Monthly Archive: January 2022

MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. Date published : 2022-01-31 https://jira.mariadb.org/browse/MDEV-25636

MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. Date published : 2022-01-31 https://jira.mariadb.org/browse/MDEV-25761

MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. Date published : 2022-01-31 https://jira.mariadb.org/browse/MDEV-26351

MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. Date published : 2022-01-31 https://jira.mariadb.org/browse/MDEV-25637

MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). Date published : 2022-01-31 https://jira.mariadb.org/browse/MDEV-25766

Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters. Date published...

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter. Date published : 2022-01-31 https://github.com/Nguyen-Trung-Kien/CVE...

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly. Date published : 2022-01-31 https://github.com/0xADY/git_rce

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2)...

Authenticated remote code execution in MotionEye

Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function. Date published : 2022-01-31 https://medium.com/@mayhem7999/cve-2021-44114-957145c1773...

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution. Date published : 2022-01-31 https://www.printerlogic.com/security-bulletin/ http://printerlogic.com

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution. Date published : 2022-01-31 https://www.printerlogic.com/security-bulletin/ http://printerlogic.com

There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine...