Emerson XWEB 300D EVO 3.0.7–3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal....
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password. Date published : 2021-12-30 https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe https://github.com/babelouest/glewlwyd/releases/tag/v2.6.1
Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device’s associated services are stored in plaintext on the device. For example, the admin password is stored in...
Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. When the software is installed with a non-default installation directory off of the system root, the installer fails to...
jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. The code for XSS payload is...
Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at...
Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file Date published : 2021-12-30 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4190.json https://gitlab.com/wireshark/wireshark/-/issues/17811
mruby is vulnerable to NULL Pointer Dereference Date published : 2021-12-30 https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28 https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file Date published : 2021-12-30 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4186.json https://gitlab.com/wireshark/wireshark/-/issues/17737
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file Date published : 2021-12-30 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4185.json https://gitlab.com/wireshark/wireshark/-/issues/17745
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file Date published : 2021-12-30 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4184.json https://gitlab.com/wireshark/wireshark/-/issues/17754
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file Date published : 2021-12-30 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4183.json https://gitlab.com/wireshark/wireshark/-/issues/17755
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file Date published : 2021-12-30 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4182.json https://gitlab.com/wireshark/wireshark/-/issues/17801
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file Date published : 2021-12-30 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4181.json https://gitlab.com/wireshark/wireshark/-/merge_requests/5429