Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-09 18:15:13 |
CVE-2020-13592 (lien direct) |
An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. |
Vulnerability
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-09 18:15:13 |
CVE-2020-13591 (lien direct) |
An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. |
Vulnerability
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-09 18:15:12 |
CVE-2020-13534 (lien direct) |
A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability. |
Vulnerability
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-09 18:15:12 |
CVE-2020-13587 (lien direct) |
An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. |
Vulnerability
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-09 13:15:13 |
CVE-2021-25327 (lien direct) |
Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting (XSS). |
Vulnerability
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-09 13:15:13 |
CVE-2021-25328 (lien direct) |
Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service (DoS) or possible code execution on the device. |
Vulnerability
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-09 13:15:12 |
CVE-2020-21883 (lien direct) |
Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover. |
Vulnerability
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-08 23:15:12 |
CVE-2021-3482 (lien direct) |
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-08 22:15:13 |
CVE-2020-6590 (lien direct) |
Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-07 20:15:13 |
CVE-2021-30123 (lien direct) |
FFmpeg |
Vulnerability
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-07 15:15:13 |
CVE-2021-29627 (lien direct) |
In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-07 11:15:12 |
CVE-2021-30177 (lien direct) |
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE. |
Vulnerability
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-07 08:15:15 |
CVE-2021-20692 (lien direct) |
Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier allows an attacker to create or overwrite files by leading a user to expand a malicious ZIP archives. |
Vulnerability
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-07 08:15:14 |
CVE-2020-11243 (lien direct) |
RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-07 08:15:14 |
CVE-2020-11252 (lien direct) |
Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-07 08:15:13 |
CVE-2020-11231 (lien direct) |
Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-07 08:15:13 |
CVE-2020-11236 (lien direct) |
Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-06 07:15:12 |
CVE-2021-30154 (lien direct) |
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-06 07:15:12 |
CVE-2021-30157 (lien direct) |
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-05 22:15:12 |
CVE-2021-20307 (lien direct) |
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. |
Vulnerability
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-05 19:15:16 |
CVE-2021-24176 (lien direct) |
The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-05 19:15:16 |
CVE-2021-24180 (lien direct) |
Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL. |
Vulnerability
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-05 19:15:15 |
CVE-2021-24173 (lien direct) |
The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-05 19:15:15 |
CVE-2021-24168 (lien direct) |
The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator. |
Guideline
|
|
★★
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-05 19:15:14 |
CVE-2021-24155 (lien direct) |
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-05 19:15:14 |
CVE-2021-24156 (lien direct) |
Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-05 17:15:12 |
CVE-2020-4792 (lien direct) |
IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189441. |
Vulnerability
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-05 17:15:12 |
CVE-2020-4997 (lien direct) |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192914 |
Vulnerability
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-05 13:15:11 |
CVE-2021-30109 (lien direct) |
Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module. |
Vulnerability
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-05 11:15:11 |
CVE-2021-30056 (lien direct) |
Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-05 08:15:12 |
CVE-2021-29996 (lien direct) |
Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 19:15:20 |
CVE-2021-1879 (lien direct) |
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 19:15:20 |
CVE-2021-1844 (lien direct) |
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 19:15:19 |
CVE-2021-1793 (lien direct) |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 19:15:18 |
CVE-2021-1753 (lien direct) |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 19:15:18 |
CVE-2021-1790 (lien direct) |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 18:15:21 |
CVE-2021-1777 (lien direct) |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
Guideline
|
|
★★★
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 18:15:21 |
CVE-2021-1783 (lien direct) |
An access issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 18:15:21 |
CVE-2021-1785 (lien direct) |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 18:15:21 |
CVE-2021-1789 (lien direct) |
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 18:15:21 |
CVE-2021-1788 (lien direct) |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 18:15:20 |
CVE-2021-1775 (lien direct) |
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 18:15:20 |
CVE-2021-1772 (lien direct) |
A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 18:15:20 |
CVE-2021-1774 (lien direct) |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 18:15:20 |
CVE-2021-1773 (lien direct) |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 18:15:20 |
CVE-2021-1768 (lien direct) |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 18:15:20 |
CVE-2021-1767 (lien direct) |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to heap corruption. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 18:15:20 |
CVE-2021-1766 (lien direct) |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 18:15:20 |
CVE-2021-1763 (lien direct) |
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. |
Guideline
|
|
|
![CVE.webp](./Ressources/img/CVE.webp) |
2021-04-02 18:15:20 |
CVE-2021-1760 (lien direct) |
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information. |
Guideline
|
|
|