squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in...
tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options. Date published : 2021-09-13 https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41054 https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/
In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to...
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. Date...
Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind...
Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing...
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to...
A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted...
Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component. Date published : 2021-09-13 https://gibbonedu.org/ https://github.com/GibbonEdu/core/blob/v22.0.01/CHANGELOG.txt
ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain...
SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE. Date published : 2021-09-13 https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38833 https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/
body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) Date published : 2021-09-13 https://huntr.dev/bounties/1-other-fiznool/body-parser-xml https://github.com/fiznool/body-parser-xml/commit/d46ca622560f7c9a033cd9321c61e92558150d63
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. Date published : 2021-09-13 https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03 https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. Date published : 2021-09-13 https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03 https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/