CVE Notify
19.2K subscribers
4 photos
185K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2021-44028
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.

πŸŽ–@cveNotify
🚨 CVE-2021-40836
A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. Fixed in Capricorn update 2021-12-13_07.

πŸŽ–@cveNotify
🚨 CVE-2021-45100
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.

πŸŽ–@cveNotify
🚨 CVE-2021-0674
In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237.

πŸŽ–@cveNotify
🚨 CVE-2021-0676
In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009.

πŸŽ–@cveNotify
🚨 CVE-2021-43222
Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43236.

πŸŽ–@cveNotify
🚨 CVE-2021-40612
An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.

πŸŽ–@cveNotify
🚨 CVE-2021-43217
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability

πŸŽ–@cveNotify
🚨 CVE-2021-40858
Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.

πŸŽ–@cveNotify
🚨 CVE-2021-42320
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242.

πŸŽ–@cveNotify
🚨 CVE-2021-36750
ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other applications, mishandles key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names).

πŸŽ–@cveNotify
🚨 CVE-2021-43229
Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43230, CVE-2021-43231.

πŸŽ–@cveNotify
🚨 CVE-2021-0673
In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326.

πŸŽ–@cveNotify
🚨 CVE-2021-0677
In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827154; Issue ID: ALPS05827154.

πŸŽ–@cveNotify
🚨 CVE-2021-0678
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05722511.

πŸŽ–@cveNotify
🚨 CVE-2021-43230
Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43231.

πŸŽ–@cveNotify
🚨 CVE-2021-0679
In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781.

πŸŽ–@cveNotify
🚨 CVE-2021-43021
Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EXR file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

πŸŽ–@cveNotify
🚨 CVE-2021-43022
Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PNG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

πŸŽ–@cveNotify
🚨 CVE-2021-43023
Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EPS/TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

πŸŽ–@cveNotify