βΌ CVE-2021-39240 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/2 server) might differ from what the routing rules were intended to achieve.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0641 βΌ
π Read
via "National Vulnerability Database".
In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185235454π Read
via "National Vulnerability Database".
βΌ CVE-2021-0579 βΌ
π Read
via "National Vulnerability Database".
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231636π Read
via "National Vulnerability Database".
βΌ CVE-2021-0591 βΌ
π Read
via "National Vulnerability Database".
In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179386960π Read
via "National Vulnerability Database".
βΌ CVE-2021-28372 βΌ
π Read
via "National Vulnerability Database".
ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the victim TUTK device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39131 βΌ
π Read
via "National Vulnerability Database".
ced detects character encoding using GoogleΓΒ’Γ’β¬ÒβΒ’s compact_enc_det library. In ced v0.1.0, passing data types other than `Buffer` causes the Node.js process to crash. The problem has been patched in ced v1.0.0. As a workaround, before passing an argument to ced, verify itΓΒ’Γ’β¬ÒβΒ’s a `Buffer` using `Buffer.isBuffer(obj)`.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0284 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut down as a result of these sent packets. A potential indicator of compromise will be the following message in the log files: "eventd[13955]: SYSTEM_ABNORMAL_SHUTDOWN: System abnormally shut down" This issue is only triggered by traffic destined to the device. Transit traffic will not trigger this issue. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 17.3 versions prior to 17.3R3-S12; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R2.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23333 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom component located in /Core/Ap4Utils.h of Bento4 version 06c39d9. This can lead to a denial of service (DOS).π Read
via "National Vulnerability Database".
βΌ CVE-2020-23332 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow exists in the AP4_StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service (DOS).π Read
via "National Vulnerability Database".
βΌ CVE-2020-23334 βΌ
π Read
via "National Vulnerability Database".
A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTerminatedStringAtom component of Bento4 version 06c39d9 can lead to a segmentation fault.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39250 βΌ
π Read
via "National Vulnerability Database".
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML).π Read
via "National Vulnerability Database".
βΌ CVE-2021-39249 βΌ
π Read
via "National Vulnerability Database".
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23330 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_Stz2Atom::GetSampleSize component located in /Core/Ap4Stz2Atom.cpp. It allows an attacker to cause a denial of service (DOS).π Read
via "National Vulnerability Database".
βΌ CVE-2020-23341 βΌ
π Read
via "National Vulnerability Database".
A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23331 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_DecoderConfigDescriptor::WriteFields component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service (DOS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-20792 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20756 βΌ
π Read
via "National Vulnerability Database".
Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20763 βΌ
π Read
via "National Vulnerability Database".
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20769 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20758 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20770 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".