βΌ CVE-2021-20775 βΌ
π Read
via "National Vulnerability Database".
Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20765 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20772 βΌ
π Read
via "National Vulnerability Database".
Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20761 βΌ
π Read
via "National Vulnerability Database".
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20773 βΌ
π Read
via "National Vulnerability Database".
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20764 βΌ
π Read
via "National Vulnerability Database".
Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20757 βΌ
π Read
via "National Vulnerability Database".
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.π Read
via "National Vulnerability Database".
β Unpatched Fortinet Bug Allows Firewall Takeovers β
π Read
via "Threat Post".
The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch at the end of the month.π Read
via "Threat Post".
Threat Post
Unpatched Fortinet Bug Allows Firewall Takeovers
The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch at the end of the month.
βΌ CVE-2021-31820 βΌ
π Read
via "National Vulnerability Database".
In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.π Read
via "National Vulnerability Database".
β Kerberos Authentication Spoofing: Donβt Bypass the Spec β
π Read
via "Threat Post".
Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS.π Read
via "Threat Post".
Threat Post
Kerberos Authentication Spoofing: Donβt Bypass the Spec
Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS.
βΌ CVE-2021-21847 βΌ
π Read
via "National Vulnerability Database".
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in Γ’β¬ΕsttsΓ’β¬οΏ½ decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21837 βΌ
π Read
via "National Vulnerability Database".
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21825 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T LabsΓ’β¬β’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21839 βΌ
π Read
via "National Vulnerability Database".
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21858 βΌ
π Read
via "National Vulnerability Database".
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21846 βΌ
π Read
via "National Vulnerability Database".
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in Γ’β¬ΕstszΓ’β¬οΏ½ decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21856 βΌ
π Read
via "National Vulnerability Database".
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21844 βΌ
π Read
via "National Vulnerability Database".
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the Γ’β¬ΕstcoΓ’β¬οΏ½ FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21838 βΌ
π Read
via "National Vulnerability Database".
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21852 βΌ
π Read
via "National Vulnerability Database".
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at Γ’β¬ΕstssΓ’β¬οΏ½ decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21854 βΌ
π Read
via "National Vulnerability Database".
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.π Read
via "National Vulnerability Database".