βΌ CVE-2021-38371 βΌ
π Read
via "National Vulnerability Database".
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32943 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).π Read
via "National Vulnerability Database".
βΌ CVE-2021-22386 βΌ
π Read
via "National Vulnerability Database".
A component of the Huawei smartphone has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevation of Privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33699 βΌ
π Read
via "National Vulnerability Database".
Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unauthorized attacker or malware to takeover legitimate apps and to steal user's sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38372 βΌ
π Read
via "National Vulnerability Database".
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33702 βΌ
π Read
via "National Vulnerability Database".
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37152 βΌ
π Read
via "National Vulnerability Database".
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository ManagerΓ’β¬β’s pages with code modifications.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33706 βΌ
π Read
via "National Vulnerability Database".
Due to improper input validation in InfraBox, logs can be modified by an authenticated user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36601 βΌ
π Read
via "National Vulnerability Database".
GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22385 βΌ
π Read
via "National Vulnerability Database".
A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29739 βΌ
π Read
via "National Vulnerability Database".
IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38370 βΌ
π Read
via "National Vulnerability Database".
In Alpine through 2.24, untagged responses from an IMAP server are accepted before STARTTLS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38373 βΌ
π Read
via "National Vulnerability Database".
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22674 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).π Read
via "National Vulnerability Database".
βΌ CVE-2021-38365 βΌ
π Read
via "National Vulnerability Database".
Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack.π Read
via "National Vulnerability Database".
β eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices β
π Read
via "Threat Post".
Some bad actors are honing tools to go after small fry: This variant was refined to target not one, but two vendorsβ devices that are common in SOHO setups.π Read
via "Threat Post".
Threat Post
eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices
Some bad actors are honing tools to go after small fry: This variant was refined to target not one, but two vendorsβ devices that are common in SOHO setups.
βΌ CVE-2021-3692 βΌ
π Read
via "National Vulnerability Database".
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generatorπ Read
via "National Vulnerability Database".
βΌ CVE-2021-32768 βΌ
π Read
via "National Vulnerability Database".
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23171 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37367 βΌ
π Read
via "National Vulnerability Database".
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25082 βΌ
π Read
via "National Vulnerability Database".
An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.π Read
via "National Vulnerability Database".