‼ CVE-2020-18730 ‼
? Read
via "National Vulnerability Database".
A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).? Read
via "National Vulnerability Database".
❌ Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs ❌
? Read
via "Threat Post".
Data leaked includes COVID-19 vaccination records, social security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools.? Read
via "Threat Post".
Threat Post
Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs
Data leaked includes COVID-19 vaccination records, Social Security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools.
‼ CVE-2020-18778 ‼
? Read
via "National Vulnerability Database".
In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.? Read
via "National Vulnerability Database".
‼ CVE-2021-39615 ‼
? Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.? Read
via "National Vulnerability Database".
‼ CVE-2020-18773 ‼
? Read
via "National Vulnerability Database".
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.? Read
via "National Vulnerability Database".
‼ CVE-2021-36013 ‼
? Read
via "National Vulnerability Database".
Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.? Read
via "National Vulnerability Database".
‼ CVE-2021-28596 ‼
? Read
via "National Vulnerability Database".
Adobe Framemaker version 2020.0.1 (and earlier) and 2019.0.8 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.? Read
via "National Vulnerability Database".
‼ CVE-2020-18776 ‼
? Read
via "National Vulnerability Database".
In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.? Read
via "National Vulnerability Database".
‼ CVE-2021-39614 ‼
? Read
via "National Vulnerability Database".
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values.? Read
via "National Vulnerability Database".
‼ CVE-2020-18775 ‼
? Read
via "National Vulnerability Database".
In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.? Read
via "National Vulnerability Database".
‼ CVE-2020-18774 ‼
? Read
via "National Vulnerability Database".
A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.? Read
via "National Vulnerability Database".
‼ CVE-2020-18771 ‼
? Read
via "National Vulnerability Database".
Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.? Read
via "National Vulnerability Database".
‼ CVE-2021-39602 ‼
? Read
via "National Vulnerability Database".
A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service.? Read
via "National Vulnerability Database".
‼ CVE-2021-39613 ‼
? Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.? Read
via "National Vulnerability Database".
‼ CVE-2021-39599 ‼
? Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.? Read
via "National Vulnerability Database".
‼ CVE-2021-23431 ‼
📖 Read
via "National Vulnerability Database".
The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23406 ‼
📖 Read
via "National Vulnerability Database".
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23429 ‼
📖 Read
via "National Vulnerability Database".
All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23432 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23430 ‼
📖 Read
via "National Vulnerability Database".
All versions of package startserver are vulnerable to Directory Traversal due to missing sanitization.📖 Read
via "National Vulnerability Database".
🦿 Microsoft Power Apps misconfiguration exposes data from 38 million records 🦿
📖 Read
via "Tech Republic".
The leaked data included personal information for COVID-19 contact tracing and vaccination appointments, social security numbers for job applicants, employee IDs, names and email addresses.📖 Read
via "Tech Republic".
TechRepublic
Microsoft Power Apps misconfiguration exposes data from 38 million records
The leaked data included personal information for COVID-19 contact tracing and vaccination appointments, social security numbers for job applicants, employee IDs, names and email addresses.