An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

CONFIRM:https://security.netapp.com/advisory/ntap-20210805-0004/ | FEDORA:FEDORA-2021-71de23bedd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/ | FEDORA:FEDORA-2021-7cd749f133 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/ | GENTOO:GLSA-202107-44 | URL:https://security.gentoo.org/glsa/202107-44 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1970489 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1970489 | MLIST:[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update | URL:https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html | MLIST:[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update | URL:https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html

fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows an Unauthenticated Remote attacker to send a malicious firmware update via BLE and brick the device.

MISC:https://payatu.com/advisory/fastrack-reflex-unauthenticated-firmware-update | URL:https://payatu.com/advisory/fastrack-reflex-unauthenticated-firmware-update | MISC:https://www.fastrack.in/shop/watch-smart-wearables-reflex-2 | URL:https://www.fastrack.in/shop/watch-smart-wearables-reflex-2

fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to change the time, date, and month via Bluetooth LE Characteristics on handle 0x0017.

MISC:https://payatu.com/advisory/lack-of-bluetooth-le-pairing-fastrack-reflex | URL:https://payatu.com/advisory/lack-of-bluetooth-le-pairing-fastrack-reflex | MISC:https://www.fastrack.in/shop/watch-smart-wearables-reflex-2 | URL:https://www.fastrack.in/shop/watch-smart-wearables-reflex-2

fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to cause a Denial of Service (device outage) via crafted choices of the last three bytes of a characteristic value.

MISC:https://payatu.com/advisory/device-crash-fastrack-reflex-two-activity-tracker | URL:https://payatu.com/advisory/device-crash-fastrack-reflex-two-activity-tracker | MISC:https://www.fastrack.in/shop/watch-smart-wearables-reflex-2 | URL:https://www.fastrack.in/shop/watch-smart-wearables-reflex-2

fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug (SWD) feature.

MISC:https://payatu.com/advisory/dumping-and-re-flashing-firmware-fastrack-reflex | URL:https://payatu.com/advisory/dumping-and-re-flashing-firmware-fastrack-reflex | MISC:https://www.fastrack.in/shop/watch-smart-wearables-reflex-2 | URL:https://www.fastrack.in/shop/watch-smart-wearables-reflex-2

Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7.

MISC:https://contao.org/en/news/contao-4-9-16-and-4-11-5-are-available.html | MISC:https://github.com/contao/contao/security/advisories/GHSA-hr3h-x6gq-rqcp

Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.

MISC:http://packetstormsecurity.com/files/163343/AKCP-sensorProbe-SPX476-Cross-Site-Scripting.html | MISC:http://www.akcp.in.th/downloads/Firmwares/SP480-20210624.zip | MISC:https://tbutler.org/2021/06/28/cve-2021-35956 | MISC:https://www.akcp.com/support-center/customer-login/sensor-probe-firmware-changelog/

Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones.

MISC:https://advisories.stormshield.eu | MISC:https://advisories.stormshield.eu/2021-045/

** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives.

MISC:https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall | MISC:https://github.com/tensorflow/tensorflow/blob/b8cad4c631096a34461ff8a07840d5f4d123ce32/tensorflow/python/keras/README.md | MISC:https://github.com/tensorflow/tensorflow/blob/b8cad4c631096a34461ff8a07840d5f4d123ce32/tensorflow/python/keras/utils/data_utils.py#L137 | MISC:https://keras.io/api/ | MISC:https://vuln.ryotak.me/advisories/52

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.

MISC:https://plone.org/security/hotfix/20210518/stored-xss-in-folder-contents | MLIST:[oss-security] 20210630 Plone: stored XSS in folder contents | URL:http://www.openwall.com/lists/oss-security/2021/06/30/2