types Archives

Advisory

Autodesk Fusion 360 <= 2.0.12887 parses SVG files with a vulnerable XML parser, leading to a Blind XML External Entities (XXE).

Leggi di più

pfSense <= 2.5.2 allows authenticated users to inject arbitrary sed-specific code, which leads to an Arbitrary File Write, resulting in a Remote Code Execution. The vulnerability is also exploitable through a Cross-Site Request Forgery.

Leggi di più

Visual Studio Code Remote Development Extension 1.50 failed to sanitize the host field before using it as an argument of the ssh command, allowing to inject a ProxyCommand option which could be used to run arbitray commands.

Leggi di più

Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the `snap_file` parameter in the `/it-IT/splunkd/__raw/services/get_snapshot` HTTP API endpoint. A 'low privileged' attacker can read any file on the target host.

Leggi di più

Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user's privileges, allowing a user to perform actions not belonging to his role.

Leggi di più

The OAuth flow implemented in Mattermost server v5.32 > v5.36 is affected by a reflected XSS. An unauthenticated attacker might gain access to the victim's session.

Leggi di più

A privileged user can obtain remote code execution on Q'center through a manipulated QPKG installation package.

Leggi di più

An unauthenticated attacker can inject JavaScript code on Q'center Virtual Appliance event log page.

Leggi di più

QNAP MusicStation and MalwareRemover pre-installed official apps are affected by an arbitrary file upload and a command injection, leading to pre-auth remote root command execution.

Leggi di più

The unprivileged user portal part of CentOS Web Panel is affected by SQL Injection and Command Injection vulnerabilities, leading to root Remote Code Execution.

Leggi di più