CVE-2021-26829
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.
Source: CVE-2021-26829
[월:] 2021년 06월
CVE-2021-34540
CVE-2021-34540
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.
Source: CVE-2021-34540
CVE-2021-26828
CVE-2021-26828
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
Source: CVE-2021-26828
CVE-2021-3013
CVE-2021-3013
ripgrep before 13 allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/–search-zip or –pre flag.
Source: CVE-2021-3013
CVE-2021-33205
CVE-2021-33205
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials.
Source: CVE-2021-33205
CVE-2021-28814
CVE-2021-28814
An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4.
Source: CVE-2021-28814
CVE-2021-28801
CVE-2021-28801
An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C; versions prior to 1.0.2 build 20210122 on QSW-M2108-2S; versions prior to 1.0.2 build 20210122 on QSW-M2108R-2C.
Source: CVE-2021-28801
CVE-2021-28805
CVE-2021-28805
Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to 1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 build 20210506 on QSW-M408.
Source: CVE-2021-28805
CVE-2021-24035
CVE-2021-24035
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.
Source: CVE-2021-24035
CVE-2021-25684
CVE-2021-25684
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
Source: CVE-2021-25684