Remotely alerts

CVE-2021-3858

on Oct. 20, 2021, 10:14 p.m.

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2020-8908

on May 10, 2022, 3:21 p.m.

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-38297

on April 1, 2022, 8:09 p.m.

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.

Learn more

Tags:  Mailing ListRelease NotesThird Party AdvisoryPatchVendor AdvisoryBroken Link

CVE-2021-3807

on July 30, 2022, 2:45 a.m.

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Learn more

Tags:  PatchThird Party Advisory

CVE-2020-2023

on Oct. 19, 2021, 12:45 p.m.

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.

Learn more

Tags:  PatchThird Party Advisory

CVE-2020-29396

on Oct. 19, 2021, 12:13 p.m.

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.

Learn more

Tags:  PatchThird Party Advisory

CVE-2020-25653

on Oct. 19, 2021, 12:12 p.m.

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality …

Learn more

Tags:  Issue TrackingPatchThird Party Advisory

CVE-2020-25689

on Oct. 19, 2021, 12:06 p.m.

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of …

Learn more

Tags:  ExploitIssue TrackingPatchVendor Advisory

CVE-2021-39226

on Nov. 6, 2021, 3:28 a.m.

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-32749

on Oct. 19, 2021, 3:15 a.m.

fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-41117

on Oct. 19, 2021, 2:19 a.m.

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This would mean that the library is generating identical …

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-41103

on June 14, 2022, 11:15 a.m.

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-41092

on June 14, 2022, 11:15 a.m.

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-41091

on June 14, 2022, 11:15 a.m.

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-41089

on June 14, 2022, 11:15 a.m.

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-42252

on Dec. 3, 2021, 3:07 a.m.

An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.

Learn more

Tags:  PatchVendor Advisory

CVE-2020-22673

on Oct. 18, 2021, 8:23 p.m.

Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2020-22679

on Oct. 18, 2021, 8:22 p.m.

Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-42112

on Dec. 3, 2021, 3:01 a.m.

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-42134

on Oct. 18, 2021, 6:40 p.m.

The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-3330

on Oct. 18, 2021, 6:17 p.m.

RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-3323

on Oct. 18, 2021, 6:05 p.m.

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-3322

on Oct. 18, 2021, 6:05 p.m.

Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-33736

on Oct. 18, 2021, 5:53 p.m.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-33735

on Oct. 18, 2021, 5:52 p.m.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-3321

on Oct. 18, 2021, 5:52 p.m.

Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-41129

on Oct. 18, 2021, 4:32 p.m.

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a …

Learn more

Tags:  PatchThird Party Advisory

CVE-2020-22678

on Oct. 18, 2021, 4:21 p.m.

An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-32028

on Dec. 3, 2021, 3:05 a.m.

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

Learn more

Tags:  Issue TrackingPatchThird Party Advisory

CVE-2020-22677

on Oct. 18, 2021, 4:20 p.m.

An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2020-22675

on Oct. 18, 2021, 4:19 p.m.

An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2020-22674

on Oct. 18, 2021, 4:19 p.m.

An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-33734

on Oct. 18, 2021, 4 p.m.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-33733

on Oct. 18, 2021, 3:08 p.m.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-33732

on Oct. 18, 2021, 3:08 p.m.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-33731

on Oct. 18, 2021, 3:07 p.m.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-33730

on Oct. 18, 2021, 3:07 p.m.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-33729

on Oct. 18, 2021, 3:05 p.m.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-33728

on Oct. 18, 2021, 2:41 p.m.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An …

Learn more

Tags:  PatchVendor Advisory

CVE-2021-33727

on Oct. 18, 2021, 2:29 p.m.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-33726

on Oct. 18, 2021, 2:28 p.m.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-33725

on Oct. 18, 2021, 2:15 p.m.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-33724

on Oct. 18, 2021, 1:53 p.m.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-33723

on Oct. 18, 2021, 1:49 p.m.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-33722

on Oct. 18, 2021, 1:41 p.m.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-31799

on May 10, 2022, 6:02 p.m.

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-28966

on Oct. 18, 2021, 12:56 p.m.

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.

Learn more

Tags:  ExploitIssue TrackingPatchThird Party Advisory

CVE-2021-29657

on Oct. 18, 2021, 12:55 p.m.

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun.

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-36934

on Oct. 18, 2021, 12:55 p.m.

Windows Elevation of Privilege Vulnerability

Learn more

Tags:  PatchVendor Advisory

CVE-2021-33909

on March 1, 2022, 7:17 p.m.

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2012-2666

on Oct. 18, 2021, 12:54 p.m.

golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-27002

on Oct. 18, 2021, 12:31 p.m.

NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-38207

on Oct. 18, 2021, 12:23 p.m.

drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes.

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-3682

on Oct. 18, 2021, 12:20 p.m.

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, …

Learn more

Tags:  Issue TrackingPatchThird Party Advisory

CVE-2021-33195

on Oct. 18, 2021, 12:19 p.m.

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-32066

on May 10, 2022, 6:03 p.m.

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-37600

on Oct. 18, 2021, 12:18 p.m.

** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-41054

on Nov. 17, 2021, 3:15 a.m.

tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-40888

on Oct. 18, 2021, 12:12 p.m.

Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code.

Learn more

Tags:  Third Party AdvisoryPatchVendor AdvisoryExploit

CVE-2020-1416

on Oct. 18, 2021, 12:08 p.m.

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.

Learn more

Tags:  PatchVendor Advisory

CVE-2020-3228

on Oct. 18, 2021, 12:08 p.m.

A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because crafted SXP packets are mishandled. An attacker could exploit …

Learn more

Tags:  PatchVendor Advisory

CVE-2020-3217

on Oct. 18, 2021, 12:08 p.m.

A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due …

Learn more

Tags:  PatchVendor Advisory

CVE-2019-12823

on Oct. 18, 2021, 12:04 p.m.

Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-3713

on Oct. 18, 2021, 11:57 a.m.

An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially …

Learn more

Tags:  Issue TrackingPatchThird Party Advisory

CVE-2021-3679

on Jan. 1, 2022, 5:58 p.m.

A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-37576

on Oct. 18, 2021, 11:55 a.m.

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.

Learn more

Tags:  ExploitMailing ListPatchVendor Advisory

CVE-2021-35197

on Nov. 23, 2021, 9:32 p.m.

In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented).

Learn more

Tags:  PatchVendor Advisory

CVE-2021-3121

on April 1, 2022, 3:41 p.m.

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.

Learn more

Tags:  PatchThird Party Advisory

CVE-2020-11080

on April 1, 2022, 3:42 p.m.

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-3796

on Feb. 28, 2022, 2:58 p.m.

vim is vulnerable to Use After Free

Learn more

Tags:  PatchThird Party AdvisoryVendor Advisory

CVE-2021-3778

on Feb. 28, 2022, 2:58 p.m.

vim is vulnerable to Heap-based Buffer Overflow

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-40490

on Dec. 17, 2021, 1:15 a.m.

A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-3655

on Jan. 1, 2022, 5:58 p.m.

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

Learn more

Tags:  Issue TrackingPatchThird Party Advisory

CVE-2021-3653

on March 31, 2022, 7:45 p.m.

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support …

Learn more

Tags:  Mailing ListPatchThird Party Advisory

CVE-2021-3612

on Dec. 17, 2021, 1:15 a.m.

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as …

Learn more

Tags:  ExploitMailing ListPatchVendor Advisory

CVE-2021-3444

on Dec. 2, 2021, 7:37 p.m.

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could …

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-38205

on Jan. 4, 2022, 4:38 p.m.

drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-38199

on Dec. 21, 2021, 12:54 p.m.

fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-38198

on Dec. 17, 2021, 1:15 a.m.

arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-37159

on Dec. 21, 2021, 12:54 p.m.

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.

Learn more

Tags:  Mailing ListPatchThird Party Advisory

CVE-2021-35477

on Nov. 11, 2021, 3:25 a.m.

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-34556

on Oct. 16, 2021, 1:15 a.m.

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.

Learn more

Tags:  PatchVendor Advisory

CVE-2020-16119

on Nov. 12, 2021, 7:53 p.m.

Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.

Learn more

Tags:  Issue TrackingPatchThird Party Advisory

CVE-2021-20481

on Oct. 16, 2021, 12:24 a.m.

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-20473

on Oct. 16, 2021, 12:19 a.m.

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-37976

on Feb. 19, 2022, 4:44 a.m.

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Learn more

Tags:  Release NotesVendor AdvisoryIssue TrackingExploitBroken LinkPatchThird Party AdvisoryVDB Entry

CVE-2021-41133

on Dec. 4, 2021, 3:04 a.m.

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-41115

on May 12, 2022, 1:02 a.m.

Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organization administrators could subject the server to a denial-of-service via regular expression complexity attacks; most simply, by configuring a …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-41798

on Nov. 26, 2021, 8:56 p.m.

MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-20552

on Oct. 15, 2021, 5:33 p.m.

IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-20376

on Oct. 15, 2021, 5:19 p.m.

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-20375

on Oct. 15, 2021, 5:14 p.m.

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-24720

on Oct. 15, 2021, 4:22 p.m.

The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS).

Learn more

Tags:  PatchThird Party Advisory

CVE-2020-22617

on Oct. 15, 2021, 4:17 p.m.

Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-20584

on Oct. 15, 2021, 2:38 p.m.

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397.

Learn more

Tags:  PatchVendor Advisory

CVE-2020-4654

on Oct. 15, 2021, 2:31 p.m.

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-37608

on April 6, 2022, 3:12 p.m.

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297.

Learn more

Tags:  PatchProductVendor Advisory

CVE-2021-29700

on Oct. 15, 2021, 2:10 a.m.

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.

Learn more

Tags:  PatchVendor Advisory

CVE-2021-42053

on Oct. 14, 2021, 8:28 p.m.

The Unicorn framework through 0.35.3 for Django allows XSS via component.name.

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-42042

on Oct. 14, 2021, 8:19 p.m.

An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.

Learn more

Tags:  Issue TrackingPatchVendor Advisory