US-CERT Bulletin (SB21-347):Vulnerability Summary for the Week of December 6, 2021
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
accops — hyworks_dvm_tools | A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105. The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42681 MISC |
accops — hyworks_dvm_tools | An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 .The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42682 MISC |
accops — hyworks_dvm_tools | An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 . The IOCTL Handler 0x22005B in the Accops HyWorks DVM Tools prior to v3.3.1.105 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42685 MISC |
accops — hyworks_windows_client | A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42683 MISC |
accops — hyworks_windows_client | An Integer Overflow exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22001B in the Accops HyWorks Windows Client prior to v 3.2.8.200 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42686 MISC |
accops — hyworks_windows_client | A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22005B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42687 MISC |
accops — hyworks_windows_client | An Integer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22005B in the Accops HyWorks Windows Client prior to v 3.2.8.200 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42688 MISC |
ajaxpro.2_project — ajaxpro.2 | All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution. | 2021-12-03 | 7.5 | CVE-2021-23758 CONFIRM CONFIRM |
amazon — workspaces | Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-43638 MISC |
amazon — workspaces | Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-43637 MISC |
amzetta — zportal_dvm_tools | AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal DVM Tools <= v3.3.148.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-43006 MISC |
amzetta — zportal_dvm_tools | Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal DVM Tools <= v3.3.148.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-43002 MISC |
amzetta — zportal_windows_zclient | Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal Windows zClient <= v3.2.8180.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-43003 MISC |
amzetta — zportal_windows_zclient | Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal Windows zClient <= v3.2.8180.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-43000 MISC |
auerswald — compact_5500r_firmware | Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device. | 2021-12-07 | 10 | CVE-2021-40859 MISC MISC |
ays-pro — secure_copy_content_protection_and_content_locking | The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection. | 2021-12-06 | 7.5 | CVE-2021-24931 MISC |
b2evolution — b2evolution_cms | b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input. | 2021-12-06 | 7.5 | CVE-2021-31632 MISC |
canon — lbp223dw_firmware | In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability. | 2021-12-06 | 7.8 | CVE-2021-43471 MISC |
chamilo — chamilo_lms | Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php. | 2021-12-03 | 7.5 | CVE-2021-35414 MISC MISC MISC MISC MISC MISC MISC |
contiki-ng — contiki-ng | A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames. | 2021-12-07 | 8.3 | CVE-2020-12140 MISC MISC |
donglify — donglify | Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in the Donglify above 1.0.12309 below 1.7.14110 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42996 MISC |
donglify — donglify | Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Donglify above 1.0.12309 below 1.7.14110 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42994 MISC |
eltima — usb_network_gate | Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler 0x22001B in the USB Network Gate above 7.0.1370 below 9.2.2420 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42988 MISC |
eltima — usb_network_gate | Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler 0x22001B in the USB Network Gate above 7.0.1370 below 9.2.2420 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42987 MISC |
esri — arcgis_server | A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries. | 2021-12-07 | 7.5 | CVE-2021-29114 CONFIRM |
flexihub — flexihub | FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42993 MISC |
flexihub — flexihub | FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42990 MISC |
fortinet — fortinac | A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. | 2021-12-09 | 7.2 | CVE-2021-43065 CONFIRM |
fortinet — fortinac | A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. | 2021-12-08 | 7.2 | CVE-2021-41021 CONFIRM |
fortinet — fortios | An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution. | 2021-12-08 | 7.5 | CVE-2021-26109 CONFIRM |
fortinet — fortiweb | Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer. | 2021-12-08 | 7.5 | CVE-2021-41025 CONFIRM |
fortinet — fortiweb | Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments. | 2021-12-08 | 9 | CVE-2021-36195 CONFIRM |
fortinet — fortiwlc | An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions. | 2021-12-08 | 9 | CVE-2021-42758 CONFIRM |
fortinet — fortiwlm | A improper neutralization of special elements used in an sql command (‘sql injection’) in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests. | 2021-12-08 | 7.5 | CVE-2021-42760 CONFIRM |
git-it_project — git-it | Git-it through 4.4.0 allows OS command injection at the Branches Aren’t Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution). | 2021-12-07 | 7.5 | CVE-2021-44685 MISC MISC |
github-todos_project — github-todos | naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function. | 2021-12-07 | 7.5 | CVE-2021-44684 MISC MISC |
gitlab — gitlab | It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above. | 2021-12-06 | 7.5 | CVE-2021-39890 MISC CONFIRM |
huawei — emui | There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion. | 2021-12-07 | 7.8 | CVE-2021-37046 MISC |
huawei — emui | There is an Invalid address access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart. | 2021-12-08 | 7.8 | CVE-2021-37037 MISC MISC |
huawei — harmonyos | There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote denial of service and potential remote code execution. | 2021-12-07 | 7.5 | CVE-2021-37095 MISC |
huawei — harmonyos | There is a Encoding timing vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of service. | 2021-12-07 | 7.1 | CVE-2021-37085 MISC |
huawei — harmonyos | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious invoking other functions of the Smart Assistant through text messages. | 2021-12-07 | 7.5 | CVE-2021-37084 MISC |
huawei — harmonyos | There is a Cryptographic Issues vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to read and delete images of Harmony devices. | 2021-12-07 | 7.5 | CVE-2021-37063 MISC |
huawei — harmonyos | There is a Weaknesses Introduced During Design | 2021-12-07 | 7.5 | CVE-2021-37059 MISC |
huawei — harmonyos | There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may rewrite the memory of adjacent objects. | 2021-12-08 | 7.5 | CVE-2021-37049 MISC MISC |
huawei — harmonyos | There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart. | 2021-12-08 | 7.8 | CVE-2021-37097 MISC MISC |
huawei — harmonyos | There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel restart. | 2021-12-07 | 7.8 | CVE-2021-37089 MISC |
huawei — harmonyos | There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel crash. | 2021-12-07 | 7.8 | CVE-2021-37077 MISC |
huawei — harmonyos | There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to restart the phone. | 2021-12-07 | 7.8 | CVE-2021-37057 MISC |
huawei — harmonyos | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user root privilege escalation. | 2021-12-08 | 9.3 | CVE-2021-37074 MISC MISC |
huawei — harmonyos | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. | 2021-12-07 | 9.4 | CVE-2021-37011 MISC |
huawei — harmonyos | There is an UAF vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed. | 2021-12-08 | 10 | CVE-2021-37045 MISC MISC |
ivanti — avalanche | An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. | 2021-12-07 | 7.5 | CVE-2021-42128 MISC |
ivanti — avalanche | A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. | 2021-12-07 | 7.5 | CVE-2021-42127 MISC |
ivanti — endpoint_manager_cloud_services_appliance | A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). | 2021-12-08 | 7.5 | CVE-2021-44529 MISC |
kaseya — unitrends_backup | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account. | 2021-12-06 | 7.5 | CVE-2021-43035 MISC |
kaseya — unitrends_backup | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak. | 2021-12-06 | 7.5 | CVE-2021-43036 MISC |
kaseya — unitrends_backup | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls. | 2021-12-06 | 10 | CVE-2021-43033 MISC |
kaseya — unitrends_backup | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community. | 2021-12-06 | 7.5 | CVE-2021-43044 MISC |
kaseya — unitrends_backup | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the vaultServer component. This was exploitable by a remote unauthenticated attacker. | 2021-12-06 | 7.5 | CVE-2021-43042 MISC |
laravel — laravel | Laravel v5.1 was discovered to contain a deserialization vulnerability via the component \Mockery\Generator\DefinedTargetClass. | 2021-12-06 | 7.5 | CVE-2021-37298 MISC |
librenms — librenms | Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. | 2021-12-03 | 7.5 | CVE-2021-44278 MISC |
m-files — m-files_web | ** DISPUTED ** M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application. | 2021-12-05 | 7.8 | CVE-2021-37253 MISC MISC MISC FULLDISC MISC |
mahadiscom — mahavitaran | Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function | 2021-12-07 | 7.5 | CVE-2021-41716 MISC MISC |
nomachine — cloud_server | NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42979 MISC |
nomachine — cloud_server | NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42980 MISC |
nomachine — enterprise_client | NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42986 MISC |
nomachine — enterprise_client | NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42983 MISC |
nomachine — enterprise_desktop | NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42977 MISC |
nomachine — enterprise_desktop | NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42976 MISC |
nomachine — server | NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42973 MISC |
nomachine — server | NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | 2021-12-07 | 7.2 | CVE-2021-42972 MISC |
prestashop — prestashop | PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2. | 2021-12-07 | 7.5 | CVE-2021-43789 CONFIRM MISC MISC |
raspberrypi — raspberry_pi_os_lite | Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges. | 2021-12-07 | 10 | CVE-2021-38759 MISC MISC MISC |
roundupwp — registrations_for_the_events_calendar | The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection. | 2021-12-06 | 7.5 | CVE-2021-24943 MISC |
sonicwall — sma_200_firmware | A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the ‘nobody’ user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | 2021-12-08 | 7.5 | CVE-2021-20045 CONFIRM |
sonicwall — sma_200_firmware | Improper neutralization of special elements in the SMA100 management interface ‘/cgi-bin/viewcert’ POST http method allows a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | 2021-12-08 | 9 | CVE-2021-20039 CONFIRM |
sonicwall — sma_200_firmware | A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | 2021-12-08 | 9 | CVE-2021-20044 CONFIRM |
sonicwall — sma_200_firmware | An unauthenticated and remote adversary can consume all of the device’s CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | 2021-12-08 | 7.8 | CVE-2021-20041 CONFIRM |
sonicwall — sma_200_firmware | A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server’s mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a ‘nobody’ user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. | 2021-12-08 | 7.5 | CVE-2021-20038 CONFIRM |
sonicwall — sma_200_firmware | An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | 2021-12-08 | 7.5 | CVE-2021-20042 CONFIRM |
squaredup — squaredup | An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. | 2021-12-06 | 7.5 | CVE-2021-40091 MISC MISC |
swoole — swoole_php_framework | matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. | 2021-12-03 | 7.5 | CVE-2021-43676 MISC |
tendacn — ac15_firmware | A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind. | 2021-12-03 | 7.5 | CVE-2021-44352 MISC |
thinkphp — thinkphp | ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php. | 2021-12-06 | 7.5 | CVE-2021-36564 MISC |
thinkphp — thinkphp | ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache. | 2021-12-06 | 10 | CVE-2021-36567 MISC |
thinkup — thinkup | ** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2021-12-03 | 7.5 | CVE-2021-43674 MISC |
tp-link — archer_ax10_firmware | A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames | 2021-12-07 | 7.8 | CVE-2021-40288 MISC |
trendmicro — worry-free_business_security | An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021. | 2021-12-03 | 7.2 | CVE-2021-44019 MISC MISC |
trendmicro — worry-free_business_security | An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021. | 2021-12-03 | 7.2 | CVE-2021-44020 MISC MISC |
trendmicro — worry-free_business_security | An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020. | 2021-12-03 | 7.2 | CVE-2021-44021 MISC MISC |
tsmuxer_project — tsmuxer | tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h. | 2021-12-03 | 7.5 | CVE-2021-35344 MISC MISC |
tsmuxer_project — tsmuxer | tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp. | 2021-12-03 | 7.5 | CVE-2021-35346 MISC MISC |
utils.js_project — utils.js | utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) | 2021-12-08 | 7.5 | CVE-2021-3815 CONFIRM MISC |
webhmi — webhmi_firmware | The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. | 2021-12-06 | 7.5 | CVE-2021-43931 MISC |
webhmi — webhmi_firmware | The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product’s environment or lead to arbitrary code execution. | 2021-12-06 | 10 | CVE-2021-43936 MISC |
whatsapp — whatsapp | A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image. | 2021-12-07 | 7.5 | CVE-2021-24041 CONFIRM |
wpdataaccess — wp_data_access | The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion | 2021-12-06 | 7.5 | CVE-2021-24866 MISC |
xylem — aanderaa_geoview | SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands. | 2021-12-08 | 7.5 | CVE-2021-41063 MISC MISC |
yejiao — tuzicms | SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php. | 2021-12-03 | 7.5 | CVE-2021-44347 MISC |
yejiao — tuzicms | SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php. | 2021-12-03 | 7.5 | CVE-2021-44348 MISC |
yejiao — tuzicms | SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php. | 2021-12-03 | 7.5 | CVE-2021-44349 MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
10web — photo_gallery | The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action | 2021-12-06 | 4.3 | CVE-2021-25041 CONFIRM MISC |
74cms — 74cms | 74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vulnerability via /index.php?m=&c=help&a=help_list&key. | 2021-12-08 | 4.3 | CVE-2020-22421 MISC |
admidio — admidio | Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12. | 2021-12-07 | 4.3 | CVE-2021-43810 MISC MISC CONFIRM MISC |
adobe — bridge | Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file. | 2021-12-07 | 4.3 | CVE-2021-44187 MISC MISC |
adobe — bridge | Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file. | 2021-12-07 | 4.3 | CVE-2021-44186 MISC MISC |
adobe — bridge | Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious RGB file. | 2021-12-07 | 4.3 | CVE-2021-44185 MISC MISC |
allegro — allegro | An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking. | 2021-12-08 | 6.2 | CVE-2021-42110 MISC MISC |
apereo — central_authentication_service | Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints. | 2021-12-07 | 4.3 | CVE-2021-42567 CONFIRM MISC |
atlassian — jira_software_data_center | Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects’ Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. The affected versions are before version 8.19.1. | 2021-12-08 | 5 | CVE-2021-41311 MISC |
atlassian — jira_software_data_center | Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user’s Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The affected versions of Jira Server and Data Center are before version 8.19.1. | 2021-12-08 | 5 | CVE-2021-41309 MISC |
b2evolution — b2evolution_cms | b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges. | 2021-12-06 | 6.8 | CVE-2021-31631 MISC |
bkw — solar-log_500_firmware | An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. | 2021-12-07 | 4 | CVE-2021-34544 MISC MISC MISC |
calibre-ebook — calibre | calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. | 2021-12-07 | 5 | CVE-2021-44686 MISC MISC MISC |
chamilo — chamilo_lms | A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file. | 2021-12-03 | 6 | CVE-2021-35413 MISC MISC MISC MISC |
citrix — application_delivery_controller_firmware | An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. | 2021-12-07 | 4.3 | CVE-2021-22956 MISC |
citrix — application_delivery_controller_firmware | A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. | 2021-12-07 | 4.3 | CVE-2021-22955 MISC |
couchbase — sync_gateway | An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sync Gateway.) | 2021-12-07 | 5.5 | CVE-2021-43963 CONFIRM |
douco — douphp | DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php. | 2021-12-08 | 4.3 | CVE-2021-3370 MISC |
dzzoffice — dzzoffice | dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)). | 2021-12-03 | 4.3 | CVE-2021-43673 MISC |
elastic — enterprise_search | An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible. | 2021-12-07 | 4 | CVE-2021-37940 MISC |
elgg — elgg | elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | 2021-12-03 | 5 | CVE-2021-3980 MISC CONFIRM |
email_log_project — email_log | The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue | 2021-12-06 | 4.3 | CVE-2021-24924 MISC |
esri — arcgis_enterprise | An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features. | 2021-12-07 | 5 | CVE-2021-29115 CONFIRM |
esri — arcgis_server | A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. | 2021-12-07 | 4.3 | CVE-2021-29116 CONFIRM |
esri — arcgis_server | A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page. | 2021-12-07 | 4.3 | CVE-2021-29113 CONFIRM |
firefly-iii — firefly_iii | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-12-04 | 4.3 | CVE-2021-4005 CONFIRM MISC |
fortinet — fortianalyzer | A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. | 2021-12-08 | 4.6 | CVE-2021-42757 CONFIRM |
fortinet — fortiauthenticator | A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests. | 2021-12-08 | 4.3 | CVE-2021-43067 CONFIRM |
fortinet — fortiauthenticator | A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal. | 2021-12-09 | 5.5 | CVE-2021-43068 CONFIRM |
fortinet — forticlient | An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater. | 2021-12-09 | 5 | CVE-2021-36167 CONFIRM |
fortinet — forticlient | A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions. | 2021-12-09 | 4.9 | CVE-2021-43204 CONFIRM |
fortinet — forticlient_enterprise_management_server | An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages. | 2021-12-08 | 6.4 | CVE-2021-41030 CONFIRM |
fortinet — forticlient_enterprise_management_server | A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data | 2021-12-09 | 4 | CVE-2021-36189 CONFIRM |
fortinet — fortios | A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images. | 2021-12-08 | 6.8 | CVE-2021-36173 CONFIRM |
fortinet — fortios | A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering. | 2021-12-08 | 5 | CVE-2021-26108 CONFIRM |
fortinet — fortiproxy | An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability. | 2021-12-08 | 5.1 | CVE-2021-26103 CONFIRM |
fortinet — fortiproxy | A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page. | 2021-12-08 | 5 | CVE-2021-41024 CONFIRM |
fortinet — fortiproxy | An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features. | 2021-12-08 | 4.6 | CVE-2021-26110 CONFIRM |
fortinet — fortiweb | A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller. | 2021-12-09 | 6.5 | CVE-2021-43071 CONFIRM |
fortinet — fortiweb | A url redirection to untrusted site (‘open redirect’) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests to error handlers | 2021-12-08 | 5.8 | CVE-2021-36191 CONFIRM |
fortinet — fortiweb | A url redirection to untrusted site (‘open redirect’) in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers. | 2021-12-08 | 5.8 | CVE-2021-43064 CONFIRM |
fortinet — fortiweb | A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets | 2021-12-08 | 5 | CVE-2021-41014 CONFIRM |
fortinet — fortiweb | Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests. | 2021-12-08 | 6.5 | CVE-2021-41017 CONFIRM |
fortinet — fortiweb | A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage. | 2021-12-08 | 4.3 | CVE-2021-43063 CONFIRM |
fortinet — fortiweb | A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler | 2021-12-08 | 4.3 | CVE-2021-41015 CONFIRM |
fortinet — fortiweb | A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device. | 2021-12-08 | 4.6 | CVE-2021-41027 CONFIRM |
fortinet — fortiweb | A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers | 2021-12-08 | 4.3 | CVE-2021-36188 CONFIRM |
fortinet — fortiweb | Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. | 2021-12-08 | 6.5 | CVE-2021-36180 CONFIRM |
fortinet — fortiweb | A unintended proxy or intermediary (‘confused deputy’) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests. | 2021-12-08 | 6.5 | CVE-2021-36190 CONFIRM |
fortinet — fortiweb | Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests. | 2021-12-09 | 6.5 | CVE-2021-36194 CONFIRM |
fortinet — fortiweb | An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs. | 2021-12-08 | 5 | CVE-2021-41013 CONFIRM |
gitlab — gitlab | Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database’s encrypted content | 2021-12-06 | 5 | CVE-2021-22170 MISC CONFIRM |
gl-inet — gl-ar150_firmware | GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name. | 2021-12-07 | 4.3 | CVE-2021-44148 MISC |
goautodial — goautodial | The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly, allowing the caller to specify any values for these parameters and successfully authenticate. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C | 2021-12-07 | 5 | CVE-2021-43175 MISC |
goautodial — goautodial | The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize the user input that specifies the action. This permits an attacker to execute any PHP source file with a .php extension that is present on the disk and readable by the GOautodial web server process. Combined with CVE-2021-43175, it is possible for the attacker to do this without valid credentials. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C | 2021-12-07 | 6.5 | CVE-2021-43176 MISC |
google — android | An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities. | 2021-12-08 | 4.6 | CVE-2021-25512 MISC |
google — android | An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability. | 2021-12-08 | 4.6 | CVE-2021-25511 MISC |
google — android | An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution. | 2021-12-08 | 4.6 | CVE-2021-25510 MISC |
google — android | An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution. | 2021-12-08 | 4.6 | CVE-2021-25517 MISC |
google — android | An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information. | 2021-12-08 | 4.3 | CVE-2021-25514 MISC |
grafana — grafana | Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. | 2021-12-07 | 5 | CVE-2021-43798 CONFIRM MISC MISC CONFIRM MISC MLIST MLIST |
hashicorp — nomad | HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1. | 2021-12-03 | 6 | CVE-2021-43415 MISC MISC |
huawei — emui | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious application processes occupy system resources. | 2021-12-07 | 5 | CVE-2021-37043 MISC |
huawei — emui | There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | 2021-12-07 | 5 | CVE-2021-37038 MISC |
huawei — emui | There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause some services to restart. | 2021-12-07 | 5 | CVE-2021-37047 MISC |
huawei — emui | There is a Logic bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information. | 2021-12-07 | 5 | CVE-2021-37055 MISC |
huawei — emui | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. | 2021-12-07 | 6.4 | CVE-2021-37021 MISC |
huawei — emui | There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read. | 2021-12-07 | 6.4 | CVE-2021-37041 MISC MISC |
huawei — emui | There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read. | 2021-12-07 | 6.4 | CVE-2021-37042 MISC MISC |
huawei — emui | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. | 2021-12-07 | 6.4 | CVE-2021-37020 MISC |
huawei — harmonyos | There is a Service logic vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. | 2021-12-08 | 5 | CVE-2021-37053 MISC MISC MISC |
huawei — harmonyos | There is an Exception log vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause address information leakage. | 2021-12-08 | 5 | CVE-2021-37052 MISC MISC |
huawei — harmonyos | There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | 2021-12-08 | 5 | CVE-2021-37050 MISC MISC |
huawei — harmonyos | There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | 2021-12-08 | 5 | CVE-2021-37054 MISC MISC |
huawei — harmonyos | There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user’s nickname is maliciously tampered with. | 2021-12-07 | 5 | CVE-2021-37058 MISC |
huawei — harmonyos | There is a Uncontrolled Resource Consumption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Screen projection application denial of service. | 2021-12-07 | 5 | CVE-2021-37061 MISC |
huawei — harmonyos | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to SAMGR Heap Address Leakage. | 2021-12-07 | 5 | CVE-2021-37060 MISC |
huawei — harmonyos | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | 2021-12-07 | 5 | CVE-2021-37076 MISC |
huawei — harmonyos | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. | 2021-12-07 | 5 | CVE-2021-37090 MISC |
huawei — harmonyos | There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers which can isolate and read synchronization files of other applications across the UID sandbox. | 2021-12-07 | 5 | CVE-2021-37086 MISC |
huawei — harmonyos | There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Denial of Service Attacks. | 2021-12-07 | 5 | CVE-2021-37083 MISC |
huawei — harmonyos | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to nearby crash. | 2021-12-07 | 5 | CVE-2021-37081 MISC |
huawei — harmonyos | There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | 2021-12-07 | 5 | CVE-2021-37080 MISC |
huawei — harmonyos | There is a Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote Denial of Service. | 2021-12-07 | 5 | CVE-2021-37078 MISC |
huawei — harmonyos | There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. | 2021-12-08 | 5 | CVE-2021-37075 MISC MISC |
huawei — harmonyos | There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages. | 2021-12-08 | 5 | CVE-2021-37093 MISC MISC |
huawei — harmonyos | There is a Incorrect Calculation of Buffer Size vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory crash. | 2021-12-07 | 5 | CVE-2021-37072 MISC |
huawei — harmonyos | There is a Business Logic Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to persistent dos. | 2021-12-07 | 5 | CVE-2021-37071 MISC |
huawei — harmonyos | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. | 2021-12-07 | 5 | CVE-2021-37070 MISC |
huawei — harmonyos | There is a Resource Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of Service Attacks. | 2021-12-07 | 5 | CVE-2021-37068 MISC |
huawei — harmonyos | There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality impacted. | 2021-12-07 | 5 | CVE-2021-37067 MISC |
huawei — harmonyos | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. | 2021-12-07 | 5 | CVE-2021-37066 MISC |
huawei — harmonyos | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to fake visitors to control PC,play a video,etc. | 2021-12-07 | 5 | CVE-2021-37048 MISC |
huawei — harmonyos | There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete any file. | 2021-12-07 | 6.4 | CVE-2021-37099 MISC |
huawei — harmonyos | There is a Permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. | 2021-12-08 | 5 | CVE-2021-37044 MISC MISC |
huawei — harmonyos | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to device cannot be used properly. | 2021-12-07 | 5 | CVE-2021-37014 MISC |
huawei — harmonyos | There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting. | 2021-12-08 | 6.8 | CVE-2021-37040 MISC MISC |
huawei — harmonyos | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to motionhub crash. | 2021-12-07 | 4.3 | CVE-2021-37082 MISC |
huawei — harmonyos | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the detection result is tampered with. | 2021-12-07 | 4.3 | CVE-2021-37073 MISC |
huawei — harmonyos | There is an Out-of-bounds read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds memory access. | 2021-12-08 | 6.4 | CVE-2021-37051 MISC MISC MISC |
huawei — harmonyos | There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage. | 2021-12-07 | 6.4 | CVE-2021-37062 MISC |
huawei — harmonyos | There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to arbitrary file created. | 2021-12-07 | 6.4 | CVE-2021-37064 MISC |
huawei — harmonyos | There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality or Availability impacted. | 2021-12-07 | 6.4 | CVE-2021-37065 MISC |
huawei — harmonyos | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete arbitrary file by system_app permission. | 2021-12-07 | 6.4 | CVE-2021-37079 MISC |
huawei — harmonyos | There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can create arbitrary file. | 2021-12-07 | 6.4 | CVE-2021-37087 MISC |
huawei — harmonyos | There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can write any content to any file. | 2021-12-07 | 6.4 | CVE-2021-37088 MISC |
huawei — harmonyos | There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | 2021-12-08 | 5 | CVE-2021-37092 MISC MISC |
huawei — harmonyos | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | 2021-12-08 | 5.8 | CVE-2021-37069 MISC MISC |
huawei — harmonyos | There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed. | 2021-12-07 | 5 | CVE-2021-37100 MISC |
huawei — harmonyos | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to user privacy disclosed. | 2021-12-07 | 5 | CVE-2021-37096 MISC |
huawei — harmonyos | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system denial of service. | 2021-12-07 | 5 | CVE-2021-37094 MISC |
huawei — harmonyos | There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. | 2021-12-07 | 5 | CVE-2021-37091 MISC |
huawei — magic_ui | There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information. | 2021-12-07 | 5 | CVE-2021-37056 MISC MISC |
ibm — cognos_analytics | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212. | 2021-12-03 | 5.5 | CVE-2021-29867 CONFIRM XF |
ibm — cognos_analytics | IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339. | 2021-12-03 | 5 | CVE-2021-20470 XF CONFIRM |
ibm — cognos_analytics | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794. | 2021-12-03 | 4.3 | CVE-2021-20493 XF CONFIRM |
ibm — cognos_analytics | IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091 | 2021-12-03 | 5 | CVE-2021-29719 CONFIRM XF |
ibm — cognos_analytics | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087. | 2021-12-03 | 4 | CVE-2021-29716 CONFIRM XF |
ibm — cognos_analytics | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167. | 2021-12-03 | 6.8 | CVE-2021-29756 CONFIRM XF |
inveniosoftware — invenio-drafts-resources | Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default installation of InvenioRDM. An authenticated a user is able via REST API calls to publish draft records of other users if they know the record identifier and the draft validates (e.g. all require fields filled out). An attacker is not able to modify the data in the record, and thus e.g. *cannot* change a record from restricted to public. The problem is patched in Invenio-Drafts-Resources v0.13.7 and 0.14.6, which is part of InvenioRDM v6.0.1 and InvenioRDM v7.0 respectively. | 2021-12-06 | 4 | CVE-2021-43781 MISC CONFIRM |
ivanti — avalanche | An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. | 2021-12-07 | 6.5 | CVE-2021-42124 MISC |
ivanti — avalanche | An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. | 2021-12-07 | 5.5 | CVE-2021-42133 MISC |
ivanti — avalanche | An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. | 2021-12-07 | 6.5 | CVE-2021-42125 MISC |
ivanti — avalanche | An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | 2021-12-07 | 6.5 | CVE-2021-42126 MISC |
ivanti — avalanche | A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | 2021-12-07 | 6.5 | CVE-2021-42129 MISC |
ivanti — avalanche | A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. | 2021-12-07 | 6.5 | CVE-2021-42130 MISC |
ivanti — avalanche | A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | 2021-12-07 | 6.5 | CVE-2021-42131 MISC |
ivanti — avalanche | A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | 2021-12-07 | 6.5 | CVE-2021-42132 MISC |
johnsoncontrols — kantech_entrapass | Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data. | 2021-12-06 | 5 | CVE-2021-36198 CERT CONFIRM |
kaseya — unitrends_backup | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation. | 2021-12-06 | 6.5 | CVE-2021-43040 MISC |
kaseya — unitrends_backup | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application. | 2021-12-06 | 6.5 | CVE-2021-43041 MISC |
kaseya — unitrends_backup | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM. | 2021-12-06 | 6.9 | CVE-2021-43037 MISC |
kaseya — unitrends_backup | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule. | 2021-12-06 | 4 | CVE-2021-43043 MISC |
kaseya — unitrends_backup | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation. | 2021-12-06 | 4.6 | CVE-2021-43034 MISC |
kaseya — unitrends_backup | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access. | 2021-12-06 | 6.4 | CVE-2021-43039 MISC |
kaseya — unitrends_backup | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user. | 2021-12-06 | 6.5 | CVE-2021-43038 MISC |
knime — knime_server | KNIME Server before 4.13.4 allows XSS via the old WebPortal login page. | 2021-12-08 | 4.3 | CVE-2021-44726 MISC |
knime — knime_server | KNIME Server before 4.13.4 allows directory traversal in a request for a client profile. | 2021-12-08 | 5 | CVE-2021-44725 MISC |
laravel — framework | Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request. | 2021-12-08 | 4.3 | CVE-2021-43808 MISC MISC MISC MISC CONFIRM MISC MISC MISC |
linuxfoundation — runc | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug. | 2021-12-06 | 6 | CVE-2021-43784 MISC MISC MISC CONFIRM MISC MLIST |
livehelperchat — live_helper_chat | livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-12-07 | 4.3 | CVE-2021-4049 MISC CONFIRM |
livehelperchat — live_helper_chat | livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 2021-12-08 | 4.3 | CVE-2021-4050 MISC CONFIRM |
mcafee — database_security | A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server. | 2021-12-08 | 5.5 | CVE-2021-31850 CONFIRM |
mozilla — firefox | When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should have access to. This was fixed to provide the pre-redirect URL. This is related to CVE-2021-43532 but in the context of Web Extensions. This vulnerability affects Firefox < 94. | 2021-12-08 | 4.3 | CVE-2021-43531 MISC MISC |
mozilla — firefox | The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user’s computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | 2021-12-08 | 6.8 | CVE-2021-38510 MISC MISC MISC MISC |
mozilla — firefox | Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | 2021-12-08 | 4.3 | CVE-2021-43536 MISC MISC MISC MISC |
mozilla — firefox | Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | 2021-12-08 | 6.8 | CVE-2021-43534 MISC MISC MISC MISC |
mozilla — firefox | When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox < 94. | 2021-12-08 | 4.3 | CVE-2021-43533 MISC MISC |
mozilla — firefox | The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | 2021-12-08 | 4.3 | CVE-2021-38507 MISC MISC MISC MISC |
mozilla — firefox | A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94. | 2021-12-08 | 4.3 | CVE-2021-43530 MISC MISC |
mozilla — firefox | A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. | 2021-12-08 | 6.8 | CVE-2021-43535 MISC MISC MISC MISC |
mozilla — firefox | An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | 2021-12-08 | 6.8 | CVE-2021-43537 MISC MISC MISC MISC |
mozilla — firefox | Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | 2021-12-08 | 4.3 | CVE-2021-38506 MISC MISC MISC MISC |
mozilla — firefox | Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker’s choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | 2021-12-08 | 4.3 | CVE-2021-38509 MISC MISC MISC MISC |
mozilla — firefox | By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | 2021-12-08 | 4.3 | CVE-2021-38508 MISC MISC MISC MISC |
mozilla — firefox | Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user’s Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | 2021-12-08 | 4.3 | CVE-2021-38505 MISC MISC MISC MISC |
mozilla — firefox | By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | 2021-12-08 | 4.3 | CVE-2021-43538 MISC MISC MISC MISC |
mozilla — firefox | Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | 2021-12-08 | 4.3 | CVE-2021-43545 MISC MISC MISC MISC |
mozilla — firefox | The ‘Copy Image Link’ context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows – in conjunction with a Content Security Policy that stopped a redirection chain in the middle – the final image URL could be one that contained an authentication token used to takeover a user account. If a website tricked a user into copy and pasting the image link back to the page, the page would be able to steal the authentication tokens. This was fixed by making the action return the original URL, before any redirects. This vulnerability affects Firefox < 94. | 2021-12-08 | 5.8 | CVE-2021-43532 MISC MISC |
mozilla — firefox | When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | 2021-12-08 | 4.3 | CVE-2021-43541 MISC MISC MISC MISC |
mozilla — firefox | WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95. | 2021-12-08 | 4.3 | CVE-2021-43540 MISC MISC |
mozilla — firefox | Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | 2021-12-08 | 6.8 | CVE-2021-43539 MISC MISC MISC MISC |
mozilla — firefox | It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | 2021-12-08 | 4.3 | CVE-2021-43546 MISC MISC MISC MISC |
mozilla — firefox | Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | 2021-12-08 | 4.3 | CVE-2021-43542 MISC MISC MISC MISC |
mozilla — firefox | Documents loaded with the CSP sandbox directive could have escaped the sandbox’s script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | 2021-12-08 | 4.3 | CVE-2021-43543 MISC MISC MISC MISC |
mozilla — firefox | When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95. | 2021-12-08 | 4.3 | CVE-2021-43544 MISC MISC |
mozilla — thunderbird | Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0. | 2021-12-08 | 4.3 | CVE-2021-43528 MISC MISC |
nebulab — solidus | Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order’s email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity. | 2021-12-07 | 5 | CVE-2021-43805 CONFIRM MISC |
online_enrollment_management_system_project — online_enrollment_management_system | Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter. | 2021-12-07 | 6.5 | CVE-2021-40578 MISC |
opendesign — drawings_explorer | An out-of-bounds write vulnerability exists when reading a TIF file using Open Design Alliance (ODA) Drawings Explorer before 2022.11. The specific issue exists after loading TIF files. Crafted data in a TIF file can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2021-12-05 | 6.8 | CVE-2021-44048 MISC |
opendesign — drawings_sdk | An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2021-12-05 | 6.8 | CVE-2021-44045 MISC |
opendesign — drawings_sdk | A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2021-12-05 | 6.8 | CVE-2021-44047 MISC |
opendesign — drawings_sdk | An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG (4 extraneous bytes before the marker 0xca) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2021-12-05 | 6.8 | CVE-2021-44044 MISC |
opendesign — prc_sdk | An out-of-bounds write vulnerability exists when reading U3D files in Open Design Alliance PRC SDK before 2022.11. An unchecked return value of a function (verifying input data from a U3D file) leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2021-12-05 | 6.8 | CVE-2021-44046 MISC |
pimcore — pimcore | pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 2021-12-10 | 4.3 | CVE-2021-4081 MISC CONFIRM |
piwigo — piwigo | Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. | 2021-12-06 | 6.5 | CVE-2021-40313 MISC |
profilepress — loginwp | The LoginWP (Formerly Peter’s Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue | 2021-12-06 | 4.3 | CVE-2021-24939 MISC |
racktables_project — racktables | Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter. | 2021-12-07 | 4.3 | CVE-2020-19611 MISC MISC |
requarks — wiki.js | Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible on a Wiki.js server running on Windows, when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and that no web application firewall solution (e.g. cloudflare) strips potentially malicious URLs. Commit number 414033de9dff66a327e3f3243234852f468a9d85 fixes this vulnerability by sanitizing the path before it is passed on to the storage module. The sanitization step removes any windows directory traversal sequences from the path. As a workaround, disable any storage module with local asset caching capabilities (Local File System, Git). | 2021-12-06 | 4.3 | CVE-2021-43800 MISC CONFIRM MISC |
showdoc — showdoc | showdoc is vulnerable to URL Redirection to Untrusted Site | 2021-12-03 | 5.8 | CVE-2021-4000 CONFIRM MISC |
snipeitapp — snipe-it | snipe-it is vulnerable to Server-Side Request Forgery (SSRF) | 2021-12-06 | 6.5 | CVE-2021-4075 MISC CONFIRM |
solardatasystems — solar-log_500_firmware | The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. | 2021-12-07 | 5 | CVE-2021-34543 MISC MISC MISC |
solarwinds — serv-u | Serv-U server responds with valid CSRFToken when the request contains only Session. | 2021-12-06 | 6.8 | CVE-2021-35242 MISC MISC |
solarwinds — serv-u | When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. | 2021-12-06 | 6.8 | CVE-2021-35245 MISC MISC |
sonicwall — global_vpn_client | SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system. | 2021-12-08 | 6.9 | CVE-2021-20047 CONFIRM |
sonicwall — sma_200_firmware | A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | 2021-12-08 | 6.5 | CVE-2021-20043 CONFIRM |
sonicwall — sma_200_firmware | A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a ‘nobody’ user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | 2021-12-08 | 5 | CVE-2021-20040 CONFIRM |
squaredup — squaredup | An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in the log files downloaded by an authenticated administrator user), leading to the ability to read arbitrary files on the server filesystems. | 2021-12-07 | 4 | CVE-2021-40095 MISC MISC |
tawk — tawk.to_live_chat | The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users (including simple subscribers) to change the ‘tawkto-embed-widget-page-id’ and ‘tawkto-embed-widget-widget-id’ parameters. Any authenticated user can thus link the vulnerable website to their own Tawk.to instance. Consequently, they will be able to monitor the vulnerable website and interact with its visitors (receive contact messages, answer, …). They will also be able to display an arbitrary Knowledge Base. The second one will remove the live chat widget from pages. | 2021-12-06 | 6 | CVE-2021-24914 MISC |
tiny — plupload | This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file. | 2021-12-03 | 6.8 | CVE-2021-23562 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
tmate — tmate-ssh-server | Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling. | 2021-12-07 | 4.4 | CVE-2021-44513 MISC MISC |
tmate — tmate-ssh-server | World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory. | 2021-12-07 | 4.4 | CVE-2021-44512 MISC MISC |
trustwave — modsecurity | ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4. | 2021-12-07 | 5 | CVE-2021-42717 MISC |
ui — unifi_switch_firmware | A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later. | 2021-12-07 | 6.1 | CVE-2021-44527 MISC |
veritas — enterprise_vault | An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14076). | 2021-12-06 | 6.8 | CVE-2021-44678 MISC |
veritas — enterprise_vault | An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14078). | 2021-12-06 | 6.8 | CVE-2021-44677 MISC |
veritas — enterprise_vault | An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14074). | 2021-12-06 | 6.8 | CVE-2021-44679 MISC |
veritas — enterprise_vault | An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14075). | 2021-12-06 | 6.8 | CVE-2021-44680 MISC |
veritas — enterprise_vault | An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14080). | 2021-12-06 | 6.8 | CVE-2021-44681 MISC |
veritas — enterprise_vault | An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14079). | 2021-12-06 | 6.8 | CVE-2021-44682 MISC |
vim — vim | vim is vulnerable to Use After Free | 2021-12-06 | 6.8 | CVE-2021-4069 CONFIRM MISC FEDORA |
vinga — wr-n300u_firmware | VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component. | 2021-12-06 | 6.5 | CVE-2021-43469 MISC |
woocommerce — woocommerce_currency_switcher | The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected cross-Site Scripting issue | 2021-12-06 | 4.3 | CVE-2021-24938 MISC |
wp_google_fonts_project — wp_google_fonts | The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated user) before outputing them in attributes, leading Reflected Cross-Site Scripting issues | 2021-12-06 | 4.3 | CVE-2021-24935 CONFIRM MISC |
wpserveur — wps_hide_login | The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. | 2021-12-06 | 5 | CVE-2021-24917 MISC MISC |
wso2 — api_manager | In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.) | 2021-12-07 | 4.3 | CVE-2021-36760 MISC MISC |
xen — xen | grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. This bug was fortuitously fixed by code cleanup in Xen 4.14, and backported to security-supported Xen branches as a prerequisite of the fix for XSA-378. | 2021-12-07 | 6.9 | CVE-2021-28703 MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
bookly_project — bookly | The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue | 2021-12-06 | 3.5 | CVE-2021-24930 MISC |
chamilo — chamilo_lms | A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course “Title” and “Content” fields. | 2021-12-03 | 3.5 | CVE-2021-35415 MISC MISC MISC MISC MISC MISC MISC MISC |
debug_meta_data_project — debug_meta_data | The debug-meta-data plugin 1.1.2 for WordPress allows XSS. | 2021-12-07 | 3.5 | CVE-2020-27356 MISC MISC MISC |
fortinet — fortiadc | A missing cryptographic steps vulnerability in the function that encrypts users’ LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets. | 2021-12-08 | 2.6 | CVE-2021-32591 CONFIRM |
fortinet — fortiwlm | A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests | 2021-12-08 | 3.5 | CVE-2021-41029 CONFIRM |
fortinet — fortiwlm | A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim’s host via crafted HTTP requests | 2021-12-08 | 3.5 | CVE-2021-42752 CONFIRM |
google — android | An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen. | 2021-12-08 | 2.1 | CVE-2021-25513 MISC |
huawei — harmonyos | There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Bluetooth DoS. | 2021-12-08 | 3.3 | CVE-2021-37039 MISC MISC |
ibm — cognos_analytics | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706. | 2021-12-03 | 3.5 | CVE-2021-38909 CONFIRM XF |
kentico — xperience | The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. | 2021-12-03 | 3.5 | CVE-2021-43991 MISC |
linaro — op-tee | The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral. | 2021-12-07 | 3.6 | CVE-2021-36133 MISC |
mahadiscom — mahavitaran | An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application. | 2021-12-07 | 1.9 | CVE-2020-27413 MISC MISC MISC MISC |
pdf.js_viewer_project — pdf.js_viewer | The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks | 2021-12-06 | 3.5 | CVE-2021-24759 MISC |
reputeinfosystems — contact_form\,_survey_\&_popup_form_plugin_for_wordpress_-_arforms_form_builder | The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2021-12-06 | 3.5 | CVE-2021-24718 MISC |
soflyy — wp_all_import | The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import’s Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfiltered_html capability is disallowed. | 2021-12-06 | 3.5 | CVE-2021-24714 MISC |
squaredup — squaredup | A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations. | 2021-12-07 | 3.5 | CVE-2021-40096 MISC MISC |
squaredup — squaredup | A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions. | 2021-12-07 | 3.5 | CVE-2021-40093 MISC MISC |
squaredup — squaredup | A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file. | 2021-12-07 | 3.5 | CVE-2021-40092 MISC MISC |
squaredup — squaredup | A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user’s device. | 2021-12-07 | 3.5 | CVE-2021-40094 MISC MISC |
trendmicro — antivirus\+_security | Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection. | 2021-12-03 | 2.1 | CVE-2021-43772 MISC |
trendmicro — apex_one | A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2021-12-03 | 2.1 | CVE-2021-44022 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
allegro — windows |
Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials. | 2021-12-08 | not yet calculated | CVE-2021-43978 MISC MISC |
amd — amd_generic_encapsulated_software_architecture |
Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system. | 2021-12-10 | not yet calculated | CVE-2020-12890 MISC |
amd — epyc_processors |
A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM). | 2021-12-10 | not yet calculated | CVE-2021-26340 MISC |
android — samsung | An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. | 2021-12-08 | not yet calculated | CVE-2021-25516 MISC |
android — samsung |
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. | 2021-12-08 | not yet calculated | CVE-2021-25515 MISC |
android — samsung |
An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution. | 2021-12-08 | not yet calculated | CVE-2021-25518 MISC |
android — samsung |
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission. | 2021-12-08 | not yet calculated | CVE-2021-25519 MISC |
android — samsung |
Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | 2021-12-08 | not yet calculated | CVE-2021-25520 MISC |
android — samsung |
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. | 2021-12-08 | not yet calculated | CVE-2021-25521 MISC |
android — samsung |
Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim’s captured images without permission. | 2021-12-08 | not yet calculated | CVE-2021-25522 MISC |
android — samsung |
Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | 2021-12-08 | not yet calculated | CVE-2021-25523 MISC |
android — samsung |
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | 2021-12-08 | not yet calculated | CVE-2021-25524 MISC |
android — samsung |
Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition. | 2021-12-08 | not yet calculated | CVE-2021-25525 MISC |
android — samsung |
Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication. | 2021-12-08 | not yet calculated | CVE-2021-25527 MISC |
android — samsung |
Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action. | 2021-12-08 | not yet calculated | CVE-2021-25526 MISC |
apache — airavata_django_portal |
Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https://github.com/apache/airavata-django-portal/commit/3c5d8c72bfc3eb0af8693a655a5d60f9273f8170 | 2021-12-09 | not yet calculated | CVE-2021-43410 CONFIRM |
apache — log4j2 |
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property “log4j2.formatMsgNoLookups” to “true” or by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class). Java 8u121 (see https://www.oracle.com/java/technologies/javase/8u121-relnotes.html) protects against remote code execution by defaulting “com.sun.jndi.rmi.object.trustURLCodebase” and “com.sun.jndi.cosnaming.object.trustURLCodebase” to “false”. | 2021-12-10 | not yet calculated | CVE-2021-44228 MISC MLIST MLIST MISC CONFIRM CISCO MLIST CONFIRM CONFIRM |
apache — openid_connect |
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation vulnerabilities. Versions `2.5.2` contains a patch for this issue. | 2021-12-09 | not yet calculated | CVE-2021-41246 CONFIRM MISC MISC |
apm_java_agent — apm_java_agent |
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of permissions than they possess. This vulnerability affects users that have set up the agent via the attacher cli 3, the attach API 2, as well as users that have enabled the profiling_inferred_spans_enabled option | 2021-12-08 | not yet calculated | CVE-2021-37941 MISC |
awslabs — sockeye |
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24. | 2021-12-08 | not yet calculated | CVE-2021-43811 CONFIRM MISC MISC |
bosch — bt_software_products |
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859 | 2021-12-08 | not yet calculated | CVE-2021-23859 CONFIRM |
bosch — bt_software_products |
A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000). | 2021-12-08 | not yet calculated | CVE-2021-23862 CONFIRM |
bosch — bt_software_products |
By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed. | 2021-12-08 | not yet calculated | CVE-2021-23861 CONFIRM |
bosch — bt_software_products |
An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed. | 2021-12-08 | not yet calculated | CVE-2021-23860 CONFIRM |
cybonet — pineapp_mail_secure |
PineApp – Mail Secure – The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code. | 2021-12-08 | not yet calculated | CVE-2021-36719 CERT |
cybonet — pineapp_mail_secure |
PineApp – Mail Secure – Attacker sending a request to :/blocking.php?url=<script>alert(1)</script> and stealing cookies . | 2021-12-08 | not yet calculated | CVE-2021-36720 CERT |
dart_lang — sdk |
When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on pub.dev. We recommend upgrading past https://github.com/dart-lang/sdk/commit/d787e78d21e12ec1ef712d229940b1172aafcdf8 or beyond version 2.15.0 | 2021-12-09 | not yet calculated | CVE-2021-22568 CONFIRM CONFIRM CONFIRM |
defensify — devise_masquerade_gem |
The devise_masquerade gem before 1.3 allows certain attacks when a password’s salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this extension) is used. If the server-side secret_key_base value became publicly known (for instance if it is committed to a public repository by mistake), there are still other protections in place that prevent an attacker from impersonating any user on the site. When masquerading is not used in a plain Devise application, one must know the password salt of the target user if one wants to encrypt and sign a valid session cookie. When devise_masquerade is used, however, an attacker can decide which user the “back” action will go back to without knowing that user’s password salt and simply knowing the user ID, by manipulating the session cookie and pretending that a user is already masqueraded by an administrator. | 2021-12-07 | not yet calculated | CVE-2021-28680 MISC MISC |
delta_electronics — cncsoft |
Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | 2021-12-09 | not yet calculated | CVE-2021-43982 MISC |
digger — digger |
National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected by a XML External Entity (XXE) vulnerability. Since XML parsing resolves external entities, a malicious XML stream could leak internal files and/or cause a DoS. | 2021-12-08 | not yet calculated | CVE-2021-44556 MISC MISC |
digi — transport |
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway. | 2021-12-10 | not yet calculated | CVE-2021-37188 MISC MISC |
digi — transport |
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users’ passwords. | 2021-12-10 | not yet calculated | CVE-2021-37187 MISC MISC |
digi — transport |
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc. | 2021-12-10 | not yet calculated | CVE-2021-35978 MISC MISC |
digi — transport |
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session. | 2021-12-10 | not yet calculated | CVE-2021-37189 MISC MISC |
django — django |
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | 2021-12-08 | not yet calculated | CVE-2021-44420 MISC CONFIRM CONFIRM MISC |
doctrin — dbal |
Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other API that ultimately uses the AbstractPlatform::modifyLimitQuery API. | 2021-12-09 | not yet calculated | CVE-2021-43608 CONFIRM MISC MISC MISC |
ether — etherpad |
Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute arbitrary code (including system commands). To gain privileges, the attacker must be able to trigger deletion of `express-session` state or wait for old `express-session` state to be cleaned up. Core Etherpad does not delete any `express-session` state, so the only known attacks require either a plugin that can delete session state or a custom cleanup process (such as a cron job that deletes old `sessionstorage:*` records). The problem has been fixed in version 1.8.16. If users cannot upgrade to 1.8.16 or install patches manually, several workarounds are available. Users may configure their reverse proxies to reject requests to `/p/*/import`, which will block all imports, not just `*.etherpad` imports; limit all users to read-only access; and/or prevent the reuse of `express_sid` cookie values that refer to deleted express-session state. More detailed information and general mitigation strategies may be found in the GitHub Security Advisory. | 2021-12-09 | not yet calculated | CVE-2021-43802 MISC MISC MISC CONFIRM |
eufy — homebase |
An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability. | 2021-12-09 | not yet calculated | CVE-2021-21955 MISC |
eufy — homebase |
A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution. | 2021-12-09 | not yet calculated | CVE-2021-21954 MISC |
eufy — homebase |
An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code execution. | 2021-12-08 | not yet calculated | CVE-2021-21951 MISC |
eufy — homebase |
An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function recv_server_device_response_msg_process. A specially-crafted network packet can lead to code execution. | 2021-12-08 | not yet calculated | CVE-2021-21950 MISC |
f-secure — safe_browser |
A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack. | 2021-12-10 | not yet calculated | CVE-2021-40834 MISC MISC |
fatpipe_networks — warp_ipvpn_and_mpvpn_software |
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 could allow a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006. | 2021-12-08 | not yet calculated | CVE-2021-27860 CONFIRM MISC MISC |
flask-appbuilder — flask-appbuilder |
Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. This only affects non database authentication types and new REST API endpoints. Users should upgrade to Flask-AppBuilder 3.3.4 to receive a patch. | 2021-12-09 | not yet calculated | CVE-2021-41265 CONFIRM MISC MISC |
fortiguard — fortinet_meru_ap |
A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. | 2021-12-09 | not yet calculated | CVE-2021-42759 CONFIRM |
genesys — intelligent_workload_distribution |
A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine. | 2021-12-08 | not yet calculated | CVE-2021-40860 MISC MISC |
genesys — intelligent_workload_distribution |
A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine. | 2021-12-08 | not yet calculated | CVE-2021-40861 MISC MISC |
google — android |
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account. | 2021-12-08 | not yet calculated | CVE-2020-27416 MISC MISC |
google — exposure_notification_server |
An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater. | 2021-12-09 | not yet calculated | CVE-2021-22565 MISC MISC |
grafana — grafana |
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text. | 2021-12-10 | not yet calculated | CVE-2021-43813 MISC MISC CONFIRM MISC MISC MISC MLIST |
grafana — grafana |
Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defined in the base YAML file are exposed at `/-/config` and metrics instance configs defined for the scraping service are exposed at `/agent/api/v1/configs/:key`. Inline secrets will be exposed to anyone being able to reach these endpoints. If HTTPS with client authentication is not configured, these endpoints are accessible to unauthenticated users. Secrets found in these sections are used for delivering metrics to a Prometheus Remote Write system, authenticating against a system for discovering Prometheus targets, and authenticating against a system for collecting metrics. This does not apply for non-inlined secrets, such as `*_file` based secrets. This issue is patched in Grafana Agent versions 0.20.1 and 0.21.2. A few workarounds are available. Users who cannot upgrade should use non-inline secrets where possible. Users may also desire to restrict API access to Grafana Agent with some combination of restricting the network interfaces Grafana Agent listens on through `http_listen_address` in the `server` block, configuring Grafana Agent to use HTTPS with client authentication, and/or using firewall rules to restrict external access to Grafana Agent’s API. | 2021-12-08 | not yet calculated | CVE-2021-41090 MISC MISC MISC CONFIRM MISC |
grafana — grafana |
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. | 2021-12-10 | not yet calculated | CVE-2021-43815 CONFIRM MISC MISC MISC MISC MLIST |
h2database — h2database |
The package com.h2database:h2 from 0 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability. | 2021-12-10 | not yet calculated | CVE-2021-23463 CONFIRM CONFIRM CONFIRM CONFIRM |
hpe — storeserv_management_console |
A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1. | 2021-12-10 | not yet calculated | CVE-2021-29214 MISC |
huntflow_enterprise — huntflow_enterprise |
An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching for the “isLdap” JavaScript parameter in the HTML source code. | 2021-12-10 | not yet calculated | CVE-2021-37935 MISC |
huntflow_enterprise — huntflow_enterprise |
Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing. | 2021-12-10 | not yet calculated | CVE-2021-37934 MISC |
ibm — db2 |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418. | 2021-12-09 | not yet calculated | CVE-2021-38931 CONFIRM XF |
ibm — db2 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321. | 2021-12-09 | not yet calculated | CVE-2021-38926 XF CONFIRM |
ibm — db2 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914. | 2021-12-09 | not yet calculated | CVE-2021-29678 XF CONFIRM |
ibm — db2 |
IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521. | 2021-12-09 | not yet calculated | CVE-2021-20373 CONFIRM XF |
ibm — db2 |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 2021-12-09 | not yet calculated | CVE-2021-39002 XF CONFIRM |
ibm — powervm_hypervisor |
IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018. | 2021-12-10 | not yet calculated | CVE-2021-38917 XF CONFIRM |
ibm — pwervm_hypervisor |
IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894. | 2021-12-10 | not yet calculated | CVE-2021-38937 XF CONFIRM |
ibm — websphere_application_server |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405. | 2021-12-09 | not yet calculated | CVE-2021-38951 CONFIRM XF |
kimai2 — kimai2 |
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-12-09 | not yet calculated | CVE-2021-4033 MISC CONFIRM |
lapack — lapack |
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. | 2021-12-08 | not yet calculated | CVE-2021-4048 MISC MISC MISC MISC MISC MISC MISC |
linaro — op-tee |
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle. | 2021-12-07 | not yet calculated | CVE-2021-44149 MISC CONFIRM |
linux — linux_kernel |
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. | 2021-12-08 | not yet calculated | CVE-2018-25020 MISC |
mattermost — mattermost |
Mattermost 6.0.2 and earlier fails to sufficiently sanitize user’s password in audit logs when user creation fails. | 2021-12-09 | not yet calculated | CVE-2021-37861 MISC |
maxsite — cms |
Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page. | 2021-12-10 | not yet calculated | CVE-2021-27983 MISC |
mcafee — network_security_manager |
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios. | 2021-12-09 | not yet calculated | CVE-2021-4038 CONFIRM |
mozilla — firefox_thunderbird_and_firfox_esr |
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | 2021-12-08 | not yet calculated | CVE-2021-38503 MISC MISC MISC MISC |
mozilla — firefox_thunderbird_and_firfox_esr |
When interacting with an HTML input element’s file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | 2021-12-08 | not yet calculated | CVE-2021-38504 MISC MISC MISC MISC |
mozilla — network_security_services |
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. | 2021-12-08 | not yet calculated | CVE-2021-43527 MISC MISC MISC MISC |
multiner — multiner |
National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is affected by an XML External Entity (XXE) vulnerability in multiNER/ner.py. Since XML parsing resolves external entities, a malicious XML stream could leak internal files and/or cause a DoS. | 2021-12-08 | not yet calculated | CVE-2021-44557 MISC MISC |
netgear — multiple_routers |
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet. | 2021-12-09 | not yet calculated | CVE-2021-41449 MISC MISC MISC MISC |
netty — netty |
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.7.1.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to “sanitize” header names before it forward these to another remote system when used as proxy. This remote system can’t see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.7.1.Final to receive a patch. | 2021-12-09 | not yet calculated | CVE-2021-43797 CONFIRM MISC |
next.js — next.js |
Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue. | 2021-12-10 | not yet calculated | CVE-2021-43803 MISC MISC MISC MISC CONFIRM |
ocean_data_systems — dream_report |
A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability. | 2021-12-08 | not yet calculated | CVE-2021-21957 MISC |
openolat — openolat |
OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files anywhere on the target system. The attack could be used to write files anywhere in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account, an enabled REST API and the rights on a business object to call the vulnerable REST calls. The problem is fixed in version 15.5.12 and 16.0.5. There is a workaround available. The vulnerability requires the REST module to be enabled. Disabling the REST module or limiting the REST module via some firewall or web-server access rules to be accessed only be trusted systems will mitigate the risk. | 2021-12-10 | not yet calculated | CVE-2021-41242 MISC CONFIRM MISC MISC |
openwhyd — openwhyd |
openwhyd is vulnerable to URL Redirection to Untrusted Site | 2021-12-10 | not yet calculated | CVE-2021-3829 CONFIRM MISC |
pimcore — pimcore |
pimcore is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-12-10 | not yet calculated | CVE-2021-4082 MISC CONFIRM |
pimcore — pimcore |
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 2021-12-10 | not yet calculated | CVE-2021-4084 CONFIRM MISC |
plex — plex_media_server |
An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM). | 2021-12-08 | not yet calculated | CVE-2021-42835 MISC MISC MISC MISC |
pluck — cms |
Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks. | 2021-12-10 | not yet calculated | CVE-2021-31747 MISC |
pluck — cms |
Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution. | 2021-12-10 | not yet calculated | CVE-2021-31746 MISC |
pluck — cms |
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password. | 2021-12-10 | not yet calculated | CVE-2021-31745 MISC |
pluck — cms |
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files. | 2021-12-10 | not yet calculated | CVE-2021-27984 MISC |
premiumdatingscript — premiumdatingscript |
An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php. | 2021-12-09 | not yet calculated | CVE-2021-41694 MISC |
premiumdatingscript — premiumdatingscript |
An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php. | 2021-12-09 | not yet calculated | CVE-2021-41696 MISC |
premiumdatingscript — premiumdatingscript |
A reflected Cross Site Scripting (XSS) vulnerability exists in Premiumdatingscript 4.2.7.7 via the aerror_description parameter in assets/sources/instagram.php script. | 2021-12-09 | not yet calculated | CVE-2021-41697 MISC |
premiumdatingscript — premiumdatingscript |
An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php. . | 2021-12-09 | not yet calculated | CVE-2021-41695 MISC |
rubygems — rubygems |
`Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`’s, it is not expected that they lead to execution of external code, unless that’s explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash. To exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside. This vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `–` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`’s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code. | 2021-12-08 | not yet calculated | CVE-2021-43809 MISC CONFIRM MISC MISC |
snipe — snipe-it |
snipe-it is vulnerable to Improper Access Control | 2021-12-10 | not yet calculated | CVE-2021-4089 CONFIRM MISC |
snyk — prototype_pollution | All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function. | 2021-12-10 | not yet calculated | CVE-2021-23700 CONFIRM |
snyk — prototype_pollution | The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. | 2021-12-10 | not yet calculated | CVE-2021-23639 CONFIRM CONFIRM CONFIRM |
snyk — prototype_pollution |
All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function. | 2021-12-10 | not yet calculated | CVE-2021-23663 CONFIRM |
snyk — prototype_pollution |
All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function. | 2021-12-10 | not yet calculated | CVE-2021-23561 CONFIRM |
synel — eharmoneynew_and_synel_reports |
SYNEL – eharmonynew / Synel Reports – The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data (Employee name, Employee ID number, Working hours etc’) The vulnerabilety has been addressed and fixed on version 11. Default credentials , Security miscommunication , Sensetive data exposure vulnerability in Synel Reports of SYNEL eharmonynew, Synel Reports allows an attacker to log into the system with default credentials. This issue affects: SYNEL eharmonynew, Synel Reports 8.0.2 version 11 and prior versions. | 2021-12-08 | not yet calculated | CVE-2021-36718 CERT |
tenable — gryphon_tower_router |
A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router’s web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim’s browser. | 2021-12-09 | not yet calculated | CVE-2021-20137 MISC |
tenable — gryphon_tower_router |
An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the web interface. | 2021-12-09 | not yet calculated | CVE-2021-20138 MISC |
tenable — gryphon_tower_router |
An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | 2021-12-09 | not yet calculated | CVE-2021-20139 MISC |
tenable — gryphon_tower_router |
An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | 2021-12-09 | not yet calculated | CVE-2021-20140 MISC |
tenable — gryphon_tower_router |
An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon’s development and infrastructure. At the time of discovery, the ssh key could be used to login to the development server hosted in Amazon Web Services. | 2021-12-09 | not yet calculated | CVE-2021-20146 MISC |
tenable — gryphon_tower_router |
An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | 2021-12-09 | not yet calculated | CVE-2021-20141 MISC |
tenable — gryphon_tower_router |
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users’ devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims’ devices as though they were on an adjacent network. | 2021-12-09 | not yet calculated | CVE-2021-20145 MISC |
tenable — gryphon_tower_router |
An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | 2021-12-09 | not yet calculated | CVE-2021-20142 MISC |
tenable — gryphon_tower_router |
An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | 2021-12-09 | not yet calculated | CVE-2021-20143 MISC |
tenable — gryphon_tower_router |
An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | 2021-12-09 | not yet calculated | CVE-2021-20144 MISC |
tp-link — ax10v1 |
An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. | 2021-12-08 | not yet calculated | CVE-2021-41450 MISC MISC MISC |
wbce_cms — wbce_cms |
wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | 2021-12-09 | not yet calculated | CVE-2021-3817 MISC CONFIRM |
wordpress — comment_engine_pro |
Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role. | 2021-12-10 | not yet calculated | CVE-2021-36911 CONFIRM MISC |
yetiforcecrm — yetiforcecrm |
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-12-11 | not yet calculated | CVE-2021-4092 CONFIRM MISC |
yubio — yubihsm |
The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device. | 2021-12-08 | not yet calculated | CVE-2021-43399 MISC |
zohocorp — manageengine_opmanager |
OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | 2021-12-09 | not yet calculated | CVE-2021-44514 MISC |
zzcms — zzcms |
An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php. | 2021-12-09 | not yet calculated | CVE-2021-40280 MISC |
zzcms — zzcms |
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. | 2021-12-09 | not yet calculated | CVE-2021-40281 MISC |
zzcms — zzcms |
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users. | 2021-12-09 | not yet calculated | CVE-2021-40282 MISC |
zzcms — zzcms |
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php. | 2021-12-09 | not yet calculated | CVE-2021-40279 MISC |
zzcms — zzcms |
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console. | 2021-12-09 | not yet calculated | CVE-2021-43703 MISC |
zzzcms — zzzcms |
A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php. | 2021-12-09 | not yet calculated | CVE-2020-19683 MISC |
zzzcms — zzzcms |
A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. | 2021-12-09 | not yet calculated | CVE-2020-19682 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.