SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page. Date published : 2021-03-26 https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-5_release_notes.htm https://support.solarwinds.com/SuccessCenter/s/
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an...
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse...
Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. Date published : 2021-03-26...
A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45. Date published : 2021-03-26 https://bugzilla.redhat.com/show_bug.cgi?id=1922525 https://github.com/ImageMagick/ImageMagick/commit/6ee5059cd3ac8d82714a1ab1321399b88539abf0
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. Date published : 2021-03-26 https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html
In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach...
In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes. Date...
In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when...
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in...
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by...
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new. Date published : 2021-03-26 http://mayoterry.com/file/cve/XSS_vuluerability_in_Craftcms_3.1.31.pdf https://github.com/craftcms/cms/commit/76a2168b6a5e30144f5c06da4ff264f4eca577ff
Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter. Date published : 2021-03-26 http://mayoterry.com/file/cve/Remote_Code_Execution_Vulnerability_in_gridx_latest_version.pdf https://github.com/oria/gridx/issues/433
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause...