CVE Brief Security Intelligence

Type confusion in V8 in Google Chrome prior to 140

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a denial of service (DoS) condition

A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software

A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to become blocked and drop all outbound traffic

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Dawn in Google Chrome prior to 140

Use after free in WebRTC in Google Chrome prior to 140

Heap buffer overflow in ANGLE in Google Chrome prior to 140

The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable

Integer overflow in V8 in Google Chrome prior to 140

Integer overflow in V8 in Google Chrome prior to 140

A flaw has been found in Magnetism Studios Endurance up to 3

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station

A vulnerability in Apache IoTDB

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network

Memory corruption due to global buffer overflow when a test command uses an invalid payload type

Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or execute arbitrary code

Buffer overflow vulnerability in Tenda AC9 1

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad Software Inc

A vulnerability was identified in Tenda AC21 16

A flaw was found in Libtiff

Datart 1

A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length

Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set

Flag Forge is a Capture The Flag (CTF) platform

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file

NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq

NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection

NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection

Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake

Memory corruption while performing private key encryption in trusted application

memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency

Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers

Memory corruption while processing message in guest VM

Memory corruption while processing data sent by FE driver

Memory corruption while handling repeated memory unmap requests from guest VM

Memory corruption due to double free when multiple threads race to set the timestamp store

Memory corruption while encoding the image data

Memory corruption while handling invalid inputs in application info setup

Flag Forge is a Capture The Flag (CTF) platform

Improper authorization in the background migration endpoints of Langfuse 3

A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1

Free5gc 4

A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4

Transient DOS while parsing the EPTM test control message to get the test pattern

Transient DOS while handling command data during power control processing

Transient DOS while processing power control requests with invalid antenna or stream values

Horilla is a free and open source Human Resource Management System (HRMS)

mpregular is a package that provides a small program development framework based on RegularJS

Flag Forge is a Capture The Flag (CTF) platform

A vulnerability was detected in Campcodes Computer Sales and Inventory System 1

A flaw has been found in Campcodes Computer Sales and Inventory System 1

A vulnerability has been found in Campcodes Computer Sales and Inventory System 1

A vulnerability was found in SourceCodester Pet Grooming Management Software 1

A vulnerability was determined in 1000projects Bookstore Management System 1

A vulnerability was identified in itsourcecode Open Source Job Portal 1

A weakness has been identified in SourceCodester Pet Grooming Management Software 1

A security vulnerability has been detected in code-projects Online Bidding System 1

A vulnerability was detected in code-projects Online Bidding System 1

A flaw has been found in Reservation Online Hotel Reservation System 1

A security flaw has been discovered in Campcodes Gym Management System 1

A security flaw has been discovered in Campcodes Point of Sale System POS 1

Horilla is a free and open source Human Resource Management System (HRMS)

Cryptographic issue while performing RSA PKCS padding decoding

Datart 1