A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues...
A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than...
A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user...
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer...
An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8. Date published : 2022-03-24 https://github.com/gongwalker/ApiManager/issues/26
A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password’s length is 0. Date published : 2022-03-24 https://github.com/ARMmbed/mbedtls/issues/5136
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability. Date published : 2022-03-24 https://github.com/halo-dev/halo/issues/1522
An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter. Date published : 2022-03-24 https://gitee.com/isoftforce/dreamer_cms/issues/I4F93V
A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . . Date published : 2022-03-24 https://github.com/yogeshojha/rengine/issues/460
An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function. Date published...
TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component AppManageControllerZhuantiController.class.php. Date published : 2022-03-24 https://github.com/yeyinshi/tuzicms/issues/11
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. Date published : 2022-03-24 https://github.com/eyoucms/eyoucms/issues/22 https://www.eyoucms.com/rizhi/
A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php. Date published : 2022-03-24 https://github.com/ionize/ionize/issues/403
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. Date published : 2022-03-24 https://gitee.com/surveyking/surveyking/issues/I4V05A