:: Deepquest ::

DEWESoft X3 suffers from a remote internal command access vulnerability.

Chromium suffers from an issues where read-only SharedMemory descriptors on Android are writable.

SC version 7.16 suffers from a stack-based buffer overflow vulnerability.

Chromium suffers from an issue where calling mojo::WrapSharedMemoryHandle is insufficient to produce read-only descriptors for IPC.

Chromium suffers from an information disclosure vulnerability via the memory_instrumentation::mojom::Coordinator interface in the resource_coordinator service.

Prisma Industriale Checkweigher PrismaWEB version 1.21 suffers from a disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication.

SecurEnvoy SecurMail version 9.1.501 suffers from cross site request forgery, cross site scripting, insecure direct object reference, missing authentication and authorization, and path traversal vulnerabilities.

Shopware versions 4.0.1 through 5.3.7 suffer from a cross site request forgery vulnerability. Malicious, third-party websites may abuse this API to list, add or remove products from a user’s cart.

http://hhdc.anamai.moph.go.th/n.php notified by xCypressx

Tuleap 9.17.99.189 – Blind SQL Injection