IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836. Date published : 2021-04-26 https://www.ibm.com/support/pages/node/6445739...
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811. Date published...
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited...
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames. Date published : 2021-04-26 https://www.ibm.com/support/pages/node/6446699 https://exchange.xforce.ibmcloud.com/vulnerabilities/183904
** DISPUTED ** An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there’s an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer...
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. Date...
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin’s add users feature, and then get a reverse shell through Webmin’s running process feature. Date published :...
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin’s running process feature. Date published : 2021-04-25 http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html https://github.com/Mesh3l911/CVE-2021-31761
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin’s running process feature. Date published : 2021-04-25 https://github.com/Mesh3l911/CVE-2021-31760 https://github.com/electronicbots/CVE-2021-31760
Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service. The attack vector is sending a payload to port 189 (default root 0.0.0.0). Date published : 2021-04-25 https://pastebin.com/yv4ajFjD https://www.akuvox.com/ProductsDisp.aspx?pid=21
The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution. Date published : 2021-04-25 http://www.openwall.com/lists/oss-security/2021/04/25/2 https://framagit.org/medoc92/npupnp
Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed from the WAN side...
Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Date published : 2021-04-25 https://jpn.nec.com/security-info/secinfo/nv21-010.html https://jvn.jp/en/jp/JVN29739718/index.html
Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. Date published : 2021-04-25 https://jpn.nec.com/security-info/secinfo/nv21-010.html https://jvn.jp/en/jp/JVN29739718/index.html