βΌ CVE-2020-12899 βΌ
π Read
via "National Vulnerability Database".
Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42726 βΌ
π Read
via "National Vulnerability Database".
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24787 βΌ
π Read
via "National Vulnerability Database".
The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2020-21627 βΌ
π Read
via "National Vulnerability Database".
Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24847 βΌ
π Read
via "National Vulnerability Database".
The importFromRedirection AJAX action of the SEO Redirection Plugin ΓΒ’Γ’β¬Òβ¬Ε 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installedπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3939 βΌ
π Read
via "National Vulnerability Database".
Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24772 βΌ
π Read
via "National Vulnerability Database".
The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42378 (busybox) βΌ
π Read
via "National Vulnerability Database".
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i functionπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24853 βΌ
π Read
via "National Vulnerability Database".
The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirectsπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42379 (busybox) βΌ
π Read
via "National Vulnerability Database".
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file functionπ Read
via "National Vulnerability Database".
βΌ CVE-2020-12905 βΌ
π Read
via "National Vulnerability Database".
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25982 βΌ
π Read
via "National Vulnerability Database".
In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the Γ’β¬ΕsearchΓ’β¬οΏ½ parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42703 (webaccess_hmi_designer) βΌ
π Read
via "National Vulnerability Database".
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the userΓ’β¬β’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12903 βΌ
π Read
via "National Vulnerability Database".
Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42385 (busybox) βΌ
π Read
via "National Vulnerability Database".
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate functionπ Read
via "National Vulnerability Database".
βΌ CVE-2021-25985 βΌ
π Read
via "National Vulnerability Database".
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a userΓ’β¬β’s session even after the user logs out of the application. In addition, user sessions are stored in the browserΓ’β¬β’s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, followed by a local account takeover.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29861 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26323 βΌ
π Read
via "National Vulnerability Database".
Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24802 βΌ
π Read
via "National Vulnerability Database".
The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attackπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41266 βΌ
π Read
via "National Vulnerability Database".
Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affected and are advised to update to 0.12.3 or newer. Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod, then disable the external identity provider authentication by unset the CONSOLE_IDP_URL, CONSOLE_IDP_CLIENT_ID, CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42373 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is givenπ Read
via "National Vulnerability Database".