3s-smart Software Solutions CODESYS Development System 安全漏洞

3s-smart Software Solutions CODESYS Development System is a suite of programming tools for the field of industrial controllers and automation technology from 3S-Smart Software Solutions 3s-smart Software Solutions, Germany. A security vulnerability exists in CODESYS Development System prior to...

CVE-2021-29239

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity...

Improper Verification Of Signature

Thunderbird is doing Improper Verification of Signature. If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice...

Open redirect via transitional IPv6 addresses on dual-stack networks

Impact Requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL...

CVE-2021-23991

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might...

CVE-2021-21392

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

CVE-2021-23991

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might...

Apache Synapse 输入验证错误漏洞

Apache Synapse is a lightweight ESB Enterprise Service Bus from the Apache Foundation USA. A security vulnerability existed prior to Synapse version 1.28.0, which stemmed from the fact that requests to user-provided domains were not limited to external IP addresses when Synapse used transitional...

GHSA-C5F8-35QR-Q4FM HTML injection in email and account expiry notifications

Impact The notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled ...

Invigo Automatic Device Management Session Validity Check Vulnerability

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A session validity check vulnerability exists in several management functions in...

CVE-2020-10581

Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management ADM through 5.0 allow remote attackers to read potentially sensitive data hosted by the application...

CVE-2020-10581

Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management ADM through 5.0 allow remote attackers to read potentially sensitive data hosted by the application...

CVE-2020-10581

Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management ADM through 5.0 allow remote attackers to read potentially sensitive data hosted by the application...

CVE-2020-10581

Invigo Automatic Device Management (ADM) up to version 5.0 contains multiple session validity check issues in several administration functions. The Red Hat/CVE, NVD, CNVD, CVE listings and related advisories describe a vulnerability that could allow remote attackers to read potentially sensitive ...

Invigo Automatic Device Management 安全漏洞

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A session validity check vulnerability exists in several management functions in...

The vulnerability of the SNMP proxy server Squid lies in the lack of resource release after the expiration of its valid period of operation. This allows a hacker to trigger a service failure.

The vulnerability of the SNMP proxy server Squid lies in the lack of resource release after the expiration of its valid period of operation. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

Design/Logic Flaw

While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a specific time while executing the storage SCM call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile,...

GHSA-V936-J8GP-9Q3P Open redirects on some federation and push requests

Impact Requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the...

Open redirects on some federation and push requests

Impact Requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the...

Matrix Synapse Input Validation Error Vulnerability

Matrix Synapse is an implementation of a matrix management server from the Matrix Foundation in the UK. A security vulnerability exists in Synapse that stems from a request to a user-provided domain being unrestricted by an external IP address when calculating key validity for third-party...