A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. Date published : 2021-05-27 https://security.netapp.com/advisory/ntap-20210805-0009/ https://www.debian.org/security/2021/dsa-4929
There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad...
There is a denial of service vulnerability in the versions 10.1.0.126(C00E125R5P3) of HUAWEI Mate 30 and 10.1.0.152(C00E136R7P2) of HUAWEI Mate 30 (5G) . A module does not verify certain parameters sufficiently and it leads...
There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of...
There is a resource management error vulnerability in the verisions V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 of USG9500. An authentication attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper...
There is a denial of service vulnerability in the verisions V200R005C00SPC500 of S5700 and V200R005C00SPC500 of S6700. An attacker could exploit this vulnerability by sending specific message to a targeted device. Due to insufficient...
There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause...
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user...
Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr. Date published : 2021-05-27...
A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions. Date published :...
A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository’s notification. This flaw allows an attacker to trick a user into performing a...
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences. Date published : 2021-05-27 https://trac.ffmpeg.org/ticket/8236
A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service. Date published : 2021-05-27 https://trac.ffmpeg.org/ticket/8246
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences. Date published : 2021-05-27 https://trac.ffmpeg.org/ticket/8275 https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html