Monthly Archive: May 2021

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim’s browser into triggering actions...

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs. Date published :...

Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files. Date published : 2021-05-24 https://github.com/dutchcoders/transfer.sh/pull/373 https://github.com/dutchcoders/transfer.sh/releases/tag/v1.2.4

Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. Date published : 2021-05-24 https://github.com/dutchcoders/transfer.sh/pull/373 https://github.com/dutchcoders/transfer.sh/releases/tag/v1.2.4

Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7 Date published : 2021-05-24 http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7

Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create...

Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private...

Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. Date published : 2021-05-24 https://store.steampowered.com/news/app/105600/view/3062989030626131236 https://terraria.fandom.com/wiki/1.4.2.3

Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it. Date published :...

An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML without authentication via the ‘return’ parameter in login.php. Date published...

An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard. Date published : 2021-05-24 https://github.com/dignajar/gris/issues/3

An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page. Date published : 2021-05-24 https://github.com/emlog/emlog/issues/74

The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input. Date published...

. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall...