SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php.

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php.

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php.

A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensit...

Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit ...

Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files

The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.

libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read ...

TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils....

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially re...

An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired acces...

An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdr...

Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Sn...

Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electron...

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.

The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessi...

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in ...

The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure vi...

An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows remote attackers to upload any files to the /tmp directory of the device through the w...

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not corre...

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary f...