CVE-2021-41097

aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses `aurelia-path` package to parse a string. The majority of this will be Aurelia applications that employ the `aurelia-router` package. An example is this could allow an attacker to change the prototype of base object class `Object` by tricking an application to parse the following URL: `https://aurelia.io/blog/?__proto__[asdf]=asdf`. The problem is patched in version `1.1.7`.

Source: CVE-2021-41097

CVE-2021-20035

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user which potentially leads to DoS.

Source: CVE-2021-20035

CVE-2021-23445

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

Source: CVE-2021-23445

CVE-2021-36134

Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent unauthenticated attacker to write to arbitrary memory potentially leading to a Denial of Service (DoS).

Source: CVE-2021-36134

CVE-2021-41558

The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config.

Source: CVE-2021-41558

CVE-2021-40329

The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management.

Source: CVE-2021-40329

CVE-2021-41753

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames.

Source: CVE-2021-41753

CVE-2021-37761

Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.

Source: CVE-2021-37761

CVE-2021-40700

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Source: CVE-2021-40700

CVE-2021-39824

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious png file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Source: CVE-2021-39824