Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB)...
A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software. Date published : 2021-02-11 https://advisory.teradici.com/security-advisories/74/
An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code. Date published : 2021-02-11 https://advisory.teradici.com/security-advisories/75/
Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user’s password in the application logs. Date...
All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure. Date published : 2021-02-11 https://snyk.io/vuln/SNYK-JS-ISUSERVALID-1056766
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in...
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the...
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to ‘Administrator’. Date published : 2021-02-11 https://www.zerodayinitiative.com/advisories/ZDI-21-191/ https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. Date published : 2021-02-11 https://www.zerodayinitiative.com/advisories/ZDI-21-189/ https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. Date published : 2021-02-11 https://www.zerodayinitiative.com/advisories/ZDI-21-188/ https://www.zerodayinitiative.com/advisories/ZDI-21-190/
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Date published : 2021-02-11 http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02
vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform...
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g....
NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Prisma database adapter in conjunction with the Email provider...