CVE-2021-25812

Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/setonlineclient...

Command injection

Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/setonlineclient...

China Mobile An Lianbao WF-1 router 操作系统命令注入漏洞

China Mobile An Lianbao WF-1 router is a router from China Mobile China. China Mobile An Lianbao WF-1 router 1.0.1 suffers from an operating system command injection vulnerability, which originates from api/zrDm/setzrDm, that can be exploited by a remote attacker to execute arbitrary commands via...

China Mobile An Lianbao WF-1 router 操作系统命令注入漏洞

China Mobile An Lianbao WF-1 router is a router from China Mobile China. China Mobile An Lianbao WF-1 router 1.0.1 suffers from an operating system command injection vulnerability, which originates in api/zrDm/setZRElink, that can be exploited by remote attackers to execute arbitrary commands via...

Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby

New research has uncovered privacy weaknesses in Apple's wireless file-sharing protocol that could result in the exposure of a user's contact information such as email addresses and phone numbers. "As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – ev...

PT-2021-19431 · Sipwise · Sipwise C5 Ngcp Www Admin

Name of the Vulnerable Software and Affected Versions: Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 Description: The issue concerns multiple authenticated stored and reflected XSS vulnerabilities. These occur when input passed via several parameters to...

rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses

REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

UBUNTU-CVE-2021-30020

In the function gfhevcreadppsbsinternal function in mediatools/avparsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps-numtilecolumns may be larger than sizeofpps-columnwidth, which results in a heap overflow in the loop...

OpenJPEG 输入验证错误漏洞

OpenJPEG is an open source JPEG 2000 codec written in C language . An integer overflow vulnerability exists in OpenJPEG version v2.4.0. An attacker can exploit the vulnerability by using the command line option "-ImgDir" on a directory containing 1048576 files to crash the program...

CVE-2021-0437

In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9...

Improper Control of Dynamically-Managed Code Resources in config-shield

scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...

GHSA-4JJ4-M52P-8RX3 Prototype pollution in set-object-value

Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution...

Prototype pollution in set-object-value

Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution...

GHSA-VP77-FQQP-79J8 Prototype Pollution in decal

This affects all versions of package decal. The vulnerability is in the set function...

Prototype Pollution in decal

This affects all versions of package decal. The vulnerability is in the set function...

PT-2021-8025 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the netfilter component of the Linux kernel, specifically with the nftables subsystem. It occurs when using connlimit in set elements, causing the memcp...

PT-2021-8272 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.4.0-70-generic 7818.04.1-Ubuntu Description: The issue is related to the Linux kernel's CIFS component, specifically with the return of an incorrect error code from the smb2 get enc key function. This can lead...

Prototype Pollution

Overview Prototype pollution vulnerability in set-or-get version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution. Recommendation Upgrade to version 1.2.11 or later References - CVE - WhiteSource Advisory...

GHSA-6RV4-4QV6-88G2 Prototype Pollution in set-or-get

Prototype pollution vulnerability in ‘set-or-get’ version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution...

VulnCheck KEV: CVE-2018-19986

In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $pathinfwan1."/web" internal...