Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. Date published : 2021-05-18...
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. Date published : 2021-05-18 http://seclists.org/fulldisclosure/2021/May/23...
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). Date published : 2021-05-18 http://seclists.org/fulldisclosure/2021/May/15 http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). Date published : 2021-05-18 http://seclists.org/fulldisclosure/2021/May/23...
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet....
In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks. Date published : 2021-05-18 https://github.com/BoostIO/Boostnote/issues/3178
Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax." Date published : 2021-05-18 https://github.com/Neeke/HongCMS/issues/11
An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered...
A flaw in Mozilla’s embedded certificate code might allow web sites to install root certificates on devices without user approval. Date published : 2021-05-17 https://bugzilla-dev.allizom.org/show_bug.cgi?id=406724
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The...
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices...
vmd through 1.34.0 allows ‘div class="markdown-body"’ XSS, as demonstrated by Electron remote code execution via require(‘child_process’).execSync(‘calc.exe’) on Windows and a similar attack on macOS. Date published : 2021-05-17 https://github.com/yoshuawuyts/vmd/issues/137
Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in...
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of...