Selection:
XSS CSRF Privilege Buffer Remote Stack
CVE ID Name Status References
CVE-2021-46837

res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.

Assigned (20220830)

MISC:https://downloads.asterisk.org/pub/security/AST-2021-006.html

CVE-2021-46836

Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Assigned (20220829)

MISC:https://consumer.huawei.com/en/support/bulletin/2022/9/ | URL:https://consumer.huawei.com/en/support/bulletin/2022/9/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845

CVE-2021-46835

There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.

Assigned (20220825)

MISC:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220831-01-5370a6df-en | URL:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220831-01-5370a6df-en

CVE-2021-46834

A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4).

Assigned (20220819)

MISC:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220819-01-7e0a6103-en | URL:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220819-01-7e0a6103-en

CVE-2021-46830

A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended.

Assigned (20220727)

MISC:https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml | MISC:https://www.goanywhere.com/support/advisory/68x | MISC:https://www.goanywhere.com/support/release-notes/mft?limit=0

CVE-2021-46829

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.

Assigned (20220724)

DEBIAN:DSA-5228 | URL:https://www.debian.org/security/2022/dsa-5228 | FEDORA:FEDORA-2022-7254ec5e96 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5IHHEYFD6GDZVALKIPPRD2U4JNZUZWR/ | MISC:https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md | MISC:https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512 | MISC:https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bca00032ad68d0b0aa2c1f7558db931e52bd9cd2 | MISC:https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 | MISC:https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121 | MISC:https://www.openwall.com/lists/oss-security/2022/07/23/1 | MLIST:[oss-security] 20220725 Re: CVE Request: heap buffer overflow in gdk-pixbuf | URL:http://www.openwall.com/lists/oss-security/2022/07/25/1

CVE-2021-46828

In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.

Assigned (20220720)

DEBIAN:DSA-5200 | URL:https://www.debian.org/security/2022/dsa-5200 | MISC:http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed | MLIST:[debian-lts-announce] 20220812 [SECURITY] [DLA 3071-1] libtirpc security update | URL:https://lists.debian.org/debian-lts-announce/2022/08/msg00004.html

CVE-2021-46827

An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field.

Assigned (20220713)

MISC:https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.html

CVE-2021-46825

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Assigned (20220629)

MISC:https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20638 | URL:https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20638

CVE-2021-46824

Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php.

Assigned (20220622)

MISC:https://packetstormsecurity.com/files/161394/School-File-Management-System-1.0-Cross-Site-Scripting.html | URL:https://packetstormsecurity.com/files/161394/School-File-Management-System-1.0-Cross-Site-Scripting.html | MISC:https://www.exploit-db.com/exploits/49559 | URL:https://www.exploit-db.com/exploits/49559 | MISC:https://www.sourcecodester.com/php/14155/school-file-management-system.html | URL:https://www.sourcecodester.com/php/14155/school-file-management-system.html


Page created:

CVE year by year statistics.

CVE year statistics by common vulnerability domain.

Latest data from: 2022-10-03