βΌ CVE-2021-37152 βΌ
π Read
via "National Vulnerability Database".
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository ManagerΓ’β¬β’s pages with code modifications.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33706 βΌ
π Read
via "National Vulnerability Database".
Due to improper input validation in InfraBox, logs can be modified by an authenticated user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36601 βΌ
π Read
via "National Vulnerability Database".
GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22385 βΌ
π Read
via "National Vulnerability Database".
A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29739 βΌ
π Read
via "National Vulnerability Database".
IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38370 βΌ
π Read
via "National Vulnerability Database".
In Alpine through 2.24, untagged responses from an IMAP server are accepted before STARTTLS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38373 βΌ
π Read
via "National Vulnerability Database".
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22674 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).π Read
via "National Vulnerability Database".
βΌ CVE-2021-38365 βΌ
π Read
via "National Vulnerability Database".
Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack.π Read
via "National Vulnerability Database".
β eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices β
π Read
via "Threat Post".
Some bad actors are honing tools to go after small fry: This variant was refined to target not one, but two vendorsβ devices that are common in SOHO setups.π Read
via "Threat Post".
Threat Post
eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices
Some bad actors are honing tools to go after small fry: This variant was refined to target not one, but two vendorsβ devices that are common in SOHO setups.
βΌ CVE-2021-3692 βΌ
π Read
via "National Vulnerability Database".
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generatorπ Read
via "National Vulnerability Database".
βΌ CVE-2021-32768 βΌ
π Read
via "National Vulnerability Database".
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23171 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37367 βΌ
π Read
via "National Vulnerability Database".
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25082 βΌ
π Read
via "National Vulnerability Database".
An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23172 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37366 βΌ
π Read
via "National Vulnerability Database".
CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37365 βΌ
π Read
via "National Vulnerability Database".
CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37391 βΌ
π Read
via "National Vulnerability Database".
A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21680 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33708 βΌ
π Read
via "National Vulnerability Database".
Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges.π Read
via "National Vulnerability Database".