CVE-2021-22975

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Source: CVE-2021-22975

CVE-2021-20407 (security_verify_information_queue)

IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 198185.

Source: CVE-2021-20407 (security_verify_information_queue)

CVE-2021-20409 (security_verify_information_queue)

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 198188.

Source: CVE-2021-20409 (security_verify_information_queue)

CVE-2021-20408 (security_verify_information_queue)

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.

Source: CVE-2021-20408 (security_verify_information_queue)

CVE-2021-20406 (security_verify_information_queue)

IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 198184.

Source: CVE-2021-20406 (security_verify_information_queue)

CVE-2021-27197

DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn’t check if it’s being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with "OBJECT classid=" and "<SCRIPT language=’vbscript’>") to overwrite arbitrary files.

Source: CVE-2021-27197

CVE-2021-27188

The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim’s account.

Source: CVE-2021-27188

CVE-2021-27205

Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.

Source: CVE-2021-27205

CVE-2021-27204

Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.

Source: CVE-2021-27204

CVE-2021-27187

The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked.

Source: CVE-2021-27187