π¨ CVE-2021-28373
The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in production. Semantic version numbers such as 21.03 appear to exist, but are automatically generated from the year and month. They are not releases.
π@cveNotify
The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in production. Semantic version numbers such as 21.03 appear to exist, but are automatically generated from the year and month. They are not releases.
π@cveNotify
π¨ CVE-2021-3407
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
π@cveNotify
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
π@cveNotify
π¨ CVE-2021-21265
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to an October CMS instance) the potential exists for Host Header Poisoning attacks to succeed. This has been addressed in version 1.1.2 by adding a feature to allow a set of trusted hosts to be specified in the application. As a workaround one may set the configuration setting cms.linkPolicy to force.
π@cveNotify
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to an October CMS instance) the potential exists for Host Header Poisoning attacks to succeed. This has been addressed in version 1.1.2 by adding a feature to allow a set of trusted hosts to be specified in the application. As a workaround one may set the configuration setting cms.linkPolicy to force.
π@cveNotify
GitHub
Add trusted hosts support to library (#549) Β· octobercms/library@f86fcbc
Adds support for a new configuration value app.trustedHosts that defines the allowed hosts for the application. This allows a developer to prevent host header poisoning.
Possible values:
true: Tr...
Possible values:
true: Tr...
π¨ CVE-2021-23354
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity.
π@cveNotify
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity.
π@cveNotify
GitHub
ReDoS in printf Β· Issue #31 Β· adaltas/node-printf
Hi, I would like to report two Regular Expression Denial of Service (REDoS) vulnerability in printf. It allows cause a denial of service when using crafted invalid formats. You can execute the code...
π¨ CVE-2021-22710
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.
π@cveNotify
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.
π@cveNotify
π¨ CVE-2021-28378
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.
π@cveNotify
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.
π@cveNotify
blog.gitea.io
Gitea 1.13.4 is released - Blog
π¨ CVE-2021-21069
Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe
Adobe Security Bulletin
Security update available for Adobe Creative Cloud Desktop Application | APSB21-18
π¨ CVE-2021-21056
Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
π¨ CVE-2021-28375
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.
π@cveNotify
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.
π@cveNotify
π¨ CVE-2021-28305
An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed.
π@cveNotify
An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed.
π@cveNotify
rustsec.org
RUSTSEC-2021-0037: diesel: Fix a use-after-free bug in diesels Sqlite backend βΊ RustSec Advisory Database
Security advisory database for Rust crates published through https://crates.io
π¨ CVE-2020-16230
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing.
π@cveNotify
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing.
π@cveNotify
us-cert.cisa.gov
HMS Networks Ewon Flexy and Cosy | CISA
1. EXECUTIVE SUMMARY
CVSS v3 2.3
ATTENTION: Low skill level to exploit
Vendor: HMS Networks
Equipment: Ewon Flexy and Cosy
Vulnerability: Permissive Cross-domain Policy with Untrusted Domains
2. RISK EVALUATION
Successful exploitation of this vulnerabilityβ¦
CVSS v3 2.3
ATTENTION: Low skill level to exploit
Vendor: HMS Networks
Equipment: Ewon Flexy and Cosy
Vulnerability: Permissive Cross-domain Policy with Untrusted Domains
2. RISK EVALUATION
Successful exploitation of this vulnerabilityβ¦
π¨ CVE-2021-28160
Reflected XSS on Acexy (BoyaMicro) Wireless-N WiFi Repeater 28.08.06.1 version 1.0 devices can occur via a malformed SSID field during scanning for nearby access points, which also occurs when a device's user visits the Repeater Wizard web management section. This enables an attacker to steal LAN credentials without being connected to the device.
π@cveNotify
Reflected XSS on Acexy (BoyaMicro) Wireless-N WiFi Repeater 28.08.06.1 version 1.0 devices can occur via a malformed SSID field during scanning for nearby access points, which also occurs when a device's user visits the Repeater Wizard web management section. This enables an attacker to steal LAN credentials without being connected to the device.
π@cveNotify
Medium
Hunting for Vulnerabilities in Low-Cost WiFi Repeaters
Security analysis of a low-cost WiFi Repeater
π¨ CVE-2021-27436
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the userβs cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
π@cveNotify
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the userβs cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
π@cveNotify
us-cert.cisa.gov
Advantech WebAccess/SCADA | CISA
1. EXECUTIVE SUMMARY
CVSS v3 5.4
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Advantech
Equipment: WebAccess/SCADA
Vulnerability: Cross-site Scripting
2. RISK EVALUATION
Successful exploitation of this vulnerability could allowβ¦
CVSS v3 5.4
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Advantech
Equipment: WebAccess/SCADA
Vulnerability: Cross-site Scripting
2. RISK EVALUATION
Successful exploitation of this vulnerability could allowβ¦
π¨ CVE-2021-26275
** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted.
π@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted.
π@cveNotify
π¨ CVE-2021-21384
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.
π@cveNotify
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.
π@cveNotify
GitHub
Strip null characters from arguments Β· ericcornelissen/shescape@07a069a
Update both the Unix and Windows `escapeShellArg` implementation to
strip null characters from input. Null characters can be used to at
least cause errors and potentially execute arbitrary commands...
strip null characters from input. Null characters can be used to at
least cause errors and potentially execute arbitrary commands...
π¨ CVE-2021-28653
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.
π@cveNotify
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.
π@cveNotify
Western Digital
WDC-21003 ArmorLock, Insecure Key Storage Vulnerability | Western Digital
Western Digital provides data storage solutions, including systems, HDD, Flash SSD, memory and personal data solutions to help customers capture and preserve their most valued data.
π¨ CVE-2021-25764
In JetBrains PhpStorm before 2020.3, source code could be added to debug logs.
π@cveNotify
In JetBrains PhpStorm before 2020.3, source code could be added to debug logs.
π@cveNotify
The JetBrains Blog
JetBrains Blog: The Drive to Develop
Developer Tools for Professionals and Teams
π¨ CVE-2021-27358
The snapshot feature in Grafana before 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
π@cveNotify
The snapshot feature in Grafana before 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
π@cveNotify
GitHub
grafana/CHANGELOG.md at master Β· grafana/grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many mo...
π¨ CVE-2021-27221
** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work.
π@cveNotify
** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work.
π@cveNotify
Medium
RouterOS: User with just βftpβ policy can write to filesystem [CVE-2021β27221]
I think I found security issue in RouterOS from Mikrotik company. I reported it as SUP-41598 on 2021β02-15. After a bit arogantβ¦
π¨ CVE-2021-28109
TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS).
π@cveNotify
TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS).
π@cveNotify
Gist
CVE-2021-28109
GitHub Gist: instantly share code, notes, and snippets.