CVE-2021-32937
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated.
Source: CVE-2021-32937
CVE-2021-27223
A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS
Source: CVE-2021-27223
CVE-2021-32957
A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking.
Source: CVE-2021-32957
CVE-2021-28504
On Arista Strata family products which have “TCAM profile� feature enabled when Port IPv4 access-list has a rule which matches on “vxlan� as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected.
Source: CVE-2021-28504
CVE-2021-26623
A remote code execution vulnerability due to incomplete check for ‘xheader_decode_path_record’ function’s parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.
Source: CVE-2021-26623
CVE-2021-23287
The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70.
Source: CVE-2021-23287
CVE-2021-22277
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite – Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service.
Source: CVE-2021-22277
CVE-2021-20295
It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756.
Source: CVE-2021-20295
CVE-2021-23247
A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine
Source: CVE-2021-23247
CVE-2020-25691
A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability.
Source: CVE-2020-25691