Fresh IT Vulnerabilities @vulnbot@schleuss.online

#introductions This bot is posting IT vulnerabilities from all over the web - usually refreshes every few minutes with new stories. If you would like to see more sites included, write to the maintainer @emanuel - you might also be interested in @itsecbot

CVE-2021-35235 - The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous ... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35235

CVE-2011-4126 - Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unpr... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4126

CVE-2021-35233 - The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. ... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35233

CVE-2021-37129 - There is an out of bounds write vulnerability in some Huawei products. The vulnerability ... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37129

CVE-2021-37127 - There is a signature management vulnerability in some huawei products. An attacker can fo... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37127

CVE-2021-37130 - There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is d... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37130

CVE-2011-4574 - PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4574

CVE-2021-32951 - WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnera... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32951

CVE-2021-26610 - The move_uploaded_file function in godomall5 does not perform an integrity check of exten... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26610

CVE-2021-37131 - There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco ... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37131

CVE-2021-23877 - Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protect... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23877

CVE-2020-22864 - A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22864

CVE-2021-41866 - MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Adm... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41866

CVE-2020-10782 (ansible_tower) - An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive i... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10782

CVE-2020-10754 (fedora, networkmanager) - It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10754

CVE-2020-10737 (oddjob) - A race condition was found in the mkhomedir tool shipped with the oddjob package in versi... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10737

CVE-2020-11056 (sprout_forms) - In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnera... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11056

CVE-2020-11035 (fedora, glpi) - In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated usin... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11035

CVE-2020-11024 (moonlight) - In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-mid... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11024

CVE-2020-11012 (minio) - MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in... - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11012