βΌ CVE-2021-31060 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30952 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30937 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31099 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31092 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30887 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30911 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30854 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31055 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31136 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32777 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HTTP spec. However, only the last header value is sent. This may allow specifically crafted requests to bypass authorization. Attackers may be able to escalate privileges when using ext-authz extension or back end service that uses multiple value headers for authorization. A specifically constructed request may be delivered by an untrusted downstream peer in the presence of ext-authz extension. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to the ext-authz extension to correctly merge multiple request header values, when sending request for authorization.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32779 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with an explicit case of a final "/admin" path element, or is using a negative assertion with final path element of "/admin". The client sends request to "/app1/admin#foo". In Envoy prior to 1.18.0, or 1.18.0+ configured with path_normalization=false. Envoy treats fragment as a suffix of the query string when present, or as a suffix of the path when query string is absent, so it evaluates the final path element as "/admin#foo" and mismatches with the configured "/admin" path element. In Envoy 1.18.0+ configured with path_normalization=true. Envoy transforms this to /app1/admin%23foo and mismatches with the configured /admin prefix. The resulting URI is sent to the next server-agent with the offending "#foo" fragment which violates RFC3986 or with the nonsensical "%23foo" text appended. A specifically constructed request with URI containing '#fragment' element delivered by an untrusted client in the presence of path based request authorization resulting in escalation of Privileges when path based request authorization extensions. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes that removes fragment from URI path in incoming requests.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32780 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32781 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy's decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32778 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoyΓ’β¬β’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susceptible to Denial of Service when Envoy is configured with high limit on H/2 concurrent streams. An attacker wishing to exploit this vulnerability would require a client opening and closing a large number of H/2 streams. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to reduce time complexity of resetting HTTP/2 streams. As a workaround users may limit the number of simultaneous HTTP/2 dreams for upstream and downstream peers to a low number, i.e. 100.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31151 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18917 βΌ
π Read
via "National Vulnerability Database".
The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18913 βΌ
π Read
via "National Vulnerability Database".
EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive database information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39155 βΌ
π Read
via "National Vulnerability Database".
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to [RFC 4343](https://datatracker.ietf.org/doc/html/rfc4343), Istio authorization policy should compare the hostname in the HTTP Host header in a case insensitive way, but currently the comparison is case sensitive. The proxy will route the request hostname in a case-insensitive way which means the authorization policy could be bypassed. As an example, the user may have an authorization policy that rejects request with hostname "httpbin.foo" for some source IPs, but the attacker can bypass this by sending the request with hostname "Httpbin.Foo". Patches are available in Istio 1.11.1, Istio 1.10.4 and Istio 1.9.8. As a work around a Lua filter may be written to normalize Host header before the authorization check. This is similar to the Path normalization presented in the [Security Best Practices](https://istio.io/latest/docs/ops/best-practices/security/#case-normalization) guide.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39156 βΌ
π Read
via "National Vulnerability Database".
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request with `#fragment` in the path may bypass IstioΓΒ’Γ’β¬ÒβΒ’s URI path based authorization policies. Patches are available in Istio 1.11.1, Istio 1.10.4 and Istio 1.9.8. As a work around a Lua filter may be written to normalize the path.π Read
via "National Vulnerability Database".
β California Man Hacked iCloud Accounts to Steal Nude Photos β
π Read
via "Threat Post".
Hao Kou Chi pleaded guilty to four felonies in a hacker-for-hire scam that used socially engineered emails to trick people out of their credentials.π Read
via "Threat Post".
Threat Post
California Man Hacked iCloud Accounts to Steal Nude Photos
Hao Kou Chi pleaded guilty to four felonies in a hacker-for-hire scam that used socially engineered emails to trick people out of their credentials.