RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. Date published : 2021-05-18 https://tanzu.vmware.com/security/cve-2021-22117
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this...
An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage Date published : 2021-05-18 https://github.com/pluck-cms/pluck/issues/81
TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /evaluate/index.php page. The vulnerability...
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file. Date published : 2021-05-18 https://github.com/LibreDWG/libredwg/issues/248
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee. Date published : 2021-05-18 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BLSXGFK2NYPCJMPHSHE3W56ZU3ZO6RD7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZTTKZX274BVFZX7TMPEZG6UWL6UPMQF/
A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c (line 544 & line 545), which could cause a denial of service by submitting...
A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c:513:28, which could cause a denial of service by submitting a malicious jpeg image. Date published...
In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files. Date published : 2021-05-18 https://github.com/pluck-cms/pluck/issues/84
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). Date published : 2021-05-18 http://seclists.org/fulldisclosure/2021/May/14...
Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error....
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. Date published : 2021-05-18 http://seclists.org/fulldisclosure/2021/May/23...
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. Date published : 2021-05-18 http://seclists.org/fulldisclosure/2021/May/23...
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. Date published : 2021-05-18...