Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects...
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and...
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky...
VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message...
EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message...
Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions...
reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version...
Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could...
In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET[‘replace’] variable. As a result, arbitrary Javascript code can get executed. Date published :...
In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the...
Microsoft Defender Remote Code Execution Vulnerability Date published : 2021-06-08 http://packetstormsecurity.com/files/163443/MpEngine-ASProtect-Embedded-Runtime-DLL-Memory-Corruption.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31985
Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31946. Date published : 2021-06-08 https://www.zerodayinitiative.com/advisories/ZDI-21-658/ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31983
Microsoft Intune Management Extension Remote Code Execution Vulnerability Date published : 2021-06-08 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31980
Microsoft Defender Denial of Service Vulnerability Date published : 2021-06-08 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31978