‼ CVE-2021-41263 ‼
📖 Read
via "National Vulnerability Database".
rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42725 ‼
📖 Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by an improper access control vulnerability that leads to a security feature bypass. By manipulating referer headers, an unauthenticated attacker could gain access to arbitrary pages that they are not authorized to access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12961 ‼
📖 Read
via "National Vulnerability Database".
A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38979 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) ‼
📖 Read
via "National Vulnerability Database".
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30216 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a customer-controlled product. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42954 ‼
📖 Read
via "National Vulnerability Database".
Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26338 ‼
📖 Read
via "National Vulnerability Database".
Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43048 ‼
📖 Read
via "National Vulnerability Database".
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42706 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12920 ‼
📖 Read
via "National Vulnerability Database".
A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12894 ‼
📖 Read
via "National Vulnerability Database".
Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38949 ‼
📖 Read
via "National Vulnerability Database".
IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42375 ‼
📖 Read
via "National Vulnerability Database".
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38977 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) ‼
📖 Read
via "National Vulnerability Database".
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 212782.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24850 ‼
📖 Read
via "National Vulnerability Database".
The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21639 ‼
📖 Read
via "National Vulnerability Database".
Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting (XSS) vulnerability via the rule_name parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12960 ‼
📖 Read
via "National Vulnerability Database".
AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43011 ‼
📖 Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12899 ‼
📖 Read
via "National Vulnerability Database".
Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42726 ‼
📖 Read
via "National Vulnerability Database".
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24787 ‼
📖 Read
via "National Vulnerability Database".
The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".