Remotely alerts

CVE-2021-39358

on Oct. 30, 2021, 2:15 a.m.

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Learn more

Tags:  Issue TrackingVendor Advisory

CVE-2020-14311

on Oct. 19, 2021, 1:23 p.m.

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2020-14310

on Oct. 19, 2021, 1:19 p.m.

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font …

Learn more

Tags:  Issue TrackingVendor Advisory

CVE-2020-10731

on Oct. 19, 2021, 1 p.m.

A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.

Learn more

Tags:  Issue TrackingVendor Advisory

CVE-2021-40618

on Oct. 19, 2021, 12:33 p.m.

An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-40292

on Oct. 19, 2021, 12:22 p.m.

A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-3671

on Oct. 19, 2021, 12:17 p.m.

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.

Learn more

Tags:  Broken LinkIssue Tracking

CVE-2020-25711

on Oct. 19, 2021, 12:13 p.m.

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2020-25653

on Oct. 19, 2021, 12:12 p.m.

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality …

Learn more

Tags:  Issue TrackingPatchThird Party Advisory

CVE-2020-7925

on Oct. 19, 2021, 12:08 p.m.

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc12; v4.2 versions prior to 4.2.9.

Learn more

Tags:  Issue TrackingVendor Advisory

CVE-2020-25703

on Oct. 19, 2021, 12:07 p.m.

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2020-25689

on Oct. 19, 2021, 12:06 p.m.

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of …

Learn more

Tags:  ExploitIssue TrackingPatchVendor Advisory

CVE-2020-14323

on Oct. 19, 2021, 12:06 p.m.

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2021-40617

on Oct. 19, 2021, 2 a.m.

An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.

Learn more

Tags:  ExploitIssue TrackingMitigationThird Party Advisory

CVE-2021-42260

on May 1, 2022, 1:15 a.m.

TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.

Learn more

Tags:  ExploitThird Party AdvisoryIssue Tracking

CVE-2021-40189

on Oct. 19, 2021, 1:09 a.m.

PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-28145

on Oct. 18, 2021, 7:54 p.m.

Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-40188

on Oct. 18, 2021, 6:21 p.m.

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-32028

on Dec. 3, 2021, 3:05 a.m.

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

Learn more

Tags:  Issue TrackingPatchThird Party Advisory

CVE-2021-40191

on Oct. 18, 2021, 1:50 p.m.

Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-28966

on Oct. 18, 2021, 12:56 p.m.

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.

Learn more

Tags:  ExploitIssue TrackingPatchThird Party Advisory

CVE-2021-40543

on Oct. 18, 2021, 12:54 p.m.

Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-40542

on Oct. 18, 2021, 12:46 p.m.

Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-3682

on Oct. 18, 2021, 12:20 p.m.

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, …

Learn more

Tags:  Issue TrackingPatchThird Party Advisory

CVE-2017-14121

on Oct. 18, 2021, 12:11 p.m.

The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2019-18413

on Dec. 7, 2021, 8:39 p.m.

In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable …

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-3634

on Oct. 18, 2021, 11:57 a.m.

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as …

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2021-3713

on Oct. 18, 2021, 11:57 a.m.

An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially …

Learn more

Tags:  Issue TrackingPatchThird Party Advisory

CVE-2021-3545

on Oct. 18, 2021, 11:52 a.m.

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2021-3546

on Oct. 18, 2021, 11:51 a.m.

A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest …

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2021-3544

on Oct. 18, 2021, 11:51 a.m.

Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.

Learn more

Tags:  Issue Tracking

CVE-2020-25638

on April 1, 2022, 3:41 p.m.

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. …

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2021-3655

on Jan. 1, 2022, 5:58 p.m.

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

Learn more

Tags:  Issue TrackingPatchThird Party Advisory

CVE-2020-16119

on Nov. 12, 2021, 7:53 p.m.

Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.

Learn more

Tags:  Issue TrackingPatchThird Party Advisory

CVE-2021-37976

on Feb. 19, 2022, 4:44 a.m.

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Learn more

Tags:  Release NotesVendor AdvisoryIssue TrackingExploitBroken LinkPatchThird Party AdvisoryVDB Entry

CVE-2021-40541

on Oct. 15, 2021, 8:32 p.m.

PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-21658

on Oct. 15, 2021, 5:48 p.m.

A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-21654

on Oct. 15, 2021, 5:31 p.m.

emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2019-14900

on Feb. 21, 2022, 4:57 a.m.

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or …

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2021-42054

on Oct. 15, 2021, 3:37 p.m.

ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-22958

on Oct. 15, 2021, 1:35 a.m.

A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

Learn more

Tags:  Issue TrackingPermissions RequiredThird Party Advisory

CVE-2021-41128

on Oct. 14, 2021, 11 p.m.

Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports (Statistics & BAG MED) contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get executed upon ingestion of the exported file. There …

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2020-21656

on Oct. 14, 2021, 8:28 p.m.

XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-42042

on Oct. 14, 2021, 8:19 p.m.

An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.

Learn more

Tags:  Issue TrackingPatchVendor Advisory

CVE-2021-42044

on Oct. 14, 2021, 8:09 p.m.

An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.

Learn more

Tags:  ExploitIssue TrackingPatchThird Party Advisory

CVE-2020-21648

on Oct. 14, 2021, 8 p.m.

WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-19003

on Oct. 14, 2021, 7:39 p.m.

An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-20264

on Oct. 14, 2021, 4 p.m.

An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2020-21495

on Oct. 13, 2021, 8:09 p.m.

A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-21494

on Oct. 13, 2021, 8:07 p.m.

A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2020-21496

on Oct. 13, 2021, 8:03 p.m.

A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-21493

on Oct. 13, 2021, 6:06 p.m.

An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-10770

on Oct. 13, 2021, 5:15 p.m.

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.

Learn more

Tags:  Issue TrackingVendor Advisory

CVE-2021-41862

on Oct. 13, 2021, 2:20 p.m.

AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL).

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-42006

on Oct. 12, 2021, 6:46 p.m.

An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file.

Learn more

Tags:  ExploitIssue TrackingPatchThird Party Advisory

CVE-2021-41821

on Oct. 12, 2021, 3:37 p.m.

Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-41732

on Dec. 1, 2021, 3:47 p.m.

** DISPUTED ** An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that will invalidate any ZEEK HTTP based security analysis. NOTE: the vendor's position is that the observed behavior is intended.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-19144

on Dec. 2, 2021, 8:46 p.m.

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2020-19131

on Dec. 1, 2021, 2:18 p.m.

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".

Learn more

Tags:  ExploitIssue TrackingPatch

CVE-2021-30543

on Nov. 23, 2021, 9:15 p.m.

Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Learn more

Tags:  Third Party AdvisoryExploitIssue Tracking

CVE-2020-21014

on Oct. 8, 2021, 3:58 p.m.

emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-21013

on Oct. 8, 2021, 3:34 p.m.

emlog v6.0.0 contains a SQL injection via /admin/comment.php.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-21706

on Nov. 3, 2021, 8:24 p.m.

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.

Learn more

Tags:  Issue TrackingPatchVendor Advisory

CVE-2020-20691

on Oct. 8, 2021, 2:58 p.m.

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2017-18640

on July 26, 2022, 5:15 p.m.

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

Learn more

Tags:  ExploitIssue TrackingPatchThird Party AdvisoryVendor Advisory

CVE-2021-21705

on Feb. 22, 2022, 2:48 p.m.

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting …

Learn more

Tags:  ExploitIssue TrackingPatchVendor Advisory

CVE-2021-21704

on Nov. 3, 2021, 8:24 p.m.

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, …

Learn more

Tags:  ExploitIssue TrackingPatchVendor Advisory

CVE-2021-41729

on Oct. 8, 2021, 3:19 a.m.

BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on the server through /user/ppsave.php.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-41456

on Oct. 7, 2021, 9:13 p.m.

There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-41457

on Oct. 7, 2021, 9:13 p.m.

There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-41459

on Oct. 7, 2021, 9:11 p.m.

There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-19143

on Oct. 31, 2021, 8:15 p.m.

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2021-32268

on Oct. 7, 2021, 5:39 p.m.

Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac before 1.0.1 allows attackers to execute arbitrary code. The fixed version is 1.0.1.

Learn more

Tags:  ExploitIssue TrackingPatchThird Party Advisory

CVE-2020-8186

on Oct. 7, 2021, 5:13 p.m.

A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-21386

on Oct. 7, 2021, 3:40 p.m.

A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-21387

on Oct. 7, 2021, 2:57 p.m.

A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-37786

on Oct. 7, 2021, 2:19 p.m.

Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certificate Check App IOS 2.2.0 and below affected, patch in progress. A denial of service (physically proximate) could be caused by …

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-20289

on Dec. 16, 2021, 8:35 p.m.

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability …

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2020-24930

on Oct. 6, 2021, 3:58 p.m.

Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-26086

on Oct. 5, 2021, 5:15 p.m.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.

Learn more

Tags:  Issue TrackingVendor Advisory

CVE-2021-26085

on June 10, 2022, 2:25 p.m.

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

Learn more

Tags:  Issue TrackingVendor Advisory

CVE-2021-3583

on Oct. 5, 2021, 4:12 p.m.

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform …

Learn more

Tags:  Issue TrackingVendor Advisory

CVE-2021-31917

on Jan. 11, 2022, 4:21 p.m.

A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Learn more

Tags:  Vendor AdvisoryIssue TrackingPatch

CVE-2018-16871

on April 11, 2022, 8:42 p.m.

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the …

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2021-3747

on Oct. 4, 2021, 5:59 p.m.

The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.

Learn more

Tags:  Issue TrackingPatchThird Party Advisory

CVE-2021-40971

on Oct. 4, 2021, 5:16 p.m.

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-40972

on Oct. 4, 2021, 5:15 p.m.

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-40973

on Oct. 4, 2021, 5:15 p.m.

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-20664

on Oct. 4, 2021, 5:09 p.m.

libiec_iccp_mod v1.5 contains a segmentation violation in the component server_example1.c.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-20663

on Oct. 4, 2021, 5:08 p.m.

libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_connection.c.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-41467

on Oct. 4, 2021, 5:08 p.m.

Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2020-20662

on Oct. 4, 2021, 5:07 p.m.

libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_example1.c.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-20665

on Oct. 4, 2021, 5:06 p.m.

rudp v0.6 was discovered to contain a memory leak in the component main.c.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-20796

on Oct. 4, 2021, 3:57 p.m.

FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-20797

on Oct. 4, 2021, 3:56 p.m.

FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-20799

on Oct. 4, 2021, 3:45 p.m.

JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-40921

on Oct. 4, 2021, 2:26 p.m.

Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-40926

on Oct. 4, 2021, 2:14 p.m.

Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-40927

on Oct. 4, 2021, 2:13 p.m.

Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-40928

on Oct. 4, 2021, 2:12 p.m.

Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter.

Learn more

Tags:  Issue TrackingThird Party Advisory