Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-39889: HackerOne

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.

CVE

Related news

CVE-2021-43397: Release Notes Version 3.6.x | LiquidFiles Documentation

LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin.

Ubuntu Security Notice USN-5132-1

Ubuntu Security Notice 5132-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, spoof another origin, or execute arbitrary code.

Ubuntu Security Notice USN-5127-1

Ubuntu Security Notice 5127-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

CVE-2020-23052

Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters.

CVE-2021-41564: TWCERT/CC台灣電腦網路危機處理暨協調中心-Tad Honor - Improper Authorization

Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in.

CVE-2021-41975: TWCERT/CC台灣電腦網路危機處理暨協調中心-Tad TadTools - Improper Authorization

TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in.

CVE-2021-41976: TWCERT/CC台灣電腦網路危機處理暨協調中心-Tad Uploader - Improper Authorization

Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in.

Ubuntu Security Notice USN-5107-1

Ubuntu Security Notice 5107-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof another origin, or execute arbitrary code.

CVE-2021-42091: Security Advisory ZAA-2021-08 | Zammad

An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.

CVE-2021-42087: Security Advisory ZAA-2021-15 | Zammad

An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.

CVE-2021-42088: Security Advisory ZAA-2021-12 | Zammad

An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.

CVE-2021-42085: Security Advisory ZAA-2021-17 | Zammad

An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.

CVE-2021-42089: Security Advisory ZAA-2021-13 | Zammad

An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.

CVE-2021-42086: Security Advisory ZAA-2021-09 | Zammad

An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.

CVE-2021-42084: Security Advisory ZAA-2021-11 | Zammad

An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.

CVE-2021-42090: Security Advisory ZAA-2021-14 | Zammad

An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.

CVE-2021-42094: Security Advisory ZAA-2021-18 | Zammad

An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.

CVE-2021-42092: Security Advisory ZAA-2021-16 | Zammad

An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.

CVE-2021-42093: Security Advisory ZAA-2021-10 | Zammad

An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.

CVE-2020-21648: file deletion vulnerability · Issue #9 · shadoweb/wdja

WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php.

CVE-2021-39351: wpBannerizeAdmin.php in wp-bannerize/trunk/Classes – WordPress Plugin Repository

The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows attackers to exfiltrate sensitive information from vulnerable sites. This issue affects versions 2.0.0 - 4.0.2.

Google to Enable Two-Factor Authentication for 150M More Users

The company also provided guidance on how to protect information stored in inactive accounts.

CVE-2021-39870: HackerOne

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call.

1Password and Fastmail Partner to Boost Online Privacy

Allows users to securely generate unique email aliases, adding an extra layer of online privacy.

CVE-2021-40651: Offensive Security’s Exploit Database Archive

OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.

Ubuntu Security Notice USN-5087-1

Ubuntu Security Notice 5087-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

CVE-2021-39339: Vulnerability Advisories - Wordfence

The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0.

CVE-2021-37909: TWCERT/CC台灣電腦網路危機處理暨協調中心-全景 TSSServiSignAdapter Windows版 - Improper Input Validation

WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code.

CVE-2021-40964: TinyFileManager Vulnerabilities

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.

CVE-2021-37414: Vulnerability: Improper Authorization Handling

Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.

CVE-2021-37414: Vulnerability: Improper Authorization Handling

Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows anyone to get a valid user's APIKEY without authentication.

CVE-2021-38324: Vulnerability Advisories - Wordfence

The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3.

CVE-2021-32535: TWCERT/CC台灣電腦網路危機處理暨協調中心-QSAN SANOS - Use of Hard-coded Credentials

The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.

CVE-2019-15597: HackerOne

A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.

CVE-2019-15599: HackerOne

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.

CVE-2019-7619: Elastic Stack 7.4.0 security update

Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.

CVE-2019-9530: VU#719689 - Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal

The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory.

CVE-2019-3816: 1667070 – (CVE-2019-3816) CVE-2019-3816 openwsman: Disclosure of arbitrary files outside of the registered URIs

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

CVE-2011-1943: oss-security - Re: CVE request: NetworkManager-openvpn logs cert password

The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907