CVE-2022-21721 DOS Vulnerability in next.js

Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-...

CVE-2022-21721 DOS Vulnerability in next.js

Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-...

CVE-2022-21721 DOS Vulnerability in next.js

Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-...

CVE-2021-44364

CVE-2021-44364 affects the Reolink RLC-410W under vendor firmware version 3.0.0.136_20121102. The DoS arises from the cgiserver.cgi JSON command parser: a specially crafted HTTP body that uses a JSON array can trigger an assertion in the parser when a param is not an object, potentially killing t...

CVE-2021-40413

An incorrect default permission vulnerability exists in the cgiserver.cgi cgicheckability functionality of reolink RLC-410W v3.0.0.13620121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be...

CVE-2022-21217

An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability...

PT-2022-12080 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The SetAutoUpgra...

EulerOS 2.0 SP9 : rpm (EulerOS-SA-2022-1035)

According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the...

Mageia: Security Advisory (MGASA-2021-0315)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache ShenYu Access Control Error Vulnerability (CNVD-2022-18269)

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the Apache Apache Foundation. Apache ShenYu has an Access Control Error vulnerability in versions 2.4.0 and 2.4.1 that stems from a lack of authentication of ShenYu Admin when registering over HTTP. A...

PT-2022-4786 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A buffer overflow vulnerability exists in the GetValue functionality. This issue is related to the copying of a buffer without checking the size of the input data when processing the netctr...

Reolink RLC-410W cgiserver.cgi Upgrade API denial of service vulnerability

Summary A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Reolink RLC-410W...

CVE-2022-21695 Improper Access Control in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users or unauthenticated in public mode can send messages without being visible in the list of chat participants. Th...

CVE-2021-36199

Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop...

CVE-2021-36199

Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop...

CVE-2021-36199 VideoEdge

Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop...

CVE-2021-42551 Reflected XSS in NetBiblio WebOPAC search functionality

Cross-site Scripting XSS vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does...

PT-2022-15861 · Jenkins · Jenkins Debian Package Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Debian Package Builder Plugin versions 1.6.11 and earlier Description: The issue allows agents to invoke command-line git at an attacker-specified path on the controller. This enables attackers who can control agent processes to invok...

repayDebt in Vault.sol could DOS functionality for markets

Handle p4st13r4 Vulnerability details Impact Any user can pay the debt for any borrower in Vault.sol, by using repayDebt. This function allows anyone to repay any amount of borrowed value, up-to and including the totalDebt value; it works by setting the debtstarget to zero, and decreasing totalDe...

CVE-2022-22114

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting XSS. The “search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s...