User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial...
Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...
Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon...
Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile Date published : 2021-02-22 https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin
On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely. Date published : 2021-02-21 https://kc.mcafee.com/corporate/index?page=content&id=SB10356 NETSHIELD Corporation Nano 25...
URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path. Date published : 2021-02-21 https://advisory.checkmarx.net/advisory/CX-2021-4305 https://github.com/medialize/URI.js/commit/a1ad8bcbc39a4d136d7e252e76e957f3ece70839
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path. Date published : 2021-02-21 https://advisory.checkmarx.net/advisory/CX-2021-4306 https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). Date published : 2021-02-21 https://github.com/ArianeBlow/exploit-eyesofnetwork5.3.10/blob/main/PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py https://github.com/EyesOfNetworkCommunity/eonweb/issues/87
The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside." Date published : 2021-02-21 https://github.com/ArianeBlow/exploit-eyesofnetwork5.3.10/blob/main/PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py https://github.com/EyesOfNetworkCommunity/eonweb/issues/87
Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter. Date published : 2021-02-21 https://github.com/emoncms/emoncms/issues/1652
Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. Date published : 2021-02-21 https://security.gentoo.org/glsa/202105-06 https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md
Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. Date published : 2021-02-21 https://security.gentoo.org/glsa/202105-06 https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex). Date published : 2021-02-21 https://botan.randombit.net/news.html https://github.com/randombit/botan/compare/2.17.2…2.17.3
Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django...