Remotely alerts


on Oct. 7, 2021, 1:21 p.m.

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.

Learn more

Tags:  Tool Signature


on March 31, 2022, 6:23 p.m.

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.

Learn more

Tags:  Mailing ListTool Signature


on Feb. 28, 2022, 8:50 p.m.

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.

Learn more

Tags:  Third Party AdvisoryTool Signature


on Feb. 20, 2022, 6:06 a.m.

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.

Learn more

Tags:  Issue TrackingTool SignatureVDB EntryThird Party AdvisoryMailing ListPatch


on Aug. 24, 2020, 5:37 p.m.

A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.

Learn more

Tags:  PatchTool Signature


on July 28, 2020, 3:15 a.m.

jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.

Learn more

Tags:  ExploitIssue TrackingTool Signature


on Feb. 28, 2022, 7:52 p.m.

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as …

Learn more

Tags:  Issue TrackingPatchThird Party AdvisoryUS Government ResourceTool Signature


on Feb. 28, 2022, 7:46 p.m.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K …

Learn more

Tags:  Third Party AdvisoryVDB EntryTool SignatureVendor Advisory


on March 28, 2022, 1:18 p.m.

A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault …

Learn more

Tags:  Issue TrackingTool Signature


on May 24, 2022, 2:11 p.m.

This affects the package convict before 6.2.3. This is a bypass of [CVE-2022-22143]( The [fix]( introduced, relies on the startsWith method and does not prevent the vulnerability: before splitting the path, it checks if it starts with __proto__ or this.constructor.prototype. To bypass this check it's possible to prepend the dangerous paths with any string value …

Learn more

Tags:  Broken LinkRelease NotesTool Signature


on June 1, 2022, 12:16 a.m.

radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser.

Learn more

Tags:  ExploitIssue TrackingPatchTool Signature


on June 27, 2022, 8:49 p.m.

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=.

Learn more

Tags:  ExploitTool Signature


on June 27, 2022, 8:48 p.m.

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=.

Learn more

Tags:  ExploitTool Signature


on June 27, 2022, 8:47 p.m.

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=.

Learn more

Tags:  ExploitTool Signature