This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function. Date published : 2021-02-15 https://github.com/418sec/huntr/pull/1329 https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. Date published : 2021-02-15 https://security.netapp.com/advisory/ntap-20210312-0006/ https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by...
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access...
IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting...
IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input...
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using...
CITSmart before 9.1.2.23 allows LDAP Injection. Date published : 2021-02-15 https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html http://packetstormsecurity.com/files/162181/CITSmart-ITSM-9.1.2.22-LDAP-Injection.html
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration...
A use-after-free flaw was found in D-Bus Development branch
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. Date published : 2021-02-15 https://community.open-emr.org/t/openemr-6-0-0-has-been-released/15732 CVE-2020-29143. SQL injection vulnerability in...
A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings. Date published : 2021-02-15...
A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. Date published : 2021-02-15 https://community.open-emr.org/t/openemr-6-0-0-has-been-released/15732 CVE-2020-29140. SQL injection vulnerability in...
A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter. Date published : 2021-02-15 https://community.open-emr.org/t/openemr-6-0-0-has-been-released/15732 CVE-2020-29139. SQL injection...