CVE-2021-40500

SAP BusinessObjects Business Intelligence Platform Crystal Reports - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the...

Code injection

SAP BusinessObjects Business Intelligence Platform Crystal Reports - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the...

CVE-2021-40500

SAP BusinessObjects Business Intelligence Platform Crystal Reports - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the...

DEBIAN-CVE-2021-3655

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory...

UBUNTU-CVE-2021-3655

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory...

Design/Logic Flaw

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory...

Chainlink - Use latestRoundData instead latestAnswer to run more validations

Handle adelamo Vulnerability details Impact UniswapV3Oracle.sol is calling latestAnswer to get the last WETH price. This method will return the last value, but you won't be able to check if the data is fresh. On the other hand, calling the method latestRoundData allow you to run some extra...

For chainlink oracle, use latestRoundData instead of latestAnswer to run more validations

Handle adelamo Vulnerability details Impact I would recommend using latestRoundData instead of latestAnswer. This way we can run extra validations and makes sure that the data is okay. roundId, rawPrice, , updateTime, answeredInRound = AggregatorV3InterfaceXXXX.latestRoundData; requirerawPrice 0,...

Use latestRoundData instead of latestAnswer

Handle adelamo Vulnerability details Impact Use latestRoundData instead of latestAnswer for chainlink Oracles in order to be able to run more validations like roundId, rawPrice, , updateTime, answeredInRound = AggregatorV3Interfacesource.source.latestRoundData; requirerawPrice 0, "Chainlink price...

SUSE: Security Advisory (SUSE-SU-2019:2975-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-7924

A validation flaw was found in mongodb. Due to the incorrect behavior of a specific command-line parameter in MongoDB Tools, which was originally intended to just skip hostname checks, all certificate validations by MongoDB could be skipped. The highest threat from this vulnerability is to data...

dpdk: librte_vhost Missing inputs validation in Vhost-crypto

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read...

CVE-2020-28870

In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/formpersonalization/jsonfp.php...

Code injection

In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/formpersonalization/jsonfp.php...

Information Disclosure

Google Chrome is vulnerable to information disclosure. A remote attacker could bypass navigation restrictions via a crafted HTML page due to insufficient policy validations...

[SECURITY] Fedora 33 Update: rubygem-activemodel-6.0.3.3-1.fc33

A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing...

Fedora: Security Advisory for rubygem-activemodel (FEDORA-2020-4dd34860a3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-15109

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the...

Joomla! 2.5.x < 3.9.17 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.9.17. It is, therefore, affected by multiple vulnerabilities : - Incorrect ACL checks in the access level section of comusers allow the unauthorized deletion of usergroups...

DRUPAL-CONTRIB-2020-019

The reCaptcha v3 module enables you to protect your forms using the Google reCaptcha V3. If the reCaptcha v3 challenge succeeds, all the other form validations are bypassed. This makes it possible for attackers to submit invalid or incomplete forms. This vulnerability only affects forms that are...