‼ CVE-2020-14264 ‼
📖 Read
via "National Vulnerability Database".
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0414 ‼
📖 Read
via "National Vulnerability Database".
In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561384; Issue ID: ALPS05561384.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0633 ‼
📖 Read
via "National Vulnerability Database".
In display driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05585423; Issue ID: ALPS05585423.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0409 ‼
📖 Read
via "National Vulnerability Database".
In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561359; Issue ID: ALPS05561359.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0935 ‼
📖 Read
via "National Vulnerability Database".
In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24544 ‼
📖 Read
via "National Vulnerability Database".
The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Furthermore, as by default any authenticated user is allowed to create Sliders (https://wordpress.org/support/topic/slider-can-be-changed-from-any-user-even-subscriber/, such settings can be changed in the plugin's settings), this would allow user with a role as low as subscriber to perform Cross-Site Scripting attacks against logged in admins viewing the slider list and could lead to privilege escalation by creating a rogue admin account for example.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24779 ‼
📖 Read
via "National Vulnerability Database".
The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any capability and CSRF checks, as a result, the settings can be updated by unauthenticated users.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0634 ‼
📖 Read
via "National Vulnerability Database".
In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594994; Issue ID: ALPS05594994.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0625 ‼
📖 Read
via "National Vulnerability Database".
In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594996; Issue ID: ALPS05594996.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0613 ‼
📖 Read
via "National Vulnerability Database".
In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05489178.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41035 ‼
📖 Read
via "National Vulnerability Database".
In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24514 ‼
📖 Read
via "National Vulnerability Database".
The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
🗓️ Popular NPM package UA-Parser-JS poisoned with cryptomining, password-stealing malware 🗓️
📖 Read
via "The Daily Swig".
Developer moves quickly to address vulnerabilities after his account was compromised📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Popular NPM package UA-Parser-JS poisoned with cryptomining, password-stealing malware
Developer moves quickly to address vulnerabilities after his account was compromised
‼ CVE-2021-24699 ‼
📖 Read
via "National Vulnerability Database".
The Easy Media Download WordPress plugin before 1.1.7 does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0663 ‼
📖 Read
via "National Vulnerability Database".
In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844458; Issue ID: ALPS05844458.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24744 ‼
📖 Read
via "National Vulnerability Database".
The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0662 ‼
📖 Read
via "National Vulnerability Database".
In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844434; Issue ID: ALPS05844434.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0411 ‼
📖 Read
via "National Vulnerability Database".
In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561362; Issue ID: ALPS05561362.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0941 ‼
📖 Read
via "National Vulnerability Database".
In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24414 ‼
📖 Read
via "National Vulnerability Database".
The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24885 ‼
📖 Read
via "National Vulnerability Database".
The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".