‼ CVE-2020-12898 ‼
📖 Read
via "National Vulnerability Database".
Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42380 (busybox) ‼
📖 Read
via "National Vulnerability Database".
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42383 (busybox) ‼
📖 Read
via "National Vulnerability Database".
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41271 ‼
📖 Read
via "National Vulnerability Database".
Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42384 (busybox) ‼
📖 Read
via "National Vulnerability Database".
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42580 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42114 ‼
📖 Read
via "National Vulnerability Database".
Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips on affected memory modules using our Blacksmith fuzzer. The patterns generated by Blacksmith were able to trigger bitflips on all 40 PC-DDR4 DRAM devices in our test pool, which cover the three major DRAM manufacturers: Samsung, SK Hynix, and Micron. This means that, even when chips advertised as Rowhammer-free are used, attackers may still be able to exploit Rowhammer. For example, this enables privilege-escalation attacks against the kernel or binaries such as the sudo binary, and also triggering bit flips in RSA-2048 keys (e.g., SSH keys) to gain cross-tenant virtual-machine access. We can confirm that DRAM devices acquired in July 2020 with DRAM chips from all three major DRAM vendors (Samsung, SK Hynix, Micron) are affected by this vulnerability. For more details, please refer to our publication.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38981 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) ‼
📖 Read
via "National Vulnerability Database".
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42723 ‼
📖 Read
via "National Vulnerability Database".
Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42731 ‼
📖 Read
via "National Vulnerability Database".
Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41263 ‼
📖 Read
via "National Vulnerability Database".
rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42725 ‼
📖 Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by an improper access control vulnerability that leads to a security feature bypass. By manipulating referer headers, an unauthenticated attacker could gain access to arbitrary pages that they are not authorized to access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12961 ‼
📖 Read
via "National Vulnerability Database".
A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38979 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) ‼
📖 Read
via "National Vulnerability Database".
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30216 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a customer-controlled product. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42954 ‼
📖 Read
via "National Vulnerability Database".
Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26338 ‼
📖 Read
via "National Vulnerability Database".
Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43048 ‼
📖 Read
via "National Vulnerability Database".
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42706 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12920 ‼
📖 Read
via "National Vulnerability Database".
A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12894 ‼
📖 Read
via "National Vulnerability Database".
Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service.📖 Read
via "National Vulnerability Database".