Design/Logic Flaw

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...

CVE-2020-25928

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: DNS response processing functions: dnsupcall, getoffset, dncsetanswer. The attack vector is: a specific DNS response packet. The code does not che...

CVE-2020-25927

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...

CVE-2020-25926

The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...

PT-2021-22497 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.11.19 Description: The issue allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files, bypassing the clean file output protection mechanism. This enables the execution of arbitrary code,...

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-68450)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering.The MPEG-4 decoding feature of GPAC Project on Advanced Content library 1.0.1 suffers from an integer...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

RHEL 8 : microcode_ctl (RHSA-2021:3176)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3176 advisory. The microcodectl packages provide microcode updates for Intel. Security Fixes: hw: Vector Register Data Sampling CVE-2020-0548 hw: L1D Cache...

CVE-2021-37710

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin...

CVE-2021-38751

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM...

Hardcoded credentials

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM...

CVE-2021-38751

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM...

CVE-2021-24362

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will b...

Shopware 跨站脚本漏洞

Shopware is an open source e-commerce software. cross-site scripting vulnerability exists in versions of Shopware prior to 6.4.3.1. An attacker can exploit the vulnerability to conduct cross-site scripting attacks via SVG media files...

Hospital Management System 跨站脚本漏洞

PHPGurukul Hospital Management System is a PHP and MySQL based hospital management system. PHPGurukul Hospital Management System is vulnerable to cross-site scripting, which can be exploited by attackers to execute js code via prescribe.php...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. 10Web â€" A cross-site scripting vulnerabilit...

GPAC 安全漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering.The MPEG-4 decoding feature of GPAC Project on Advanced Content library 1.0.1 suffers from an integer...

CVE-2021-31399

On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack...

RISC-V 注入漏洞

RISC-V is an open source instruction set architecture based on the principle of reduced instruction sets, which is easily interpreted as a form of "open source hardware" corresponding to the open source software movement. RISC-V suffers from an injection vulnerability that arises from an ambiguit...