CVE-2021-26038
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already.
Source: CVE-2021-26038
CVE-2021-20739
WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors.
Source: CVE-2021-20739
CVE-2021-20738
WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors.
Source: CVE-2021-20738
CVE-2021-20776
Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet.
Source: CVE-2021-20776
CVE-2021-20777
Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
Source: CVE-2021-20777
CVE-2021-20780
Cross-site request forgery (CSRF) vulnerability in WPCS – WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Source: CVE-2021-20780
CVE-2021-20779
Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer – WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Source: CVE-2021-20779
CVE-2021-35039
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.
Source: CVE-2021-35039
CVE-2021-22223
Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link
Source: CVE-2021-22223
CVE-2021-22228
An issue has been discovered in GitLab affecting all versions. Improper access control allows unauthorised users to access project details using Graphql.
Source: CVE-2021-22228