PT-2021-14825 · Lantronix · Lantronix Premierwave 2050

Name of the Vulnerable Software and Affected Versions: Lantronix PremierWave 2050 version 8.9.0.0R4 Description: A directory traversal issue exists in the Web Manager FsTFtp functionality, allowing a specially crafted HTTP request to potentially overwrite FsTFtp files. This can be triggered by an...

PT-2021-14831 · Garrett Metal Detectors · Garrett Metal Detectors Ic Module Cma

Name of the Vulnerable Software and Affected Versions: Garrett Metal Detectors iC Module CMA version 5.0 Description: A stack-based buffer overflow issue exists in the CMA readfile function of the Garrett Metal Detectors iC Module. The iC Module provides an authenticated command-line interface ov...

PT-2021-22370 · Ibm · Ibm Spectrum Copy Data Management

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Copy Data Management versions 2.2.13 and earlier Description: The issue is related to weak authentication and password rules, and incorrect handling of default credentials for the Spectrum Copy Data Management Admin console...

PT-2021-16899 · Publify · Publify

Name of the Vulnerable Software and Affected Versions: publify versions v8.0 through v9.2.4 Description: The issue is related to stored XSS due to an unrestricted file upload. This allows a user with the publisher role to inject malicious JavaScript via an uploaded html file. Recommendations: For...

CVE-2021-38593 affecting package qt5-qtsvg 5.12.11-4

CVE-2021-38593 affecting package qt5-qtsvg 5.12.11-4. A patched version of the package is available...

PT-2021-23751 · Unknown · Sourcecodester Simple Subscription Website

Name of the Vulnerable Software and Affected Versions: Sourcecodester Simple Subscription Website version 1.0 Description: A SQL Injection issue exists via the login, allowing potential exploitation. Recommendations: For version 1.0, consider disabling the login functionality until a patch is...

PT-2022-11687 · Opensc +4 · Opensc +4

Name of the Vulnerable Software and Affected Versions: Opensc versions prior to 0.22.0 Description: A use after return issue was found in the insert pin function that could potentially crash programs using the library. Recommendations: For versions prior to 0.22.0, update to version 0.22.0 or lat...

PT-2022-4662 · Otrs +1 · Otrs +1

Name of the Vulnerable Software and Affected Versions: OTRS affected versions not specified Description: The issue is related to the lack of protection of the web page structure in the OTRS ticket request system's admin interface. This can be exploited by a remote attacker to conduct a cross-site...

CVE-2021-39189

Pimcore before version 10.1.3 is vulnerable to username enumeration through the forgot-password feature, enabling an attacker to infer valid usernames. The root cause is an observable response discrepancy in the lost-password flow. The issue is addressed in Pimcore 10.1.3; a patch can be applied ...

CVE-2021-28950 affecting package kernel 5.10.189.1-1

CVE-2021-28950 affecting package kernel 5.10.189.1-1. A patched version of the package is available...

CVE-2021-28660 affecting package kernel 5.10.161.1-1

CVE-2021-28660 affecting package kernel 5.10.161.1-1. A patched version of the package is available...

CVE-2021-29265 affecting package kernel 5.10.189.1-1

CVE-2021-29265 affecting package kernel 5.10.189.1-1. A patched version of the package is available...

CVE-2020-27171 affecting package kernel 5.10.189.1-1

CVE-2020-27171 affecting package kernel 5.10.189.1-1. A patched version of the package is available...

CVE-2020-35499 affecting package kernel 5.10.189.1-1

CVE-2020-35499 affecting package kernel 5.10.189.1-1. A patched version of the package is available...

CVE-2021-38203 affecting package kernel 5.10.189.1-1

CVE-2021-38203 affecting package kernel 5.10.189.1-1. A patched version of the package is available...

CVE-2008-4609 affecting package kernel 5.10.111.1-1

CVE-2008-4609 affecting package kernel 5.10.111.1-1. A patched version of the package is available...

Command injection

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software versions: Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability...

Input validation

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state in pallet-ethereum due to not validating the input data size. Any invalid...

PT-2021-22448 · Frontier +3 · Frontier +3

Name of the Vulnerable Software and Affected Versions: Frontier versions prior to commit 0b962f218f0cdd796dadfe26c3f09e68f7861b26 Description: A bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state due to not validating the input data size. Any invalid...

Design/Logic Flaw

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for...