Weekly Vulnerabilities Reports > April 5 to 11, 2021

Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord.

An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2.

An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2.

An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2.

Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.

Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.

A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device.

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers.

FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.

The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin.

Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9.

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device.

sopel-channelmgnt is a channelmgnt plugin for sopel.

OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results.

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context.

An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message.

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system (OS) of an affected device.

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system.

A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected Windows system.

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system.

Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data.

Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables

RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file.

In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together.

In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested.

In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context.

In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition.

An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication.

zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.

SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.

An issue was discovered in the id-map crate through 2021-02-26 for Rust.

An issue was discovered in the id-map crate through 2021-02-26 for Rust.

An issue was discovered in the id-map crate through 2021-02-26 for Rust.

An issue was discovered in the outer_cgi crate before 0.2.1 for Rust.

Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php.

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php.

There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution.

OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.

OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.

The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.

RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function.

RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function.

RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c.

SerenityOS Unspecified is affected by: Buffer Overflow.

The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly.

The Vangene deltaFlow E-platform does not take properly protective measures.

Composr 10.0.36 allows upload and execution of PHP files.

Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption.

Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.

Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username.

The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin.

When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account.

The LikeBtn WordPress Like Button Rating ? LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF).

Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers.

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers.

Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user.

An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.

An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.

An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application.

A privilege escalation vulnerability exists in Dream Report 5 R20-2.

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions.

AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process) and to interact with MSR registers.

In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string.

Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Wired Infrastructure and Networking

A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile

Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option.

A privilege escalation vulnerability exists in Dream Report 5 R20-2.

A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50.

Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.

The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter.

The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter.

The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter.

The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter.

The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter.

In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings.

In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files.

Mark Text through 0.16.3 allows attackers arbitrary command execution.

The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration.

VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration.

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.

Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp.

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1.

A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0.

Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin.

Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin.

Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin.

Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function.

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory.

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console.

CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter.

The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter.

Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions.

The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.

In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory.

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.

A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report.

In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid.

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device.

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device.

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device.

In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail.

Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin.

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user.

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user.

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user.

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user.

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.

Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.

Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.

Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier allows an attacker to create or overwrite files by leading a user to expand a malicious ZIP archives.

The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack.

There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page.

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.

The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection.

In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.

An issue was discovered in the Linux kernel through 5.11.11.

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console.

`projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`, `jest`, and more, from a well-typed definition written in JavaScript.

Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/test_version.asp.

LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator.

In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter.

The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized

In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue.

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names.

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.

In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem.

Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.

An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed.

An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.

The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check.

Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure.

An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.14.

On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password.

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.

A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.

In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate.

Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php.

CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.

OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.

Syncthing is a continuous file synchronization program.

ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.

A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.

Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.

Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.

iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information.

There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform.

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.

Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a crafted username.

The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability.

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device.

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser.

Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges.

The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.

Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

An issue was discovered in the Linux kernel before 5.7.

A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass.

A privilege escalation vulnerability exists in Dream Report 5 R20-2.

An issue was discovered in libezxml.a in ezXML 0.8.6.

Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment.

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.

Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.

Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp.

An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2.

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.

An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2.

The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26.

The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.

The Squirro Insights Engine was affected by a Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.0.0 up to and including 3.2.4.

Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page.

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create.

A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields.

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create.

A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user.

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization.

In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present.

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash.

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.

Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php.

A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names.

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type.

Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.

Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.

Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors.

Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remote attackers to inject an arbitrary script via unspecified vectors.

Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors.

Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors.

Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remote attackers to inject an arbitrary script via unspecified vectors.

Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS.

OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.

Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms.

VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service.

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.

Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.

Composr 10.0.36 allows XSS in an XML script.

The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category.

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue.

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current .

This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data.

The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.

Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS).

Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS).

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device.

Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed.

IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF).

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.

The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.

By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages.

The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.

The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.

The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.

The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.

In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection.

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd

fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations.

An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.

An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files.

An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software.

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang.

Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab.

A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields.

A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).

Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality."

The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page.

The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the “page_builder_data” parameter when performing the “wppb_page_save” AJAX action.

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter.

In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter.

In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter.

In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter.

In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter.

The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute.

Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL.

In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter.

The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.

The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue.

Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality.

Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post.

Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval.

A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found.

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.

IBM Edge 4.2 is vulnerable to cross-site scripting.

A stored HTML injection vulnerability exists in Knowage Suite version 7.1.

Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS).

A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.

Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.

An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.

A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.

A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.

AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow.

In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel.

An issue was discovered in the Linux kernel before 5.8.10.

An issue was discovered in the Linux kernel before 5.8.

Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values.

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used.

An issue was discovered on LG mobile devices with Android OS 11 software.

IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled.