New vulnerabilities from the NVD: CVE-2021-43943 | | Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The affected versions are before version 4.21.0. Published at: February 24, 2022 at 07:15AM View on website February 24, 2022 at 08:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-35689 | | A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enterprise Edition system. Successful attacks of this vulnerability can result in unauthorized remote code execution within Taleo Enterprise Edition and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. All affected customers were notified of CVE-2021-35689 by Oracle. Published at: February 24, 2022 at 05:15AM View on website February 24, 2022 at 08:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-26092 | | Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters. Published at: February 24, 2022 at 05:15AM View on website February 24, 2022 at 08:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-3876 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none. Published at: February 24, 2022 at 05:15PM View on website February 24, 2022 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-3873 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none. Published at: February 24, 2022 at 05:15PM View on website February 24, 2022 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-3871 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none. Published at: February 24, 2022 at 05:15PM View on website February 24, 2022 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-3870 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none. Published at: February 24, 2022 at 05:15PM View on website February 24, 2022 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-3868 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none. Published at: February 24, 2022 at 05:15PM View on website February 24, 2022 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-3867 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none. Published at: February 24, 2022 at 05:15PM View on website February 24, 2022 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-25636 | | LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5. Published at: February 24, 2022 at 05:15PM View on website February 24, 2022 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-27467 | | A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php. Published at: February 24, 2022 at 05:15PM View on website February 24, 2022 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-25058 | | An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future. Published at: February 24, 2022 at 05:15PM View on website February 24, 2022 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-26252 | | A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service. Published at: February 24, 2022 at 09:15PM View on website February 24, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14504 | | The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings. Published at: February 24, 2022 at 09:15PM View on website February 24, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14502 | | The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface. Published at: February 24, 2022 at 09:15PM View on website February 24, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14481 | | The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE. Published at: February 24, 2022 at 09:15PM View on website February 24, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14480 | | Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials. Published at: February 24, 2022 at 09:15PM View on website February 24, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14478 | | A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services. Published at: February 24, 2022 at 09:15PM View on website February 24, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10640 | | Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. Published at: February 24, 2022 at 09:15PM View on website February 24, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10636 | | Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. Published at: February 24, 2022 at 09:15PM View on website February 24, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10635 | | Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext. Published at: February 24, 2022 at 09:15PM View on website February 24, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10632 | | Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. Published at: February 24, 2022 at 09:15PM View on website February 24, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-23495 | | The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter. Published at: February 25, 2022 at 10:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22489 | | There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22480 | | The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22479 | | The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22478 | | The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22448 | | There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22441 | | Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22437 | | There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22434 | | There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22433 | | There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22432 | | There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22431 | | There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22430 | | There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22429 | | There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22426 | | There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22395 | | There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22394 | | There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2021-22319 | | There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows. Published at: February 25, 2022 at 09:15PM View on website February 25, 2022 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-36516 | | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. Published at: February 26, 2022 at 06:15AM View on website February 26, 2022 at 08:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-27958 | | The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template. Published at: February 26, 2022 at 10:15PM View on website February 26, 2022 at 11:33PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар