CVE-2021-22857

The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily.

Source: CVE-2021-22857

CVE-2021-22858

Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.

Source: CVE-2021-22858

CVE-2021-23885

Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.

Source: CVE-2021-23885

CVE-2021-23339

This affects all versions of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers.

Source: CVE-2021-23339

CVE-2020-2502

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later

Source: CVE-2020-2502

CVE-2020-2501

A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)

Source: CVE-2020-2501

CVE-2021-20653

Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors.

Source: CVE-2021-20653

CVE-2021-20655

FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.

Source: CVE-2021-20655

CVE-2021-26934

An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn’t stated accordingly in its support status entry.

Source: CVE-2021-26934

CVE-2021-26932

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.

Source: CVE-2021-26932