βΌ CVE-2021-29739 βΌ
π Read
via "National Vulnerability Database".
IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38370 βΌ
π Read
via "National Vulnerability Database".
In Alpine through 2.24, untagged responses from an IMAP server are accepted before STARTTLS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38373 βΌ
π Read
via "National Vulnerability Database".
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22674 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).π Read
via "National Vulnerability Database".
βΌ CVE-2021-38365 βΌ
π Read
via "National Vulnerability Database".
Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack.π Read
via "National Vulnerability Database".
β eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices β
π Read
via "Threat Post".
Some bad actors are honing tools to go after small fry: This variant was refined to target not one, but two vendorsβ devices that are common in SOHO setups.π Read
via "Threat Post".
Threat Post
eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices
Some bad actors are honing tools to go after small fry: This variant was refined to target not one, but two vendorsβ devices that are common in SOHO setups.
βΌ CVE-2021-3692 βΌ
π Read
via "National Vulnerability Database".
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generatorπ Read
via "National Vulnerability Database".
βΌ CVE-2021-32768 βΌ
π Read
via "National Vulnerability Database".
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23171 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37367 βΌ
π Read
via "National Vulnerability Database".
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25082 βΌ
π Read
via "National Vulnerability Database".
An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23172 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37366 βΌ
π Read
via "National Vulnerability Database".
CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37365 βΌ
π Read
via "National Vulnerability Database".
CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37391 βΌ
π Read
via "National Vulnerability Database".
A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21680 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33708 βΌ
π Read
via "National Vulnerability Database".
Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21697 βΌ
π Read
via "National Vulnerability Database".
A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21682 βΌ
π Read
via "National Vulnerability Database".
A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37390 βΌ
π Read
via "National Vulnerability Database".
A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).π Read
via "National Vulnerability Database".
βΌ CVE-2021-37389 βΌ
π Read
via "National Vulnerability Database".
Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.π Read
via "National Vulnerability Database".