Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor.
STRINGPARAMETER INSTALLBUILDER PERSIST CODE
Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. Apache Tapestry 5.8.2 has a fix for this vulnerability. Specifically, this is about the regular expression used on the parameter of the .ContentType class. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete.
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.Īpache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/set_sys_time/` API is affected by a command injection vulnerability.Īttacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time. A specially-crafted network packets can lead to arbitrary command execution. Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.
Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters.
STRINGPARAMETER INSTALLBUILDER PERSIST SOFTWARE
Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO21171980 and T618 S/N 100647PRO21130111 through 100647PRO21183960 with software before allow physically proximate attackers to cause a denial of service (fall) by connecting the power cord to a 120V circuit (which may lead to self-starting at an inopportune time).
0 kommentar(er)
