An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes,...
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo. Date published :...
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo. Date published : 2020-03-15 https://gist.github.com/bash-c/6ac238e8b15e60c9105e8cb6b42ec43c#file-v2rayl-lpe-exp1-sh
In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default....
antiX and MX Linux allow local users to achieve root access via "persist-config –command /bin/sh" because of the Sudo configuration. Date published : 2020-03-14 https://gist.github.com/bash-c/d2055b5047e56a0b49c95b461347c619#file-antix-exp-sh https://gist.github.com/bash-c/d2055b5047e56a0b49c95b461347c619#file-mx-exp-sh
An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1. Date published : 2020-03-14 https://blog.csdn.net/yalecaltech/article/details/104789626
An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions. Date published : 2020-03-14 https://github.com/meetecho/janus-gateway/pull/1990
An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash. Date published : 2020-03-14 https://github.com/meetecho/janus-gateway/pull/1993
An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times. Date published...
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn’t actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation. Date published...
An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge. Date published : 2020-03-14 https://github.com/meetecho/janus-gateway/pull/1988
An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data. Date published : 2020-03-14 https://github.com/psd-tools/psd-tools/pull/198 https://github.com/psd-tools/psd-tools/releases/tag/v1.9.4
The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers...