Back to Blog
In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This affects the GanttProjectReader and PhoenixReader components. Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. Apache XML-RPC is no longer maintained and this issue will not be fixed. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.Ī CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.Īn untrusted deserialization was found in the .XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure.
0 Comments
Read More
Leave a Reply. |