Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative...
NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially...
Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors. Date published...
DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program. Date published : 2021-04-25 https://jvn.jp/en/vu/JVNVU92898656/index.html https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html
Improper following of a certificate’s chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors. Date published : 2021-04-25 https://jvn.jp/en/vu/JVNVU92898656/index.html https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html
Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors. Date published : 2021-04-25 https://jvn.jp/en/vu/JVNVU92898656/index.html...
Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable...
Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and earlier, Aterm WG1200HS2 firmware...
The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR. Date published : 2021-04-24 https://mcyoloswagham.github.io/linux/
Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header. Date published : 2021-04-24 https://github.com/awillix/research/blob/main/cve/CVE-2021-31794.md https://www.directum.ru/
react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS. Date published :...
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow. Date published : 2021-04-24 https://sourceforge.net/p/ezxml/bugs/28/ https://lists.debian.org/debian-lts-announce/2021/07/msg00005.html
The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand. Date published : 2021-04-24 https://github.com/dramforever/vscode-ghc-simple/blob/master/CHANGELOG.md#v023 https://github.com/dramforever/vscode-ghc-simple/commit/bc7f6f0b857dade46ea51496d8bd1a4edef39b46
In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command. Date published : 2021-04-23 https://www.sentrysoftware.com/library/releaseNotes/index.html?hardwaresentrykmforpatrol10_0_01releasenotes.htm