IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute...
HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has...
HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server’s filesystem due to an improper input validation, which results in the ability to...
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2...
OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function. Date published : 2021-04-26 https://github.com/C1inton/CVE-Record/blob/master/CVE%20Record/%5BCVE-2021-28399%5DOrangeHRM%204.7.md https://www.orangehrm.com/
Jamovi
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a...
An access control vulnerability in Hame SD1 Wi-Fi firmware
Prototype pollution vulnerability in ‘safe-obj’ versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution. Date published : 2021-04-26 https://github.com/mantacode/safe-obj/blob/6ab63529182b6cf11704ac84f10800290afd3f9f/lib/index.js#L122 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25928
Prototype pollution vulnerability in ‘safe-flat’ versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. Date published : 2021-04-26 https://github.com/jessie-codes/safe-flat/commit/4b9b7db976bba8c968354f4315f5f9c219b7cbf3 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25927
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing. Date published : 2021-04-26 https://github.com/C1inton/CVE-Record/blob/master/CVE%20Record/%5BCVE-2021-25839%5DMintHCM%203.0.8.md Home
The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload. Date published : 2021-04-26 https://github.com/C1inton/CVE-Record/blob/master/CVE%20Record/%5BCVE-2021-25838%5DMintHCM%203.0.8.md Home
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*s* sourceMappingURL=(.*). Date published :...
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip...