‼ CVE-2021-40669 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40670 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.📖 Read
via "National Vulnerability Database".
❌ CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug ❌
📖 Read
via "Threat Post".
The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.📖 Read
via "Threat Post".
Threat Post
CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug
The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.
‼ CVE-2020-21535 ‼
📖 Read
via "National Vulnerability Database".
fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21531 ‼
📖 Read
via "National Vulnerability Database".
fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21532 ‼
📖 Read
via "National Vulnerability Database".
fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21530 ‼
📖 Read
via "National Vulnerability Database".
fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21529 ‼
📖 Read
via "National Vulnerability Database".
fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21533 ‼
📖 Read
via "National Vulnerability Database".
fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21534 ‼
📖 Read
via "National Vulnerability Database".
fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21596 ‼
📖 Read
via "National Vulnerability Database".
libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21606 ‼
📖 Read
via "National Vulnerability Database".
libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21600 ‼
📖 Read
via "National Vulnerability Database".
libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21594 ‼
📖 Read
via "National Vulnerability Database".
libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21598 ‼
📖 Read
via "National Vulnerability Database".
libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21599 ‼
📖 Read
via "National Vulnerability Database".
libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21603 ‼
📖 Read
via "National Vulnerability Database".
libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21601 ‼
📖 Read
via "National Vulnerability Database".
libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41314 ‼
📖 Read
via "National Vulnerability Database".
Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or overwrite) a file with specific content (e.g., the "2" string). This leads to admin session crafting and therefore gaining full web UI admin privileges by an unauthenticated attacker. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21597 ‼
📖 Read
via "National Vulnerability Database".
libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21602 ‼
📖 Read
via "National Vulnerability Database".
libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.📖 Read
via "National Vulnerability Database".