New vulnerabilities from the NVD: CVE-2021-21706 | | In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions. Published at: October 04, 2021 at 07:15AM View on website October 04, 2021 at 08:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-21705 | | In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision. Published at: October 04, 2021 at 07:15AM View on website October 04, 2021 at 08:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-21704 | | In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption. Published at: October 04, 2021 at 07:15AM View on website October 04, 2021 at 08:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22557 | | |
New vulnerabilities from the NVD: CVE-2021-22259 | | A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API. Published at: October 04, 2021 at 08:15PM View on website October 04, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-28119 | | Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window. Published at: October 04, 2021 at 08:15PM View on website October 04, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21496 | | A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter. Published at: October 05, 2021 at 12:15AM View on website October 05, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21495 | | A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter. Published at: October 05, 2021 at 12:15AM View on website October 05, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21494 | | A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0. Published at: October 05, 2021 at 12:15AM View on website October 05, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21493 | | An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames. Published at: October 05, 2021 at 12:15AM View on website October 05, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21434 | | Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field. Published at: October 05, 2021 at 12:15AM View on website October 05, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21431 | | HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. Published at: October 05, 2021 at 12:15AM View on website October 05, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21387 | | A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. Published at: October 04, 2021 at 11:15PM View on website October 05, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21386 | | A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. Published at: October 04, 2021 at 11:15PM View on website October 05, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22258 | | The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses Published at: October 05, 2021 at 05:15PM View on website October 05, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22257 | | An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user enumeration on such instances. Published at: October 05, 2021 at 05:15PM View on website October 05, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21506 | | waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add. Published at: October 06, 2021 at 01:15AM View on website October 06, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21505 | | waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave. Published at: October 06, 2021 at 01:15AM View on website October 06, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21504 | | waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?&m=Public&a=login. Published at: October 06, 2021 at 01:15AM View on website October 06, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21503 | | waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free. Published at: October 06, 2021 at 01:15AM View on website October 06, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-15941 | | A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages. Published at: October 06, 2021 at 01:15PM View on website October 06, 2021 at 03:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19003 | | An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list. Published at: October 06, 2021 at 04:15PM View on website October 06, 2021 at 06:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0685 | | In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-191055353 Published at: October 06, 2021 at 06:15PM View on website October 06, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0684 | | In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179839665 Published at: October 06, 2021 at 06:15PM View on website October 06, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0683 | | In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-185398942 Published at: October 06, 2021 at 06:15PM View on website October 06, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0682 | | In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-159624555 Published at: October 06, 2021 at 06:15PM View on website October 06, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0681 | | In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535337 Published at: October 06, 2021 at 06:15PM View on website October 06, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0680 | | In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535676 Published at: October 06, 2021 at 06:15PM View on website October 06, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0644 | | In conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-181053462 Published at: October 06, 2021 at 06:15PM View on website October 06, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0636 | | When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product: Androidversion: Android-10Android ID: A-189392423 Published at: October 06, 2021 at 06:15PM View on website October 06, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0635 | | When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product: Androidversion:Android-10Android ID: A-189402477 Published at: October 06, 2021 at 06:15PM View on website October 06, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0598 | | In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180422108 Published at: October 06, 2021 at 06:15PM View on website October 06, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-0595 | | In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-177457096 Published at: October 06, 2021 at 06:15PM View on website October 06, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21658 | | A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL. Published at: October 07, 2021 at 01:15AM View on website October 07, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21656 | | XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index. Published at: October 07, 2021 at 01:15AM View on website October 07, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21654 | | emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file. Published at: October 07, 2021 at 01:15AM View on website October 07, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21653 | | Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sj() method. Published at: October 07, 2021 at 01:15AM View on website October 07, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21652 | | Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method. Published at: October 07, 2021 at 01:15AM View on website October 07, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21651 | | Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method. Published at: October 07, 2021 at 01:15AM View on website October 07, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21650 | | Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method. Published at: October 07, 2021 at 01:15AM View on website October 07, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21649 | | Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method. Published at: October 07, 2021 at 01:15AM View on website October 07, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21648 | | WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php. Published at: October 07, 2021 at 01:15AM View on website October 07, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21865 | | ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha. Published at: October 08, 2021 at 12:15AM View on website October 08, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21729 | | JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Published at: October 08, 2021 at 01:15AM View on website October 08, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21726 | | OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter. Published at: October 08, 2021 at 01:15AM View on website October 08, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21725 | | OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter. Published at: October 08, 2021 at 01:15AM View on website October 08, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-4654 | | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090. Published at: October 08, 2021 at 09:15PM View on website October 08, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-22617 | | Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext. Published at: October 08, 2021 at 11:15PM View on website October 09, 2021 at 01:33AM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар