‼ CVE-2021-22881 ‼
📖 Read
via "National Vulnerability Database".
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25689 ‼
📖 Read
via "National Vulnerability Database".
An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22656 ‼
📖 Read
via "National Vulnerability Database".
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13186 ‼
📖 Read
via "National Vulnerability Database".
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25690 ‼
📖 Read
via "National Vulnerability Database".
A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27191 ‼
📖 Read
via "National Vulnerability Database".
The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. An attacker could send a large range (such as 128.0.0.0/1) that causes resource exhaustion.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25688 ‼
📖 Read
via "National Vulnerability Database".
Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-1717 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-10734 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22880 ‼
📖 Read
via "National Vulnerability Database".
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4768 ‼
📖 Read
via "National Vulnerability Database".
IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188907.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20404 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. IBM X-Force ID: 196078.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22658 ‼
📖 Read
via "National Vulnerability Database".
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27184 ‼
📖 Read
via "National Vulnerability Database".
Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the ControlPointCacheShare.xml file (in a %APPDATA%\Pelco directory) when DSControlPoint.exe is executed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20405 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20188 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.📖 Read
via "National Vulnerability Database".
🕴 Pandemic Initially Led to Fewer Disclosed Vulnerabilities, Data Suggests 🕴
📖 Read
via "Dark Reading".
Vulnerability disclosure started off slow but caught up by the end of the year, according to a new report.📖 Read
via "Dark Reading".
Dark Reading
Pandemic Initially Led to Fewer Disclosed Vulnerabilities, Data Suggests
Vulnerability disclosure started off slow but caught up by the end of the year, according to a new report.
‼ CVE-2021-21025 ‼
📖 Read
via "National Vulnerability Database".
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21044 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21020 ‼
📖 Read
via "National Vulnerability Database".
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21046 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".