US-CERT Bulletin (SB21-242):Vulnerability Summary for the Week of August 23, 2021
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — bridge | Adobe Bridge version 11.0.2 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 9.3 | CVE-2021-28624 MISC |
adobe — bridge | Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 9.3 | CVE-2021-35989 MISC |
adobe — bridge | Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 9.3 | CVE-2021-35990 MISC |
adobe — illustrator | Adobe Illustrator version 25.2.3 (and earlier) is affected by an memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 9.3 | CVE-2021-36009 MISC |
adobe — illustrator | Adobe Illustrator version 25.2.3 (and earlier) is affected by a potential Command injection vulnerability when chained with a development and debugging tool for JavaScript scripts. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 9.3 | CVE-2021-36011 MISC |
adobe — media_encoder | Adobe Media Encoder version 15.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 9.3 | CVE-2021-36015 MISC |
altus — nexto_nx3003_firmware | Authenticated Semi-Blind Command Injection (via Parameter Injection) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0. | 2021-08-23 | 9 | CVE-2021-39244 MISC MISC |
att — xmill | A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability. | 2021-08-20 | 7.5 | CVE-2021-21826 MISC |
att — xmill | A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability. | 2021-08-20 | 7.5 | CVE-2021-21827 MISC |
att — xmill | A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious file to trigger this vulnerability. | 2021-08-20 | 7.5 | CVE-2021-21828 MISC |
bludit — bludit | Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component ‘bl-kereln/ajax/upload-logo.php’. | 2021-08-20 | 7.5 | CVE-2020-18879 MISC |
edit_comments_project — edit_comments | The Edit Comments WordPress plugin through 0.3 does not sanitise, validate or escape the jal_edit_comments GET parameter before using it in a SQL statement, leading to a SQL injection issue | 2021-08-23 | 7.5 | CVE-2021-24551 MISC MISC |
netmodule — nb800_firmware | Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. | 2021-08-23 | 7.5 | CVE-2021-39290 MISC MISC |
nuishop — nuishop | Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/. | 2021-08-26 | 7.5 | CVE-2020-20675 MISC |
safecurl_project — safecurl | SafeCurl before 0.9.2 has a DNS rebinding vulnerability. | 2021-08-20 | 7.5 | CVE-2020-36474 MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
aceide_project — aceide | The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server outside of the blog directory via a path traversal attack. | 2021-08-23 | 4 | CVE-2021-24549 MISC MISC |
adobe — acrobat_dc | Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 4.3 | CVE-2021-28643 MISC |
adobe — acrobat_dc | Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 6 | CVE-2021-28640 MISC |
adobe — acrobat_dc | Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 6.8 | CVE-2021-28641 MISC |
adobe — acrobat_dc | Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bounds write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 6.8 | CVE-2021-28642 MISC |
adobe — bridge | Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 4.3 | CVE-2021-35991 MISC |
adobe — bridge | Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 4.3 | CVE-2021-35992 MISC |
adobe — illustrator | Adobe Illustrator version 25.2.3 (and earlier) is affected by an Use-after-free vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to read arbitrary file system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 4.3 | CVE-2021-36008 MISC |
adobe — illustrator | Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 6.8 | CVE-2021-28591 MISC |
adobe — illustrator | Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 6.8 | CVE-2021-28592 MISC |
adobe — illustrator | Adobe Illustrator version 25.2.3 (and earlier) is affected by a Use After Free vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose potential sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 4.3 | CVE-2021-28593 MISC |
adobe — illustrator | Adobe Illustrator version 25.2.3 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 4.3 | CVE-2021-36010 MISC |
adobe — media_encoder | Adobe Media Encoder version 15.2 (and earlier) is affected by an uninitialized pointer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to read arbitrary file system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 4.3 | CVE-2021-36014 MISC |
adobe — media_encoder | Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to read arbitrary file system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 4.3 | CVE-2021-36016 MISC MISC |
adobe — media_encoder | Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 6.8 | CVE-2021-28590 MISC |
adobe — media_encoder | Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-20 | 6.8 | CVE-2021-28589 MISC |
altus — nexto_nx3003_firmware | Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0. | 2021-08-23 | 4.3 | CVE-2021-39243 MISC MISC |
altus — nexto_nx3003_firmware | Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0. | 2021-08-23 | 5 | CVE-2021-39245 MISC MISC |
arm — mbed_tls | An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though). | 2021-08-23 | 4.3 | CVE-2020-36477 MISC MISC |
arm — mbed_tls | An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid. | 2021-08-23 | 5 | CVE-2020-36478 MISC MISC MISC MISC |
arm — mbed_tls | An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory. | 2021-08-23 | 5 | CVE-2020-36476 MISC MISC MISC |
arm — mbed_tls | An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs. | 2021-08-23 | 5 | CVE-2020-36475 MISC MISC MISC |
broken_link_manager_project — broken_link_manager | The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue | 2021-08-23 | 6.5 | CVE-2021-24550 MISC MISC |
canon — oce_print_exec_workgroup | Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter. | 2021-08-23 | 4.3 | CVE-2021-39368 MISC |
contact_form_7_captcha_project — contact_form_7_captcha | The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manage_options change them. Furthermore, the settings are not escaped when output in attributes, leading to a Stored Cross-Site Scripting issue. | 2021-08-23 | 6.8 | CVE-2021-24565 CONFIRM MISC |
digitaldruid — hoteldruid | DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter. | 2021-08-26 | 4.3 | CVE-2021-38559 MISC MISC |
eclipse — californium | In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side’s signature on the client side, if that signature is not included in the server’s ServerKeyExchange. | 2021-08-20 | 5 | CVE-2021-34433 CONFIRM |
email-subscriber_project — email-subscriber | The kento_email_subscriber_ajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribe_email and subscribe_name POST parameters, inserting them in the DB and then outputting them back in the Subscriber list (/wp-admin/edit.php?post_type=kes_campaign&page=kento_email_subscriber_list_settings), leading a Stored XSS issue. | 2021-08-23 | 4.3 | CVE-2021-24556 MISC MISC |
f-secure — atlant | A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | 2021-08-23 | 4 | CVE-2021-33598 MISC MISC MISC |
firefly-iii — firefly_iii | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-08-23 | 4.3 | CVE-2021-3730 CONFIRM MISC |
firefly-iii — firefly_iii | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-08-23 | 4.3 | CVE-2021-3728 MISC CONFIRM |
firefly-iii — firefly_iii | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-08-23 | 4.3 | CVE-2021-3729 CONFIRM MISC |
freelancetoindia — paytm-pay | The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue | 2021-08-23 | 6.5 | CVE-2021-24554 MISC MISC |
github — owslib | An XML external entity (XXE) injection in PyWPS before 4.5.0 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected. | 2021-08-23 | 5 | CVE-2021-39371 MISC MISC |
gitlab — gitlab | Improper validation of invited users’ email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings | 2021-08-23 | 4 | CVE-2021-22251 CONFIRM MISC MISC |
gitlab — gitlab | A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group | 2021-08-23 | 4 | CVE-2021-22249 CONFIRM MISC MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks. | 2021-08-20 | 4 | CVE-2021-22246 MISC MISC CONFIRM |
gitlab — gitlab | Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only | 2021-08-23 | 5 | CVE-2021-22248 CONFIRM MISC |
gnome — libgda | In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | 2021-08-22 | 4.3 | CVE-2021-39359 MISC MISC |
gnome — libgfbgraph | In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | 2021-08-22 | 4.3 | CVE-2021-39358 MISC MISC |
google — chrome | Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. | 2021-08-26 | 6.8 | CVE-2021-30602 MISC MISC |
google — chrome | Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 2021-08-26 | 6.8 | CVE-2021-30598 MISC MISC |
google — chrome | Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | 2021-08-26 | 4.6 | CVE-2021-30597 MISC MISC |
google — chrome | Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2021-08-26 | 4.3 | CVE-2021-30596 MISC MISC |
google — chrome | Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 2021-08-26 | 6.8 | CVE-2021-30601 MISC MISC |
google — chrome | Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-08-26 | 6.8 | CVE-2021-30591 MISC MISC |
google — chrome | Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. | 2021-08-26 | 6.8 | CVE-2021-30592 MISC MISC |
google — chrome | Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-08-26 | 5.1 | CVE-2021-30603 MISC MISC |
google — chrome | Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page. | 2021-08-26 | 5.8 | CVE-2021-30593 MISC MISC |
google — chrome | Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 2021-08-26 | 6.8 | CVE-2021-30599 MISC MISC |
google — chrome | Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2021-08-26 | 6.8 | CVE-2021-30600 MISC MISC |
google — chrome | Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-08-26 | 6.8 | CVE-2021-30604 MISC MISC |
google — chrome | Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-08-26 | 6.8 | CVE-2021-30590 MISC MISC |
google — chrome | Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | 2021-08-26 | 4.6 | CVE-2021-30594 MISC MISC |
hmplugin — hm_multiple_roles | The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page | 2021-08-23 | 6.5 | CVE-2021-24602 MISC MISC |
hucart — hucart | SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field. | 2021-08-26 | 6.5 | CVE-2020-18476 MISC |
hucart — hucart | SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field. | 2021-08-26 | 6.5 | CVE-2020-18477 MISC |
ibm — resilient_security_orchestration_automation_and_response | IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 2021-08-23 | 5 | CVE-2021-29704 XF CONFIRM |
ibm — resilient_security_orchestration_automation_and_response | IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. | 2021-08-23 | 5 | CVE-2021-29802 XF CONFIRM |
komoot — komoot | An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure of sensitive information. | 2021-08-20 | 5 | CVE-2021-21823 MISC |
ledgersmb — ledgersmb | LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to ‘clickjacking’. This allows an attacker to trick a targetted user to execute unintended actions. | 2021-08-23 | 4.3 | CVE-2021-3731 CONFIRM CONFIRM DEBIAN |
ledgersmb — ledgersmb | LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | 2021-08-23 | 6.8 | CVE-2021-3694 CONFIRM MISC MISC DEBIAN |
ledgersmb — ledgersmb | LedgerSMB does not check the origin of HTML fragments merged into the browser’s DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | 2021-08-23 | 6.8 | CVE-2021-3693 MISC CONFIRM DEBIAN |
lifterlms — lifterlms | The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades | 2021-08-23 | 5 | CVE-2021-24562 MISC MISC |
netmodule — nb800_firmware | Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. | 2021-08-23 | 5 | CVE-2021-39289 CONFIRM MISC |
netmodule — nb800_firmware | Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. | 2021-08-23 | 6.5 | CVE-2021-39291 MISC MISC |
openstack — neutron | OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. | 2021-08-23 | 5.8 | CVE-2021-38598 MISC |
phpmywind — phpmywind | Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component ‘admin/upload_file_do.php’. | 2021-08-20 | 6.5 | CVE-2020-18886 MISC |
phpmywind — phpmywind | Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the “text color” field of the component ‘/admin/web_config.php’. | 2021-08-20 | 6.5 | CVE-2020-18885 MISC |
quantumcloud — slider_hero | The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection. | 2021-08-23 | 6.5 | CVE-2021-24506 MISC |
rconfig — rconfig | An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script. | 2021-08-20 | 4 | CVE-2020-25351 MISC |
rconfig — rconfig | A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters. | 2021-08-20 | 4 | CVE-2020-25353 MISC |
rconfig — rconfig | An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file. | 2021-08-20 | 6.8 | CVE-2020-27464 MISC |
rconfig — rconfig | An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delete all the files with that extension in that path. | 2021-08-20 | 6.4 | CVE-2020-25359 MISC |
rconfig — rconfig | An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file. | 2021-08-20 | 6.8 | CVE-2020-27466 MISC |
roosty — diary-availability-calendar | The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and capability check, making it available to any authenticated user. | 2021-08-23 | 6.5 | CVE-2021-24555 MISC MISC |
simple_events_calendar_project — simple_events_calendar | The Simple Events Calendar WordPress plugin through 1.4.0 does not sanitise, validate or escape the event_id POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue | 2021-08-23 | 6.5 | CVE-2021-24552 MISC MISC |
skycaiji — skycaiji | Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain sensitive information via the component ‘index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5Cindex.php’. | 2021-08-20 | 5 | CVE-2020-18878 MISC |
timeline_calendar_project — timeline_calendar | The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin | 2021-08-23 | 6.5 | CVE-2021-24553 MISC MISC |
totolink — a3002r_firmware | Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter. | 2021-08-20 | 5 | CVE-2021-34218 MISC |
totolink — a3002r_firmware | Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the “Domain Name” field, “Server Address” field, “User Name/Email”, or “Password/Key” field. | 2021-08-20 | 4.3 | CVE-2021-34207 MISC |
totolink — a3002r_firmware | Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the “Service Name” field. | 2021-08-20 | 4.3 | CVE-2021-34215 MISC |
totolink — a3002r_firmware | Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the “URL Address” field. | 2021-08-20 | 4.3 | CVE-2021-34223 MISC |
totolink — a3002r_firmware | Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the “User Name” field or “Password” field. | 2021-08-20 | 4.3 | CVE-2021-34220 MISC |
totolink — a3002r_firmware | Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the “Description” field and “Service Name” field. | 2021-08-20 | 4.3 | CVE-2021-34228 MISC |
wuzhicms — wuzhicms | SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the ‘flag’ parameter in the component ‘/coreframe/app/order/admin/index.php’. | 2021-08-20 | 5 | CVE-2020-18877 MISC |
xstream_project — xstream | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | 2021-08-23 | 6 | CVE-2021-39146 CONFIRM MISC |
xstream_project — xstream | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | 2021-08-23 | 6 | CVE-2021-39145 MISC CONFIRM |
xstream_project — xstream | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | 2021-08-23 | 6.5 | CVE-2021-39144 MISC CONFIRM |
xstream_project — xstream | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | 2021-08-23 | 6.5 | CVE-2021-39141 MISC CONFIRM |
xstream_project — xstream | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | 2021-08-23 | 6.5 | CVE-2021-39139 CONFIRM MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
3.7designs — project_status | The pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue | 2021-08-23 | 3.5 | CVE-2021-24558 MISC MISC |
apache — portable_runtime | An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. | 2021-08-23 | 3.6 | CVE-2021-35940 CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST MLIST |
arm — cortex-m33_firmware | Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration). | 2021-08-23 | 3.6 | CVE-2021-35465 CONFIRM MISC |
awplife — grid_gallery | The Grid Gallery – Photo Image Grid Gallery WordPress plugin before 1.2.5 does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability. | 2021-08-23 | 3.5 | CVE-2021-24529 MISC |
bigtreecms — bigtree_cms | Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create. | 2021-08-26 | 3.5 | CVE-2020-18467 MISC |
erident_custom_login_and_dashboard_project — erident_custom_login_and_dashboard | The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled) | 2021-08-23 | 3.5 | CVE-2021-24658 CONFIRM MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues. | 2021-08-20 | 3.5 | CVE-2021-22238 MISC MISC CONFIRM |
gitlab — gitlab | Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9. | 2021-08-20 | 3.5 | CVE-2021-22254 MISC MISC CONFIRM |
givewp — givewp | The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them. | 2021-08-23 | 3.5 | CVE-2021-24524 MISC |
harmonicdesign — hd_quiz | The HD Quiz WordPress plugin before 1.8.4 does not escape some of its Answers before outputting them in attribute when generating the Quiz, which could lead to Stored Cross-Site Scripting issues | 2021-08-23 | 3.5 | CVE-2021-24571 MISC |
hucart — hucart | Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other users. When other users open the email, the malicious code will be executed. | 2021-08-26 | 3.5 | CVE-2020-18475 MISC |
kn_fix_your_title_project — kn_fix_your_title | The KN Fix Your Title WordPress plugin through 1.0.1 was vulnerable to Authenticated Stored XSS in the separator field. | 2021-08-23 | 3.5 | CVE-2021-24547 MISC |
qdpm — qdpm | Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM_9.1/index.php/configuration. | 2021-08-26 | 3.5 | CVE-2020-18468 MISC |
rconfig — rconfig | A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the ‘Model’ field then saving. | 2021-08-20 | 3.5 | CVE-2020-25352 MISC |
rukovoditel — rukovoditel | Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php. | 2021-08-26 | 3.5 | CVE-2020-18470 MISC MISC |
rukovoditel — rukovoditel | Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application. | 2021-08-26 | 3.5 | CVE-2020-18469 MISC MISC |
simple_banner_project — simple_banner | The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfiltered_html capability is disallowed. | 2021-08-23 | 3.5 | CVE-2021-24574 CONFIRM MISC |
webfactoryltd — maintenance | The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them (even when the unfiltered_html capability is disallowed), which will be triggered in the frontend | 2021-08-23 | 3.5 | CVE-2021-24533 MISC |
wpbrigade — simple_social_media_share_buttons | The Simple Social Media Share Buttons – Social Sharing for Everyone WordPress plugin before 3.2.3 did not escape the align and like_button_size parameters of its SSB shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. | 2021-08-23 | 3.5 | CVE-2021-24486 MISC |
wpcharitable — charitable | The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature. | 2021-08-23 | 3.5 | CVE-2021-24531 MISC MISC |
wpfront — scroll_top | The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed. | 2021-08-23 | 3.5 | CVE-2021-24564 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — acrobat_reader_dc | Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28552 MISC |
adobe — acrobat_reader_dc |
Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28632 MISC |
adobe — acrobat_reader_dc |
Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28554 MISC |
adobe — acrobat_reader_dc |
Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Out-of-bounds read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28551 MISC |
adobe — acrobat_reader_dc |
Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28631 MISC |
adobe — after_effects | Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information and cause a denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28612 MISC |
adobe — after_effects | Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information and cause a denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28611 MISC |
adobe — after_effects | Adobe After Effects version 18.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28609 MISC |
adobe — after_effects | Adobe After Effects version 18.2 (and earlier) is affected by a heap corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28607 MISC |
adobe — after_effects | Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28615 MISC |
adobe — after_effects | Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28605 MISC |
adobe — after_effects | Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28604 MISC |
adobe — after_effects | Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28602 MISC |
adobe — after_effects |
Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information and cause a denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28614 MISC |
adobe — after_effects |
Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28608 MISC |
adobe — after_effects |
Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28603 MISC |
adobe — after_effects |
Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28610 MISC |
adobe — after_effects |
Adobe After Effects version 18.2 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28601 MISC |
adobe — after_effects |
Adobe After Effects version 18.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28600 MISC |
adobe — after_effects |
Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information and cause a denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28616 MISC |
adobe — after_effects |
Adobe After Effects version 18.2 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28606 MISC |
adobe — animate | Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose potential sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28630 MISC |
adobe — animate | Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28622 MISC |
adobe — animate | Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28618 MISC |
adobe — animate |
Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28617 MISC |
adobe — animate |
Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28619 MISC |
adobe — animate |
Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28620 MISC |
adobe — animate |
Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28621 MISC |
adobe — animate |
Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28629 MISC |
adobe — creative_cloud_desktop_application |
Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-24 | not yet calculated | CVE-2021-28594 MISC |
adobe — creative_cloud_desktop_application |
Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system. | 2021-08-24 | not yet calculated | CVE-2021-28633 MISC |
adobe — experience_manager_cloud_service | Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interaction. | 2021-08-24 | not yet calculated | CVE-2021-28627 MISC |
adobe — experience_manager_cloud_service | Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2021-08-24 | not yet calculated | CVE-2021-28628 MISC |
adobe — experience_manager_cloud_service |
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2021-08-24 | not yet calculated | CVE-2021-28625 MISC |
adobe — experience_manager_cloud_service |
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue does not require user interaction. | 2021-08-24 | not yet calculated | CVE-2021-28626 MISC |
adobe — framemaker |
Adobe Framemaker version 2020.0.1 (and earlier) and 2019.0.8 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-23 | not yet calculated | CVE-2021-28596 MISC |
adobe — media_encoder |
Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-08-23 | not yet calculated | CVE-2021-36013 MISC |
apache — nifi_minifi |
From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an “agent-update” command which was designed to patch the application binary. This “patching” command defaults to calling a trusted binary, but might be modified to an arbitrary value through a “c2-update” command. Said command is then executed using the same privileges as the application binary. This was addressed in version 0.10.0 | 2021-08-24 | not yet calculated | CVE-2021-33191 MISC MLIST MLIST |
aruba — airwave_management_platform |
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability. | 2021-08-26 | not yet calculated | CVE-2021-37715 MISC |
atlassian — jira_server_and_data_center |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1. | 2021-08-25 | not yet calculated | CVE-2021-39112 MISC |
axis — device_manager |
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. | 2021-08-25 | not yet calculated | CVE-2021-31989 MISC |
basercms — basercms |
baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue. | 2021-08-25 | not yet calculated | CVE-2021-39136 MISC CONFIRM MISC JVN |
bento4 — bento4 |
The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote attackers to cause a denial of service (application crash), related to a memory allocation failure, as demonstrated by mp2aac. | 2021-08-25 | not yet calculated | CVE-2018-10790 MISC MISC |
binderhub — binderhub |
BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This may provide the ability to manipulate images and other user created pods in the deployment, with the potential to escalate to the host depending on the underlying kubernetes configuration. Users are advised to update to version 0.2.0-n653. If users are unable to update they may disable the git repo provider by specifying the `BinderHub.repo_providers` as a workaround. | 2021-08-25 | not yet calculated | CVE-2021-39159 CONFIRM MISC |
blog_mini — blog_mini |
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component ‘/admin/custom/blog-plugin/add’. | 2021-08-27 | not yet calculated | CVE-2020-18998 MISC |
blog_mini — blog_mini |
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component ‘/admin/submit-articles’. | 2021-08-27 | not yet calculated | CVE-2020-18999 MISC |
braun — spacecom2 | An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as the device. | 2021-08-25 | not yet calculated | CVE-2021-33886 MISC MISC |
braun — spacecom2 |
A Missing Authentication for Critical Function vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to reconfigure the device from an unknown source because of lack of authentication on proprietary networking commands. | 2021-08-25 | not yet calculated | CVE-2021-33882 MISC MISC |
braun — spacecom2 |
A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to obtain sensitive information by snooping on the network traffic. The exposed data includes critical values for a pump’s internal configuration. | 2021-08-25 | not yet calculated | CVE-2021-33883 MISC MISC |
braun — spacecom2 |
An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows remote attackers to upload any files to the /tmp directory of the device through the webpage API. This can result in critical files being overwritten. | 2021-08-25 | not yet calculated | CVE-2021-33884 MISC MISC |
braun — spacecom2 |
An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used in place of the correct data. This results in full system command access and execution because of the lack of cryptographic signatures on critical data sets. | 2021-08-25 | not yet calculated | CVE-2021-33885 MISC MISC |
cachet — cachet | Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the middleware `ReadyForUse`, which now performs a stricter validation of the instance name. As a workaround, only allow trusted source IP addresses to access to the administration dashboard. | 2021-08-27 | not yet calculated | CVE-2021-39173 MISC CONFIRM |
cachet — cachet |
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of new lines characters in new configuration values. As a workaround, only allow trusted source IP addresses to access to the administration dashboard. | 2021-08-27 | not yet calculated | CVE-2021-39172 MISC CONFIRM |
cachet — cachet |
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator’s password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it’s developing 2.4 branch is affected. | 2021-08-26 | not yet calculated | CVE-2021-39165 MISC CONFIRM |
cachet — cachet |
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, database, etc). This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of nested variables in the resulting dotenv configuration file. As a workaround, only allow trusted source IP addresses to access to the administration dashboard. | 2021-08-28 | not yet calculated | CVE-2021-39174 MISC CONFIRM |
cacti — cacti |
Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) datat.ph_inpup, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. | 2021-08-27 | not yet calculated | CVE-2020-23226 MISC |
canon — oce_print_exec_workgroup |
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. | 2021-08-23 | not yet calculated | CVE-2021-39367 MISC |
care2x — hospital_information_management |
Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with “name_middle”, “addr_str”, “station”, “name_maiden”, “name_2”, “name_3” parameters. | 2021-08-26 | not yet calculated | CVE-2021-36352 MISC MISC |
cerner — mobile_care |
A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xp_cmdshell. | 2021-08-24 | not yet calculated | CVE-2021-36385 MISC MISC MISC |
cisco — application_policy_infrastructure_controller |
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker could exploit this vulnerability by using a specific API endpoint to upload a file to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on an affected device. | 2021-08-25 | not yet calculated | CVE-2021-1577 CISCO |
cisco — application_policy_infrastructure_controller |
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device. This vulnerability is due to an improper policy default setting. An attacker could exploit this vulnerability by using a non-privileged credential for Cisco ACI Multi-Site Orchestrator (MSO) to send a specific API request to a managed Cisco APIC or Cloud APIC device. A successful exploit could allow the attacker to obtain Administrator credentials on the affected device. | 2021-08-25 | not yet calculated | CVE-2021-1578 CISCO |
cisco — cisco — application_policy_infrastructure_controller |
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device. | 2021-08-25 | not yet calculated | CVE-2021-1579 CISCO |
cisco — cisco — application_policy_infrastructure_controller |
Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-08-25 | not yet calculated | CVE-2021-1580 CISCO |
cisco — cisco — application_policy_infrastructure_controller |
Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-08-25 | not yet calculated | CVE-2021-1581 CISCO |
cisco — cisco — application_policy_infrastructure_controller |
A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by sending malicious input to the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information. | 2021-08-25 | not yet calculated | CVE-2021-1582 CISCO |
cisco — cisco — nexus_9000_series_fabric_switches |
A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service (DoS) condition. This vulnerability exists because TCP traffic sent to a specific port on an affected device is not properly sanitized. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port that is listening on a public-facing IP address for the Multi-Pod or Multi-Site configuration. A successful exploit could allow the attacker to cause the device to restart unexpectedly, resulting in a DoS condition. | 2021-08-25 | not yet calculated | CVE-2021-1586 CISCO |
cisco — nexus_9000_series_fabric_switches |
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result in one or more leaf switches being removed from the fabric. This vulnerability is due to mishandling of ingress TCP traffic to a specific port. An attacker could exploit this vulnerability by sending a stream of TCP packets to a specific port on a Switched Virtual Interface (SVI) configured on the device. A successful exploit could allow the attacker to cause a specific packet queue to queue network buffers but never process them, leading to an eventual queue wedge. This could cause control plane traffic to be dropped, resulting in a denial of service (DoS) condition where the leaf switches are unavailable. Note: This vulnerability requires a manual intervention to power-cycle the device to recover. | 2021-08-25 | not yet calculated | CVE-2021-1523 CISCO |
cisco — nexus_9000_series_fabric_switches |
A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker with Administrator privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to read arbitrary files on the file system of the affected device. | 2021-08-25 | not yet calculated | CVE-2021-1583 CISCO |
cisco — nexus_9000_series_fabric_switches |
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root. | 2021-08-25 | not yet calculated | CVE-2021-1584 CISCO |
cisco — nexus_9500_series_switches | A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list (ACL) rules that are configured on an affected device. This vulnerability is due to oversubscription of resources that occurs when applying ACLs to port channel interfaces. An attacker could exploit this vulnerability by attempting to access network resources that are protected by the ACL. A successful exploit could allow the attacker to access network resources that would be protected by the ACL that was applied on the port channel interface. | 2021-08-25 | not yet calculated | CVE-2021-1591 CISCO |
cisco — nx-os_software | A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when an affected device is processing an MPLS echo-request or echo-reply packet. An attacker could exploit this vulnerability by sending malicious MPLS echo-request or echo-reply packets to an interface that is enabled for MPLS forwarding on the affected device. A successful exploit could allow the attacker to cause the MPLS OAM process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. | 2021-08-25 | not yet calculated | CVE-2021-1588 CISCO |
cisco — nx-os_software |
A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific packets with a Transparent Interconnection of Lots of Links (TRILL) OAM EtherType. An attacker could exploit this vulnerability by sending crafted packets, including the TRILL OAM EtherType of 0x8902, to a device that is part of a VXLAN Ethernet VPN (EVPN) fabric. A successful exploit could allow the attacker to cause an affected device to experience high CPU usage and consume excessive system resources, which may result in overall control plane instability and cause the affected device to reload. Note: The NGOAM feature is disabled by default. | 2021-08-25 | not yet calculated | CVE-2021-1587 CISCO |
cisco — nx-os_software |
A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. This vulnerability is due to a logic error in the implementation of the system login block-for command when an attack is detected and acted upon. An attacker could exploit this vulnerability by performing a brute-force login attack on an affected device. A successful exploit could allow the attacker to cause a login process to reload, which could result in a delay during authentication to the affected device. | 2021-08-25 | not yet calculated | CVE-2021-1590 CISCO |
cisco — ucs_manager |
A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device. | 2021-08-25 | not yet calculated | CVE-2021-1592 CISCO |
codesys — codesys |
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | 2021-08-25 | not yet calculated | CVE-2021-21869 MISC |
cscape — cscape | Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write via an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process. | 2021-08-25 | not yet calculated | CVE-2021-33015 MISC |
cscape — cscape |
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process. | 2021-08-25 | not yet calculated | CVE-2021-32975 MISC |
cscape — cscape |
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of the current process. | 2021-08-25 | not yet calculated | CVE-2021-32995 MISC |
cxuucms — cxuucms |
Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php. | 2021-08-23 | not yet calculated | CVE-2021-39599 MISC |
cxuucms — cxuucms |
SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. | 2021-08-27 | not yet calculated | CVE-2021-3264 MISC |
d-link — dsr-500n |
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the ‘/etc/passwd’ file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2021-08-23 | not yet calculated | CVE-2021-39615 MISC MISC MISC |
d-link — dvg-3104ms |
** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the ‘/etc/passwd’ file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2021-08-23 | not yet calculated | CVE-2021-39613 MISC MISC MISC |
d-link — dvx-2000ms |
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the ‘/etc/passwd’ file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. | 2021-08-23 | not yet calculated | CVE-2021-39614 MISC MISC MISC |
d-link — multiple_devices |
An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router via the HTTP request parameter in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. | 2021-08-24 | not yet calculated | CVE-2021-39510 MISC MISC |
d-link — multiple_devices |
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 750m11ac wireless router via the HTTP request parameter in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. | 2021-08-24 | not yet calculated | CVE-2021-39509 MISC MISC |
dedecms — dedecms |
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format. | 2021-08-27 | not yet calculated | CVE-2020-18114 MISC |
dedecms — dedecms |
The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker’s control. | 2021-08-24 | not yet calculated | CVE-2020-18917 MISC |
detect-charachter-encoding — detect-charachter-encoding |
detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No workaround are available and all users should update to resolve this issue. | 2021-08-24 | not yet calculated | CVE-2021-39157 CONFIRM MISC MISC |
discourse — discourse |
Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse’s default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed Discourse’s default Content Security Policy have allowed for moderators to modify categories. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. | 2021-08-26 | not yet calculated | CVE-2021-39161 CONFIRM |
doyocms — doyocms |
A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders[] parameter. | 2021-08-26 | not yet calculated | CVE-2020-19821 MISC |
dzzoffice — dzzoffice |
A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2021-08-26 | not yet calculated | CVE-2020-19703 MISC |
earclink — espcms-p8 |
EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive database information. | 2021-08-24 | not yet calculated | CVE-2020-18913 MISC |
eclipse_cyclone — eclipse_cyclone |
A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | 2021-08-23 | not yet calculated | CVE-2020-18734 MISC MISC MISC |
eclipse_cyclone — eclipse_cyclone |
A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | 2021-08-23 | not yet calculated | CVE-2020-18735 MISC MISC MISC |
elf-g10hn — elf-g10hn |
There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device. | 2021-08-23 | not yet calculated | CVE-2021-22449 MISC |
emtec — zoc |
EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198. | 2021-08-26 | not yet calculated | CVE-2021-40147 MISC |
envoy — envoy | Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy’s decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible. | 2021-08-24 | not yet calculated | CVE-2021-32781 MISC CONFIRM |
envoy — envoy | Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HTTP spec. However, only the last header value is sent. This may allow specifically crafted requests to bypass authorization. Attackers may be able to escalate privileges when using ext-authz extension or back end service that uses multiple value headers for authorization. A specifically constructed request may be delivered by an untrusted downstream peer in the presence of ext-authz extension. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to the ext-authz extension to correctly merge multiple request header values, when sending request for authorization. | 2021-08-24 | not yet calculated | CVE-2021-32777 CONFIRM MISC |
envoy — envoy |
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state. | 2021-08-24 | not yet calculated | CVE-2021-32780 CONFIRM MISC |
envoy — envoy |
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susceptible to Denial of Service when Envoy is configured with high limit on H/2 concurrent streams. An attacker wishing to exploit this vulnerability would require a client opening and closing a large number of H/2 streams. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to reduce time complexity of resetting HTTP/2 streams. As a workaround users may limit the number of simultaneous HTTP/2 dreams for upstream and downstream peers to a low number, i.e. 100. | 2021-08-24 | not yet calculated | CVE-2021-32778 MISC CONFIRM |
envoy — envoy |
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI ‘#fragment’ element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with an explicit case of a final “/admin” path element, or is using a negative assertion with final path element of “/admin”. The client sends request to “/app1/admin#foo”. In Envoy prior to 1.18.0, or 1.18.0+ configured with path_normalization=false. Envoy treats fragment as a suffix of the query string when present, or as a suffix of the path when query string is absent, so it evaluates the final path element as “/admin#foo” and mismatches with the configured “/admin” path element. In Envoy 1.18.0+ configured with path_normalization=true. Envoy transforms this to /app1/admin%23foo and mismatches with the configured /admin prefix. The resulting URI is sent to the next server-agent with the offending “#foo” fragment which violates RFC3986 or with the nonsensical “%23foo” text appended. A specifically constructed request with URI containing ‘#fragment’ element delivered by an untrusted client in the presence of path based request authorization resulting in escalation of Privileges when path based request authorization extensions. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes that removes fragment from URI path in incoming requests. | 2021-08-24 | not yet calculated | CVE-2021-32779 MISC CONFIRM |
exiv2 — exiv2 | A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | 2021-08-23 | not yet calculated | CVE-2020-18774 MISC |
exiv2 — exiv2 |
Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. | 2021-08-23 | not yet calculated | CVE-2020-18771 MISC |
exiv2 — exiv2 |
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | 2021-08-23 | not yet calculated | CVE-2020-18773 MISC |
feehicms — feehicms |
Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload. | 2021-08-26 | not yet calculated | CVE-2020-19709 MISC |
ffmpeg — ffmpeg |
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. | 2021-08-21 | not yet calculated | CVE-2021-38171 MISC MISC |
flatcore-cms — flatcore-cms |
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. | 2021-08-23 | not yet calculated | CVE-2021-39608 MISC |
flatcore-cms — flatcore-cms |
Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. | 2021-08-23 | not yet calculated | CVE-2021-39609 MISC |
forgerock — access_management |
ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue. | 2021-08-25 | not yet calculated | CVE-2021-37153 MISC CONFIRM |
forgerock — access_management |
In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. | 2021-08-25 | not yet calculated | CVE-2021-37154 MISC CONFIRM |
gd — graphics_library |
** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor’s position is “The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.” | 2021-08-26 | not yet calculated | CVE-2021-40145 MISC MISC MISC |
gecos — gecos |
opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers (a program with the same specification) does not do that. | 2021-08-25 | not yet calculated | CVE-2021-40084 MISC MISC |
gitlab — ce/ee | Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status | 2021-08-25 | not yet calculated | CVE-2021-22256 MISC CONFIRM MISC |
gitlab — ce/ee | Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. | 2021-08-25 | not yet calculated | CVE-2021-22243 CONFIRM MISC |
gitlab — ce/ee | Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed | 2021-08-23 | not yet calculated | CVE-2021-22253 MISC MISC CONFIRM |
gitlab — ce/ee | A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers | 2021-08-23 | not yet calculated | CVE-2021-22252 CONFIRM MISC MISC |
gitlab — ce/ee | Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account | 2021-08-25 | not yet calculated | CVE-2021-22250 CONFIRM MISC MISC |
gitlab — ce/ee | Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2 | 2021-08-25 | not yet calculated | CVE-2021-22237 MISC CONFIRM |
gitlab — ce/ee | Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | 2021-08-25 | not yet calculated | CVE-2021-22245 MISC MISC CONFIRM |
gitlab — ce/ee |
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1. | 2021-08-25 | not yet calculated | CVE-2021-22236 CONFIRM MISC |
gitlab — ce/ee |
Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | 2021-08-25 | not yet calculated | CVE-2021-22242 MISC CONFIRM MISC |
gitlab — ce/ee |
Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics | 2021-08-25 | not yet calculated | CVE-2021-22247 CONFIRM MISC MISC |
gitlab — ce/ee |
Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data | 2021-08-25 | not yet calculated | CVE-2021-22244 CONFIRM MISC MISC |
gnome — evolution-rss |
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | 2021-08-22 | not yet calculated | CVE-2021-39361 MISC MISC |
gnome — grilo |
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | 2021-08-22 | not yet calculated | CVE-2021-39365 MISC MISC DEBIAN |
gnome — libzapojit |
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | 2021-08-22 | not yet calculated | CVE-2021-39360 MISC MISC |
go-ethereum — go-ethereum |
go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available. | 2021-08-24 | not yet calculated | CVE-2021-39137 MISC CONFIRM |
gotenberg — gotenberg |
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint. | 2021-08-26 | not yet calculated | CVE-2020-14161 MISC MISC MISC |
gotenberg — gotenberg |
An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources. | 2021-08-26 | not yet calculated | CVE-2020-14160 MISC MISC MISC |
gpac_project — advanced_content_library | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input using the “ctts” FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 2021-08-25 | not yet calculated | CVE-2021-21836 MISC |
gpac_project — advanced_content_library | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 2021-08-25 | not yet calculated | CVE-2021-21850 MISC |
gpac_project — advanced_content_library | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 2021-08-25 | not yet calculated | CVE-2021-21849 MISC |
gpac_project — advanced_content_library | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 2021-08-25 | not yet calculated | CVE-2021-21848 MISC |
gpac_project — advanced_content_library |
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using the “saio” FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 2021-08-25 | not yet calculated | CVE-2021-21840 MISC |
gpac_project — advanced_content_library |
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the ‘sbgp’ FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 2021-08-25 | not yet calculated | CVE-2021-21841 MISC |
gpac_project — advanced_content_library |
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the “co64” FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 2021-08-25 | not yet calculated | CVE-2021-21834 MISC |
gpac_project — advanced_content_library |
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom associated with the “csgp” FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 2021-08-25 | not yet calculated | CVE-2021-21835 MISC |
gpac_project — advanced_content_library |
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the ‘ssix’ FOURCC code, due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 2021-08-25 | not yet calculated | CVE-2021-21842 MISC |
huawei — cloudengine |
There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800. | 2021-08-23 | not yet calculated | CVE-2021-22328 MISC |
huawei — multiple_products |
There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions include: S12700 V200R013C00SPC500, V200R019C00SPC500; S5700 V200R013C00SPC500, V200R019C00SPC500; S6700 V200R013C00SPC500, V200R019C00SPC500; S7700 V200R013C00SPC500, V200R019C00SPC500. | 2021-08-23 | not yet calculated | CVE-2021-22357 MISC |
ibm — aix |
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106. | 2021-08-26 | not yet calculated | CVE-2021-29727 XF CONFIRM |
ibm — aix |
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977. | 2021-08-26 | not yet calculated | CVE-2021-29801 CONFIRM XF |
ibm — aix |
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086. | 2021-08-26 | not yet calculated | CVE-2021-29862 XF CONFIRM |
ibm — api_connect |
IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018. | 2021-08-26 | not yet calculated | CVE-2021-29715 XF CONFIRM |
ibm — api_connect |
IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774. | 2021-08-26 | not yet calculated | CVE-2021-29772 CONFIRM XF |
ibm — mximo_asset_management |
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694. | 2021-08-27 | not yet calculated | CVE-2021-29744 XF CONFIRM |
iec104 — iec104 |
A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). | 2021-08-23 | not yet calculated | CVE-2020-18730 MISC |
iec104 — iec104 |
A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). | 2021-08-23 | not yet calculated | CVE-2020-18731 MISC |
istio — istio |
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to [RFC 4343](https://datatracker.ietf.org/doc/html/rfc4343), Istio authorization policy should compare the hostname in the HTTP Host header in a case insensitive way, but currently the comparison is case sensitive. The proxy will route the request hostname in a case-insensitive way which means the authorization policy could be bypassed. As an example, the user may have an authorization policy that rejects request with hostname “httpbin.foo” for some source IPs, but the attacker can bypass this by sending the request with hostname “Httpbin.Foo”. Patches are available in Istio 1.11.1, Istio 1.10.4 and Istio 1.9.8. As a work around a Lua filter may be written to normalize Host header before the authorization check. This is similar to the Path normalization presented in the [Security Best Practices](https://istio.io/latest/docs/ops/best-practices/security/#case-normalization) guide. | 2021-08-24 | not yet calculated | CVE-2021-39155 MISC CONFIRM |
istio — istio |
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request with `#fragment` in the path may bypass Istio’s URI path based authorization policies. Patches are available in Istio 1.11.1, Istio 1.10.4 and Istio 1.9.8. As a work around a Lua filter may be written to normalize the path. | 2021-08-24 | not yet calculated | CVE-2021-39156 MISC CONFIRM |
joomla! — joomla! |
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user’s permissions before executing a file deletion command. | 2021-08-24 | not yet calculated | CVE-2021-26040 MISC |
joplin — joplin |
The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms. | 2021-08-24 | not yet calculated | CVE-2021-23431 MISC MISC |
jupyter — nbgitpuller |
nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade. No work around exist for users who can not upgrade. | 2021-08-25 | not yet calculated | CVE-2021-39160 MISC CONFIRM MISC |
knot_resolver — knot_resolver | Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof). | 2021-08-25 | not yet calculated | CVE-2021-40083 MISC |
lg — n1t1_10124_devices |
Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter. | 2021-08-24 | not yet calculated | CVE-2021-38306 MISC MISC MISC |
libav — libav |
In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. | 2021-08-23 | not yet calculated | CVE-2020-18778 MISC |
libav — libav |
In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. | 2021-08-23 | not yet calculated | CVE-2020-18775 MISC |
libav — libav |
In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. | 2021-08-23 | not yet calculated | CVE-2020-18776 MISC |
mender — enterprise |
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled). | 2021-08-27 | not yet calculated | CVE-2021-35342 MISC MISC |
mezzanine — mezzanine |
Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the ‘Description’ field of the component ‘admin/blog/blogpost/add/’. This issue is different than CVE-2018-16632. | 2021-08-27 | not yet calculated | CVE-2020-19002 MISC |
microsoft — edge | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 2021-08-26 | not yet calculated | CVE-2021-36929 MISC |
microsoft — edge |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36931. | 2021-08-26 | not yet calculated | CVE-2021-36928 MISC |
microsoft — edge |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36928. | 2021-08-26 | not yet calculated | CVE-2021-36931 MISC |
miniftpd — miniftpd |
A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service. | 2021-08-23 | not yet calculated | CVE-2021-39602 MISC |
misskey — misskey |
Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting (XSS). XSS could compromise the API request token. This issue has been fixed in version 12.51.0. There are no known workarounds aside from upgrading. | 2021-08-27 | not yet calculated | CVE-2021-39169 CONFIRM MISC |
mit — kerberos |
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. | 2021-08-23 | not yet calculated | CVE-2021-37750 MISC MISC CONFIRM FEDORA |
mootools — mootools |
This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge() | 2021-08-24 | not yet calculated | CVE-2021-23432 MISC |
movable_type — movable_type | Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. | 2021-08-26 | not yet calculated | CVE-2021-20812 MISC MISC |
movable_type — movable_type | Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. | 2021-08-26 | not yet calculated | CVE-2021-20810 MISC MISC |
movable_type — movable_type | Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. | 2021-08-26 | not yet calculated | CVE-2021-20811 MISC MISC |
movable_type — movable_type | Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. | 2021-08-26 | not yet calculated | CVE-2021-20813 MISC MISC |
movable_type — movable_type |
Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. | 2021-08-26 | not yet calculated | CVE-2021-20814 MISC MISC |
movable_type — movable_type |
Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. | 2021-08-26 | not yet calculated | CVE-2021-20815 MISC MISC |
movable_type — movable_type |
Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. | 2021-08-26 | not yet calculated | CVE-2021-20808 MISC MISC |
movable_type — movable_type |
Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. | 2021-08-26 | not yet calculated | CVE-2021-20809 MISC MISC |
mz_automation — gmbh_lib60870 |
A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. An attacker can send an unauthenticated message to trigger this vulnerability. | 2021-08-25 | not yet calculated | CVE-2021-21778 MISC |
nascent — remkon_device_manager |
In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL. | 2021-08-24 | not yet calculated | CVE-2021-38612 MISC MISC |
nascent — remkon_device_manager |
A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php. | 2021-08-24 | not yet calculated | CVE-2021-38611 MISC MISC |
nascent — remkon_device_manager |
The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution. | 2021-08-24 | not yet calculated | CVE-2021-38613 MISC MISC |
netwide_assembler — netwide_assembler |
Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via ‘crc64i’ in the component ‘nasmlib/crc64’. This issue is different than CVE-2019-7147. | 2021-08-25 | not yet calculated | CVE-2020-18974 MISC |
ngiflib — ngiflib |
ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary. | 2021-08-27 | not yet calculated | CVE-2021-36530 MISC |
ngiflib — ngiflib |
ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary. | 2021-08-27 | not yet calculated | CVE-2021-36531 MISC |
nvcaffe — nvcaffe |
NVCaffe’s python required dependencies list used to contain `gfortran`version prior to 0.17.4, entry which does not exist in the repository pypi.org. An attacker could potentially have posted malicious files to pypi.org causing a user to install it within NVCaffe. | 2021-08-23 | not yet calculated | CVE-2021-39158 CONFIRM |
object-path — object-path |
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === ‘__proto__’ returns false if currentPath is [‘__proto__’]. This is because the === operator returns always false when the type of the operands is different. | 2021-08-27 | not yet calculated | CVE-2021-23434 MISC MISC MISC MISC |
octobercms — octobercms |
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5. | 2021-08-26 | not yet calculated | CVE-2021-32648 MISC MISC CONFIRM |
octobercms — octobercms |
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request. This only affects frontend users and the attacker must obtain a Laravel secret key for cookie encryption and signing in order to exploit this vulnerability. The issue has been patched in Build 472 and v1.1.5. | 2021-08-26 | not yet calculated | CVE-2021-29487 MISC CONFIRM MISC |
ok-file-formats — ok-file-formats |
ok-file-formats through 2021-04-29 has a heap-based buffer overflow in the ok_csv_circular_buffer_read function in ok_csv.c. | 2021-08-24 | not yet calculated | CVE-2021-32263 MISC |
ok-file-formats — ok-file-formats |
Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman_table function in ok_jpg.c. | 2021-08-27 | not yet calculated | CVE-2021-28233 MISC |
opc_foundation — local_discovery_server |
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. | 2021-08-27 | not yet calculated | CVE-2021-40142 MISC MISC |
openexr — ucompress |
There’s a flaw in OpenEXR’s rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. | 2021-08-25 | not yet calculated | CVE-2021-3605 MISC |
openmage — magento_lts |
OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched. | 2021-08-27 | not yet calculated | CVE-2021-32758 MISC CONFIRM MISC |
openmage — magento_lts |
OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for this Issue. | 2021-08-27 | not yet calculated | CVE-2021-32759 MISC CONFIRM MISC |
openssl — openssl |
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL’s own “d2i” functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the “data” and “length” fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the “data” field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). | 2021-08-24 | not yet calculated | CVE-2021-3712 CONFIRM CONFIRM CONFIRM DEBIAN MLIST MLIST MLIST CONFIRM |
openssl — openssl |
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the “out” parameter can be NULL and, on exit, the “outlen” parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the “out” parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). | 2021-08-24 | not yet calculated | CVE-2021-3711 CONFIRM CONFIRM DEBIAN MLIST MLIST MLIST CONFIRM |
openzepplin — openzepplin |
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team’s control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining. | 2021-08-27 | not yet calculated | CVE-2021-39168 MISC CONFIRM MISC |
openzepplin — openzepplin |
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team’s control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining. | 2021-08-27 | not yet calculated | CVE-2021-39167 MISC CONFIRM MISC |
pac-resolver — pac-resolver |
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer. | 2021-08-24 | not yet calculated | CVE-2021-23406 MISC MISC MISC MISC MISC |
passport-saml — passport-saml |
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack. This has been resolved in version 3.1.0. The resolution is to limit the number of allowable transforms to 2. | 2021-08-27 | not yet calculated | CVE-2021-39171 CONFIRM MISC |
philips — healthcare_tasy_electronic_medical_record |
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter. | 2021-08-24 | not yet calculated | CVE-2021-39376 MISC |
philips — healthcare_tasy_electronic_medical_record |
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. | 2021-08-24 | not yet calculated | CVE-2021-39375 MISC MISC |
plib — plib |
In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file. | 2021-08-24 | not yet calculated | CVE-2021-38714 MISC |
podofo — podofo |
Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component ‘src/base/PdfDictionary.cpp:65’. | 2021-08-25 | not yet calculated | CVE-2020-18971 MISC |
podofo — podofo |
Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via ‘IsNextToken’ in the component ‘src/base/PdfToenizer.cpp’. | 2021-08-25 | not yet calculated | CVE-2020-18972 MISC |
ponzu — ponzu |
A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts. | 2021-08-20 | not yet calculated | CVE-2020-24130 MISC |
popojicms — popojicms | Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php. | 2021-08-25 | not yet calculated | CVE-2020-19547 MISC |
popojicms — popojicms |
Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete. | 2021-08-25 | not yet calculated | CVE-2021-28070 MISC |
popojicms — popojicms |
Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager——— edit menu. | 2021-08-25 | not yet calculated | CVE-2020-18065 MISC |
prestashop — smartdatasoft_smartblog |
Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller. | 2021-08-24 | not yet calculated | CVE-2021-37538 MISC MISC |
primekey — ejbca | An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints (by verifying that the client certificate has access to the CA and Profiles being enrolled against), this check was not performed when authenticating revocation operations, allowing a known tenant to revoke a certificate belonging to another tenant. | 2021-08-25 | not yet calculated | CVE-2021-40088 MISC |
primekey — ejbca | An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disabled it’s not possible to create new such publishers, but existing publishers would continue to run. | 2021-08-25 | not yet calculated | CVE-2021-40089 MISC |
primekey — ejbca |
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page (that can only be viewed by an administrator). While hidden from direct view, checking the page source would reveal the secret. | 2021-08-25 | not yet calculated | CVE-2021-40086 MISC |
primekey — ejbca |
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). This affects use of any of the following protocols: SCEP, CMP, or EST. | 2021-08-25 | not yet calculated | CVE-2021-40087 MISC |
qemu — qemu |
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host. | 2021-08-25 | not yet calculated | CVE-2021-3713 MISC |
raspap — raspap | raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh with any executable content. | 2021-08-24 | not yet calculated | CVE-2021-38557 MISC MISC MISC |
raspap — raspap | includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection. | 2021-08-24 | not yet calculated | CVE-2021-38556 MISC MISC MISC |
recaptcha_solver — recaptcha_solver |
An XSS issue was discovered in ReCaptcha Solver 5.7. A response from Anti-Captcha.com, RuCaptcha.com, 2captcha.com, DEATHbyCAPTCHA.com, ImageTyperz.com, or BestCaptchaSolver.com in setCaptchaCode() is inserted into the DOM as HTML, resulting in full control over the user’s browser by these servers. | 2021-08-22 | not yet calculated | CVE-2021-39362 MISC |
simiki — simiki |
Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component ‘simiki/blob/master/simiki/config.py’. | 2021-08-27 | not yet calculated | CVE-2020-19001 MISC |
simiki — simiki |
Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary code via line 54 of the component ‘simiki/blob/master/simiki/generators.py’. | 2021-08-27 | not yet calculated | CVE-2020-19000 MISC |
solarwinds — web_help_desk |
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the “Web Help Desk Getting Started Wizard”, especially the admin account creationpage, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback. | 2021-08-26 | not yet calculated | CVE-2021-32076 MISC |
sony — audio_usb_driver |
Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | 2021-08-26 | not yet calculated | CVE-2021-20793 MISC MISC MISC MISC |
spring-boot-admin — spring-boot-admin |
A stored cross-site scripting (XSS) vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML. | 2021-08-26 | not yet calculated | CVE-2020-19704 MISC |
sqlite — sqlite |
** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library. | 2021-08-24 | not yet calculated | CVE-2021-36690 MISC |
startserver — startserver |
All versions of package startserver are vulnerable to Directory Traversal due to missing sanitization. | 2021-08-24 | not yet calculated | CVE-2021-23430 MISC MISC |
tcpreplay — tcpreplay |
Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the ‘do_checksum’ function in ‘checksum.c’. It can be triggered by sending a crafted pcap file to the ‘tcpreplay-edit’ binary. This issue is different than CVE-2019-8381. | 2021-08-25 | not yet calculated | CVE-2020-18976 MISC |
thinkphp-zcms — thinkphp-zcms |
thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add. | 2021-08-26 | not yet calculated | CVE-2020-19705 MISC |
transpile — transpile |
All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function. | 2021-08-24 | not yet calculated | CVE-2021-23429 MISC MISC |
ubuntu — ubuntu | IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn’t have access to anymore (CVE-2021-28696). | 2021-08-27 | not yet calculated | CVE-2021-28696 MISC |
ubuntu — ubuntu |
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn’t have access to anymore (CVE-2021-28696). | 2021-08-27 | not yet calculated | CVE-2021-28695 MISC |
ubuntu — ubuntu |
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn’t have access to anymore (CVE-2021-28696). | 2021-08-27 | not yet calculated | CVE-2021-28694 MISC |
umbraco — forms |
A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could lead to a remote code execution attack and/or arbitrary file deletion. | 2021-08-25 | not yet calculated | CVE-2021-37334 MISC MISC |
unsquash — squashfs-tools |
Squashfs-Tools in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. | 2021-08-27 | not yet calculated | CVE-2021-40153 MISC MISC MISC |
vaadin — vaadin |
Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through 4.0.1 (Vaadin 15.0.0 through 17.0.11), 14.5.0 through 14.6.7 (Vaadin 14.5.0 through 14.6.7), and 18.0.0 through 20.0.5 (Vaadin 18.0.0 through 20.0.5) allows attackers to modify the value of a disabled Checkbox inside enabled CheckboxGroup component via unspecified vectors. | 2021-08-25 | not yet calculated | CVE-2021-33605 CONFIRM CONFIRM |
vizio — multiple_products |
Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload. | 2021-08-26 | not yet calculated | CVE-2021-27944 MISC MISC |
wms — wms |
The GET parameter “id” in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection. | 2021-08-27 | not yet calculated | CVE-2020-18106 MISC |
wordpress — wordpress |
The update functionality in the rslider_page uses an rs_id POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users having Administrator role. | 2021-08-23 | not yet calculated | CVE-2021-24557 MISC MISC |
wordpress — wordpress |
The WP SMS WordPress plugin before 5.4.13 does not sanitise the “wp_group_name” parameter before outputting it back in the “Groups” page, leading to an Authenticated Stored Cross-Site Scripting issue | 2021-08-23 | not yet calculated | CVE-2021-24561 CONFIRM MISC |
wordpress — wordpress |
The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $post_id on the options.php page. | 2021-08-23 | not yet calculated | CVE-2021-24497 MISC |
xen_security — xen_security |
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. | 2021-08-27 | not yet calculated | CVE-2021-28697 MISC |
xen_security — xen_security |
xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured. | 2021-08-27 | not yet calculated | CVE-2021-28700 MISC |
xen_security — xen_security |
long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren’t in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starving other domains or causing issues in the hypervisor itself. Note that a domain may map its own grants, i.e. there is no need for multiple domains to be involved here. A pair of “cooperating” guests may, however, cause the effects to be more severe. | 2021-08-27 | not yet calculated | CVE-2021-28698 MISC |
xen_security — xen_security |
inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of requests has to occur because the interface structure layouts commonly differ between 32- and 64-bit. The translation of the request to obtain the frame numbers of the grant status table involves translating the resulting array of frame numbers. Since the space used to carry out the translation is limited, the translation layer tells the core function the capacity of the array within translation space. Unfortunately the core function then only enforces array bounds to be below 8 times the specified value, and would write past the available space if enough frame numbers needed storing. | 2021-08-27 | not yet calculated | CVE-2021-28699 MISC |
xstream — xstream | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | 2021-08-23 | not yet calculated | CVE-2021-39154 CONFIRM MISC |
xstream — xstream | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | 2021-08-23 | not yet calculated | CVE-2021-39153 MISC CONFIRM |
xstream — xstream |
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | 2021-08-23 | not yet calculated | CVE-2021-39147 CONFIRM MISC |
xstream — xstream |
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | 2021-08-23 | not yet calculated | CVE-2021-39140 MISC CONFIRM |
xstream — xstream |
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18. | 2021-08-23 | not yet calculated | CVE-2021-39150 MISC CONFIRM |
xstream — xstream |
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | 2021-08-23 | not yet calculated | CVE-2021-39148 CONFIRM MISC |
xstream — xstream |
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | 2021-08-23 | not yet calculated | CVE-2021-39149 MISC CONFIRM |
xstream — xstream |
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | 2021-08-23 | not yet calculated | CVE-2021-39151 CONFIRM MISC |
xstream — xstream |
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18. | 2021-08-23 | not yet calculated | CVE-2021-39152 MISC CONFIRM |
youdiancms — youdiancms |
A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection. | 2021-08-27 | not yet calculated | CVE-2020-18116 MISC |
yourls — yourls |
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames | 2021-08-26 | not yet calculated | CVE-2021-3734 MISC CONFIRM |
zzcms — zzc,s |
A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the “ml” and “title” parameters. | 2021-08-26 | not yet calculated | CVE-2020-19822 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.