Monthly Archive: March 2022

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server...

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web...

Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0. Date published : 2022-03-24 https://huntr.dev/bounties/7e50397b-dd63-4bb5-b56d-704094a7da45 https://github.com/horovod/horovod/commit/b96ecae4dc69fc0a83c7c2d3f1dde600c20a1b41

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. Date published : 2022-03-24 https://huntr.dev/bounties/841503dd-311c-470a-a8ec-d4579b3274eb https://github.com/forkcms/forkcms/commit/7a12046a67ae5d8cf04face3ee75e55f03a1a608

Cross-site Scripting (XSS) – Stored in GitHub repository forkcms/forkcms prior to 5.11.1. Date published : 2022-03-24 https://huntr.dev/bounties/b5b8c680-3cd9-4477-bcd9-3a29657ba7ba https://github.com/forkcms/forkcms/commit/981730f1a3d59b423ca903b1f4bf79b848a1766e

IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image. Date published : 2022-03-23 http://irfan.com...

ASUS AC68U

Asus RT-AC68U

Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0. Date published :...

Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%RazerSynapse3Servicebin even if %PROGRAMDATA%Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse...

Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). Date published : 2022-03-23 https://github.com/alibaba/Sentinel/issues/2451

Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1. Date published...

An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that can add the administrator account. Date published : 2022-03-23 https://github.com/hiliqi/xiaohuanxiong/issues/28

An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can modify administrator account’s password. Date published : 2022-03-23 https://github.com/hiliqi/xiaohuanxiong/issues/28