PT-2021-14797 · Accusoft · Accusoft Imagegear

Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 19.9 Description: A stack-based buffer overflow issue exists in the PDF process fontname functionality. This can be triggered by a specially crafted malformed file, potentially leading to code execution. An attacker...

CVE-2021-24451

The Export Users With Meta WordPress plugin before 0.6.5 did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an authenticated SQL Injection...

Sql injection

The Export Users With Meta WordPress plugin before 0.6.5 did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an authenticated SQL Injection...

Fedora: Security Advisory for libtpms (FEDORA-2021-465b5c3b67)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-23402

All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality...

record-like-deep-assign 代码问题漏洞

record-like-deep-assign is a package. A code issue vulnerability exists in record-like-deep-assign that stems from a prototype contamination affecting key functionality within the plugin. No details of the vulnerability are provided at this time...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-2058)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : binutils (EulerOS-SA-2021-2058)

According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BF...

EulerOS 2.0 SP9 : binutils (EulerOS-SA-2021-2047)

According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BF...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-2047)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-31838 Command injection through environment variable in MVISION EDR

A command injection vulnerability in MVISION EDR MVEDR prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'...

EulerOS 2.0 SP8 : binutils (EulerOS-SA-2021-1976)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with...

Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF

The theme and plugin have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF Server Side Request Forgery and RFI Remote File Inclusion vulnerabilities on...

CVE-2021-33532

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iwwebs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the...

Integer overflow

In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can...

Command injection

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device...

CVE-2021-33537

CVE-2021-33537 affects Weidmueller Industrial WLAN devices. The vulnerability is a remote code execution in the iw_webs configuration parsing function. A specially crafted username entry can cause an overflow of an error message buffer, enabling RCE. An attacker can send commands while authentica...

CVE-2021-33528 WEIDMUELLER: WLAN devices affected by privilege escalation vulnerability

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iwconsole functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker...

CVE-2021-32704

DHIS 2 SQL injection (CVE-2021-32704) affects the API endpoint /api/trackedEntityInstances in DHIS2 versions 2.34.4, 2.35.2, 2.35.3, 2.35.4, and 2.36.0. The vulnerability is a SQL injection that can be exploited by a logged-in DHIS2 user, potentially allowing reading, editing, and deleting data w...

CVE-2021-29954

CVE-2021-29954 concerns a proxy vulnerability in Hubs Cloud’s Reticulum that permits access to internal URLs, including the metadata service. The affected product/version is Hubs Cloud ≤ mozillareality/reticulum/1.0.1/20210428201255. The connected documents describe the root cause as a misbehavin...