Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the...
Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the...
SSRF in URL file upload in Baserow
Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9. Date published : 2021-08-20 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22254.json https://gitlab.com/gitlab-org/gitlab/-/issues/300265
A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks. Date published : 2021-08-20 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22246.json https://gitlab.com/gitlab-org/gitlab/-/issues/280633
An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues. Date published : 2021-08-20 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22238.json https://gitlab.com/gitlab-org/gitlab/-/issues/332420
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the...
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from...
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from...
An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure of sensitive information. Date...
SafeCurl before 0.9.2 has a DNS rebinding vulnerability. Date published : 2021-08-20 https://github.com/vanilla/safecurl/pull/2 https://github.com/vanilla/safecurl/releases/tag/v0.9.2
An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file. Date published : 2021-08-20 SSD Advisory – rConfig Unauthenticated RCE
An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file. Date published : 2021-08-20 SSD Advisory – rConfig Unauthenticated RCE
A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website function. Date published :...