CVE-2021-29056
Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php.
Source: CVE-2021-29056
CVE-2021-29056
Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php.
Source: CVE-2021-29056
CVE-2020-29548
An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session.
Source: CVE-2020-29548
CVE-2021-32830
The @diez/generation npm package is a client for Diez. The locateFont method of @diez/generation has a command injection vulnerability. Clients of the @diez/generation library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. All versions of this package are vulnerable as of the writing of this CVE.
Source: CVE-2021-32830
CVE-2020-15955
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker.
Source: CVE-2020-15955
CVE-2021-3617
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652.
Source: CVE-2021-3617
CVE-2021-3633
A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation.
Source: CVE-2021-3633
CVE-2021-3459
A privilege escalation vulnerability was reported in the MM1000 device configuration web server, which could allow privileged shell access and/or arbitrary privileged commands to be executed on the adapter.
Source: CVE-2021-3459
CVE-2021-3458
The Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified.
Source: CVE-2021-3458
CVE-2021-3616
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651.
Source: CVE-2021-3616
CVE-2021-3615
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262.
Source: CVE-2021-3615