CVE-2021-46872
An issue was discovered in Nim before 1.6.2. The RST module of the Nim language An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.)
Assigned (20230113)
MISC:https://forum.n MISC:https://forum.nim-lang.org/t/8852 | MISC:https://github.com/nim-lang/Nim/commit/46275126b89218e64844eee169e8ced05dd0e2d7 | MISC:https://github.com/nim-lang/Nim/compare/v1.6.0...v1.6.2 | MISC:https://github.com/nim-lang/Nim/pull/19134 | MISC:https://github.com/nim-lang/nimforum
CVE-2021-46871
tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEE tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes.
Assigned (20230110)
MISC:https://github. MISC:https://github.com/advisories/GHSA-j3gg-r6gp-95q2 | MISC:https://github.com/phoenixframework/phoenix_html/commit/62a0139fb716bcdce697f6221244bd81d321d620
CVE-2021-46868
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitatio The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
Assigned (20221228)
MISC:https://consume MISC:https://consumer.huawei.com/en/support/bulletin/2023/1/ | URL:https://consumer.huawei.com/en/support/bulletin/2023/1/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166
CVE-2021-46867
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitatio The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
Assigned (20221228)
MISC:https://consume MISC:https://consumer.huawei.com/en/support/bulletin/2023/1/ | URL:https://consumer.huawei.com/en/support/bulletin/2023/1/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166
CVE-2021-46856
The multi-screen collaboration module has a path traversal vulnerability. Succes The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Assigned (20221129)
MISC:https://consume MISC:https://consumer.huawei.com/en/support/bulletin/2023/1/ | URL:https://consumer.huawei.com/en/support/bulletin/2023/1/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202212-0000001462975397 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202212-0000001462975397 | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166
CVE-2021-46854
mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers b mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.
Assigned (20221123)
MISC:http://www.prof MISC:http://www.proftpd.org/docs/RELEASE_NOTES-1.3.7e | MISC:https://bugs.gentoo.org/811495 | MISC:https://github.com/proftpd/proftpd/issues/1284 | MISC:https://github.com/proftpd/proftpd/pull/1285
CVE-2021-46853
Alpine before 2.25 allows remote attackers to cause a denial of service (applica Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS.
Assigned (20221103)
GENTOO:GLSA-202301-0 GENTOO:GLSA-202301-07 | URL:https://security.gentoo.org/glsa/202301-07 | MISC:https://bugs.gentoo.org/807613 | MISC:https://nostarttls.secvuln.info/
CVE-2021-46852
The memory management module has the logic bypass vulnerability. Successful expl The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Assigned (20221101)
MISC:https://consume MISC:https://consumer.huawei.com/en/support/bulletin/2022/11/ | URL:https://consumer.huawei.com/en/support/bulletin/2022/11/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433
CVE-2021-46851
The DRM module has a vulnerability in verifying the secure memory attributes. Su The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.
Assigned (20221101)
MISC:https://consume MISC:https://consumer.huawei.com/en/support/bulletin/2022/11/ | URL:https://consumer.huawei.com/en/support/bulletin/2022/11/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433
CVE-2021-46850
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.
Assigned (20221024)
MISC:https://blog.ta MISC:https://blog.talosintelligence.com/2021/06/necro-python-bot-adds-new-tricks.html | MISC:https://github.com/myvesta/vesta/commit/7991753ab7c5c568768028fb77554db8ea149f17 | MISC:https://github.com/myvesta/vesta/releases/tag/0.9.8-26-43 | MISC:https://github.com/serghey-rodin/vesta/commit/a4e4542a6d1351c2857b169f8621dd9a13a2e896 | MISC:https://www.exploit-db.com/exploits/49674