What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-06-22 02:15:07 | CVE-2021-20743 (lien direct) | Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation. | Vulnerability Guideline | ||
|
2021-06-22 02:15:07 | CVE-2021-20744 (lien direct) | Cross-site scripting vulnerability in EC-CUBE Category contents plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation. | Vulnerability Guideline | ★★★★★ | |
|
2021-06-22 02:15:07 | CVE-2021-20733 (lien direct) | Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | Vulnerability Guideline | ||
|
2021-06-21 22:15:07 | CVE-2021-34386 (lien direct) | Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calloc size calculation can cause the multiplication of count and size can overflow, which might lead to heap overflows. | Vulnerability Guideline | ||
|
2021-06-21 22:15:07 | CVE-2021-34389 (lien direct) | Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. An incorrect bounds check leads to a memory leak of a portion of the heap situated after a stream buffer. | Vulnerability Guideline | ||
|
2021-06-21 20:15:09 | CVE-2021-24383 (lien direct) | The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue | Guideline | ||
|
2021-06-21 20:15:08 | CVE-2021-24369 (lien direct) | In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is triggered when the form will be edited, for example when an admin reviews it and could lead to privilege escalation. | Guideline | ||
|
2021-06-21 20:15:08 | CVE-2021-24361 (lien direct) | In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues. | Guideline | ||
|
2021-06-21 20:15:08 | CVE-2021-24373 (lien direct) | The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue. | Guideline | ||
|
2021-06-21 20:15:08 | CVE-2021-24372 (lien direct) | The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue. | Guideline | ||
|
2021-06-21 20:15:08 | CVE-2021-24364 (lien direct) | The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | Guideline | ||
|
2021-06-21 17:15:09 | CVE-2021-26461 (lien direct) | Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | Guideline | ||
|
2021-06-21 17:15:09 | CVE-2021-0533 (lien direct) | In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193932 | Guideline | ||
|
2021-06-21 17:15:09 | CVE-2021-0532 (lien direct) | In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196177 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0527 (lien direct) | In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193931 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0528 (lien direct) | In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195266 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0529 (lien direct) | In memory management driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195268 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0508 (lien direct) | In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176444154 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0504 (lien direct) | In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179162665 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0516 (lien direct) | In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0513 (lien direct) | In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-156090809 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0512 (lien direct) | In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0523 (lien direct) | In onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-174047492 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0511 (lien direct) | In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0510 (lien direct) | In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444622 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0509 (lien direct) | In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444161 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0517 (lien direct) | In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179053823 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0478 (lien direct) | In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-169255797 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0530 (lien direct) | In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196175 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0531 (lien direct) | In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195272 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0507 (lien direct) | In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181860042 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0506 (lien direct) | In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-181962311 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0505 (lien direct) | In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179975048 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0522 (lien direct) | In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0520 (lien direct) | In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-176237595 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0521 (lien direct) | In getAllPackages of PackageManagerService, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of cross-user permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174661955 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0526 (lien direct) | In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195264 | Guideline | ||
|
2021-06-21 17:15:08 | CVE-2021-0525 (lien direct) | In memory management driver, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193929 | Guideline | ||
|
2021-06-21 13:15:08 | CVE-2021-28684 (lien direct) | The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack). | Guideline | ||
|
2021-06-20 13:15:07 | CVE-2021-24368 (lien direct) | The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link | Guideline | ||
|
2021-06-18 22:15:11 | CVE-2021-31272 (lien direct) | SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. | Vulnerability Guideline | ||
|
2021-06-18 20:15:07 | CVE-2021-32696 (lien direct) | The npm package "striptags" is an implementation of PHP's strip_tags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function. This can lead to a XSS. | Vulnerability Guideline | ||
|
2021-06-18 13:15:07 | CVE-2021-21997 (lien direct) | VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system. | Vulnerability Guideline | ||
|
2021-06-17 11:15:07 | CVE-2021-21777 (lien direct) | An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read. | Vulnerability Guideline | ||
|
2021-06-16 16:15:07 | CVE-2020-35759 (lien direct) | bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely). | Guideline | ||
|
2021-06-16 16:15:07 | CVE-2020-20444 (lien direct) | Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE vulnerability . | Vulnerability Guideline | ||
|
2021-06-16 15:15:08 | CVE-2021-27610 (lien direct) | SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. | Guideline | ||
|
2021-06-16 08:15:06 | CVE-2020-9493 (lien direct) | A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution. | Guideline | ||
|
2021-06-15 21:15:10 | CVE-2021-3595 (lien direct) | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. | Vulnerability Threat Guideline | ||
|
2021-06-15 21:15:09 | CVE-2021-3594 (lien direct) | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. | Vulnerability Threat Guideline |
To see everything:
Our RSS (filtrered)
