CVE-2019-25037

Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.

Source: CVE-2019-25037

CVE-2019-25038

Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.

Source: CVE-2019-25038

CVE-2019-25039

Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.

Source: CVE-2019-25039

CVE-2021-31826

Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.

Source: CVE-2021-31826

CVE-2021-30165

The default administrator account & password of the EDIMAX wireless network camera is hard-coded. Remote attackers can disassemble firmware to obtain the privileged permission and further control the devices.

Source: CVE-2021-30165

CVE-2021-30635

Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).

Source: CVE-2021-30635

CVE-2021-31671

pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the –schema-first and –schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.

Source: CVE-2021-31671

CVE-2021-29474

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server’s filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can try to open the following URL: `http://localhost:3000/..%2F..%2FREADME#` (replace `http://localhost:3000` with your instance’s base-URL e.g. `https://demo.hedgedoc.org/..%2F..%2FREADME#`). If you see a README page being rendered, you run an affected version. The attack works due the fact that the internal router passes the url-encoded alias to the `noteController.showNote`-function. This function passes the input directly to findNote() utility function, that will pass it on the the parseNoteId()-function, that tries to make sense out of the noteId/alias and check if a note already exists and if so, if a corresponding file on disk was updated. If no note exists the note creation-function is called, which pass this unvalidated alias, with a `.md` appended, into a path.join()-function which is read from the filesystem in the follow up routine and provides the pre-filled content of the new note. This allows an attacker to not only read arbitrary `.md` files from the filesystem, but also observes changes to them. The usefulness of this attack can be considered limited, since mainly markdown files are use the file-ending `.md` and all markdown files contained in the hedgedoc project, like the README, are public anyway. If other protections such as a chroot or container or proper file permissions are in place, this attack’s usefulness is rather limited. On a reverse-proxy level one can force a URL-decode, which will prevent this attack because the router will not accept such a path.

Source: CVE-2021-29474

CVE-2021-31784

An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.

Source: CVE-2021-31784

CVE-2021-22669

Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.

Source: CVE-2021-22669