CVE-2021-34675
Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports.
Source: CVE-2021-34675
[월:] 2021년 07월
CVE-2020-36425
CVE-2020-36425
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
Source: CVE-2020-36425
CVE-2020-36424
CVE-2020-36424
An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.
Source: CVE-2020-36424
CVE-2020-36427
CVE-2020-36427
GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.
Source: CVE-2020-36427
CVE-2020-36426
CVE-2020-36426
An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
Source: CVE-2020-36426
CVE-2020-22650
CVE-2020-22650
A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events.
Source: CVE-2020-22650
CVE-2020-36421
CVE-2020-36421
An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.
Source: CVE-2020-36421
CVE-2021-36799
CVE-2021-36799
KNX ETS5 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev.
Source: CVE-2021-36799
CVE-2020-36422
CVE-2020-36422
An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.
Source: CVE-2020-36422
CVE-2021-36797
CVE-2021-36797
** DISPUTED ** In Victron Energy Venus OS through 2.72, root access is granted by default to anyone with physical access to the device. NOTE: the vendor disagrees with the reporter’s opinion about an alleged "security best practices" violation.
Source: CVE-2021-36797