๐จ CVE-2020-16230
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing.
๐@cveNotify
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing.
๐@cveNotify
us-cert.cisa.gov
HMS Networks Ewon Flexy and Cosy | CISA
1. EXECUTIVE SUMMARY
CVSS v3 2.3
ATTENTION: Low skill level to exploit
Vendor: HMS Networks
Equipment: Ewon Flexy and Cosy
Vulnerability: Permissive Cross-domain Policy with Untrusted Domains
2. RISK EVALUATION
Successful exploitation of this vulnerabilityโฆ
CVSS v3 2.3
ATTENTION: Low skill level to exploit
Vendor: HMS Networks
Equipment: Ewon Flexy and Cosy
Vulnerability: Permissive Cross-domain Policy with Untrusted Domains
2. RISK EVALUATION
Successful exploitation of this vulnerabilityโฆ
๐จ CVE-2021-28160
Reflected XSS on Acexy (BoyaMicro) Wireless-N WiFi Repeater 28.08.06.1 version 1.0 devices can occur via a malformed SSID field during scanning for nearby access points, which also occurs when a device's user visits the Repeater Wizard web management section. This enables an attacker to steal LAN credentials without being connected to the device.
๐@cveNotify
Reflected XSS on Acexy (BoyaMicro) Wireless-N WiFi Repeater 28.08.06.1 version 1.0 devices can occur via a malformed SSID field during scanning for nearby access points, which also occurs when a device's user visits the Repeater Wizard web management section. This enables an attacker to steal LAN credentials without being connected to the device.
๐@cveNotify
Medium
Hunting for Vulnerabilities in Low-Cost WiFi Repeaters
Security analysis of a low-cost WiFi Repeater
๐จ CVE-2021-27436
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the userโs cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
๐@cveNotify
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the userโs cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
๐@cveNotify
us-cert.cisa.gov
Advantech WebAccess/SCADA | CISA
1. EXECUTIVE SUMMARY
CVSS v3 5.4
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Advantech
Equipment: WebAccess/SCADA
Vulnerability: Cross-site Scripting
2. RISK EVALUATION
Successful exploitation of this vulnerability could allowโฆ
CVSS v3 5.4
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Advantech
Equipment: WebAccess/SCADA
Vulnerability: Cross-site Scripting
2. RISK EVALUATION
Successful exploitation of this vulnerability could allowโฆ
๐จ CVE-2021-26275
** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted.
๐@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted.
๐@cveNotify
๐จ CVE-2021-21384
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.
๐@cveNotify
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.
๐@cveNotify
GitHub
Strip null characters from arguments ยท ericcornelissen/shescape@07a069a
Update both the Unix and Windows `escapeShellArg` implementation to
strip null characters from input. Null characters can be used to at
least cause errors and potentially execute arbitrary commands...
strip null characters from input. Null characters can be used to at
least cause errors and potentially execute arbitrary commands...
๐จ CVE-2021-28653
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.
๐@cveNotify
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.
๐@cveNotify
Western Digital
WDC-21003 ArmorLock, Insecure Key Storage Vulnerability | Western Digital
Western Digital provides data storage solutions, including systems, HDD, Flash SSD, memory and personal data solutions to help customers capture and preserve their most valued data.
๐จ CVE-2021-25764
In JetBrains PhpStorm before 2020.3, source code could be added to debug logs.
๐@cveNotify
In JetBrains PhpStorm before 2020.3, source code could be added to debug logs.
๐@cveNotify
The JetBrains Blog
JetBrains Blog: The Drive to Develop
Developer Tools for Professionals and Teams
๐จ CVE-2021-27358
The snapshot feature in Grafana before 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
๐@cveNotify
The snapshot feature in Grafana before 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
๐@cveNotify
GitHub
grafana/CHANGELOG.md at master ยท grafana/grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many mo...
๐จ CVE-2021-27221
** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work.
๐@cveNotify
** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work.
๐@cveNotify
Medium
RouterOS: User with just โftpโ policy can write to filesystem [CVE-2021โ27221]
I think I found security issue in RouterOS from Mikrotik company. I reported it as SUP-41598 on 2021โ02-15. After a bit arogantโฆ
๐จ CVE-2021-28109
TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS).
๐@cveNotify
TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS).
๐@cveNotify
Gist
CVE-2021-28109
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.
๐@cveNotify
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.
๐@cveNotify
๐จ CVE-2021-3327
Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter.
๐@cveNotify
Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter.
๐@cveNotify
Gist
CVE-2021-3327
CVE-2021-3327. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2021-28126
index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability
๐@cveNotify
index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability
๐@cveNotify
Gist
Stored XSS in TranzWare e-Commerce Payment Gateway - CVE-2021-28126
Stored XSS in TranzWare e-Commerce Payment Gateway - CVE-2021-28126 - CVE-2021-28126
๐จ CVE-2020-6578
Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.
๐@cveNotify
Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.
๐@cveNotify
usd HeroLab
Security Advisories - usd HeroLab
Wir untersuchen die sich stรคndig im Wandel befindlichen Angriffsszenarien und verรถffentlichen in diesem Zusammenhang eine Reihe von Security Advisories zu aktuellen Schwachstellen und Sicherheitsproblemen
๐จ CVE-2021-28110
/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser.
๐@cveNotify
/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser.
๐@cveNotify
Gist
XXE DoS in TranzWare e-Commerce Payment Gateway - CVE-2021-28110
XXE DoS in TranzWare e-Commerce Payment Gateway - CVE-2021-28110 - CVE-2021-28110
๐จ CVE-2020-6577
The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection.
๐@cveNotify
The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection.
๐@cveNotify
usd HeroLab
Security Advisories - usd HeroLab
Wir untersuchen die sich stรคndig im Wandel befindlichen Angriffsszenarien und verรถffentlichen in diesem Zusammenhang eine Reihe von Security Advisories zu aktuellen Schwachstellen und Sicherheitsproblemen
๐จ CVE-2021-25290
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
๐@cveNotify
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
๐@cveNotify
Pillow (PIL Fork)
8.1.1 (2021-03-01)
Security: CVE-2021-25289: Correct the fix for CVE-2020-35654: The previous fix for CVE-2020-35654 was insufficient due to incorrect error checking in TiffDecode.c. CVE-2021-25290: Fix buffer overfl...
๐จ CVE-2021-25289
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
๐@cveNotify
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
๐@cveNotify
Pillow (PIL Fork)
8.1.1 (2021-03-01)
Security: CVE-2021-25289: Correct the fix for CVE-2020-35654: The previous fix for CVE-2020-35654 was insufficient due to incorrect error checking in TiffDecode.c. CVE-2021-25290: Fix buffer overfl...
๐จ CVE-2021-25292
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
๐@cveNotify
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
๐@cveNotify
๐จ CVE-2021-25293
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
๐@cveNotify
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
๐@cveNotify
๐จ CVE-2021-25291
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
๐@cveNotify
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
๐@cveNotify