‼ CVE-2020-18734 ‼
? Read
via "National Vulnerability Database".
A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.? Read
via "National Vulnerability Database".
‼ CVE-2020-18735 ‼
? Read
via "National Vulnerability Database".
A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.? Read
via "National Vulnerability Database".
‼ CVE-2021-22449 ‼
? Read
via "National Vulnerability Database".
There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device.? Read
via "National Vulnerability Database".
‼ CVE-2020-18731 ‼
? Read
via "National Vulnerability Database".
A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).? Read
via "National Vulnerability Database".
‼ CVE-2021-22248 ‼
? Read
via "National Vulnerability Database".
Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only? Read
via "National Vulnerability Database".
‼ CVE-2021-22251 ‼
? Read
via "National Vulnerability Database".
Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings? Read
via "National Vulnerability Database".
‼ CVE-2021-22249 ‼
? Read
via "National Vulnerability Database".
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group? Read
via "National Vulnerability Database".
‼ CVE-2021-22253 ‼
? Read
via "National Vulnerability Database".
Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed? Read
via "National Vulnerability Database".
‼ CVE-2021-22328 ‼
? Read
via "National Vulnerability Database".
There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800.? Read
via "National Vulnerability Database".
‼ CVE-2021-22357 ‼
? Read
via "National Vulnerability Database".
There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions include: S12700 V200R013C00SPC500, V200R019C00SPC500; S5700 V200R013C00SPC500, V200R019C00SPC500; S6700 V200R013C00SPC500, V200R019C00SPC500; S7700 V200R013C00SPC500, V200R019C00SPC500.? Read
via "National Vulnerability Database".
‼ CVE-2021-39608 ‼
? Read
via "National Vulnerability Database".
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code.? Read
via "National Vulnerability Database".
‼ CVE-2021-39609 ‼
? Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.? Read
via "National Vulnerability Database".
‼ CVE-2020-18730 ‼
? Read
via "National Vulnerability Database".
A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).? Read
via "National Vulnerability Database".
❌ Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs ❌
? Read
via "Threat Post".
Data leaked includes COVID-19 vaccination records, social security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools.? Read
via "Threat Post".
Threat Post
Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs
Data leaked includes COVID-19 vaccination records, Social Security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools.
‼ CVE-2020-18778 ‼
? Read
via "National Vulnerability Database".
In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.? Read
via "National Vulnerability Database".
‼ CVE-2021-39615 ‼
? Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.? Read
via "National Vulnerability Database".
‼ CVE-2020-18773 ‼
? Read
via "National Vulnerability Database".
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.? Read
via "National Vulnerability Database".
‼ CVE-2021-36013 ‼
? Read
via "National Vulnerability Database".
Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.? Read
via "National Vulnerability Database".
‼ CVE-2021-28596 ‼
? Read
via "National Vulnerability Database".
Adobe Framemaker version 2020.0.1 (and earlier) and 2019.0.8 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.? Read
via "National Vulnerability Database".
‼ CVE-2020-18776 ‼
? Read
via "National Vulnerability Database".
In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.? Read
via "National Vulnerability Database".
‼ CVE-2021-39614 ‼
? Read
via "National Vulnerability Database".
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values.? Read
via "National Vulnerability Database".