Monthly Archive: June 2021

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to...

A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected...

A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a...

FDCMS (also known as Fangfa Content Management System) 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php. Date published : 2021-06-02 http://www.ttk7.cn/post-142.html

FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib/Action/FloginAction.class.php. Date published : 2021-06-02 http://www.ttk7.cn/post-141.html

A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting...

The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases. Date published...

Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp. Date published : 2021-06-02 https://github.com/LibRaw/LibRaw/commit/4feaed4dea636cee4fee010f615881ccf76a096d https://github.com/LibRaw/LibRaw/issues/330

The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to retrieve all databases....

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. Date published : 2021-06-02 https://trac.ffmpeg.org/ticket/8304

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c. Date published : 2021-06-02 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6f2a3958cfac135c60b509a61a4fd39432d8f9a9 https://trac.ffmpeg.org/ticket/8315

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c. Date published : 2021-06-02 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=673fce6d40d9a594fb7a0ea17d296b7d3d9ea856 https://trac.ffmpeg.org/ticket/8313

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. Date published : 2021-06-02 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=373c1c9b691fd4c6831b3a114a006b639304c2af https://trac.ffmpeg.org/ticket/8314

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. Date published : 2021-06-02 https://trac.ffmpeg.org/ticket/8303