๐จ CVE-2021-30889
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution.
๐@cveNotify
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution.
๐@cveNotify
Apple Support
About the security content of tvOS 15.1
This document describes the security content of tvOS 15.1.
๐จ CVE-2021-30890
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting.
๐@cveNotify
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting.
๐@cveNotify
Apple Support
About the security content of tvOS 15.1
This document describes the security content of tvOS 15.1.
๐จ CVE-2021-42362
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
๐@cveNotify
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
๐@cveNotify
๐จ CVE-2021-44927
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash.
๐@cveNotify
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash.
๐@cveNotify
GitHub
Null Pointer Dereference in gf_sg_vrml_mf_append() ยท Issue #1960 ยท gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the late...
๐จ CVE-2021-44926
A null pointer dereference vulnerability exists in the gpac in the gf_node_get_tag function, which causes a segmentation fault and application crash.
๐@cveNotify
A null pointer dereference vulnerability exists in the gpac in the gf_node_get_tag function, which causes a segmentation fault and application crash.
๐@cveNotify
GitHub
Null Pointer Dereference in gf_node_get_tag() ยท Issue #1961 ยท gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the late...
๐จ CVE-2021-44925
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash.
๐@cveNotify
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash.
๐@cveNotify
GitHub
Null Pointer Dereference in gf_svg_get_attribute_name() ยท Issue #1967 ยท gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the late...
๐จ CVE-2021-44924
An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.
๐@cveNotify
An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.
๐@cveNotify
GitHub
Infinite loop in gf_log() ยท Issue #1959 ยท gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the late...
๐จ CVE-2021-44923
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash.
๐@cveNotify
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash.
๐@cveNotify
GitHub
Null Pointer Dereference in gf_dump_vrml_dyn_field.isra() ยท Issue #1962 ยท gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the latest v...
๐จ CVE-2021-44922
A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash.
๐@cveNotify
A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash.
๐@cveNotify
GitHub
Null Pointer Dereference in BD_CheckSFTimeOffset() ยท Issue #1969 ยท gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the late...
๐จ CVE-2021-44921
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash.
๐@cveNotify
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash.
๐@cveNotify
GitHub
Null Pointer Dereference in gf_isom_parse_movie_boxes_internal() ยท Issue #1964 ยท gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the late...
๐จ CVE-2021-44920
An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash.
๐@cveNotify
An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash.
๐@cveNotify
GitHub
Invalid memory address dereference in dump_od_to_saf.isra() ยท Issue #1957 ยท gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the late...
๐จ CVE-2021-44919
A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function, which causes a segmentation fault and application crash.
๐@cveNotify
A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function, which causes a segmentation fault and application crash.
๐@cveNotify
GitHub
Null Pointer Dereference in gf_sg_vrml_mf_alloc() ยท Issue #1963 ยท gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the latest v...
๐จ CVE-2021-44918
A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash.
๐@cveNotify
A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash.
๐@cveNotify
GitHub
Null Pointer Dereference in gf_node_get_field() ยท Issue #1968 ยท gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! I looked for a similar issue and couldn't find any. I tried with the late...
๐จ CVE-2021-43216
Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability
๐@cveNotify
Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability
๐@cveNotify
๐จ CVE-2021-37605
In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.
๐@cveNotify
In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.
๐@cveNotify
๐จ CVE-2021-37604
In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame counter values by injecting messages with a sufficiently large frame counter value and invalid payload. This results in denial of service/valid packets in the network. There is also a possibility of a replay attack in the stack.
๐@cveNotify
In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame counter values by injecting messages with a sufficiently large frame counter value and invalid payload. This results in denial of service/valid packets in the network. There is also a possibility of a replay attack in the stack.
๐@cveNotify
๐จ CVE-2021-4104
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
๐@cveNotify
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
๐@cveNotify