CVE Notify
19.2K subscribers
4 photos
185K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
๐Ÿšจ CVE-2021-25291
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-28122
A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. The issue occurs because Express is not set up to require authentication.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-25097
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-28831
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-28834
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-7021
Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-27191
The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. An attacker could send a large range (such as 128.0.0.0/1) that causes resource exhaustion.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-27212
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-27219
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-27218
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-8625
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-28160
Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected XSS vulnerability due to unsanitized SSID value when the latter is displayed in the /repeater.html page ("Repeater Wizard" homepage section).

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-13936
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-28126
index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-6578
Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.

๐ŸŽ–@cveNotify