Monthly Archive: February 2021

An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4...

Traefik before 2.4.5 allows the loading of IFRAME elements from other domains. Date published : 2021-02-17 https://github.com/traefik/traefik/releases/tag/v2.4.5 https://github.com/traefik/traefik/pull/7904

VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve "Zugriff auf Inhalte der WebOffice Applikation." Date published : 2021-02-17 https://resources.weboffice.vertigis.com/WebOffice107/Patches/Readme_Patch_de.html#patch20210202 https://resources.weboffice.vertigis.com/WebOffice108/Patches/Readme_Patch_de.html#patch20210207

Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. Date published : 2021-02-17 https://github.com/bolt/core/pull/2371 https://github.com/bolt/core/releases/tag/4.1.13

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code. Date published : 2021-02-17 https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-irfanview-wpg/ https://www.irfanview.com/plugins.htm

The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code. Date published : 2021-02-17 http://packetstormsecurity.com/files/161449/IrfanView-4.57-Denial-Of-Service-Code-Execution.html https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-irfanview-wpg/

The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT. Date published : 2021-02-17 https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917 https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4

SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack. Date published : 2021-02-17 http://packetstormsecurity.com/files/161342/Doctor-Appointment-System-1.0-SQL-Injection.html https://naku-ratti.medium.com/doctor-appointment-system-1-0-authenticated-sql-dios-7689b1d30f5f

The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT. Date published : 2021-02-17 https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01 https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b

core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode. Date published : 2021-02-17 https://github.com/canarymail/mailcore2/commit/45acb4efbcaa57a20ac5127dc976538671fce018 https://apps.apple.com/us/app/canary-mail/id1236045954

PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php. Date published : 2021-02-17 https://packetstormsecurity.com/files/161267/Car-Rental-Project-2.0-Shell-Upload.html https://www.exploit-db.com/exploits/49520

avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack...

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be...

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to...