🚨 CVE-2021-45654
NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information.
🎖@cveNotify
NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information.
🎖@cveNotify
Netgear
Security Advisory for Sensitive Information Disclosure on XR1000, PSV-2021-0015 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-26 NETGEAR has released fixes for a sensitive information disclosure security vulnerability on the following product models: XR1000, running firmware versions prior to 1.0.0.58 NETGEAR strongly recommends…
🚨 CVE-2021-4169
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
🎖@cveNotify
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
🎖@cveNotify
GitHub
Proper escape · LiveHelperChat/livehelperchat@8f6ddad
Live Helper Chat - live support for your website. Featuring web and mobile apps, Voice & Video & ScreenShare. Supports Telegram, Twilio (whatsapp), Facebook messenger including building a bot. - Proper escape · LiveHelperChat/livehelperchat@8f6ddad
⚠️ℹ️⚠️ Hi everybody! To continue providing posts and keeping this channel alive, we accept advertising on the channel.
For advertising plans contact @SirMalware ⚠️ℹ️⚠️
For advertising plans contact @SirMalware ⚠️ℹ️⚠️
CVE Notify pinned «⚠️ℹ️⚠️ Hi everybody! To continue providing posts and keeping this channel alive, we accept advertising on the channel. For advertising plans contact @SirMalware ⚠️ℹ️⚠️»
🚨 CVE-2021-20050
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.
🎖@cveNotify
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.
🎖@cveNotify
🚨 CVE-2021-45600
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
🎖@cveNotify
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
🎖@cveNotify
Netgear
Security Advisory for Post-Authentication Command Injection on Some WiFi Systems, PSV-2020-0555 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-26 NETGEAR has released fixes for a post-authentication command injection security vulnerability on the following product models: CBR750, running firmware versions prior to 4.6.3.6 RBK852, running firmware…
🚨 CVE-2021-45625
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects XR300 before 1.0.3.68, R7000P before 1.3.3.140, and R6900P before 1.3.3.140.
🎖@cveNotify
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects XR300 before 1.0.3.68, R7000P before 1.3.3.140, and R6900P before 1.3.3.140.
🎖@cveNotify
Netgear
Security Advisory for Pre-Authentication Command Injection on Some Routers, PSV-2020-0371 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-12-21 NETGEAR has released fixes for a pre-authentication command injection security vulnerability on the following product models: XR300, running firmware versions prior to 1.0.3.68 R7000P, running firmware…
🚨 CVE-2021-45627
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
🎖@cveNotify
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
🎖@cveNotify
NETGEAR KB
Security Advisory for Pre-Authentication Command Injection on Some WiFi Systems, PSV-2020-0471
Associated CVE IDs: None First published: 2021-09-26 NETGEAR has released fixes for a pre-authentication command injection security vulnerability on the following product models: CBR750, running firmware versions prior to 4.6.3.6 RBK852, running firmware…
🚨 CVE-2021-45497
NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.
🎖@cveNotify
NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.
🎖@cveNotify
Netgear
Security Advisory for Authentication Bypass on D7000, PSV-2021-0155 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-12-22 NETGEAR has released fixes for an authentication bypass security vulnerability on the following product models: D7000, running firmware versions prior to 1.0.1.82 NETGEAR strongly recommends that you download…
🚨 CVE-2021-45496
NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.
🎖@cveNotify
NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.
🎖@cveNotify
NETGEAR KB
Security Advisory for Authentication Bypass on D7000, PSV-2021-0060
Associated CVE IDs: None First published: 2021-12-22 NETGEAR has released fixes for an authentication bypass security vulnerability on the following product models: D7000, running firmware versions prior to 1.0.1.82 NETGEAR strongly recommends that you download…
🚨 CVE-2021-45452
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
🎖@cveNotify
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
🎖@cveNotify
🚨 CVE-2021-45116
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
🎖@cveNotify
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
🎖@cveNotify
🚨 CVE-2021-45115
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.
🎖@cveNotify
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.
🎖@cveNotify
🚨 CVE-2021-41388
Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.
🎖@cveNotify
Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.
🎖@cveNotify
Netskope
NSKPSA-2021-002
Netskope Security Advisory NSKPSA-2021-002. Severity - High. Fix Version - Release 89 & above. Fix Description - Local privilege escalation issue in Netskope Client on macOS.
🚨 CVE-2021-22045
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
🎖@cveNotify
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
🎖@cveNotify
🚨 CVE-2022-21650
Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after uploading a file the XSS attack is triggered upon a user viewing the file. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.
🎖@cveNotify
Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after uploading a file the XSS attack is triggered upon a user viewing the file. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.
🎖@cveNotify
GitHub
GitHub is where people build software. More than 73 million people use GitHub to discover, fork, and contribute to over 200 million projects.
🚨 CVE-2021-45677
Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36.
🎖@cveNotify
Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36.
🎖@cveNotify
Netgear
Security Advisory for Stored Cross Site Scripting on Some Smart Managed Pro Switches, PSV-2019-0191 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-12-20 NETGEAR has released fixes for a stored cross site scripting security vulnerability on the following product models: GS108Tv2, running firmware versions prior to 5.4.2.36 GS110TPv2, running firmware versions…
🚨 CVE-2021-45676
Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126.
🎖@cveNotify
Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126.
🎖@cveNotify
Netgear
Security Advisory for Stored Cross Site Scripting on Some Routers, PSV-2020-0161 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-12-20 NETGEAR has released fixes for a stored cross site scripting security vulnerability on the following product models: RAX200, running firmware versions prior to 1.0.5.126 RAX20, running firmware versions…
🚨 CVE-2021-45504
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
🎖@cveNotify
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
🎖@cveNotify
Netgear
Security Advisory for Authentication Bypass on Some WiFi Systems, PSV-2020-0475 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-26 NETGEAR has released fixes for an authentication bypass security vulnerability on the following product models: CBR40, running firmware versions prior to 2.5.0.24 CBR750, running firmware versions prior…