Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information. Date published : 2022-03-25 https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-02
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker...
The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying...
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node...
This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result...
Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process. Date published : 2022-03-25 https://note.youdao.com/s/918vCBNT
An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. Date published : 2022-03-25 https://github.com/yeswiki/yeswiki/commit/c9785f9a92744c3475f9676a0d8f95de24750094 https://huntr.dev/bounties/07f245a7-ee9f-4b55-a0cc-13d5cb1be6e0/
An XML External Entity (XXE) vulnerability exists in soa-model before 1.6.4 in the WSDLParser function. Date published : 2022-03-25 https://github.com/membrane/soa-model/commit/19de16902468e7963cc4dc6b544574bc1ea3f251 https://github.com/membrane/soa-model/commit/3aa295f155f621d5ea661cb9a0604013fc8fd8ff
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may...
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem...
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user,...
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. Date...
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor...
** DISPUTED ** The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful...