Apache HTTP Server 2.4 vulnerabilities
Overview : In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might
Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys.
Overview : Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability.
Overview : Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can
CRLF/HTML entity injection with most recent version of PHPMyAdmin #16056
Overview : ** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences
In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.
Overview : In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.codeBeamer versions 9.5
Kubelet component in versions 1.15.0-1.15.9
Overview : The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial
NGINX Controller versions prior to 3.2.0,
Overview : In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can
TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms,
Overview : On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
[vc_row][vc_column][vc_column_text] Overview : Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
Overview : Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation. CVE-2020-10939
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
Overview : GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. References Note: References are provided for the convenience
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
Overview : Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission,
Overview : The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which
SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA)
Overview : An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02,
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers.
Overview : There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0
Overview : This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication
phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability
Overview : In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of
Common Vulnerabilities and Exposures Container Security cyber security news Web Application Firewall
Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account
Overview : cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the
Security issues for SAP products
Overview : Multiple issues was discovered in SAP products Affected Product(s) : SAP Solution Manager 720 SAP Enable Now before
Incorrect default permissions vulnerability in Dell Digital Delivery versions prior to 3.5.2015
[vc_row][vc_column][vc_column_text] Overview : Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged
LiveZilla blind Javascript Injection – Cross Site Scripting (XSS)
Overview : An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83
Overview : A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have
Wolf CMS versions 0.75 and below suffer from a persistent cross site scripting vulnerability
Overview : A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web