Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter. Date published : 2021-08-24 PHILIPS – TASY EMR 3.06 – SQL INJECTION (CVE-2021-39375,CVE-2021-39376)
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. Date published : 2021-08-24 PHILIPS – TASY EMR 3.06 – SQL INJECTION (CVE-2021-39375,CVE-2021-39376)
detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No workaround...
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below...
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to [RFC 4343](https://datatracker.ietf.org/doc/html/rfc4343), Istio authorization policy should compare...
go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details...
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before...
In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file. Date published : 2021-08-24 https://sourceforge.net/p/plib/bugs/55/ https://lists.debian.org/debian-lts-announce/2021/10/msg00000.html
The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution. Date published : 2021-08-24 https://www.blacklanternsecurity.com/2021-08-23-Nascent-RemKon-CVEs/ https://www.nascent.com/single-post/2019/01/17/nascent-technology-releases-remkon-31-to-enhance-audio-experience
In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL. Date published : 2021-08-24 https://www.blacklanternsecurity.com/2021-08-23-Nascent-RemKon-CVEs/ https://www.nascent.com/single-post/2019/01/17/nascent-technology-releases-remkon-31-to-enhance-audio-experience
A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php. Date published...
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also...
includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection. Date published : 2021-08-24 https://github.com/RaspAP/raspap-webgui https://github.com/RaspAP/raspap-webgui/blob/0e1d652c5e55f812aaf2a5908884e9db179416ee/includes/configure_client.php
Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter. Date published : 2021-08-24 https://www.lg.com/uk/support/product/lg-N1T1DD1 https://www.lg.com/us/burners-drives/lg-N1T1-network-attached-storage