Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-21747: Security Bulletin Details

ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.

CVE
#xss#vulnerability

Related news

CVE-2021-34756: Cisco Firepower Threat Defense Software Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-34755: Cisco Firepower Threat Defense Software Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-21743: Security Bulletin Details

ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.

CVE-2021-21749: Security Bulletin Details

ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.

CVE-2021-21748: Security Bulletin Details

ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.

CVE-2021-21746: Security Bulletin Details

ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.

CVE-2021-41878

A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console.

CVE-2021-41878:

A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console.

CISA: Wide Exploitation of New VMware vCenter Server Flaw Likely

Attackers can use the vulnerability to remotely execute arbitrary code.

CVE-2019-6742: ZDI-19-255

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907