‼ CVE-2021-22253 ‼
? Read
via "National Vulnerability Database".
Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed? Read
via "National Vulnerability Database".
‼ CVE-2021-22328 ‼
? Read
via "National Vulnerability Database".
There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800.? Read
via "National Vulnerability Database".
‼ CVE-2021-22357 ‼
? Read
via "National Vulnerability Database".
There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions include: S12700 V200R013C00SPC500, V200R019C00SPC500; S5700 V200R013C00SPC500, V200R019C00SPC500; S6700 V200R013C00SPC500, V200R019C00SPC500; S7700 V200R013C00SPC500, V200R019C00SPC500.? Read
via "National Vulnerability Database".
‼ CVE-2021-39608 ‼
? Read
via "National Vulnerability Database".
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code.? Read
via "National Vulnerability Database".
‼ CVE-2021-39609 ‼
? Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.? Read
via "National Vulnerability Database".
‼ CVE-2020-18730 ‼
? Read
via "National Vulnerability Database".
A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).? Read
via "National Vulnerability Database".
❌ Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs ❌
? Read
via "Threat Post".
Data leaked includes COVID-19 vaccination records, social security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools.? Read
via "Threat Post".
Threat Post
Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs
Data leaked includes COVID-19 vaccination records, Social Security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools.
‼ CVE-2020-18778 ‼
? Read
via "National Vulnerability Database".
In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.? Read
via "National Vulnerability Database".
‼ CVE-2021-39615 ‼
? Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.? Read
via "National Vulnerability Database".
‼ CVE-2020-18773 ‼
? Read
via "National Vulnerability Database".
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.? Read
via "National Vulnerability Database".
‼ CVE-2021-36013 ‼
? Read
via "National Vulnerability Database".
Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.? Read
via "National Vulnerability Database".
‼ CVE-2021-28596 ‼
? Read
via "National Vulnerability Database".
Adobe Framemaker version 2020.0.1 (and earlier) and 2019.0.8 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.? Read
via "National Vulnerability Database".
‼ CVE-2020-18776 ‼
? Read
via "National Vulnerability Database".
In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.? Read
via "National Vulnerability Database".
‼ CVE-2021-39614 ‼
? Read
via "National Vulnerability Database".
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values.? Read
via "National Vulnerability Database".
‼ CVE-2020-18775 ‼
? Read
via "National Vulnerability Database".
In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.? Read
via "National Vulnerability Database".
‼ CVE-2020-18774 ‼
? Read
via "National Vulnerability Database".
A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.? Read
via "National Vulnerability Database".
‼ CVE-2020-18771 ‼
? Read
via "National Vulnerability Database".
Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.? Read
via "National Vulnerability Database".
‼ CVE-2021-39602 ‼
? Read
via "National Vulnerability Database".
A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service.? Read
via "National Vulnerability Database".
‼ CVE-2021-39613 ‼
? Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.? Read
via "National Vulnerability Database".
‼ CVE-2021-39599 ‼
? Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.? Read
via "National Vulnerability Database".
‼ CVE-2021-23431 ‼
📖 Read
via "National Vulnerability Database".
The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.📖 Read
via "National Vulnerability Database".