Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-43397: Release Notes Version 3.6.x | LiquidFiles Documentation

LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin.

CVE

Related news

CVE-2021-42090: Security Advisory ZAA-2021-14 | Zammad

An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.

CVE-2021-42088: Security Advisory ZAA-2021-12 | Zammad

An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.

CVE-2021-42091: Security Advisory ZAA-2021-08 | Zammad

An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.

CVE-2021-42085: Security Advisory ZAA-2021-17 | Zammad

An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.

CVE-2021-42089: Security Advisory ZAA-2021-13 | Zammad

An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.

CVE-2021-42086: Security Advisory ZAA-2021-09 | Zammad

An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.

CVE-2021-42084: Security Advisory ZAA-2021-11 | Zammad

An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.

CVE-2021-42087: Security Advisory ZAA-2021-15 | Zammad

An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.

CVE-2021-42092: Security Advisory ZAA-2021-16 | Zammad

An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.

CVE-2021-42094: Security Advisory ZAA-2021-18 | Zammad

An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.

CVE-2021-42093: Security Advisory ZAA-2021-10 | Zammad

An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.

CVE-2021-39889: HackerOne

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.

CVE-2019-15599: HackerOne

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.

CVE-2019-15597: HackerOne

A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907