Monthly Archive: September 2021

Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. Date published : 2021-09-17 https://github.com/saitoha/libsixel/issues/114

An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). Date published : 2021-09-17 https://community.flexera.com/t5/Code-Insight-Knowledge-Base/CVE-2020-12083-Remediated-in-Code-Insight/ta-p/169356

A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). Date published : 2021-09-17 https://community.flexera.com/t5/Code-Insight-Knowledge-Base/CVE-2020-12082-Remediated-in-Code-Insight/ta-p/169353

A Denial of Service vulnerability has been identified in FlexNet Publisher’s lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash. Date published : 2021-09-17 https://www.tenable.com/security/research/tra-2020-28

Certain NETGEAR smart switches are affected by a n injection in the web UI’s password field, which – due to several faulty aspects of the authentication scheme – allows the attacker to create (or...

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet...

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file. Date published : 2021-09-16 https://github.com/wuzhicms/wuzhicms/issues/197

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file. Date published : 2021-09-16 https://github.com/wuzhicms/wuzhicms/issues/196

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Date published : 2021-09-16 https://security.netapp.com/advisory/ntap-20211008-0004/...

The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and...

The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group...

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server...

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server....

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could...