π¨ CVE-2021-28831
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
π@cveNotify
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
π@cveNotify
π¨ CVE-2021-28090
Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.
π@cveNotify
Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.
π@cveNotify
blog.torproject.org
New releases (with security fixes): Tor 0.3.5.14, 0.4.4.8, and 0.4.5.7 | Tor Project
We have a new stable release today. If you build Tor from source, you can download the source code for 0.4.5.7 on the download page. Packages should be available within the next several weeks, with a new Tor Browser coming next week. Also today, Tor 0.3.5.14β¦
π¨ CVE-2021-20231
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
π@cveNotify
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
π@cveNotify
π¨ CVE-2021-20232
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
π@cveNotify
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
π@cveNotify
π¨ CVE-2021-20261
A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.
π@cveNotify
A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.
π@cveNotify
π¨ CVE-2020-24983
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticated request (to change the Dashboard name) as if the victim had done so themselves, aka CSRF.
π@cveNotify
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticated request (to change the Dashboard name) as if the victim had done so themselves, aka CSRF.
π@cveNotify
π¨ CVE-2021-27306
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.
π@cveNotify
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.
π@cveNotify
Kong Docs
Kong Gateway Changelog | Kong Docs
Documentation for Kong, the Cloud Connectivity Company for APIs and Microservices.
π¨ CVE-2021-21518
Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.
π@cveNotify
Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.
π@cveNotify
π¨ CVE-2020-17527
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
π@cveNotify
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
π@cveNotify
π¨ CVE-2021-27506
In Stormshield Network Security (SNS) 1.0 through 4.2.0, the parsing of some malformed files can lead to the crash of ClamAV service causing a Denial of Service.
π@cveNotify
In Stormshield Network Security (SNS) 1.0 through 4.2.0, the parsing of some malformed files can lead to the crash of ClamAV service causing a Denial of Service.
π@cveNotify
π¨ CVE-2020-4635
IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames.
π@cveNotify
IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames.
π@cveNotify
Ibmcloud
IBM Resilient information disclosure CVE-2020-4635 Vulnerability Report
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π¨ CVE-2021-21387
Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connection. Additionally, the safety number was improperly calculated. It was computed using part of one of the public identity keys instead of being derived from both public identity keys. This caused issues in computing safety numbers which would potentially be exploitable in the real world. Additionally there was inadequate encryption strength due to use of 1024-bit DSA keys. These issues are all fixed in version 2.3.0.
π@cveNotify
Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connection. Additionally, the safety number was improperly calculated. It was computed using part of one of the public identity keys instead of being derived from both public identity keys. This caused issues in computing safety numbers which would potentially be exploitable in the real world. Additionally there was inadequate encryption strength due to use of 1024-bit DSA keys. These issues are all fixed in version 2.3.0.
π@cveNotify
GitHub
GitHub is where people build software. More than 56 million people use GitHub to discover, fork, and contribute to over 100 million projects.
π¨ CVE-2021-28144
prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely.
π@cveNotify
prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely.
π@cveNotify
Packetstormsecurity
D-Link DIR-3060 1.11b04 Command Injection β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¨ CVE-2021-3177
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
π@cveNotify
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
π@cveNotify
π¨ CVE-2021-20017
A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.
π@cveNotify
A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.
π@cveNotify
π¨ CVE-2020-27223
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of βqualityβ (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
π@cveNotify
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of βqualityβ (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
π@cveNotify
π¨ CVE-2020-13949
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
π@cveNotify
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
π@cveNotify
π¨ CVE-2021-28126
index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability
π@cveNotify
index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability
π@cveNotify
Gist
Stored XSS in TranzWare e-Commerce Payment Gateway - CVE-2021-28126
Stored XSS in TranzWare e-Commerce Payment Gateway - CVE-2021-28126 - CVE-2021-28126
π¨ CVE-2021-28110
/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser.
π@cveNotify
/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser.
π@cveNotify
Gist
XXE DoS in TranzWare e-Commerce Payment Gateway - CVE-2021-28110
XXE DoS in TranzWare e-Commerce Payment Gateway - CVE-2021-28110 - CVE-2021-28110
π¨ CVE-2021-25277
FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component.
π@cveNotify
FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component.
π@cveNotify
GitHub
rauschecker/CVEs
Vulnerabilities I found and reported over the years. - rauschecker/CVEs
π¨ CVE-2021-27807
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
π@cveNotify
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
π@cveNotify