CVE-2021-36754
PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception.
Source: CVE-2021-36754
[월:] 2021년 07월
CVE-2021-37601
CVE-2021-37601
muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.
Source: CVE-2021-37601
CVE-2021-37600
CVE-2021-37600
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
Source: CVE-2021-37600
CVE-2021-37596
CVE-2021-37595
CVE-2021-37595
In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU.
Source: CVE-2021-37595
CVE-2021-36621
CVE-2021-36621
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator.
Source: CVE-2021-36621
CVE-2021-36386
CVE-2021-36386
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
Source: CVE-2021-36386
CVE-2021-37588
CVE-2021-37588
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data.
Source: CVE-2021-37588
CVE-2021-37587
CVE-2021-37587
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data.
Source: CVE-2021-37587
CVE-2021-37144
CVE-2021-37144
CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.
Source: CVE-2021-37144