass a 20-minute vulnerabili...

kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free

A flaw was found in the Linux kernel’s implementation of the SAS expander subsystem, where a race condition exists in the smptasktimedout and smptaskdone in drivers/scsi/libsas/sasexpander.c. An attacker could abuse this flaw to corrupt memory and escalate privileges...

CVE-2020-15292

Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor IntPeGetDirectory, TOCTOU IntPeParseUnwindData or insufficie...

CVE-2020-27052

In getLockTaskLaunchMode of ActivityRecord.java, there is a possible way for any app to start in Lock Task Mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-27052

In getLockTaskLaunchMode of ActivityRecord.java, there is a possible way for any app to start in Lock Task Mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Code injection

In getLockTaskLaunchMode of ActivityRecord.java, there is a possible way for any app to start in Lock Task Mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

UBUNTU-CVE-2020-26412

Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2...

Courier Management System 1.0 - 'ref_no' SQL Injection

Exploit Title: Courier Management System 1.0 - 'refno' SQL Injection Exploit Author: Zhaiyi Zeo Date: 2020-12-11 Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...

Employee Performance Evaluation System 1.0 Cross Site Scripting

Exploit Title: Employee Performance Evaluation System 1.0 - ' Task and Description' Persistent Cross Site Scripting Date: 08/12/2020 Exploit Author: Ritesh Gohil Vendor Homepage: https://www.sourcecodester.com Software Link:...

Cross-Site Scripting (XSS)

php-horde is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user' s browser via the Color field in a Create Task List action...

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

Unbreakable Enterprise kernel security update

4.1.12-124.45.6 - qla2xxx: disable target reset during link reset and update version Quinn Tran Orabug: 32095664 - scsi: qla2xxx: Fix early srb free on abort Quinn Tran Orabug: 32095664 - scsi: qla2xxx: Fix comment in MODULEPARMDESC in qla2xxx Masanari Iida Orabug: 32095664 - scsi: qla2xxx: Enabl...

Task Center has an unauthorized access vulnerability

Task Center is a management system. An unauthorized access vulnerability exists in Task Center. An attacker could exploit this vulnerability to obtain sensitive information...

PESCMS Team Cross-Site Scripting Vulnerability

PESCMS TEAM is an open source team task management system under the GPLv2 license. a cross-site scripting vulnerability exists in PESCMS Team 2.3.2. An attacker can exploit this vulnerability to conduct cross-site scripting attacks...

CVE-2020-13773

Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frmsplitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frmsplitcollapse.aspx, /LDMS/alertlog.aspx, /LDMS/ServerList.aspx, /LDMS/frmcoremainfrm.aspx, /LDMS/frmfindfrm.aspx, /LDMS/frmtaskfrm.aspx, and /LDMS/querybrowsecomp.aspx...