π¨ CVE-2021-30836
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory.
π@cveNotify
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory.
π@cveNotify
Apple Support
About the security content of watchOS 8
This document describes the security content of watchOS 8.
π¨ CVE-2021-30809
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution.
π@cveNotify
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution.
π@cveNotify
Apple Support
About the security content of watchOS 8
This document describes the security content of watchOS 8.
π¨ CVE-2021-44917
A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash.
π@cveNotify
A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash.
π@cveNotify
π¨ CVE-2021-38966
IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212357.
π@cveNotify
IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212357.
π@cveNotify
Ibmcloud
IBM Cloud Pak for Automation cross-site scripting CVE-2021-38966 Vulnerability Report
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π¨ CVE-2021-38900
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607.
π@cveNotify
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607.
π@cveNotify
Ibm
Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Managerβ¦
IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a information disclosure attack, potentially revealing sensitive information to an administrator.
π¨ CVE-2021-38893
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209512.
π@cveNotify
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209512.
π@cveNotify
Ibmcloud
IBM Business Process Manager and IBM Business Automation Workflow cross-site scripting CVE-2021-38893 Vulnerability Report
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π¨ CVE-2021-30889
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution.
π@cveNotify
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution.
π@cveNotify
Apple Support
About the security content of tvOS 15.1
This document describes the security content of tvOS 15.1.
π¨ CVE-2021-30890
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting.
π@cveNotify
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting.
π@cveNotify
Apple Support
About the security content of tvOS 15.1
This document describes the security content of tvOS 15.1.
π¨ CVE-2021-42362
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
π@cveNotify
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
π@cveNotify
π¨ CVE-2021-44927
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash.
π@cveNotify
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash.
π@cveNotify
GitHub
Null Pointer Dereference in gf_sg_vrml_mf_append() Β· Issue #1960 Β· gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the late...
π¨ CVE-2021-44926
A null pointer dereference vulnerability exists in the gpac in the gf_node_get_tag function, which causes a segmentation fault and application crash.
π@cveNotify
A null pointer dereference vulnerability exists in the gpac in the gf_node_get_tag function, which causes a segmentation fault and application crash.
π@cveNotify
GitHub
Null Pointer Dereference in gf_node_get_tag() Β· Issue #1961 Β· gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the late...
π¨ CVE-2021-44925
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash.
π@cveNotify
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash.
π@cveNotify
GitHub
Null Pointer Dereference in gf_svg_get_attribute_name() Β· Issue #1967 Β· gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the late...
π¨ CVE-2021-44924
An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.
π@cveNotify
An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.
π@cveNotify
GitHub
Infinite loop in gf_log() Β· Issue #1959 Β· gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the late...
π¨ CVE-2021-44923
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash.
π@cveNotify
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash.
π@cveNotify
GitHub
Null Pointer Dereference in gf_dump_vrml_dyn_field.isra() Β· Issue #1962 Β· gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the latest v...
π¨ CVE-2021-44922
A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash.
π@cveNotify
A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash.
π@cveNotify
GitHub
Null Pointer Dereference in BD_CheckSFTimeOffset() Β· Issue #1969 Β· gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the late...
π¨ CVE-2021-44921
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash.
π@cveNotify
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash.
π@cveNotify
GitHub
Null Pointer Dereference in gf_isom_parse_movie_boxes_internal() Β· Issue #1964 Β· gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the late...
π¨ CVE-2021-44920
An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash.
π@cveNotify
An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash.
π@cveNotify
GitHub
Invalid memory address dereference in dump_od_to_saf.isra() Β· Issue #1957 Β· gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the late...