CVE-2021-40214
Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.
Source: CVE-2021-40214
[월:] 2021년 09월
CVE-2021-22527
CVE-2021-22527
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Source: CVE-2021-22527
CVE-2021-22528
CVE-2021-22528
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Source: CVE-2021-22528
CVE-2021-22526
CVE-2021-22526
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Source: CVE-2021-22526
CVE-2021-22524
CVE-2021-22524
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Source: CVE-2021-22524
CVE-2020-27970
CVE-2020-27970
Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar
Source: CVE-2020-27970
CVE-2020-27969
CVE-2020-27969
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing
Source: CVE-2020-27969
CVE-2021-40870
CVE-2021-40870
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
Source: CVE-2021-40870
CVE-2021-40867
CVE-2021-40867
Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind the same NAT device, or already in possession of a foothold on an admin’s machine). This occurs because the multi-step HTTP authentication process is effectively tied only to the source IP address. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.
Source: CVE-2021-40867
CVE-2021-40866
CVE-2021-40866
Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.
Source: CVE-2021-40866