‼ CVE-2021-0284 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut down as a result of these sent packets. A potential indicator of compromise will be the following message in the log files: "eventd[13955]: SYSTEM_ABNORMAL_SHUTDOWN: System abnormally shut down" This issue is only triggered by traffic destined to the device. Transit traffic will not trigger this issue. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 17.3 versions prior to 17.3R3-S12; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R2.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23333 ‼
📖 Read
via "National Vulnerability Database".
A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom component located in /Core/Ap4Utils.h of Bento4 version 06c39d9. This can lead to a denial of service (DOS).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23332 ‼
📖 Read
via "National Vulnerability Database".
A heap-based buffer overflow exists in the AP4_StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service (DOS).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23334 ‼
📖 Read
via "National Vulnerability Database".
A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTerminatedStringAtom component of Bento4 version 06c39d9 can lead to a segmentation fault.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39250 ‼
📖 Read
via "National Vulnerability Database".
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39249 ‼
📖 Read
via "National Vulnerability Database".
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23330 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_Stz2Atom::GetSampleSize component located in /Core/Ap4Stz2Atom.cpp. It allows an attacker to cause a denial of service (DOS).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23341 ‼
📖 Read
via "National Vulnerability Database".
A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23331 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_DecoderConfigDescriptor::WriteFields component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service (DOS).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20792 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20756 ‼
📖 Read
via "National Vulnerability Database".
Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20763 ‼
📖 Read
via "National Vulnerability Database".
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20769 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20758 ‼
📖 Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20770 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20760 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20759 ‼
📖 Read
via "National Vulnerability Database".
Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20771 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in some functions of Group Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3587 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38208. Reason: This candidate is a reservation duplicate of CVE-2021-38208. Notes: All CVE users should reference CVE-2021-38208 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20768 ‼
📖 Read
via "National Vulnerability Database".
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20754 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.📖 Read
via "National Vulnerability Database".