CVE-2021-40491

CVE-2021-40491 affects GNU Inetutils before 2.2, where the FTP client does not validate addresses returned in PASV/LSPV responses against the server address, enabling potential address mismatch exploitation. The connected documents corroborate a related PASV-based risk in curl (CVE-2020-8284) and...

PT-2021-22897 · Gnu +2 · Gnu Inetutils +2

Name of the Vulnerable Software and Affected Versions: GNU Inetutils versions prior to 2.2 Description: The issue concerns the ftp client in GNU Inetutils, which fails to validate addresses returned by PASV/LSPV responses, ensuring they match the server address. Recommendations: For GNU Inetutils...

UBUNTU-CVE-2021-22251

Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings...

CVE-2021-23401

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...

Umbraco 输入验证错误漏洞

Umbraco CMS is an open source content management system CMS based on ASP.NET technology. An open redirect vulnerability exists in Umbraco CMS versions prior to 7.15.7. The vulnerability stems from insufficient url validation in booting.aspx. No detailed vulnerability details are available at this...

Critical uberOwner address changes should be a two-step process

Handle 0xRajeev Vulnerability details Impact As specified, uberOwners of Factory, Orderbook and Treasury have the highest privileges in the system because they can upgrade contracts of market, Nfthub, order book, treasury, token and factory which form the critical components of the protocol. The...

CVE-2021-25411

Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory...

CVE-2021-25415

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable...

CVE-2021-25411

Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory...

CVE-2021-25416

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area...

CVE-2021-25415

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable...

Input validation

Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory...

Design/Logic Flaw

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable...

CVE-2021-25416

The CVE-2021-25416 issue concerns Samsung SMR (system patch package). An improper address validation in RKP before SMR JUN-2021 Release 1 can let a local attacker, with EL1 assumed compromised, create kernel pages outside the code area. This is a local-exploit scenario with potential high impact ...

CVE-2021-25415

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable...

CVE-2021-25416

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area...

CVE-2021-25411

Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory...

Django < 2.2.24, 3.0 < 3.1.12, 3.2 < 3.2.4 Multiple Vulnerabilities - Linux

Django is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PT-2021-4521 · Django +4 · Django +4

Name of the Vulnerable Software and Affected Versions: Django versions 2.2 before 2.2.24 Django versions 3.x before 3.1.12 Django versions 3.2 before 3.2.4 Description: The issue is related to the URLValidator, validate ipv4 address, and validate ipv46 address functions in Django, which do not...

Arbitrary Code Execution

python3 is vulnerable to arbitrary code execution. IP address octets are left stripped instead of evaluated as valid IP addresses due to improper input validation of octal strings in the stdlib ipaddress allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks o...