Vulnerabilities

A vulnerability classified as problematic has been found in fridgecow smartalarm 1.8.1 on Android. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258867.

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authrp.php.

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/applyhardware.php.

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/address_interpret.php.

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php.

A vulnerability was found in sequentech admin-console up to 6.1.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Election Description Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 7.0.0-beta.1 is able to address this issue. The patch is identified as 0043a6b1e6e0f5abc9557e73f9ffc524fc5d609d. It is recommended to upgrade the affected component. VDB-258782 is the identifier assigned to this vulnerability.

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114.

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app<br /> <br />

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: misc: ljca: Fix double free in error handling path<br /> <br /> When auxiliary_device_add() returns error and then calls<br /> auxiliary_device_uninit(), callback function ljca_auxdev_release<br /> calls kfree(auxdev-&gt;dev.platform_data) to free the parameter data<br /> of the function ljca_new_client_device. The callers of<br /> ljca_new_client_device shouldn&amp;#39;t call kfree() again<br /> in the error handling path to free the platform data.<br /> <br /> Fix this by cleaning up the redundant kfree() in all callers and<br /> adding kfree() the passed in platform_data on errors which happen<br /> before auxiliary_device_init() succeeds .

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs<br /> <br /> The dreamcastcard-&gt;timer could schedule the spu_dma_work and the<br /> spu_dma_work could also arm the dreamcastcard-&gt;timer.<br /> <br /> When the snd_pcm_substream is closing, the aica_channel will be<br /> deallocated. But it could still be dereferenced in the worker<br /> thread. The reason is that del_timer() will return directly<br /> regardless of whether the timer handler is running or not and<br /> the worker could be rescheduled in the timer handler. As a result,<br /> the UAF bug will happen. The racy situation is shown below:<br /> <br /> (Thread 1) | (Thread 2)<br /> snd_aicapcm_pcm_close() |<br /> ... | run_spu_dma() //worker<br /> | mod_timer()<br /> flush_work() |<br /> del_timer() | aica_period_elapsed() //timer<br /> kfree(dreamcastcard-&gt;channel) | schedule_work()<br /> | run_spu_dma() //worker<br /> ... | dreamcastcard-&gt;channel-&gt; //USE<br /> <br /> In order to mitigate this bug and other possible corner cases,<br /> call mod_timer() conditionally in run_spu_dma(), then implement<br /> PCM sync_stop op to cancel both the timer and worker. The sync_stop<br /> op will be called from PCM core appropriately when needed.

WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer.

A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258780.