Vulnerability management.
List of latest published vulnerabilities.
- [webapps] GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE April 16, 2021GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE
- [webapps] Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS) April 15, 2021Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
- [webapps] htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS) April 15, 2021htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)
- [webapps] Horde Groupware Webmail 5.2.22 - Stored XSS April 15, 2021Horde Groupware Webmail 5.2.22 - Stored XSS
- [dos] glFTPd 2.11a - Remote Denial of Service April 15, 2021glFTPd 2.11a - Remote Denial of Service
- [webapps] CITSmart ITSM 9.1.2.22 - LDAP Injection April 14, 2021CITSmart ITSM 9.1.2.22 - LDAP Injection
- [webapps] jQuery 1.2 - Cross-Site Scripting (XSS) April 14, 2021jQuery 1.2 - Cross-Site Scripting (XSS)
- [webapps] Digital Crime Report Management System 1.0 - SQL Injection (Authentication Bypass) April 14, 2021Digital Crime Report Management System 1.0 - SQL Injection (Authentication Bypass)
- [webapps] CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated) April 14, 2021CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)
- [webapps] Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE April 14, 2021Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE
National Vulnerability Database
- CVE-2021-3506 April 19, 2021An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is […]
- CVE-2021-20208 April 19, 2021A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
- CVE-2021-27458 April 19, 2021If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions, PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, […]
- CVE-2020-27241 April 19, 2021An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
- CVE-2021-3497 April 19, 2021GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
- CVE-2021-3498 April 19, 2021GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
- CVE-2021-3505 April 19, 2021A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is […]
- CVE-2020-27240 April 19, 2021An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
- CVE-2021-30015 April 19, 2021There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal.
- CVE-2021-30199 April 19, 2021In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash.