The Shein Group Ltd. "SHEIN – Fashion Shopping" app — aka shein fashion-shopping/id878577184 — for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive...
The komoot GmbH "Komoot – Cycling & Hiking Maps" app before 9.3.2 — aka komoot-cycling-hiking-maps/id447374873 — for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and...
"Shpock Boot Sale & Classifieds" app before 3.17.0 — aka shpock-boot-sale-classifieds/id557153158 — for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via...
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it’s possible for a malicious user to construct a URL pointing to a Spark cluster’s UI’s job and stage info pages, and if...
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges...
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c. Date published : 2018-07-12 https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c. Date published : 2018-07-12 https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy. Date published : 2018-07-12 https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c. Date published : 2018-07-12 https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account’s email field. Date published : 2018-07-12 https://www.exploit-db.com/exploits/45127/ https://github.com/Creatiwity/wityCMS/issues/153
The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in...
The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file. Date published : 2018-07-12...
The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit...
In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd. Date published : 2018-07-12 https://github.com/caokang/waimai/issues/2