Apache 2 suffers from a memory corruption vulnerability in the mod_http2 push diary implementation.
>> ARCHIVE: 2020-12
A race condition in Google Duo can cause callee to leak video packets from an unanswered call.
Linux io_uring suffers from mm and files access across suid binaries.
Facebook Messenger for Android has an issue where an SdpUpdate message can cause an audio call to connect before the callee has answered the call.
Online Bus Ticket Reservation 1.0 – SQL Injection
vBulletin 5.6.3 – ‘group’ Cross Site Scripting
RarmaRadio 2.72.5 – Denial of Service (PoC)
TapinRadio 2.13.7 – Denial of Service (PoC)
Kite 1.2020.1119.0 – ‘KiteService’ Unquoted Service Path
Cyber Cafe Management System Project (CCMS) 1.0 – Persistent Cross-Site Scripting