CVE Notify
19.2K subscribers
4 photos
185K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2021-28953
The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository.

πŸŽ–@cveNotify
🚨 CVE-2019-12425
Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host

πŸŽ–@cveNotify
🚨 CVE-2020-13923
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04

πŸŽ–@cveNotify
🚨 CVE-2020-9496
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03

πŸŽ–@cveNotify
🚨 CVE-2021-23360
This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success.

πŸŽ–@cveNotify
🚨 CVE-2021-27807
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

πŸŽ–@cveNotify
🚨 CVE-2021-27906
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

πŸŽ–@cveNotify
🚨 CVE-2021-28957
lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for the HTML5 formaction attribute.

πŸŽ–@cveNotify
🚨 CVE-2020-13963
SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).

πŸŽ–@cveNotify
🚨 CVE-2021-28153
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

πŸŽ–@cveNotify
🚨 CVE-2021-26701
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112.

πŸŽ–@cveNotify
🚨 CVE-2021-21772
A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

πŸŽ–@cveNotify
🚨 CVE-2021-28543
Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers.

πŸŽ–@cveNotify
🚨 CVE-2021-26070
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.

πŸŽ–@cveNotify
🚨 CVE-2021-26069
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/{id}/ActionsAndOperations API endpoint. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.

πŸŽ–@cveNotify
🚨 CVE-2021-28955
git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).

πŸŽ–@cveNotify
🚨 CVE-2021-28956
** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

πŸŽ–@cveNotify
🚨 CVE-2021-28963
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.

πŸŽ–@cveNotify
🚨 CVE-2021-21437
Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions

πŸŽ–@cveNotify