New vulnerabilities from the NVD: CVE-2021-24824 | | The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved Published at: March 07, 2022 at 11:15AM View on website March 07, 2022 at 01:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-24821 | | The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price Settings (which gets injected on the edit page as well as any page that embeds the calculator using the shortcode), as well as the Text Preview field of a Project (injected on the edit project page) Published at: March 07, 2022 at 11:15AM View on website March 07, 2022 at 01:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-24810 | | The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed Published at: March 07, 2022 at 11:15AM View on website March 07, 2022 at 01:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-24778 | | The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. Published at: March 07, 2022 at 11:15AM View on website March 07, 2022 at 01:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-24777 | | The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection. Published at: March 07, 2022 at 11:15AM View on website March 07, 2022 at 01:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-24216 | | The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations. Published at: March 07, 2022 at 11:15AM View on website March 07, 2022 at 01:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22783 | | A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. Affected Product: Ritto Wiser Door (All versions) Published at: March 10, 2022 at 01:15AM View on website March 10, 2022 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-38296 | | Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.strictTransportSecurity". Update to Apache Spark 3.1.3 or later Published at: March 10, 2022 at 11:15AM View on website March 10, 2022 at 01:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-32435 | | Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. Published at: March 10, 2022 at 07:42PM View on website March 10, 2022 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-32434 | | abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c. Published at: March 10, 2022 at 07:42PM View on website March 10, 2022 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-32025 | | An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system. Published at: March 10, 2022 at 07:42PM View on website March 10, 2022 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-32006 | | This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files. Published at: March 10, 2022 at 07:42PM View on website March 10, 2022 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-32005 | | Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions. Published at: March 10, 2022 at 07:42PM View on website March 10, 2022 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-28488 | | |
New vulnerabilities from the NVD: CVE-2021-20269 | | A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47. Published at: March 10, 2022 at 07:41PM View on website March 10, 2022 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-36517 | | An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration. Published at: March 10, 2022 at 07:41PM View on website March 10, 2022 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-36123 | | saitoha libsixel v1.8.6 was discovered to contain a double free via the component sixel_chunk_destroy at /root/libsixel/src/chunk.c. Published at: March 10, 2022 at 07:41PM View on website March 10, 2022 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14115 | | A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. Published at: March 10, 2022 at 07:41PM View on website March 10, 2022 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14112 | | Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000. Published at: March 10, 2022 at 07:41PM View on website March 10, 2022 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14111 | | A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code. Published at: March 10, 2022 at 07:41PM View on website March 10, 2022 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-36518 | | jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. Published at: March 11, 2022 at 09:15AM View on website March 11, 2022 at 01:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-25031 | | Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Published at: March 11, 2022 at 09:15AM View on website March 11, 2022 at 01:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-27414 | | An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. Published at: March 11, 2022 at 08:15PM View on website March 11, 2022 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-26401 | | LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. Published at: March 11, 2022 at 08:15PM View on website March 11, 2022 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-26341 | | Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. Published at: March 11, 2022 at 08:15PM View on website March 11, 2022 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-23246 | | In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. Published at: March 11, 2022 at 08:15PM View on website March 11, 2022 at 09:33PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар