βΌ CVE-2021-35488 βΌ
π Read
via "National Vulnerability Database".
Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35489 βΌ
π Read
via "National Vulnerability Database".
Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37157 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm has the root password in cleartext.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37158 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. An authenticated attacker could inject OS commands by starting a Counter-Strike server and using the map field to enter a Bash command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42292 βΌ
π Read
via "National Vulnerability Database".
Microsoft Excel Security Feature Bypass Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41366 βΌ
π Read
via "National Vulnerability Database".
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42304 βΌ
π Read
via "National Vulnerability Database".
Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42302, CVE-2021-42303.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42288 βΌ
π Read
via "National Vulnerability Database".
Windows Hello Security Feature Bypass Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42279 βΌ
π Read
via "National Vulnerability Database".
Chakra Scripting Engine Memory Corruption Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41367 βΌ
π Read
via "National Vulnerability Database".
NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41370, CVE-2021-42283.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41373 βΌ
π Read
via "National Vulnerability Database".
FSLogix Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41356 βΌ
π Read
via "National Vulnerability Database".
Windows Denial of Service Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42323 βΌ
π Read
via "National Vulnerability Database".
Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26444, CVE-2021-42301.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31853 βΌ
π Read
via "National Vulnerability Database".
DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.π Read
via "National Vulnerability Database".
ποΈ Apache Storm maintainers patch two pre-auth RCE vulnerabilities ποΈ
π Read
via "The Daily Swig".
High-risk issues were discovered by GitHubβs in-house security teamπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Apache Storm maintainers patch two pre-auth RCE vulnerabilities
High-risk issues were discovered by GitHubβs in-house security team
βΌ CVE-2021-34598 βΌ
π Read
via "National Vulnerability Database".
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is activeπ Read
via "National Vulnerability Database".
βΌ CVE-2021-39474 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd component to execute commands on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43136 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34582 βΌ
π Read
via "National Vulnerability Database".
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25974 βΌ
π Read
via "National Vulnerability Database".
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a Γ’β¬ΕpublisherΓ’β¬οΏ½ role is able to inject and execute arbitrary JavaScript code while creating a page/article.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25975 βΌ
π Read
via "National Vulnerability Database".
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with Γ’β¬ΕpublisherΓ’β¬οΏ½ role to inject malicious JavaScript via the uploaded html file.π Read
via "National Vulnerability Database".