OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field. Date published : 2021-06-10 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MAT4ZSWPQ5SUTMYCXRXI5SMTWL4AG7E/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZHZD4WZDYRBB2XVW2EQ4DQ2KYMAGPUO/
PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation. Date published : 2021-06-10 https://github.com/likhihcv/PRTG_Network_Monitor_20.1.55.1775_CSRF
An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an...
An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of validation of the Java Version setting means that an unintended executable path can be set. The result is that high-privileged users can...
The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature. Date published : 2021-06-10 https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 https://github.com/nvbn/thefuck/releases/tag/3.31
In LabCup before
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to...
a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version...
Annex Cloud Loyalty Experience Platform
Annex Cloud Loyalty Experience Platform
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform
A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs....
Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false...
TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened...