CVE-2021-32052

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...

Design/Logic Flaw

Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in to Kirby...

CVE-2021-29443

jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...

CVE-2021-25162

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and...

PT-2021-16434 · Aruba · Aruba Instant

Name of the Vulnerable Software and Affected Versions: Aruba Instant versions 6.4.4.8 through 6.4.4.17 and below Aruba Instant versions 6.5.4.18 and below Aruba Instant versions 8.3.0.14 and below Aruba Instant versions 8.5.0.11 and below Aruba Instant versions 8.6.0.7 and below Aruba Instant...

Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now

The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning ERP system. Tracked as CVE-2021-26295, the flaw affects all versions of t...

DEBIAN-CVE-2021-21295

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a...

CVE-2021-21331

The CVE affects the Java Datadog API client prior to version 1.0.0-beta.9. The issue is a local information disclosure caused by a temporary file created with insecure permissions (-rw-r--r--) in the prepareDownloadFilecreates pathway, with downloaded content via downloadFileFromResponse exposed ...

All Vulnerabilities for 2001online.com Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| 2001online.com ---|--- Open Bug Bounty...

All Vulnerabilities for acc.edu.ai Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| acc.edu.ai ---|--- Open Bug Bounty...

All Vulnerabilities for uniasselvi.com.br Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| uniasselvi.com.br ---|--- Open Bug Boun...

curl: CVE-2021-22876: Automatic referer leaks credentials

Summary: When using the --referer ';auto' feature the current URL is copied as-is to the referrer header of the subsequent request. The recommendation 1 is to strip these along with the URL fragment. I can imagine this may, in rare cases, result in unwanted/unexpected disclosure of credentials e....

All Vulnerabilities for ssoidp.gov.ps Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| ssoidp.gov.ps ---|--- Open Bug Bounty...

All Vulnerabilities for animecorner.me Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| animecorner.me ---|--- Open Bug Bounty...

All Vulnerabilities for hlhpn.bacninh.gov.vn Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| hlhpn.bacninh.gov.vn ---|--- Open Bug...

Ring Adds End-to-End Encryption to Quell Security Uproar

Smart doorbell maker Ring is giving cybersecurity critics less to gripe about with the introduction of end-to-end encryption to many of its models. Ring products, which have been a juggernaut success with consumers, have faced a litany of harsh criticism from cybersecurity experts for what they s...

Mitel MiCollab SQL Injection Vulnerability

Mitel MiCollab is an enterprise collaboration software and tools platform solution. A SQL injection vulnerability exists in the SAS portal in Mitel MiCollab versions prior to 9.2. The vulnerability stems from improper input validation. An attacker could exploit the vulnerability to access user...

Mitel MiCollab Information Disclosure Vulnerability (CNVD-2021-07246)

Mitel MiCollab is an enterprise collaboration software and tools platform solution. An information disclosure vulnerability exists in the AWV component of Mitel MiCollab versions prior to 9.2. The vulnerability stems from insufficient access control to the meeting code. An attacker could exploit...

Design/Logic Flaw

Kirby is a CMS. In Kirby CMS getkirby/cms before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin account for the Pane...

timstreecare.ca Cross Site Scripting vulnerability OBB-1494415

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...