DatabaseSchemaViewer before version 184.108.40.206 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v220.127.116.11. As a workaround, ensure `.dbschema` files from untrusted sources are not opened.
The Relish (Verve Connect) VH510 device with firmware before 18.104.22.168L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware.
The Relish (Verve Connect) VH510 device with firmware before 22.214.171.124L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.
The Relish (Verve Connect) VH510 device with firmware before 126.96.36.199L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes.
After an Election Day without foreign interference and cyberattacks, security experts turn their focus to disinformation.
Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.
The Relish (Verve Connect) VH510 device with firmware before 188.8.131.52L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a malicious version.
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that – for a short time period – allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard.…