🚨 CVE-2021-45116
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
🎖@cveNotify
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
🎖@cveNotify
🚨 CVE-2021-45115
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.
🎖@cveNotify
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.
🎖@cveNotify
🚨 CVE-2021-41388
Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.
🎖@cveNotify
Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.
🎖@cveNotify
Netskope
NSKPSA-2021-002
Netskope Security Advisory NSKPSA-2021-002. Severity - High. Fix Version - Release 89 & above. Fix Description - Local privilege escalation issue in Netskope Client on macOS.
🚨 CVE-2021-22045
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
🎖@cveNotify
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
🎖@cveNotify
🚨 CVE-2022-21650
Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after uploading a file the XSS attack is triggered upon a user viewing the file. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.
🎖@cveNotify
Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after uploading a file the XSS attack is triggered upon a user viewing the file. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.
🎖@cveNotify
GitHub
GitHub is where people build software. More than 73 million people use GitHub to discover, fork, and contribute to over 200 million projects.
🚨 CVE-2021-45677
Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36.
🎖@cveNotify
Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36.
🎖@cveNotify
Netgear
Security Advisory for Stored Cross Site Scripting on Some Smart Managed Pro Switches, PSV-2019-0191 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-12-20 NETGEAR has released fixes for a stored cross site scripting security vulnerability on the following product models: GS108Tv2, running firmware versions prior to 5.4.2.36 GS110TPv2, running firmware versions…
🚨 CVE-2021-45676
Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126.
🎖@cveNotify
Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126.
🎖@cveNotify
Netgear
Security Advisory for Stored Cross Site Scripting on Some Routers, PSV-2020-0161 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-12-20 NETGEAR has released fixes for a stored cross site scripting security vulnerability on the following product models: RAX200, running firmware versions prior to 1.0.5.126 RAX20, running firmware versions…
🚨 CVE-2021-45504
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
🎖@cveNotify
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
🎖@cveNotify
Netgear
Security Advisory for Authentication Bypass on Some WiFi Systems, PSV-2020-0475 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-26 NETGEAR has released fixes for an authentication bypass security vulnerability on the following product models: CBR40, running firmware versions prior to 2.5.0.24 CBR750, running firmware versions prior…
🚨 CVE-2021-1406
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.
🎖@cveNotify
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.
🎖@cveNotify
Cisco
Cisco Security Advisory: Cisco Unified Communications Manager Information Disclosure Vulnerability
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device.…
🚨 CVE-2021-36350
Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication.
🎖@cveNotify
Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication.
🎖@cveNotify
Dell
DSA-2021-243: Dell PowerScale OneFS Contains Security Update for Multiple Vulnerabilities. | Dell UK
Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
🚨 CVE-2021-43587
Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.
🎖@cveNotify
Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.
🎖@cveNotify
🚨 CVE-2018-25028
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free.
🎖@cveNotify
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free.
🎖@cveNotify
rustsec.org
RUSTSEC-2018-0021: libpulse-binding: Use-after-free with objects returned by `Stream`'s `get_format_info` and `get_context` methods…
Security advisory database for Rust crates published through https://crates.io
🚨 CVE-2021-36318
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.
🎖@cveNotify
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.
🎖@cveNotify
Dell
DSA-2021-204: Dell EMC Avamar, Dell EMC NetWorker Virtual Edition (NVE), and Dell EMC PowerProtect DP Series Appliance or Dell…
Dell EMC Avamar, Dell EMC NetWorker Virtual Edition (NVE), and Dell EMC PowerProtect DP Series Appliance or Dell EMC Integrated Data Protection Appliance (IDPA) remediation is available for multiple vulnerabilities that may be exploited by malicious users…
👍1
🚨 CVE-2021-45510
NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass.
🎖@cveNotify
NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass.
🎖@cveNotify
Netgear
Security Advisory for Authentication Bypass on XR1000, PSV-2021-0011 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-26 NETGEAR has released fixes for an authentication bypass security vulnerability on the following product models: XR1000, running firmware versions prior to 1.0.0.58 NETGEAR strongly recommends that you download…
🚨 CVE-2021-45674
Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
🎖@cveNotify
Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
🎖@cveNotify
Netgear
Security Advisory for Stored Cross Site Scripting on Some Routers, PSV-2020-0017 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-26 NETGEAR has released fixes for a stored cross site scripting security vulnerability on the following product models: R7000, running firmware versions prior to 1.0.11.110 R7900, running firmware versions…
🚨 CVE-2021-45655
NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection.
🎖@cveNotify
NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection.
🎖@cveNotify
Netgear
Security Advisory for Server Side Injection on R6400, PSV-2019-0178 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-25 NETGEAR has released fixes for a server side injection security vulnerability on the following product models: R6400, running firmware versions prior to 1.0.1.70 NETGEAR strongly recommends that you download…
🚨 CVE-2021-45660
Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.
🎖@cveNotify
Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.
🎖@cveNotify
Netgear
Security Advisory for Server Side Injection on Some WiFi Systems, PSV-2019-0133 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-25 NETGEAR has released fixes for a server side injection security vulnerability on the following product models: RBK40, running firmware versions prior to 2.5.1.16 RBR40, running firmware versions prior to…
🚨 CVE-2021-45659
Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.
🎖@cveNotify
Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.
🎖@cveNotify
Netgear
Security Advisory for Server Side Injection on Some WiFi Systems, PSV-2019-0126 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-25 NETGEAR has released fixes for a server side injection security vulnerability on the following product models: RBK40, running firmware versions prior to 2.5.1.16 RBR40, running firmware versions prior to…
🚨 CVE-2021-45657
Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, and WNR2020 before 1.1.0.62.
🎖@cveNotify
Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, and WNR2020 before 1.1.0.62.
🎖@cveNotify
NETGEAR KB
Security Advisory for Server Side Injection on Some Routers and WiFi Systems, PSV-2019-0141
Associated CVE IDs: None First published: 2021-09-25 NETGEAR has released fixes for a server side injection security vulnerability on the following product models: D6200, running firmware versions prior to 1.1.00.38 D7000, running firmware versions prior…
🚨 CVE-2018-25027
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free.
🎖@cveNotify
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free.
🎖@cveNotify
rustsec.org
RUSTSEC-2018-0021: libpulse-binding: Use-after-free with objects returned by `Stream`'s `get_format_info` and `get_context` methods…
Security advisory database for Rust crates published through https://crates.io
🚨 CVE-2018-25026
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.
🎖@cveNotify
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.
🎖@cveNotify