A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives. Date published : 2021-07-14 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-021.txt...
Power BI Remote Code Execution Vulnerability Date published : 2021-07-14 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31984
Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33771, CVE-2021-34514. Date published : 2021-07-14 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31979
Windows InstallService Elevation of Privilege Vulnerability Date published : 2021-07-14 https://www.zerodayinitiative.com/advisories/ZDI-21-818/ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31961
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33775, CVE-2021-33776, CVE-2021-33777, CVE-2021-33778. Date published : 2021-07-14 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31947
Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream. Date published : 2021-07-14 https://www.ysoft.com/en https://www.ysoft.com/en/legal/ysoft-safeq-flexispooler
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-34473. Date published : 2021-07-14 https://www.zerodayinitiative.com/advisories/ZDI-21-826/ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31206
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31206, CVE-2021-34473. Date published : 2021-07-14 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31196
Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-33772, CVE-2021-34490. Date published : 2021-07-14 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31183
Prototype pollution vulnerability in ‘putil-merge’ versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution. Date published : 2021-07-14 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25953
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running...
In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software...
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated...
This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path. Date published : 2021-07-14 https://github.com/trannamtrung1st/elFinder.Net.Core/commit/5498c8a86b76ef089cfbd7ef8be014b61fa11c73 https://github.com/trannamtrung1st/elFinder.Net.Core/releases/tag/all-1.2.4