[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 246942 Download | Alert*

Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler).

HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1.

The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access Control.

The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS.

The turn extension through 0.3.2 for TYPO3 allows Remote Code Execution.

The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF.

The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS.

VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests.

Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .

Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.


Pages:      Start    12472    12473    12474    12475    12476    12477    12478    12479    12480    12481    12482    12483    12484    12485    ..   24694

© SecPod Technologies