‼ CVE-2021-44543 ‼
📖 Read
via "National Vulnerability Database".
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40161 ‼
📖 Read
via "National Vulnerability Database".
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDF earlier than 9.0.7 version.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43984 ‼
📖 Read
via "National Vulnerability Database".
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-8702 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-3886 ‼
📖 Read
via "National Vulnerability Database".
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-13835 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20318 ‼
📖 Read
via "National Vulnerability Database".
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-3896 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to overwrite arbitrary files.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-13905 ‼
📖 Read
via "National Vulnerability Database".
A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23198 ‼
📖 Read
via "National Vulnerability Database".
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27007 ‼
📖 Read
via "National Vulnerability Database".
NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-4478 ‼
📖 Read
via "National Vulnerability Database".
A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-4302 ‼
📖 Read
via "National Vulnerability Database".
A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3584 ‼
📖 Read
via "National Vulnerability Database".
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43989 ‼
📖 Read
via "National Vulnerability Database".
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44540 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44453 ‼
📖 Read
via "National Vulnerability Database".
mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-13892 ‼
📖 Read
via "National Vulnerability Database".
An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35243 ‼
📖 Read
via "National Vulnerability Database".
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.6 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20876 ‼
📖 Read
via "National Vulnerability Database".
Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on the published site's server via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20827 ‼
📖 Read
via "National Vulnerability Database".
Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the attacker may access the PLC Web server and hijack the PLC, and manipulation of the PLC output and/or suspension of the PLC may be conducted.📖 Read
via "National Vulnerability Database".