‼ CVE-2020-16156 ‼
📖 Read
via "National Vulnerability Database".
CPAN 2.28 allows Signature Verification Bypass.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39064 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID: 214957.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16155 ‼
📖 Read
via "National Vulnerability Database".
The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39052 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39065 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16154 ‼
📖 Read
via "National Vulnerability Database".
The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43818 ‼
📖 Read
via "National Vulnerability Database".
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38947 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39058 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 214617.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39054 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 214525.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39048 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43814 ‼
📖 Read
via "National Vulnerability Database".
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39049 ‼
📖 Read
via "National Vulnerability Database".
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39057 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32024 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4496 ‼
📖 Read
via "National Vulnerability Database".
The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43817 ‼
📖 Read
via "National Vulnerability Database".
Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session's authentication token which was also passed in at iframe creation time. Users should upgrade to Collabora Online 6.4.16 or higher or Collabora Online 4.2.20 or higher. Collabora Online Development Edition 21.11 is not affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39050 ‼
📖 Read
via "National Vulnerability Database".
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43822 ‼
📖 Read
via "National Vulnerability Database".
Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API (PHPCR) using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible, you can escape all places where `$property` is used to filter `sv:name` in the class `Jackalope\Transport\DoctrineDBAL\Query\QOMWalker`: `XPath::escape($property)`. Node names and xpaths can contain `"` or `;` according to the JCR specification. The jackalope component that translates the query object model into doctrine dbal queries does not properly escape the names and paths, so that a accordingly crafted node name can lead to an SQL injection. If queries are never done from user input, or if you validate the user input to not contain `;`, you are not affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38901 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39063 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956.📖 Read
via "National Vulnerability Database".