Monthly Archive: February 2021

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input...

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial...

A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the...

The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts...

A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations. Date published...

Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI’s web system. Date published : 2021-02-25 https://gist.github.com/leommxj/93edce6f8572cefe79a3d7da4389374e...

Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field. Date published : 2021-02-25 https://db.threatpress.com/vulnerability/custom-global-variables/wordpress-custom-global-variables-plugin-1-0-5-stored-cross-site-scripting-xss-vulnerability https://www.exploit-db.com/exploits/49406

Triconsole Datepicker Calendar

.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112. Date published : 2021-02-25 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YLFATXASXW4OV2ZBSRP4G55HJH73QPBP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WA5WQJVHUL5C4XMJTLY3C67R4WP35EF4/

Visual Studio Code npm-script Extension Remote Code Execution Vulnerability Date published : 2021-02-25 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26700

Windows PKU2U Elevation of Privilege Vulnerability Date published : 2021-02-25 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-25195

Microsoft Teams iOS Information Disclosure Vulnerability Date published : 2021-02-25 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24114

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Date published : 2021-02-25 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24113

.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701. Date published : 2021-02-25 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24112