Mageia: Security Advisory (MGASA-2021-0315)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2022-12080 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The SetAutoUpgra...

EulerOS 2.0 SP9 : rpm (EulerOS-SA-2022-1035)

According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the...

Apache ShenYu Access Control Error Vulnerability (CNVD-2022-18269)

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the Apache Apache Foundation. Apache ShenYu has an Access Control Error vulnerability in versions 2.4.0 and 2.4.1 that stems from a lack of authentication of ShenYu Admin when registering over HTTP. A...

PT-2022-4786 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A buffer overflow vulnerability exists in the GetValue functionality. This issue is related to the copying of a buffer without checking the size of the input data when processing the netctr...

Reolink RLC-410W cgiserver.cgi Upgrade API denial of service vulnerability

Summary A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Reolink RLC-410W...

CVE-2022-21695 Improper Access Control in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users or unauthenticated in public mode can send messages without being visible in the list of chat participants. Th...

CVE-2021-36199

Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop...

CVE-2021-36199

Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop...

CVE-2021-36199 VideoEdge

Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop...

CVE-2021-42551 Reflected XSS in NetBiblio WebOPAC search functionality

Cross-site Scripting XSS vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does...

PT-2022-15861 · Jenkins · Jenkins Debian Package Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Debian Package Builder Plugin versions 1.6.11 and earlier Description: The issue allows agents to invoke command-line git at an attacker-specified path on the controller. This enables attackers who can control agent processes to invok...

repayDebt in Vault.sol could DOS functionality for markets

Handle p4st13r4 Vulnerability details Impact Any user can pay the debt for any borrower in Vault.sol, by using repayDebt. This function allows anyone to repay any amount of borrowed value, up-to and including the totalDebt value; it works by setting the debtstarget to zero, and decreasing totalDe...

CVE-2022-22114

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting XSS. The “search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s...

Cross site scripting

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting XSS. The “search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s...

CVE-2022-22114 Teedy - Reflected Cross-Site Scripting (XSS) in the Search Functionality

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting XSS. The “search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s...

Depositor can reenter contract on claim creation

Handle kenzo Vulnerability details This finding is almost identical to my previous finding "Claimer can reenter contract on claim creation", but in this scenario, the depositor can reenter via Depositors' safeMint function. When depositing, Depositors is minting the token using safeMint, which wi...

Weak Password Requirements in Daybyday CRM

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...

Huawei HarmonyOS has an unspecified vulnerability (CNVD-2022-08345)

Huawei HarmonyOS is an operating system from Huawei, China. A security vulnerability exists in a component of Huawei HarmonyOS, which provides a microkernel-based, fully-scoped distributed operating system. An attacker can exploit the vulnerability to cause abnormal system functionality...

Injection in UserFrosting

In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account...