CVE-2021-41800

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled. (CVSS:0.0) (Final Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-42137

An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc. (CVSS:0.0) (Last Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-41798

MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. (CVSS:0.0) (Terminal Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-42139

Deno before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations. (CVSS:0.0) (Terminal Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-41055

Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Final Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID. (CVSS:0.0) (Terminal Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-42135

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials. (CVSS:0.0) (Terminal Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-42134

The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053. (CVSS:0.0) (Last Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-41799

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan. (CVSS:0.0) (Concluding Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-41830

It is workable for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory. (CVSS:0.0) (Final Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-41801

The ReplaceText lengthiness through 1.41 for MediaWiki has Incorrect Accession Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog) (CVSS:0.0) (Closing Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|
Go to Top