Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16. Date published : 2021-04-29 http://lists.live555.com/pipermail/live-devel/2021-March/021891.html
CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML Date published : 2021-04-29 https://anotepad.com/notes/2skndayt https://github.com/PHPFusion/PHPFusion/commit/08d6c2ea49bd06fcce32275252f5f25abe61965c
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks. Date published : 2021-04-29 https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix
Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the ‘ip’ parameter with a POST request to /api/ZRQos/set_online_client. Date published : 2021-04-29 http://iot.10086.cn/?l=en-us https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection.md
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to...
Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the ‘src_dport_start’, ‘src_dport_end’, and ‘dest_port’ parameters. Date published : 2021-04-29 https://github.com/pokerfacett/MY_REQUEST/blob/master/Mercury%20Router%20X18g%20v1.0.5%20Stored%20XSS.md https://www.mercurycom.com.cn/product-521-1.html
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. Date published : 2021-04-29 https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. Date published : 2021-04-29 https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. Date published : 2021-04-29...
fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file. Date published : 2021-04-29...
Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary...
systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter...
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of...
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module....