An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33. Date published...
The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface....
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary write primitive...
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that...
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-of-bounds read that...
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120444 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbitrary read primitive...
An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate parameters, leading to a stack-based buffer overflow, which can lead to code execution or escalation of...
An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL. Date published : 2020-03-20 https://github.com/LINBIT/csync2/commit/416f1de878ef97e27e27508914f7ba8599a0be22
An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key. Date published : 2020-03-20...
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG...
An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()"...
RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. Date published : 2020-03-20 https://github.com/RainLoop/rainloop-webmail/commit/8eb4588917b4741889fdd905d4c32e3e86317693
An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands. Date published : 2020-03-20 ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DAP-1650/REVA/DAP-1650_REVA_RELEASE_NOTES_v1.04B02_J65H.pdf
The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism. Date published : 2020-03-20 https://plugins.trac.wordpress.org/changeset/2098577/wp-live-chat-support/trunk https://plugins.trac.wordpress.org/log/wp-live-chat-support/