types Archives
Advisory
![[Advisory]](https://www.shielder.it//img/advisory.png)
The unprivileged user portal part of CentOS Web Panel is affected by SQL Injection and Command Injection vulnerabilities, leading to root Remote Code Execution.
Telegram rlottie 6.1.1_1946 is affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function: a remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device.
Telegram rlottie 6.1.1_1946 is affected by a Heap Buffer Overflow in the LOTGradient::populate function: a remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device.
Telegram rlottie 6.1.1_1946 is affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function: a remote attacker might be able to overwrite Telegram's heap memory out-of-bounds on a victim device.
Telegram rlottie 7.0.1_2065 is affected by a Stack Based Overflow in the blit function: a remote attacker might be able to access Telegram's stack memory out-of-bounds on a victim device.
Telegram rlottie 7.0.1_2065 is affected by a Stack Based Overflow in the gray_split_cubic function: a remote attacker might be able to overwrite Telegram's stack memory out-of-bounds on a victim device.
Telegram rlottie 7.0.1_2065 is affected by an Integer Overflow in the LOTGradient::populate function: a remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device.
Telegram rlottie 7.0.1_2065 is affected by an Integer Overflow in the LottieParserImpl::parseDashProperty function: a remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device.
Telegram rlottie 7.0.1_2065 is affected by a Type Confusion in the VDasher constructor: a remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device.
CVE-2020-28642: A vulnerability in InfiniteWP allows unauthenticated users to log-in if they know an email address of one of the users in the system, this is done through a flaw in the password reset mechanism of the product. An additional vulnerability allows the attacker to achieve Remote Code Execution.