‼ CVE-2020-23172 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37366 ‼
📖 Read
via "National Vulnerability Database".
CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37365 ‼
📖 Read
via "National Vulnerability Database".
CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37391 ‼
📖 Read
via "National Vulnerability Database".
A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21680 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33708 ‼
📖 Read
via "National Vulnerability Database".
Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21697 ‼
📖 Read
via "National Vulnerability Database".
A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21682 ‼
📖 Read
via "National Vulnerability Database".
A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37390 ‼
📖 Read
via "National Vulnerability Database".
A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37389 ‼
📖 Read
via "National Vulnerability Database".
Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21684 ‼
📖 Read
via "National Vulnerability Database".
A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21677 ‼
📖 Read
via "National Vulnerability Database".
A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21683 ‼
📖 Read
via "National Vulnerability Database".
A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21676 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21678 ‼
📖 Read
via "National Vulnerability Database".
A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28846 ‼
📖 Read
via "National Vulnerability Database".
A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21681 ‼
📖 Read
via "National Vulnerability Database".
A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29294 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. It could be triggered by sending crafted POST request to /HNAP1/. NOTE: The DSL-2740R and all hardware revisions are considered End of Life and as such this issue will not be patched.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28845 ‼
📖 Read
via "National Vulnerability Database".
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action without a language key.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29296 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21690 ‼
📖 Read
via "National Vulnerability Database".
A memory leak in the grow_array function in cmdutils.c og Ffmpeg 4.2 allows attackers to cause a denial of service (DOS) via a crafted ogg file.📖 Read
via "National Vulnerability Database".