Monthly Archive: May 2022

There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS. Date published : 2022-05-26 https://github.com/mayah/tinytoml/issues/49

A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input leads to cross site scripting. It is...

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the...

Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. Date published : 2022-05-26 https://github.com/Piwigo/Piwigo/issues/1470

A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in...

An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. Date published : 2022-05-26...

An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. Date published : 2022-05-26 https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might...

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might...

Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions...

The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source. Date published : 2022-05-26 View post...

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. Date published : 2022-05-26 https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. Date published : 2022-05-26 https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x

An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Date published : 2022-05-26 https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58