CVE-2021-30168
The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.
Source: CVE-2021-30168
[월:] 2021년 04월
CVE-2021-30166
CVE-2021-30166
The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.
Source: CVE-2021-30166
CVE-2021-27648
CVE-2021-27648
Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors.
Source: CVE-2021-27648
CVE-2021-27933
CVE-2021-27933
pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
Source: CVE-2021-27933
CVE-2021-31777
CVE-2021-31777
The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.
Source: CVE-2021-31777
CVE-2021-31778
CVE-2021-31778
The media2click (aka 2 Clicks for External Media) extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account.
Source: CVE-2021-31778
CVE-2021-31779
CVE-2021-31779
The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account.
Source: CVE-2021-31779
CVE-2021-31866
CVE-2021-31866
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.
Source: CVE-2021-31866
CVE-2021-31865
CVE-2021-31865
Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.
Source: CVE-2021-31865
CVE-2021-31864
CVE-2021-31864
Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.
Source: CVE-2021-31864