In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC...
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the...
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface. Date published : 2021-03-29 https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0002/FEYE-2021-0002.md
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface. Date published : 2021-03-29 https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0001/FEYE-2021-0001.md
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x:...
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x:...
Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Collaboration System V6.1SP1, via the ‘method’ parameter to ‘seeyon/hrSalary.do’. Date published : 2021-03-29 http://note.youdao.com/noteshare?id=29f908204968a79233c1c0c80a59f8ff&sub=AFA8E81AA31C4482974869C5DFE07033 http://note.youdao.com/noteshare?id=51d8946722c0304b5bfd72da03eaf013&sub=BDBAD6EDD2C941C18AB57141313AB5FE
Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page. Date published : 2021-03-29...
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the ‘recdata.db’ file to call a specially crafted GoAhead...
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with the "Operator" Privilege can gain admin privileges via a crafted request to ‘/goform/formUserMng’. Date published...
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. An unauthenticated attacker can reboot the device causing a Denial of Service, via a hidden reboot command to...
Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI. Date published : 2021-03-29 https://xn--sb-lka.org/cve/INSMA.txt
Redmine 4.1.x before 4.1.2 allows XSS because an issue’s subject is mishandled in the auto complete tip. Date published : 2021-03-28 https://www.redmine.org/issues/33846 https://www.redmine.org/projects/redmine/wiki/Security_Advisories
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string. Date published : 2021-03-27 https://github.com/microcosm-cc/bluemonday/releases/tag/v1.0.5 https://vuln.ryotak.me/advisories/4