github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key....
An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file. Date published : 2022-05-31 http://webbank.com http://wecube.com
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. Date published : 2022-05-31 https://search.abb.com/library/Download.aspx?DocumentID=2%20CMT%200%200%206%200%208%206&LanguageCode=en&DocumentPartId=&Action=Launch
LinkPlay Sound Bar v1.0 allows attackers to escalate privileges via a hardcoded password for the SSL certificate. Date published : 2022-05-31 https://gist.github.com/zachi40/1f8d174939684c07f5e32ee039ce9acf
An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over the air. NOTE: This...
An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a local attacker to cause a denial of service or possibly achieve code execution. NOTE: This vulnerability only affects products...
An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service (daemon crash) via a malicious AX.25...
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. Date published : 2022-05-31 https://huntr.dev/bounties/cb4d0ab3-51ba-4a42-9e38-ac0e544266f1 https://github.com/polonel/trudesk/commit/a9e38f25c2af2722dee4fdafb2fb70d30d5106c5
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3. Date published : 2022-05-31 https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26 https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. Date published : 2022-05-31 https://huntr.dev/bounties/9-polonel/trudesk https://github.com/polonel/trudesk/commit/f739eac6fc52adc0cba83a49034100e5b99ac7c8
A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable,...
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. Date...
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw...
The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. Date published : 2022-05-31 https://www.cisa.gov/uscert/ics/advisories/icsa-22-146-01