Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST...
An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface...
The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%Zoom before installing an updated version of the client. Standard users are able to write to this directory, and...
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no...
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict...
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest...
A use-after-free flaw was found in the way samba AD DC LDAP servers, handled ‘Paged Results’ control is combined with the ‘ASQ’ control. A malicious user in a samba AD could use this flaw...
A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to...
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users Date published : 2020-05-04 https://www.us-cert.gov/ics/advisories/icsa-20-119-01
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users. Date published : 2020-05-04 https://www.us-cert.gov/ics/advisories/icsa-20-119-01
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the...
Calibre-Web 0.6.6 allows authentication bypass because of the ‘A0Zr98j/3yX R~XHH!jmN]LWX/,?RT’ hardcoded secret key. Date published : 2020-05-03 https://github.com/janeczku/calibre-web/pull/1337
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered. Date published : 2020-05-03 https://www.debian.org/security/2020/dsa-4674 https://security.gentoo.org/glsa/202007-41
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. Date published : 2020-05-03...