Remotely alerts

CVE-2021-24675

on Oct. 20, 2021, 10:18 p.m.

The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24672

on Oct. 20, 2021, 10:18 p.m.

The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-38389

on Oct. 20, 2021, 10:17 p.m.

Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.

Learn more

Tags:  MitigationThird Party AdvisoryUS Government Resource

CVE-2021-33023

on Oct. 20, 2021, 10:16 p.m.

Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.

Learn more

Tags:  MitigationThird Party AdvisoryUS Government Resource

CVE-2021-3858

on Oct. 20, 2021, 10:14 p.m.

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-33988

on Oct. 20, 2021, 10:13 p.m.

Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-24754

on Oct. 21, 2021, 5:17 p.m.

The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue

Learn more

Tags:  ExploitThird Party Advisory

CVE-2020-8908

on May 10, 2022, 3:21 p.m.

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-24760

on Oct. 21, 2021, 5:11 p.m.

The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-42566

on Oct. 21, 2021, 4:49 p.m.

myfactory.FMS before 7.1-912 allows XSS via the Error parameter.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-42565

on Oct. 21, 2021, 4:46 p.m.

myfactory.FMS before 7.1-912 allows XSS via the UID parameter.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-38297

on April 1, 2022, 8:09 p.m.

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.

Learn more

Tags:  Mailing ListRelease NotesThird Party AdvisoryPatchVendor AdvisoryBroken Link

CVE-2018-16061

on Oct. 21, 2021, 4:29 p.m.

Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-40986

on Oct. 21, 2021, 4:20 p.m.

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Learn more

Tags:  Third Party Advisory

CVE-2021-38452

on Oct. 19, 2021, 1:34 p.m.

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

Learn more

Tags:  Third Party AdvisoryUS Government Resource

CVE-2021-24651

on July 29, 2022, 10:15 a.m.

The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2020-14330

on Oct. 19, 2021, 1:26 p.m.

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest …

Learn more

Tags:  Third Party Advisory

CVE-2020-2035

on Oct. 19, 2021, 1:23 p.m.

When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not consider Server Name Indication (SNI) field within the TLS Client Hello handshake. This allows a compromised …

Learn more

Tags:  Third Party Advisory

CVE-2020-14311

on Oct. 19, 2021, 1:23 p.m.

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2021-24683

on July 29, 2022, 10:15 a.m.

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-36767

on Jan. 1, 2022, 1:15 a.m.

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order …

Learn more

Tags:  Third Party Advisory

CVE-2021-3807

on July 30, 2022, 2:45 a.m.

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Learn more

Tags:  PatchThird Party Advisory

CVE-2020-2023

on Oct. 19, 2021, 12:45 p.m.

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-40618

on Oct. 19, 2021, 12:33 p.m.

An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-40292

on Oct. 19, 2021, 12:22 p.m.

A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-27268

on Oct. 19, 2021, 12:19 p.m.

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy.

Learn more

Tags:  Third Party AdvisoryUS Government Resource

CVE-2020-27266

on Oct. 19, 2021, 12:18 p.m.

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy.

Learn more

Tags:  Third Party AdvisoryUS Government Resource

CVE-2020-29396

on Oct. 19, 2021, 12:13 p.m.

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.

Learn more

Tags:  PatchThird Party Advisory

CVE-2020-25711

on Oct. 19, 2021, 12:13 p.m.

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2020-2322

on Oct. 19, 2021, 12:12 p.m.

Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.

Learn more

Tags:  Third Party Advisory

CVE-2020-25653

on Oct. 19, 2021, 12:12 p.m.

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality …

Learn more

Tags:  Issue TrackingPatchThird Party Advisory

CVE-2021-21941

on Oct. 19, 2021, 12:10 p.m.

A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2020-25651

on Oct. 19, 2021, 12:08 p.m.

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest …

Learn more

Tags:  ExploitMailing ListThird Party Advisory

CVE-2020-7842

on Oct. 19, 2021, 12:07 p.m.

Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. This affects D'live set-top box AP(WF2429TB) v1.1.10.

Learn more

Tags:  Third Party Advisory

CVE-2020-25703

on Oct. 19, 2021, 12:07 p.m.

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2020-14323

on Oct. 19, 2021, 12:06 p.m.

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

Learn more

Tags:  Issue TrackingThird Party Advisory

CVE-2021-21940

on Oct. 19, 2021, 12:04 p.m.

A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2020-26869

on Oct. 19, 2021, 12:03 p.m.

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit.

Learn more

Tags:  Third Party AdvisoryUS Government Resource

CVE-2021-39226

on Nov. 6, 2021, 3:28 a.m.

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-32749

on Oct. 19, 2021, 3:15 a.m.

fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-41117

on Oct. 19, 2021, 2:19 a.m.

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This would mean that the library is generating identical …

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-41103

on June 14, 2022, 11:15 a.m.

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-41092

on June 14, 2022, 11:15 a.m.

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-41091

on June 14, 2022, 11:15 a.m.

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-41089

on June 14, 2022, 11:15 a.m.

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly …

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-40239

on Oct. 19, 2021, 2:15 a.m.

A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-40617

on Oct. 19, 2021, 2 a.m.

An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.

Learn more

Tags:  ExploitIssue TrackingMitigationThird Party Advisory

CVE-2021-42257

on Oct. 19, 2021, 1:58 a.m.

check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.

Learn more

Tags:  Third Party Advisory

CVE-2021-42260

on May 1, 2022, 1:15 a.m.

TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.

Learn more

Tags:  ExploitThird Party AdvisoryIssue Tracking

CVE-2021-23448

on Oct. 19, 2021, 1:24 a.m.

All versions of package config-handler are vulnerable to Prototype Pollution when loading config files.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-40189

on Oct. 19, 2021, 1:09 a.m.

PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-40496

on Nov. 28, 2021, 11:37 p.m.

SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability …

Learn more

Tags:  Vendor AdvisoryExploitThird Party Advisory

CVE-2020-22673

on Oct. 18, 2021, 8:23 p.m.

Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2020-22679

on Oct. 18, 2021, 8:22 p.m.

Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-41947

on Oct. 18, 2021, 8:15 p.m.

A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.

Learn more

Tags:  Third Party Advisory

CVE-2021-42112

on Dec. 3, 2021, 3:01 a.m.

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.

Learn more

Tags:  PatchThird Party Advisory

CVE-2020-28145

on Oct. 18, 2021, 7:54 p.m.

Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-25738

on Aug. 1, 2022, 12:10 p.m.

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.

Learn more

Tags:  Mailing ListThird Party AdvisoryVDB EntryVendor Advisory

CVE-2020-27372

on Oct. 18, 2021, 7:41 p.m.

A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-22263

on Oct. 18, 2021, 7:37 p.m.

An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-38346

on July 5, 2022, 3:03 p.m.

The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory traversal, and the file contents were populated via the ibsf …

Learn more

Tags:  Third Party Advisory

CVE-2021-38344

on July 5, 2022, 3:03 p.m.

The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-41130

on Oct. 18, 2021, 7:17 p.m.

Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use it to do authorization. But if there are two "X-Endpoint-API-UserInfo" …

Learn more

Tags:  Third Party Advisory

CVE-2021-27664

on Oct. 18, 2021, 6:59 p.m.

Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.

Learn more

Tags:  MitigationThird Party AdvisoryUS Government Resource

CVE-2021-20121

on Oct. 18, 2021, 6:44 p.m.

The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and making a series of crafted requests to the device's …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-42134

on Oct. 18, 2021, 6:40 p.m.

The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-20122

on Oct. 18, 2021, 6:39 p.m.

The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-40188

on Oct. 18, 2021, 6:21 p.m.

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-3330

on Oct. 18, 2021, 6:17 p.m.

RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-3323

on Oct. 18, 2021, 6:05 p.m.

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-3322

on Oct. 18, 2021, 6:05 p.m.

Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-24576

on Oct. 18, 2021, 5:57 p.m.

The Easy Accordion WordPress plugin before 2.0.22 does not properly sanitize inputs when adding new items to an accordion.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-3321

on Oct. 18, 2021, 5:52 p.m.

Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-23440

on Nov. 3, 2021, 8:29 p.m.

This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-22930

on April 6, 2022, 1:57 p.m.

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

Learn more

Tags:  Permissions RequiredThird Party Advisory

CVE-2021-41129

on Oct. 18, 2021, 4:32 p.m.

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a …

Learn more

Tags:  PatchThird Party Advisory

CVE-2020-22678

on Oct. 18, 2021, 4:21 p.m.

An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-32028

on Dec. 3, 2021, 3:05 a.m.

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

Learn more

Tags:  Issue TrackingPatchThird Party Advisory

CVE-2020-22677

on Oct. 18, 2021, 4:20 p.m.

An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2020-22675

on Oct. 18, 2021, 4:19 p.m.

An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2020-22674

on Oct. 18, 2021, 4:19 p.m.

An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input.

Learn more

Tags:  ExploitPatchThird Party Advisory

CVE-2021-35067

on Oct. 18, 2021, 3:52 p.m.

Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message).

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-40191

on Oct. 18, 2021, 1:50 p.m.

Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-28966

on Oct. 18, 2021, 12:56 p.m.

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.

Learn more

Tags:  ExploitIssue TrackingPatchThird Party Advisory

CVE-2021-32786

on May 10, 2022, 6:02 p.m.

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-32785

on May 10, 2022, 6:02 p.m.

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests …

Learn more

Tags:  MitigationThird Party Advisory

CVE-2021-29657

on Oct. 18, 2021, 12:55 p.m.

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun.

Learn more

Tags:  PatchThird Party Advisory

CVE-2021-40543

on Oct. 18, 2021, 12:54 p.m.

Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2021-32760

on Oct. 18, 2021, 12:54 p.m.

containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access …

Learn more

Tags:  Third Party Advisory

CVE-2012-2666

on Oct. 18, 2021, 12:54 p.m.

golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.

Learn more

Tags:  PatchThird Party Advisory

CVE-2020-27874

on Oct. 18, 2021, 12:53 p.m.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM Decoder. The issue results from the lack of proper validation …

Learn more

Tags:  Third Party AdvisoryVDB Entry

CVE-2021-40542

on Oct. 18, 2021, 12:46 p.m.

Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.

Learn more

Tags:  ExploitIssue TrackingThird Party Advisory

CVE-2020-5811

on Oct. 18, 2021, 12:41 p.m.

An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2020-10060

on Oct. 18, 2021, 12:35 p.m.

In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, …

Learn more

Tags:  Third Party Advisory

CVE-2021-21834

on Oct. 18, 2021, 12:30 p.m.

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the “co64” FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-29005

on Oct. 18, 2021, 12:27 p.m.

Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-21837

on May 31, 2022, 7:01 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21861

on May 31, 2022, 6:59 p.m.

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-21860

on Oct. 18, 2021, 12:25 p.m.

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker …

Learn more

Tags:  ExploitThird Party Advisory

CVE-2021-21859

on Oct. 18, 2021, 12:23 p.m.

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability.

Learn more

Tags:  ExploitThird Party Advisory