CVE-2020-23172
A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.
Source: CVE-2020-23172
CVE-2020-23172
A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.
Source: CVE-2020-23172
CVE-2020-23171
A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.
Source: CVE-2020-23171
CVE-2020-25082
An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.
Source: CVE-2020-25082
CVE-2021-38370
In Alpine through 2.24, untagged responses from an IMAP server are accepted before STARTTLS.
Source: CVE-2021-38370
CVE-2021-33703
Under certain conditions, NetWeaver Enterprise Portal, versions – 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability.
Source: CVE-2021-33703
CVE-2021-38371
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
Source: CVE-2021-38371
CVE-2021-33707
SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user’s confidentiality and integrity.
Source: CVE-2021-33707
CVE-2021-33706
Due to improper input validation in InfraBox, logs can be modified by an authenticated user.
Source: CVE-2021-33706
CVE-2021-38373
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
Source: CVE-2021-38373
CVE-2021-36601
GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter.
Source: CVE-2021-36601