Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2021-32686
PUBLISHED: 2021-07-23


PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and …

CVE-2021-32783
PUBLISHED: 2021-07-23


Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy’s admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem…

CVE-2021-3169
PUBLISHED: 2021-07-23

An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.

CVE-2020-20741
PUBLISHED: 2021-07-23


Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if t…

CVE-2021-25808
PUBLISHED: 2021-07-23

A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.





Source link