RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information. Date published : 2021-06-18 https://github.com/RIOT-OS/RIOT/commit/bc59d60be60dfc0a05def57d74985371e4f22d79 https://github.com/RIOT-OS/RIOT/issues/15927
RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information. Date published : 2021-06-18 https://github.com/RIOT-OS/RIOT/commit/07f1254d8537497552e7dce80364aaead9266bbe https://github.com/RIOT-OS/RIOT/pull/15930
RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to obtain sensitive information. Date published : 2021-06-18 https://github.com/RIOT-OS/RIOT/commit/609c9ada34da5546cffb632a98b7ba157c112658 https://github.com/RIOT-OS/RIOT/pull/15945
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information. Date published : 2021-06-18 https://github.com/RIOT-OS/RIOT/commit/85da504d2dc30188b89f44c3276fc5a25b31251f https://github.com/RIOT-OS/RIOT/pull/15947
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. Date published : 2021-06-18 https://github.com/SerenityOS/serenity/pull/5713 https://github.com/SerenityOS/serenity/issues/3991
No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file. Date published : 2021-06-18 https://github.com/Zettlr/Zettlr/issues/1716 https://github.com/Zettlr/Zettlr/releases/tag/v1.8.9
A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode. Date published : 2021-06-18 https://github.com/alagrede/znote-app/issues/5 https://www.electronjs.org/apps/znote
When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting...
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal...
VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed,...
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Date published : 2021-06-18 https://www.jenkins.io/security/advisory/2021-06-18/#SECURITY-2330 http://www.openwall.com/lists/oss-security/2021/06/18/1
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (uncompress_hdr_iphc)...
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG’s two RPL implementations...
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is...