Commits 03/10/2021

Sequenza temporale

Voce

Campo

source_cve_nvd_summary135
vulnerability_cvss2_nvd_basescore39
vulnerability_cvss2_nvd_ai39
vulnerability_cvss2_nvd_ii39
vulnerability_cvss2_nvd_ci39

Commit Conf

70%622
90%216
50%30

Approve Conf

70%622
90%216
80%30

IDUtenteVoceCampoModificareOsservazioniAccettatoMotivoC
11675426VulD...183552cve_nvd_summaryAdobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .exr file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.cve.org03/10/2021accettato
70
11675425VulD...183551cve_nvd_summaryAdobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.cve.org03/10/2021accettato
70
11675424VulD...183550cve_nvd_summaryAdobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a use-after-free vulnerability in the processing of a malformed PDF file that could result in disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.cve.org03/10/2021accettato
70
11675423VulD...183549cve_nvd_summaryAdobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.cve.org03/10/2021accettato
70
11675422VulD...183548cve_nvd_summaryAdobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.cve.org03/10/2021accettato
70
11675421VulD...183547cve_nvd_summaryAdobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.cve.org03/10/2021accettato
70
11675420VulD...183546cve_nvd_summaryAdobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.cve.org03/10/2021accettato
70
11675419VulD...183545cve_nvd_summaryAdobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file.cve.org03/10/2021accettato
70
11675418VulD...183544cve_nvd_summaryAdobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.cve.org03/10/2021accettato
70
11675417VulD...183543cve_nvd_summaryAdobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.cve.org03/10/2021accettato
70
11675416VulD...183542cve_nvd_summaryAdobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.cve.org03/10/2021accettato
70
11675415VulD...183541cve_nvd_summaryAdobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file.cve.org03/10/2021accettato
70
11675414VulD...183540cve_nvd_summaryAdobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file.cve.org03/10/2021accettato
70
11675413VulD...183539cve_nvd_summaryThe Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8.cve.org03/10/2021accettato
70
11675412VulD...183539cve_nvd_summaryThe Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8.cve.org03/10/2021accettato
70
11675411VulD...183538cve_nvd_summaryA stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.cve.org03/10/2021accettato
70
11675410VulD...183537cve_nvd_summaryA flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.cve.org03/10/2021accettato
70
11675409VulD...183537cve_nvd_summaryA flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.cve.org03/10/2021accettato
70
11675408VulD...183536cve_nvd_summaryIBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204832.cve.org03/10/2021accettato
70
11675407VulD...183536confirm_urlhttps://www.ibm.com/support/pages/node/6493271ibm.com03/10/2021accettato
70
11675406VulD...183535cve_nvd_summaryThe build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che.cve.org03/10/2021accettato
70
11675405VulD...183535confirm_urlhttps://bugs.eclipse.org/bugs/show_bug.cgi?id=540989bugs.eclipse.org03/10/2021accettato
70
11675404VulD...183534cve_nvd_summaryAdobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to check for existence of local files. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page.cve.org03/10/2021accettato
70
11675403VulD...183533cve_nvd_summaryAcrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page.cve.org03/10/2021accettato
70
11675402VulD...183532cve_nvd_summaryA command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.cve.org03/10/2021accettato
70
11675401VulD...183531cve_nvd_summaryInsecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database).cve.org03/10/2021accettato
70
11675400VulD...183530cve_nvd_summaryAn uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.cve.org03/10/2021accettato
70
11675399VulD...183529cve_nvd_summaryA directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.cve.org03/10/2021accettato
70
11675398VulD...183528cve_nvd_summaryConfluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information.cve.org03/10/2021accettato
70
11675397VulD...183527cve_nvd_summaryOS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.cve.org03/10/2021accettato
70
11675396VulD...183527cve_nvd_summaryOS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.cve.org03/10/2021accettato
70
11675395VulD...183526cve_nvd_summaryA vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations.cve.org03/10/2021accettato
70
11675394VulD...183525cve_nvd_summaryJWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms (HS256, HS384, and HS512) combined with `Lcobucci\JWT\Signer\Key\LocalFileReference` as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and, since users can issue and validate tokens, users are lead to believe that everything works properly. Versions 3.4.6, 4.0.4, and 4.1.5 have been patched to always load the file contents, deprecated the `Lcobucci\JWT\Signer\Key\LocalFileReference`, and suggest `Lcobucci\JWT\Signer\Key\InMemory` as the alternative. As a workaround, use `Lcobucci\JWT\Signer\Key\InMemory` instead of `Lcobucci\JWT\Signer\Key\LocalFileReference` to create the instances of one's keys.cve.org03/10/2021accettato
70
11675393VulD...183525cve_nvd_summaryJWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms (HS256, HS384, and HS512) combined with `Lcobucci\JWT\Signer\Key\LocalFileReference` as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and, since users can issue and validate tokens, users are lead to believe that everything works properly. Versions 3.4.6, 4.0.4, and 4.1.5 have been patched to always load the file contents, deprecated the `Lcobucci\JWT\Signer\Key\LocalFileReference`, and suggest `Lcobucci\JWT\Signer\Key\InMemory` as the alternative. As a workaround, use `Lcobucci\JWT\Signer\Key\InMemory` instead of `Lcobucci\JWT\Signer\Key\LocalFileReference` to create the instances of one's keys.cve.org03/10/2021accettato
70
11675392VulD...183525confirm_urlhttps://github.com/lcobucci/jwt/security/advisories/GHSA-7322-jrq4-x5hfgithub.com03/10/2021accettato
70
11675391VulD...183524cve_nvd_summaryDell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.cve.org03/10/2021accettato
70
11675390VulD...183523cve_nvd_summaryIn Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.cve.org03/10/2021accettato
70
11675389VulD...183523cve_nvd_summaryIn Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.cve.org03/10/2021accettato
70
11675388VulD...183523identifier16435903/10/2021accettato
70
11675387VulD...183522cvss3_nvd_basescore9.8nist.gov03/10/2021accettato
90
11675386VulD...183522cvss2_nvd_basescore7.5nist.gov03/10/2021accettato
90
11675385VulD...183522cvss3_meta_tempscore7.9see CVSS documentation03/10/2021accettato
90
11675384VulD...183522cvss3_meta_basescore8.0see CVSS documentation03/10/2021accettato
90
11675383VulD...183522cvss2_nvd_aiPnist.gov03/10/2021accettato
70
11675382VulD...183522cvss2_nvd_iiPnist.gov03/10/2021accettato
70
11675381VulD...183522cvss2_nvd_ciPnist.gov03/10/2021accettato
70
11675380VulD...183522cvss2_nvd_auNnist.gov03/10/2021accettato
70
11675379VulD...183522cvss2_nvd_acLnist.gov03/10/2021accettato
70
11675378VulD...183522cvss2_nvd_avNnist.gov03/10/2021accettato
70
11675377VulD...183522cvss3_nvd_aHnist.gov03/10/2021accettato
70
11675376VulD...183522cvss3_nvd_iHnist.gov03/10/2021accettato
70
11675375VulD...183522cvss3_nvd_cHnist.gov03/10/2021accettato
70
11675374VulD...183522cvss3_nvd_sUnist.gov03/10/2021accettato
70
11675373VulD...183522cvss3_nvd_uiNnist.gov03/10/2021accettato
70
11675372VulD...183522cvss3_nvd_prNnist.gov03/10/2021accettato
70
11675371VulD...183522cvss3_nvd_acLnist.gov03/10/2021accettato
70
11675370VulD...183522cvss3_nvd_avNnist.gov03/10/2021accettato
70
11675369VulD...183522cve_nvd_summaryA SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0.7.29360.cve.org03/10/2021accettato
70
11675368VulD...183521cve_nvd_summaryA Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is a hardware terminal of "Optical Modem Smart Router." Attackers can use this vulnerability to restart the device multiple times.cve.org03/10/2021accettato
70
11675367VulD...183520cvss3_nvd_basescore5.4nist.gov03/10/2021accettato
90
11675366VulD...183520cvss2_nvd_basescore3.5nist.gov03/10/2021accettato
90
11675365VulD...183520cvss3_meta_tempscore4.4see CVSS documentation03/10/2021accettato
90
11675364VulD...183520cvss3_meta_basescore4.4see CVSS documentation03/10/2021accettato
90
11675363VulD...183520cvss2_nvd_aiNnist.gov03/10/2021accettato
70
11675362VulD...183520cvss2_nvd_iiPnist.gov03/10/2021accettato
70
11675361VulD...183520cvss2_nvd_ciNnist.gov03/10/2021accettato
70
11675360VulD...183520cvss2_nvd_auSnist.gov03/10/2021accettato
70
11675359VulD...183520cvss2_nvd_acMnist.gov03/10/2021accettato
70
11675358VulD...183520cvss2_nvd_avNnist.gov03/10/2021accettato
70
11675357VulD...183520cvss3_nvd_aNnist.gov03/10/2021accettato
70
11675356VulD...183520cvss3_nvd_iLnist.gov03/10/2021accettato
70
11675355VulD...183520cvss3_nvd_cLnist.gov03/10/2021accettato
70
11675354VulD...183520cvss3_nvd_sCnist.gov03/10/2021accettato
70
11675353VulD...183520cvss3_nvd_uiRnist.gov03/10/2021accettato
70
11675352VulD...183520cvss3_nvd_prLnist.gov03/10/2021accettato
70
11675351VulD...183520cvss3_nvd_acLnist.gov03/10/2021accettato
70
11675350VulD...183520cvss3_nvd_avNnist.gov03/10/2021accettato
70
11675349VulD...183520cve_nvd_summaryCross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information.cve.org03/10/2021accettato
70
11675348VulD...183519cvss3_nvd_basescore6.1nist.gov03/10/2021accettato
90
11675347VulD...183519cvss2_nvd_basescore4.3nist.gov03/10/2021accettato
90

788 non vengono visualizzate più voci

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!