NiceHash Miner Excavator versions 1.6.7c and below suffer from a cross site request forgery vulnerability. The issue enables any external web site to send commands to the local miner instance, and to redirect the mined coins to an arbitrary mining address.
fb87f0499aef3335445d3f11dca696cc51f521e079a6ba1f2728e565105afbc1
D-Link DGS-1250 suffers from a header injection vulnerability that can be leveraged through cross site scripting.
7d7d9f8705c8fb7f26571e187596182c238f6573faea1c552faf5d97d4edd1f2
Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output.
7fa072fc8f371c8cc4668eb863810286b6651faaf3b8efdcdeee1bc7d0a40099
MagniComp SysInfo contains a information exposure vulnerability through debug functionality. Versions SysInfo 10-H81 and above are not affected.
e65b31b24a3d31f12c130df16191c10f3cdae0c77df7a247af307f1e92f05036
The foilChat backend fails to prevent brute force attempts of the PIN code. An attacker can attempt all 10000 different PIN codes until the correct one is found, and then use the correct PIN to complete the registration.
a7b76e238cdcac06ca5048bc7322bc06668b0a3e78ef4545e1699f1b0c8f632f
MagniComp SysInfo contains an information exposure vulnerability through debug functionality.
879a6ff414ac55de6ca9ce6b7ca2e8ee7838c3d369cadf9baf7679892f4ab20e
GNU Wget versions 1.7 through 1.19.4 suffer from a cookie injection vulnerability.
b72d6af0b5fe5fde5c7651980f119d80e8e2748eee305bde3f06e6b5d7c00dd2
aws-cfn-bootstrap versions prior to 1.4-22.14 suffer from a local code execution vulnerability.
e55f000394534026ef308ace6b8be3431f31512efa0ee6f2a2ffa1222ab1e1d5
QNAP QTS suffers from multiple command injection vulnerabilities.
343c3dd2c8af1703505203d51d06fca1f4b6fd98b7dbcb44ab5aad7c30af0005
QNAP QTS firmware contain missing transport layer security, improper certificate validation, command injection, cross site scripting, and information disclosure vulnerabilities that can be exploited to gain remote command execution to the devices or to perform arbitrary administrative functions, and to gain unauthorized access to user's myQNAPcloud credentials.
2338d54a3f3425f4ef6945698a4d1e0725c1aeb60607671654d4a0472c4453d7
The GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line. Versions 1.14 through 1.29 are affected.
9872f2b8fb9c8365d6367de929e2a9d9f3744c7e6f836aad204d328392324992
ASUS routers suffer from authentication bypass and cross site scripting vulnerabilities, among the recent flurry of other issues that have surfaced.
6edc73bc09482eb4146ba7e7fb7884eac6f18e8dcfb66db1d1ad2bd22fd6087e
VLC Media Player suffers from a subtitle StripTags() function memory corruption vulnerability.
1844be25e4af847b0acec66eb3fc23968dedba8261216ebd1b34ec5ac695ca3e