CVE Notify
19.3K subscribers
4 photos
206K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
๐Ÿšจ CVE-2020-7552
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-13160
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-7551
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-7553
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-21118
Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-29443
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-20247
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-17380
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-8021
a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2019-0233
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-8020
A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-21311
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-0371
In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-164440989

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-26873
Windows User Profile Service Elevation of Privilege Vulnerability

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-23879
Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-29553
The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-3150
A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is fixed with the version 4.8.1

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-26872
Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26898, CVE-2021-26901.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-26871
Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26885.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-0399
In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176919394References: Upstream kernel

๐ŸŽ–@cveNotify