CVE-2021-26194
An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_is_lexical_environment in the ecma-helpers.c file. Date published : 2021-06-10 https://github.com/jerryscript-project/jerryscript/issues/4445
An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_is_lexical_environment in the ecma-helpers.c file. Date published : 2021-06-10 https://github.com/jerryscript-project/jerryscript/issues/4445
Prototype pollution vulnerability in ‘set-getter’ version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. Date published : 2021-06-10 https://github.com/doowb/set-getter/blob/5bc2750fe1c3db9651d936131be187744111378d/index.js#L56 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25949
Prototype pollution vulnerability in ‘expand-hash’ versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. Date published : 2021-06-10 https://github.com/doowb/expand-hash/blob/556913f6c2f05848110b5b8261cfc78e5ce3dc77/index.js#L19 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25948
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. Date published : 2021-06-10 https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. Date published : 2021-06-10 https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. Date published : 2021-06-10 https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2...
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files. Date published : 2021-06-10...
This affects the package Flask-Unchained before 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such...
On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical...
On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of...
On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service’s temporary folder has weak file and folder permissions. Note: Software versions which have reached End of...
A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked...
A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without...