There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include:...
An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal. Date published : 2022-01-31 http://packetstormsecurity.com/files/165701/FAUST-iServer-9.0.018.018.4-Local-File-Inclusion.html http://www.land-software.de/lfs.fau?prj=iweb&dn=faust+iserver
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. Date...
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. Date published : 2022-01-31 https://advisories.stormshield.eu/ https://advisories.stormshield.eu/2021-007/
Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection. Date published : 2022-01-31 http://packetstormsecurity.com/files/165690/Alps-Alpine-Touchpad-Driver-DLL-Injection.html
This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic link is followed outside of the...
The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability is triggered when the archive is extracted upon calling uncompressTo()...
Use After Free in GitHub repository vim/vim prior to 8.2. Date published : 2022-01-30 https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38 https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Date published : 2022-01-30 https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31
Heap-based Buffer Overflow in Conda vim prior to 8.2. Date published : 2022-01-30 https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. Date published : 2022-01-30 https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369 https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92
Improper Access Control in Pypi calibreweb prior to 0.6.16. Date published : 2022-01-30 https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13 https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations. Date published : 2022-01-29 https://github.com/casdoor/casdoor/compare/v1.13.0…v1.13.1 https://github.com/casdoor/casdoor/issues/439
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload. Date published...