In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used. Date published : 2021-07-05 https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811
** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding. Date published : 2021-07-05...
A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive)....
SmarterTools SmarterMail before Build 7776 allows XSS. Date published : 2021-07-05 https://www.smartertools.com/smartermail/release-notes/current
This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as...
The Rocket.Chat desktop application 2.17.11 opens external links without user interaction. Date published : 2021-07-05 https://github.com/RocketChat/Rocket.Chat.Electron/pull/1710
An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer overflow. Date published : 2021-07-02 https://github.com/projectacrn/acrn-hypervisor/commit/25c0e3817eb332660dd63d1d4522e63dcc94e79a
An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL pointer dereference for vq->used. Date published : 2021-07-02 https://github.com/projectacrn/acrn-hypervisor/pull/6121/commits/131116b15b0e35a62085d23686b43ed1c12c1331
ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer. Date published : 2021-07-02 https://github.com/projectacrn/acrn-hypervisor/pull/6173/commits/330359921e2e4c2f3f3a10b5bab86942d63c4428
The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry. Date published : 2021-07-02 https://github.com/projectacrn/acrn-hypervisor/pull/6058/commits/f880086ffe5423e67d968c8f8f665954786582ce
The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/*.c. Date published : 2021-07-02 https://github.com/projectacrn/acrn-hypervisor/pull/6268/commits/dd88504804e186029f845a166dc5c31695e2cca2
ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference. Date published : 2021-07-02 https://github.com/projectacrn/acrn-hypervisor/commit/154fe59531c12b82e26d1b24b5531f5066d224f5
An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient...
An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily...