CVE Notify
19.2K subscribers
4 photos
185K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2021-42294
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42309.

πŸŽ–@cveNotify
🚨 CVE-2021-42309
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42294.

πŸŽ–@cveNotify
🚨 CVE-2021-43214
Web Media Extensions Remote Code Execution Vulnerability

πŸŽ–@cveNotify
🚨 CVE-2021-43219
DirectX Graphics Kernel File Denial of Service Vulnerability

πŸŽ–@cveNotify
🚨 CVE-2021-42912
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.

πŸŽ–@cveNotify
🚨 CVE-2021-41260
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue.

πŸŽ–@cveNotify
🚨 CVE-2021-44315
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server.

πŸŽ–@cveNotify
🚨 CVE-2021-44031
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}.

πŸŽ–@cveNotify
🚨 CVE-2021-44030
Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery.

πŸŽ–@cveNotify
🚨 CVE-2021-44029
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known (due to the presence of CVE-2017-11317, CVE-2017-11357, or other means). A default setting for the type whitelisting feature in more current versions of ASP.NET AJAX prevents exploitation.

πŸŽ–@cveNotify
🚨 CVE-2021-44028
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.

πŸŽ–@cveNotify
🚨 CVE-2021-40836
A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. Fixed in Capricorn update 2021-12-13_07.

πŸŽ–@cveNotify
🚨 CVE-2021-45100
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.

πŸŽ–@cveNotify
🚨 CVE-2021-0674
In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237.

πŸŽ–@cveNotify
🚨 CVE-2021-0676
In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009.

πŸŽ–@cveNotify
🚨 CVE-2021-43222
Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43236.

πŸŽ–@cveNotify
🚨 CVE-2021-40612
An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.

πŸŽ–@cveNotify
🚨 CVE-2021-43217
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability

πŸŽ–@cveNotify
🚨 CVE-2021-40858
Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.

πŸŽ–@cveNotify