‼ CVE-2021-39599 ‼
? Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.? Read
via "National Vulnerability Database".
‼ CVE-2021-23431 ‼
📖 Read
via "National Vulnerability Database".
The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23406 ‼
📖 Read
via "National Vulnerability Database".
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23429 ‼
📖 Read
via "National Vulnerability Database".
All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23432 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23430 ‼
📖 Read
via "National Vulnerability Database".
All versions of package startserver are vulnerable to Directory Traversal due to missing sanitization.📖 Read
via "National Vulnerability Database".
🦿 Microsoft Power Apps misconfiguration exposes data from 38 million records 🦿
📖 Read
via "Tech Republic".
The leaked data included personal information for COVID-19 contact tracing and vaccination appointments, social security numbers for job applicants, employee IDs, names and email addresses.📖 Read
via "Tech Republic".
TechRepublic
Microsoft Power Apps misconfiguration exposes data from 38 million records
The leaked data included personal information for COVID-19 contact tracing and vaccination appointments, social security numbers for job applicants, employee IDs, names and email addresses.
‼ CVE-2021-36385 ‼
📖 Read
via "National Vulnerability Database".
A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xp_cmdshell.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38613 ‼
📖 Read
via "National Vulnerability Database".
The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33191 ‼
📖 Read
via "National Vulnerability Database".
From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command is then executed using the same privileges as the application binary. This was addressed in version 0.10.0📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39376 ‼
📖 Read
via "National Vulnerability Database".
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39375 ‼
📖 Read
via "National Vulnerability Database".
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38611 ‼
📖 Read
via "National Vulnerability Database".
A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37538 ‼
📖 Read
via "National Vulnerability Database".
Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38612 ‼
📖 Read
via "National Vulnerability Database".
In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38306 ‼
📖 Read
via "National Vulnerability Database".
Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38557 ‼
📖 Read
via "National Vulnerability Database".
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh with any executable content.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38556 ‼
📖 Read
via "National Vulnerability Database".
includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26040 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3711 ‼
📖 Read
via "National Vulnerability Database".
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3712 ‼
📖 Read
via "National Vulnerability Database".
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).📖 Read
via "National Vulnerability Database".