Vulnerability: CVE-2021-3162

Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. https://docs.docker.com/docker-for-mac/release-notes/#docker-desktop-community-2500https://twitter.com/_r3ggihttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3162

Vulnerability: CVE-2021-3139

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker …

Read more

Vulnerability: CVE-2021-3138

In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms. https://blog.discourse.org/https://github.com/Mesh3l911/Disourcehttps://github.com/discourse/discourse/releaseshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3138

Vulnerability: CVE-2021-3134

Mubu 2.2.1 allows local users to gain privileges to execute commands, aka CNVD-2020-68878. http://mubu.com/doc/d5501245199https://www.cnvd.org.cn/flaw/show/2638444https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3134

Vulnerability: CVE-2021-3133

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages. https://plugins.trac.wordpress.org/changeset/2454670/https://wordpress.org/plugins/sb-elementor-contact-form-db/#developershttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3133

Vulnerability: CVE-2021-3131

The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter. https://github.com/jet-pentest/CVE-2021-3131https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3131

Vulnerability: CVE-2021-3129

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2. https://github.com/facade/ignition/pull/334https://www.ambionics.io/blog/laravel-debug-rcehttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3129

Vulnerability: CVE-2021-3121

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the ""skippy peanut butter"" issue. https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bchttps://github.com/gogo/protobuf/compare/v1.3.1…v1.3.2https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121

Vulnerability: CVE-2021-3116

before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or). https://cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authentication/https://github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46https://pypi.org/project/proxy.py/2.3.1/#historyhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3116

Vulnerability: CVE-2021-3111

The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI. https://documentation.concrete5.org/developers/introduction/version-historyhttps://github.com/Quadron-Research-Lab/CVE/blob/main/CVE-2021-3111.pdfhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3111

Vulnerability: CVE-2021-3032

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of …

Read more

Vulnerability: CVE-2021-3031

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the …

Read more