A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js. Date published : 2021-02-18 https://security.netapp.com/advisory/ntap-20210326-0002/ https://github.com/progfay/scrapbox-parser/pull/519
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header. Date published : 2021-02-18 https://github.com/bokanrb/HostHeaderInjection-Askey
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS. Date published : 2021-02-18 https://github.com/bokanrb/XSS-Askey
An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges....
KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter. Date published : 2021-02-18 https://hacked0x90.net/index.php/2021/02/15/kollectapp-insecure-java-deserialization/
Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names. Date published : 2021-02-18 https://github.com/friendica/friendica/issues/9929
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in...
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. Date published : 2021-02-18 http://www.netis-systems.com.tw/ https://github.com/yhstar00/netis-route
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. Date published : 2021-02-18 https://github.com/chamilo/chamilo-lms/commit/d939402d83bf68af5377b629883d8e5437d843ec https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-45-2021-01-21-Moderate-impact-moderate-risk-XSS-vulnerability-in-agenda
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just...
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets. Date published :...
An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability. Date published : 2021-02-18 https://confluence.atlassian.com/jira/jira-server-for-slack-security-advisory-17th-february-2021-1044091690.html
The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components. Date published : 2021-02-18 https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609 https://github.com/PrismJS/prism/issues/2583
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at...