Weekly Vulnerabilities Reports > December 27, 2021 to January 2, 2022

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

Microsoft SharePoint Elevation of Privilege Vulnerability

Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services.

ZTE BigVideo analysis product has an input verification vulnerability.

An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust.

An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700.

MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd0c689be0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind).

MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd6e029ee0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind).

vim is vulnerable to Use After Free

It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command.

vim is vulnerable to Use After Free

vim is vulnerable to Use After Free

An issue was discovered in the ckb crate before 0.40.0 for Rust.

An issue was discovered in the ckb crate before 0.40.0 for Rust.

Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability.

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.

mruby is vulnerable to Heap-based Buffer Overflow

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names.

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface.

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device.

Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials.

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability.

Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file

Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal.

This affects the package celery before 5.2.2.

Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service.

A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station.

Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication.

An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878).

Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module.

Nettmp NNT 5.1 is affected by a SQL injection vulnerability.

ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp.

An attacker may obtain the user credentials from the communication between the PLC and the software.

An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards.

basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication.

The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password.

An issue was discovered in the smallvec crate before 0.6.13 for Rust.

An issue was discovered in the actix-web crate before 0.7.15 for Rust.

An issue was discovered in the actix-web crate before 0.7.15 for Rust.

An issue was discovered in the actix-web crate before 0.7.15 for Rust.

An issue was discovered in the buffoon crate through 2020-12-31 for Rust.

An issue was discovered in the acc_reader crate through 2020-12-27 for Rust.

An issue was discovered in the acc_reader crate through 2020-12-27 for Rust.

An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust.

An issue was discovered in the binjs_io crate through 2021-01-03 for Rust.

An issue was discovered in the flumedb crate through 2021-01-07 for Rust.

An issue was discovered in the columnar crate through 2021-01-07 for Rust.

An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust.

An issue was discovered in the ash crate before 0.33.1 for Rust.

An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust.

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust.

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust.

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust.

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust.

An issue was discovered in the mopa crate through 2021-06-01 for Rust.

An issue was discovered in the molecule crate before 0.7.2 for Rust.

An issue was discovered in the ckb crate before 0.40.0 for Rust.

An issue was discovered in the tremor-script crate before 0.11.6 for Rust.

An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust.

An issue was discovered in the nanorand crate before 0.6.1 for Rust.

An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust.

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service (zebra or ripd).

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality.

Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface.

Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface.

All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability.

Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console.

A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.

Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.

Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges.

Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection.

Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.

Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense.

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write.

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner to any file on the system, allowing them to read all or some of the contents of those files.

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality.

Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections.

FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.

FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code.

An issue was discovered in gif2apng 1.9.

An issue was discovered in gif2apng 1.9.

An issue was discovered in gif2apng 1.9.

An issue was discovered in gif2apng 1.9.

An issue was discovered in gif2apng 1.9.

A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.

A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts.

ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.

An issue was discovered in the metrics-util crate before 0.7.0 for Rust.

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.

HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).

Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials.

Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device.

Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential.

Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability.

A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors.

https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control.

MinIO is a Kubernetes native application for cloud storage.

Gerapy is a distributed crawler management framework.

The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.

The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data.

The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user

SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting.

Hard coded credentials discovered in SolarWinds Web Help Desk product.

The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings.

Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality.

Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability.

Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input.

Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme.

IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.

Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask).

GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).

Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper).

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode).

vim is vulnerable to Out-of-bounds Read

Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file

admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.

Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams.

OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.

OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.

OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.

The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and set a malicious payload in the addon parameter.

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard.

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface.

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface.

Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext.

mruby is vulnerable to NULL Pointer Dereference

An improper authentication vulnerability has been reported to affect Android App Qfile.

A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information.

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information

An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks.

An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.

An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details.

An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust.

An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust.

An issue was discovered in the pnet crate before 0.27.2 for Rust.

An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust.

An issue was discovered in the bite crate through 2020-12-31 for Rust.

An issue was discovered in the vec-const crate before 2.0.0 for Rust.

An issue was discovered in the derive-com-impl crate before 0.1.2 for Rust.

An issue was discovered in the rdiff crate through 2021-02-03 for Rust.

An issue was discovered in the tremor-script crate before 0.11.6 for Rust.

An issue was discovered in the abomonation crate through 2021-10-17 for Rust.

An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust.

In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme.

Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.

Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls.

SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the component saskutil64.sys.

ZTE BigVideo Analysis product has a privilege escalation vulnerability.

DMP Roadmap before 3.0.4 allows XSS.

wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket).

wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket).

wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_HandlePacket and MqttClient_WaitType).

Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K::decompress (called from std::__1::__packaged_task_func<std::__1::__bind<grk::T1DecompressScheduler::deco and std::__1::packaged_task<int).

wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Disconnect (called from MqttClient_DecodePacket and MqttClient_WaitType).

wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Connect).

wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe).

wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe).

libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c).

libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c).

Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from CompileElseBlock and Compile_If).

Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Compile_LoopOrBlock and CompileBlockStatements).

Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from EvaluateExpression and InitDataSegments).

LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object).

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface.

iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabling DNS settings or modifying the range for IP addresses.

IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting.

Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Scripting (XSS) vulnerability.

An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8).

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Kazoo Server.

NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability.

SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability.

A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.

Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.

In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure.

A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL.

Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface.

IBM OPENBMC OP910 is vulnerable to cross-site scripting.

The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads

The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise and escape the gwolle_gb_user_email parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in an admin page

The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting

ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation (without knowledge of the key).

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update.

Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext.

Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page.

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device.

A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file.

In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page.

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.

In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor.

In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe.

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add.

Wiki.js is a wiki app built on node.js.

Wiki.js is a wiki app built on Node.js.

The Typebot | Build beautiful conversational forms WordPress plugin before 1.4.3 does not sanitise and escape the Publish ID setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend).

The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.

libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState<jxl::FrameDecoder::ProcessSections).

Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext.

jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications.

ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn't have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath.

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.