US-CERT Bulletin (SB21-319):Vulnerability Summary for the Week of November 8, 2021
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| airangel — hsmx-app-25_firmware | Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution. | 2021-11-10 | 10 | CVE-2021-40521 MISC MISC |
| asgaros — asgaros_forum | The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue | 2021-11-08 | 7.5 | CVE-2021-24827 CONFIRM MISC |
| azeotech — daqfactory | The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown. | 2021-11-05 | 7.5 | CVE-2021-42543 MISC |
| cloudera — cloudera_manager | Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges. | 2021-11-08 | 7.5 | CVE-2021-30132 MISC MISC |
| dolibarr — dolibarr | The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. | 2021-11-10 | 7.5 | CVE-2021-33816 MISC MISC FULLDISC |
| engineers_online_portal_project — engineers_online_portal | A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing “<?php system($_GET[“cmd”]); ?>” the attacker can execute commands on the web server with – /admin/uploads/php-webshell?cmd=id. | 2021-11-05 | 10 | CVE-2021-42669 MISC MISC |
| engineers_online_portal_project — engineers_online_portal | A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server. | 2021-11-05 | 7.5 | CVE-2021-42670 MISC MISC |
| engineers_online_portal_project — engineers_online_portal | A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server. | 2021-11-05 | 7.5 | CVE-2021-42668 MISC MISC |
| engineers_online_portal_project — engineers_online_portal | An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication. | 2021-11-05 | 7.5 | CVE-2021-42665 MISC MISC MISC |
| flowpaper — pdf2json | pdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch. | 2021-11-10 | 7.5 | CVE-2020-23878 MISC MISC |
| genetechsolutions — pie_register | The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection. | 2021-11-08 | 7.5 | CVE-2021-24731 MISC |
| genexis — platinum_4410_firmware | Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router. | 2021-11-10 | 7.1 | CVE-2020-28137 MISC |
| gitlab — gitlab | Accidental logging of system root password in the migration log in all versions of GitLab CE/EE allows an attacker with local file system access to obtain system root-level privileges | 2021-11-05 | 7.2 | CVE-2021-39913 CONFIRM MISC |
| gnu — hurd | An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access. | 2021-11-07 | 7.2 | CVE-2021-43412 MISC MISC |
| gnu — hurd | An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access. | 2021-11-07 | 9 | CVE-2021-43413 MISC MISC MISC MISC |
| gnu — hurd | An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there’s a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access. | 2021-11-07 | 8.5 | CVE-2021-43411 MISC MISC MISC |
| hitachi — vantara_pentaho | Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI. | 2021-11-08 | 7.5 | CVE-2021-34684 MISC MISC |
| jetbrains — hub | In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. | 2021-11-09 | 7.5 | CVE-2021-43183 MISC |
| jetbrains — teamcity | In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient. | 2021-11-09 | 7.5 | CVE-2021-43200 MISC |
| jetbrains — teamcity | In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. | 2021-11-09 | 7.5 | CVE-2021-43193 MISC |
| jetbrains — youtrack | JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. | 2021-11-09 | 7.5 | CVE-2021-43185 MISC |
| kaysongroup — php_event_calendar | PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database system. It can also be used to bypass the login form. | 2021-11-08 | 10 | CVE-2021-42077 MISC MISC |
| microsoft — windows_10 | Windows Hyper-V Denial of Service Vulnerability | 2021-11-10 | 7.1 | CVE-2021-42284 MISC |
| microsoft — windows_10 | Windows Kernel Elevation of Privilege Vulnerability | 2021-11-10 | 7.2 | CVE-2021-42285 MISC |
| microsoft — windows_10 | Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability | 2021-11-10 | 7.7 | CVE-2021-26443 MISC |
| neoan — neoan3-template | ### Impact Versions prior 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by mistake or maliciously. In theory all users of the package are affected as long as they either deal with direct user input or database values. A multi-step attack on is therefore plausible. ### Patches Version 1.1.1 has addressed this vulnerability. “`php $params = [ ‘reverse’ => fn($input) => strrev($input), // <– no longer possible with version ~1.1.1 ‘value’ => ‘My website’ ] TemplateFunctions::registerClosure(‘reverse’, fn($input) => strrev($input)); // <– still possible (and nicely isolated) Template::embrace(‘<h1>{{reverse(value)}}</h1>’, $params); “` ### Workarounds Unfortunately only working with hardcoded values is safe in prior versions. As this likely defeats the purpose of a template engine, please upgrade. ### References As a possible exploit is relatively easy to achieve, I will not share steps to reproduce the issue for now. ### For more information If you have any questions or comments about this advisory: * Open an issue in [our repo](https://github.com/sroehrl/neoan3-template) | 2021-11-08 | 7.5 | CVE-2021-41170 CONFIRM MISC MISC |
| online_event_booking_and_reservation_system_project — online_event_booking_and_reservation_system | A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server. | 2021-11-05 | 7.5 | CVE-2021-42667 MISC MISC |
| opengamepanel — opengamepanel | An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. An authenticated attacker could inject OS commands by starting a Counter-Strike server and using the map field to enter a Bash command. | 2021-11-10 | 9 | CVE-2021-37158 MISC MISC |
| opengamepanel — opengamepanel | An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm has the root password in cleartext. | 2021-11-10 | 9 | CVE-2021-37157 MISC MISC |
| owasp — owasp_modsecurity_core_rule_set | OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. | 2021-11-05 | 7.5 | CVE-2021-35368 CONFIRM MISC CONFIRM MISC |
| phpjabbers — fundraising_script | Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function. | 2021-11-05 | 7.5 | CVE-2020-22226 MISC |
| phpjabbers — fundraising_script | Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function. | 2021-11-05 | 7.5 | CVE-2020-22225 MISC |
| phpjabbers — fundraising_script | Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function. | 2021-11-05 | 7.5 | CVE-2020-22223 MISC |
| realtek — rtl8195am_firmware | A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame. | 2021-11-11 | 7.5 | CVE-2021-43573 MISC MISC |
| samsung — smartthings | Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. | 2021-11-05 | 7.5 | CVE-2021-25508 MISC |
| science-miner — pdf2xml | pdf2xml v2.0 was discovered to contain a stack buffer overflow in the component getObjectStream. | 2021-11-10 | 7.5 | CVE-2020-23877 MISC MISC |
| science-miner — pdf2xml | pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump. | 2021-11-10 | 7.5 | CVE-2020-23873 MISC MISC |
| science-miner — pdf2xml | pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::addAttributsNode. | 2021-11-10 | 7.5 | CVE-2020-23874 MISC MISC |
| servicetonic — servicetonic | Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths. | 2021-11-08 | 7.5 | CVE-2021-28023 MISC MISC |
| servicetonic — servicetonic | Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password. | 2021-11-08 | 7.5 | CVE-2021-28024 MISC MISC |
| siemens — capital_vstar | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010) | 2021-11-09 | 7.5 | CVE-2021-31886 MISC MISC |
| siemens — capital_vstar | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014) | 2021-11-09 | 7.5 | CVE-2021-31884 MISC MISC |
| siemens — sentron_powermanager_3 | A vulnerability has been identified in SENTRON powermanager V3 (All versions). The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | 2021-11-09 | 7.2 | CVE-2021-37207 MISC |
| siemens — simatic_pcs_7 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files. | 2021-11-09 | 7.5 | CVE-2021-40358 MISC |
| sitecore — experience_platform | Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability. | 2021-11-05 | 10 | CVE-2021-42237 MISC MISC MISC |
| starkbank — ecdsa-dotnet | The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | 2021-11-09 | 7.5 | CVE-2021-43569 MISC MISC |
| starkbank — ecdsa-java | The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | 2021-11-09 | 7.5 | CVE-2021-43570 MISC MISC |
| starkbank — ecdsa-node | The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | 2021-11-09 | 7.5 | CVE-2021-43571 MISC MISC |
| starkbank — ecdsa-python | The verify function in the Stark Bank Python ECDSA library (ecdsa-python) 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | 2021-11-09 | 7.5 | CVE-2021-43572 MISC MISC |
| starkbank — elixir_ecdsa | The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | 2021-11-09 | 7.5 | CVE-2021-43568 MISC MISC |
| talend — data_catalog | An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed. | 2021-11-05 | 7.5 | CVE-2021-42837 MISC CONFIRM |
| xorux — lpar2rrd | lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30. | 2021-11-08 | 7.5 | CVE-2021-42371 CONFIRM CONFIRM |
| xorux — lpar2rrd | A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service. | 2021-11-08 | 9 | CVE-2021-42372 CONFIRM CONFIRM |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 404_to_301_project — 404_to_301 | The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin before 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack | 2021-11-08 | 4.3 | CVE-2021-24766 MISC |
| airangel — hsmx-app-25_firmware | Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials. | 2021-11-10 | 6.4 | CVE-2021-40519 MISC MISC |
| androidbubbles — wp_header_images | The WP Header Images WordPress plugin before 2.0.1 does not sanitise and escape the t parameter before outputting it back in the plugin’s settings page, leading to a Reflected Cross-Site Scripting issue | 2021-11-08 | 4.3 | CVE-2021-24798 MISC |
| apostrophecms — apostrophecms | Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users’ sessions. | 2021-11-08 | 6.4 | CVE-2021-25979 MISC |
| azeotech — daqfactory | Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory. | 2021-11-05 | 6.8 | CVE-2021-42698 MISC |
| azeotech — daqfactory | The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account. | 2021-11-05 | 4.3 | CVE-2021-42699 MISC |
| barrier_project — barrier | An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote attacker can thus cause file descriptor exhaustion in the server process, leading to denial of service. | 2021-11-08 | 5 | CVE-2021-42075 MLIST MISC |
| barrier_project — barrier | An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption. | 2021-11-08 | 6.5 | CVE-2021-42072 MISC MLIST |
| barrier_project — barrier | An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is “Unnamed” by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server. | 2021-11-08 | 5.8 | CVE-2021-42073 CONFIRM MLIST |
| barrier_project — barrier | An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP messages. | 2021-11-08 | 5 | CVE-2021-42076 MLIST MISC |
| barrier_project — barrier | An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentation fault in the barriers component (aka the server-side implementation of Barrier) by quickly opening and closing TCP connections while sending a Hello message for each TCP session. | 2021-11-08 | 5 | CVE-2021-42074 MLIST MISC |
| batch_cat_project — batch_cat | The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subscribers) can add/set/delete arbitrary categories to posts. | 2021-11-08 | 4 | CVE-2021-24788 MISC |
| beeline — smart_box_firmware | Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi. | 2021-11-10 | 4.3 | CVE-2021-41427 MISC MISC MISC |
| beeline — smart_box_firmware | Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm. | 2021-11-10 | 6.8 | CVE-2021-41426 MISC MISC MISC |
| beescms — beescms | BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. | 2021-11-08 | 6.8 | CVE-2020-23572 MISC |
| bookstackapp — bookstack | bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 2021-11-05 | 4 | CVE-2021-3916 CONFIRM MISC |
| casap_automated_enrollment_system_project — casap_automated_enrollment_system | Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php, the (3) firstname, (4) class, and (5) status parameters in student_table.php, the (6) category and (7) class_name parameters in add_class1.php, the (8) fname, (9) mname,(10) lname, (11) address, (12) class, (13) gfname, (14) gmname, (15) glname, (16) rship, (17) status, (18) transport, and (19) route parameters in add_student.php, the (20) fname, (21) mname, (22) lname, (23) address, (24) class, (25) fgname, (26) gmname, (27) glname, (28) rship, (29) status, (30) transport, and (31) route parameters in save_stud.php,the (32) status, (33) fname, and (34) lname parameters in add_user.php, the (35) username, (36) firstname, and (37) status parameters in users.php, the (38) fname, (39) lname, and (40) status parameters in save_user.php, and the (41) activity_log, (42) aprjun, (43) class, (44) janmar, (45) Julsep,(46) octdec, (47) Students and (48) users parameters in table_name. | 2021-11-08 | 4.3 | CVE-2021-40261 MISC |
| chameleon_css_project — chameleon_css | The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection | 2021-11-08 | 6.5 | CVE-2021-24626 MISC MISC |
| cloudera — cloudera_manager | Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. | 2021-11-08 | 4.3 | CVE-2021-29243 MISC MISC |
| cloudera — cloudera_manager | Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard. | 2021-11-08 | 5 | CVE-2021-32483 MISC MISC |
| cloudera — cloudera_manager | Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter. | 2021-11-08 | 4.3 | CVE-2021-32482 MISC MISC |
| cloudera — hue | Cloudera Hue 4.6.0 allows XSS via the type parameter. | 2021-11-08 | 4.3 | CVE-2021-32481 MISC CONFIRM |
| cloudera — hue | Cloudera Hue 4.6.0 allows XSS. | 2021-11-08 | 4.3 | CVE-2021-29994 CONFIRM CONFIRM MISC |
| codesupply — squaretype | The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request. | 2021-11-08 | 5 | CVE-2021-24840 MISC |
| dolibarr — dolibarr | Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. | 2021-11-10 | 4.3 | CVE-2021-33618 MISC MISC MISC FULLDISC |
| draftpress — header_footer_code_manager | The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the “orderby” and “order” request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections | 2021-11-08 | 6.5 | CVE-2021-24791 MISC |
| eclipse — theia | In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage(). | 2021-11-10 | 4.3 | CVE-2021-41038 CONFIRM CONFIRM |
| engineers_online_portal_project — engineers_online_portal | A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server. | 2021-11-05 | 6.5 | CVE-2021-42666 MISC MISC MISC |
| engineers_online_portal_project — engineers_online_portal | An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization. | 2021-11-05 | 5 | CVE-2021-42671 MISC MISC |
| enrocrypt_project — enrocrypt | EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`. | 2021-11-08 | 5 | CVE-2021-39182 MISC CONFIRM |
| feataholic — maz_loader | The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection. | 2021-11-08 | 6.5 | CVE-2021-24669 MISC |
| flowpaper — pdf2json | pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject. | 2021-11-10 | 5 | CVE-2020-23879 MISC MISC |
| fullworks — redirect_404_error_page_to_homepage_or_custom_page_with_logs | The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack | 2021-11-08 | 4.3 | CVE-2021-24767 MISC |
| fusionpbx — fusionpbx | An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values). | 2021-11-05 | 6.5 | CVE-2021-43406 MISC |
| fusionpbx — fusionpbx | An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric). | 2021-11-05 | 6.5 | CVE-2021-43405 MISC MISC |
| fusionpbx — fusionpbx | An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters. | 2021-11-05 | 6.5 | CVE-2021-43404 MISC |
| g_auto-hyperlink_project — g_auto-hyperlink | The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an ‘id’ GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection | 2021-11-08 | 6.5 | CVE-2021-24627 MISC MISC |
| genetechsolutions — pie_register | The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username | 2021-11-08 | 6.8 | CVE-2021-24647 MISC |
| genie_wp_favicon_project — genie_wp_favicon | The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF in place when updating the favicon, which could allow attackers to make a logged in admin change it via a CSRF attack | 2021-11-08 | 4.3 | CVE-2021-24674 MISC |
| getgrav — grav | grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 2021-11-05 | 5 | CVE-2021-3924 CONFIRM MISC |
| gitlab — gitlab | Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred | 2021-11-05 | 5 | CVE-2021-39897 MISC CONFIRM MISC |
| gitlab — gitlab | In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from. | 2021-11-05 | 5 | CVE-2021-39898 MISC CONFIRM MISC |
| gitlab — gitlab | A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage. | 2021-11-05 | 5 | CVE-2021-39907 MISC CONFIRM MISC |
| gitlab — gitlab | A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion. | 2021-11-05 | 5 | CVE-2021-39912 CONFIRM MISC MISC |
| gitlab — gitlab | An Improper Access Control vulnerability in the GraphQL API in GitLab CE/EE since version 13.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request | 2021-11-05 | 4 | CVE-2021-39904 CONFIRM MISC MISC |
| gitlab — gitlab | Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim’s behalf. | 2021-11-05 | 4.3 | CVE-2021-39906 MISC CONFIRM MISC |
| gitlab — gitlab | An improper access control flaw in GitLab CE/EE since version 13.9 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers | 2021-11-05 | 4 | CVE-2021-39911 MISC CONFIRM |
| gitlab — gitlab | An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with | 2021-11-05 | 4 | CVE-2021-39905 MISC CONFIRM MISC |
| gitlab — gitlab | In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint. | 2021-11-05 | 4 | CVE-2021-39901 MISC CONFIRM MISC |
| gnu — hurd | An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. | 2021-11-07 | 6.9 | CVE-2021-43414 MISC MISC |
| golang — go | Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. | 2021-11-08 | 4.3 | CVE-2021-41772 MISC |
| golang — go | ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. | 2021-11-08 | 4.3 | CVE-2021-41771 MISC |
| google — android | Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution. | 2021-11-05 | 4.6 | CVE-2021-25503 MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse undefined behavior (binding references to `nullptr`s). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. We will deprecate TensorFlow’s boosted trees APIs in subsequent releases. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 4.6 | CVE-2021-41208 MISC CONFIRM |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or `CHECK`-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. We have discovered these issues internally via tooling while working on improving/testing GPU op determinism. As such, we don’t have reproducers and there will be multiple fixes for these issues. These fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 4.6 | CVE-2021-41206 MISC MISC MISC MISC CONFIRM MISC MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 4.3 | CVE-2021-41213 MISC CONFIRM |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an undefined behavior due to binding a reference to `nullptr`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 4.6 | CVE-2021-41214 CONFIRM MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the indices in `perm` are all valid. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 4.6 | CVE-2021-41216 CONFIRM MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to `true` and never assigns `false`. This results in unitialized variable access if callers assume that `EinsumHelper::ParseEquation()` always sets these flags. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 4.6 | CVE-2021-41201 MISC CONFIRM |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to `nullptr`. This occurs whenever the dimensions of `a` or `b` are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, we should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 4.6 | CVE-2021-41219 CONFIRM MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats. The fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 4.6 | CVE-2021-41203 CONFIRM MISC MISC MISC MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions TensorFlow’s `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 4.6 | CVE-2021-41228 MISC CONFIRM |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the `input`, `input_h` and `input_c` parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 4.6 | CVE-2021-41221 CONFIRM MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been `std::move()`d from are still accessed. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected. | 2021-11-05 | 4.6 | CVE-2021-41220 CONFIRM MISC |
| gvectors — wpdiscuz | The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment. | 2021-11-08 | 4.3 | CVE-2021-24806 MISC |
| hitachi — vantara_pentaho | An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials. | 2021-11-08 | 5 | CVE-2021-31602 MISC MISC |
| hitachi — vantara_pentaho | UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution). | 2021-11-08 | 6.5 | CVE-2021-34685 MISC MISC |
| hitachi — vantara_pentaho | An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code. | 2021-11-08 | 6.5 | CVE-2021-31599 MISC MISC |
| hitachi — vantara_pentaho | An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials. | 2021-11-08 | 4 | CVE-2021-31601 MISC MISC |
| hitachi — vantara_pentaho | An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames. | 2021-11-08 | 4 | CVE-2021-31600 MISC MISC |
| hospital_management_system_project — hospital_management_system | Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php. | 2021-11-05 | 4.3 | CVE-2021-39411 MISC |
| hp — futuresmart_4 | A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution. | 2021-11-09 | 4.6 | CVE-2019-18912 MISC |
| ibm — business_automation_workflow | IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | 2021-11-05 | 4.3 | CVE-2021-29753 CONFIRM XF |
| ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401. | 2021-11-10 | 4 | CVE-2021-38887 CONFIRM XF |
| ibm — mq_appliance | IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203. | 2021-11-08 | 4 | CVE-2021-29843 XF CONFIRM |
| ibm — qradar_network_security | IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467. | 2021-11-08 | 4.3 | CVE-2020-4152 CONFIRM XF |
| ibm — qradar_network_security | IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340. | 2021-11-08 | 4.3 | CVE-2020-4160 XF CONFIRM |
| igexsolutions — wpschoolpress | The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above. | 2021-11-08 | 6.5 | CVE-2021-24575 MISC |
| irfanview — irfanview | Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a “Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850”. | 2021-11-05 | 6.8 | CVE-2020-23565 MISC |
| irfanview — irfanview | Irfanview v4.53 allows attackers to to cause a denial of service (DoS) via a crafted JPEG 2000 file. Related to “Integer Divide By Zero starting at JPEG2000!ShowPlugInSaveOptions_W+0x00000000000082ea” | 2021-11-05 | 4.3 | CVE-2020-23567 MISC |
| irfanview — irfanview | Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8. | 2021-11-05 | 4.3 | CVE-2020-23566 MISC |
| jetbrains — hub | In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. | 2021-11-09 | 5 | CVE-2021-43180 MISC |
| jetbrains — hub | In JetBrains Hub before 2021.1.13690, stored XSS is possible. | 2021-11-09 | 4.3 | CVE-2021-43181 MISC |
| jetbrains — hub | In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. | 2021-11-09 | 5 | CVE-2021-43182 MISC |
| jetbrains — ktor | In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. | 2021-11-09 | 5 | CVE-2021-43203 MISC |
| jetbrains — teamcity | In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing. | 2021-11-09 | 5 | CVE-2021-43195 MISC |
| jetbrains — teamcity | In JetBrains TeamCity before 2021.1.2, user enumeration was possible. | 2021-11-09 | 5 | CVE-2021-43194 MISC |
| jetbrains — teamcity | In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project. | 2021-11-09 | 5 | CVE-2021-43201 MISC |
| jetbrains — teamcity | In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible. | 2021-11-09 | 5 | CVE-2021-43196 MISC |
| jetbrains — teamcity | In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient. | 2021-11-09 | 5 | CVE-2021-43199 MISC |
| jetbrains — teamcity | In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS. | 2021-11-09 | 4.3 | CVE-2021-43197 MISC |
| jetbrains — youtrack_mobile | In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information. | 2021-11-09 | 5 | CVE-2021-43187 MISC |
| jetbrains — youtrack_mobile | In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible. | 2021-11-09 | 5 | CVE-2021-43190 MISC |
| jetbrains — youtrack_mobile | JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS. | 2021-11-09 | 5 | CVE-2021-43191 MISC |
| jetbrains — youtrack_mobile | In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible. | 2021-11-09 | 5 | CVE-2021-43192 MISC |
| legalweb — wp_dsgvo_tools | WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanently delete an arbitrary post or page on the site by sending an AJAX request with the “action” parameter set to “admin-dismiss-unsubscribe” and the “id” parameter set to the post to be deleted. Sending such a request would move the post to the trash, and repeating the request would permanently delete the post in question. | 2021-11-05 | 6.4 | CVE-2021-42359 MISC |
| loco_translate_project — loco_translate | The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated “translator” users being able to inject PHP code into files ending with .php in web accessible locations. | 2021-11-08 | 4 | CVE-2021-24721 MISC |
| lua — lua | Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. | 2021-11-09 | 4.3 | CVE-2021-43519 MISC MISC |
| mcafee — drive_encryption | DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. | 2021-11-10 | 4.6 | CVE-2021-31853 CONFIRM |
| mendix — mendix | A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow authenticated attackers to retrieve the changedDate attribute of arbitrary objects, even when they don’t have read access to them. | 2021-11-09 | 4 | CVE-2021-42026 MISC |
| mendix — mendix | A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow authenticated attackers to manipulate the content of System.FileDocument objects in some cases, regardless whether they have write access to it. | 2021-11-09 | 6.8 | CVE-2021-42025 MISC |
| meross — mss550x_firmware | Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. This could allow a remote attacker to obtain the Wi-Fi SSID as well as the password configured by the user from Meross app via Http/JSON plain request. | 2021-11-05 | 4.3 | CVE-2021-3774 CONFIRM |
| microsoft — 365_apps | Microsoft Access Remote Code Execution Vulnerability | 2021-11-10 | 6.8 | CVE-2021-41368 MISC MISC |
| microsoft — 365_apps | Microsoft Excel Security Feature Bypass Vulnerability | 2021-11-10 | 6.8 | CVE-2021-42292 MISC |
| microsoft — 365_apps | Microsoft Word Remote Code Execution Vulnerability | 2021-11-10 | 6.9 | CVE-2021-42296 MISC |
| microsoft — 365_apps | Microsoft Excel Remote Code Execution Vulnerability | 2021-11-10 | 6.8 | CVE-2021-40442 MISC |
| microsoft — edge | Microsoft Edge (Chrome based) Spoofing on IE Mode | 2021-11-10 | 4.3 | CVE-2021-41351 MISC |
| microsoft — exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability | 2021-11-10 | 6.5 | CVE-2021-42321 MISC |
| microsoft — exchange_server | Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42305. | 2021-11-10 | 4.3 | CVE-2021-41349 MISC |
| microsoft — power_bi_report_server | Power BI Report Server Spoofing Vulnerability | 2021-11-10 | 6.8 | CVE-2021-41372 MISC |
| microsoft — remote_desktop | Remote Desktop Protocol Client Information Disclosure Vulnerability | 2021-11-10 | 4.3 | CVE-2021-38665 MISC |
| microsoft — visual_studio | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | 2021-11-10 | 4.6 | CVE-2021-42277 MISC MISC |
| microsoft — windows_10 | Chakra Scripting Engine Memory Corruption Vulnerability | 2021-11-10 | 5.1 | CVE-2021-42279 MISC |
| microsoft — windows_10 | Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability | 2021-11-10 | 4.6 | CVE-2021-42286 MISC |
| microsoft — windows_10 | NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41367, CVE-2021-41370. | 2021-11-10 | 4.6 | CVE-2021-42283 MISC |
| microsoft — windows_10 | Windows Feedback Hub Elevation of Privilege Vulnerability | 2021-11-10 | 4.6 | CVE-2021-42280 MISC MISC |
| microsoft — windows_10 | Windows Installer Elevation of Privilege Vulnerability | 2021-11-10 | 4.6 | CVE-2021-41379 MISC MISC |
| microsoft — windows_10 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | 2021-11-10 | 4.6 | CVE-2021-41377 MISC |
| microsoft — windows_10 | Windows Desktop Bridge Elevation of Privilege Vulnerability | 2021-11-10 | 4.6 | CVE-2021-36957 MISC |
| microsoft — windows_10 | NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41367, CVE-2021-42283. | 2021-11-10 | 4.6 | CVE-2021-41370 MISC |
| microsoft — windows_10 | Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | 2021-11-10 | 4.6 | CVE-2021-41366 MISC |
| microsoft — windows_10 | Microsoft COM for Windows Remote Code Execution Vulnerability | 2021-11-10 | 6.5 | CVE-2021-42275 MISC |
| microsoft — windows_10 | Windows NTFS Remote Code Execution Vulnerability | 2021-11-10 | 6.5 | CVE-2021-41378 MISC |
| microsoft — windows_10 | Remote Desktop Client Remote Code Execution Vulnerability | 2021-11-10 | 6.8 | CVE-2021-38666 MISC |
| microsoft — windows_10 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 2021-11-10 | 6.8 | CVE-2021-42276 MISC |
| microsoft — windows_10 | Windows Denial of Service Vulnerability | 2021-11-10 | 5 | CVE-2021-41356 MISC |
| microsoft — windows_10 | NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41370, CVE-2021-42283. | 2021-11-10 | 4.6 | CVE-2021-41367 MISC |
| microsoft — windows_server | Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42287, CVE-2021-42291. | 2021-11-10 | 6.5 | CVE-2021-42282 MISC |
| microsoft — windows_server | Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291. | 2021-11-10 | 6.5 | CVE-2021-42287 MISC |
| microsoft — windows_server | Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42287. | 2021-11-10 | 6.5 | CVE-2021-42291 MISC |
| microsoft — windows_server_2008 | Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42282, CVE-2021-42287, CVE-2021-42291. | 2021-11-10 | 6.5 | CVE-2021-42278 MISC |
| nlnetlabs — routinator | In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP connections, this time-out was only applied to individual read or write operations rather than the complete request. Thus, if an RRDP repository sends a little bit of data before that time-out expired, it can continuously extend the time it takes for the request to finish. Since validation will only continue once the update of an RRDP repository has concluded, this delay will cause validation to stall, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all. | 2021-11-09 | 5 | CVE-2021-43173 MISC |
| nlnetlabs — routinator | NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of white space in the encoded data. The gzip scheme compresses such white space extremely well, leading to very small compressed files that become huge when being decompressed for further processing, big enough that Routinator runs out of memory when parsing input data waiting for the next XML element. | 2021-11-09 | 5 | CVE-2021-43174 MISC |
| nlnetlabs — routinator | NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of another CA using a different RRDP repository, a malicious CA can create a chain of CAs of de-facto infinite length. Routinator prior to version 0.10.2 did not contain a limit on the length of such a chain and will therefore continue to process this chain forever. As a result, the validation run will never finish, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all. | 2021-11-09 | 5 | CVE-2021-43172 MISC |
| nomacs — nomacs | A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial of service (DoS) via a crafted MNG file. | 2021-11-10 | 4.3 | CVE-2020-23884 MISC MISC MISC |
| online_event_booking_and_reservation_system_project — online_event_booking_and_reservation_system | An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker’s choice. | 2021-11-05 | 4.3 | CVE-2021-42663 MISC MISC |
| opnsense — opnsense | A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester. | 2021-11-08 | 4.3 | CVE-2021-42770 CONFIRM MISC |
| oppia — oppia | Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them. | 2021-11-08 | 5.8 | CVE-2021-41733 MISC |
| phoenix_media_rename_project — phoenix_media_rename | The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. | 2021-11-08 | 4 | CVE-2021-24816 MISC |
| php_event_calendar_project — php_event_calendar | PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the site. | 2021-11-08 | 4.3 | CVE-2021-42078 MISC MISC |
| phpjabbers — fundraising_script | Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function. | 2021-11-05 | 4.3 | CVE-2020-22222 MISC |
| phpjabbers — fundraising_script | Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function. | 2021-11-05 | 4.3 | CVE-2020-22224 MISC |
| pomerium — pomerium | Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using `allowed_idp_claims` as part of policy. If using `allowed_idp_claims` and a user’s claims are changed, Pomerium can make incorrect authorization decisions. This issue has been resolved in v0.15.6. For users unable to upgrade clear data on `databroker` service by clearing redis or restarting the in-memory databroker to force claims to be updated. | 2021-11-05 | 6.5 | CVE-2021-41230 CONFIRM MISC |
| post_content_xmlrpc_project — post_content_xmlrpc | The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections | 2021-11-08 | 6.5 | CVE-2021-24629 MISC MISC |
| publishpress — post_expirator | The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts. | 2021-11-08 | 4 | CVE-2021-24783 MISC |
| remoteclinic — remote_clinic | Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) gender parameters; in (3) staff/edit-my-profile.php via the (a) Title, (b) First Name, (c) Last Name, (d) Skype, and (e) Address parameters; and in (4) clinics/settings.php via the (a) portal_name, (b) guardian_short_name, (c) guardian_name, (d) opening_time, (e) closing_time, (f) access_level_5, (g) access_level_4, (h) access_level_ 3, (i) access_level_2, (j) access_level_1, (k) currency, (l) mobile_number, (m) address, (n) patient_contact, (o) patient_address, and (p) patient_email parameters. | 2021-11-05 | 4.3 | CVE-2021-39416 MISC MISC MISC |
| samsung — samsung_pass | Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked. | 2021-11-05 | 6.8 | CVE-2021-25505 MISC |
| sap — abap_platform_kernel | SAP ABAP Platform Kernel – versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system. | 2021-11-10 | 5.5 | CVE-2021-40501 MISC MISC |
| sap — commerce | SAP Commerce – versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from B2B units they do not belong to. | 2021-11-10 | 6.5 | CVE-2021-40502 MISC MISC |
| sap — netweaver_application_server_for_abap | A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform – versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions. | 2021-11-10 | 4 | CVE-2021-40504 MISC MISC |
| schreikasten_project — schreikasten | The Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenticated SQL Injections which can be exploited by users as low as author | 2021-11-08 | 6.5 | CVE-2021-24630 MISC MISC |
| science-miner — pdf2xml | pdf2xml v2.0 was discovered to contain a memory leak in the function TextPage::testLinkedText. | 2021-11-10 | 5 | CVE-2020-23876 MISC MISC |
| science-miner — pdf2xml | A NULL pointer dereference in the function TextPage::restoreState of pdf2xml v2.0 allows attackers to cause a denial of service (DoS). | 2021-11-10 | 5 | CVE-2020-23872 MISC MISC |
| seopanel — seo_panel | Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) webmaster-tools.php, and (k) reports.php; the (3) order_col parameter in (a) analytics.php, (b) review.php, (c) social_media.php, and (d) webmaster-tools.php; and the (4) pageno parameter in (a) alerts.php, (b) log.php, (c) keywords.php, (d) proxy.php, (e) searchengine.php, and (f) siteauditor.php. | 2021-11-05 | 4.3 | CVE-2021-39413 MISC |
| servicetonic — servicetonic | Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries. | 2021-11-08 | 5 | CVE-2021-28022 MISC MISC |
| shareaholic — similar_posts | The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILTERED_HTML set to true) via the ‘widget_rrm_similar_posts_condition’ widget setting of the plugin. | 2021-11-08 | 6 | CVE-2021-24537 MISC |
| shopping_portal_project — shopping_portal | Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php, and the (3) PHP_SELF parameter in captcha/index.php. | 2021-11-05 | 4.3 | CVE-2021-39412 MISC |
| siemens — capital_vstar | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008) | 2021-11-09 | 5 | CVE-2021-31881 MISC MISC |
| siemens — capital_vstar | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018) | 2021-11-09 | 6.5 | CVE-2021-31888 MISC MISC |
| siemens — capital_vstar | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004) | 2021-11-09 | 5 | CVE-2021-31344 MISC MISC |
| siemens — capital_vstar | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009) | 2021-11-09 | 5 | CVE-2021-31885 MISC MISC |
| siemens — capital_vstar | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016) | 2021-11-09 | 6.5 | CVE-2021-31887 MISC MISC |
| siemens — capital_vstar | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013) | 2021-11-09 | 5 | CVE-2021-31883 MISC MISC |
| siemens — capital_vstar | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006) | 2021-11-09 | 6.4 | CVE-2021-31345 MISC MISC |
| siemens — capital_vstar | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007) | 2021-11-09 | 6.4 | CVE-2021-31346 MISC MISC |
| siemens — capital_vstar | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011) | 2021-11-09 | 5 | CVE-2021-31882 MISC MISC |
| siemens — capital_vstar | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015) | 2021-11-09 | 6.4 | CVE-2021-31889 MISC MISC |
| siemens — capital_vstar | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017) | 2021-11-09 | 6.4 | CVE-2021-31890 MISC MISC |
| siemens — climatix_pol909_firmware | A vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit. | 2021-11-09 | 5.8 | CVE-2021-40366 MISC |
| siemens — simatic_pcs_7 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files. | 2021-11-09 | 5 | CVE-2021-40359 MISC |
| siemens — simatic_pcs_7 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system. | 2021-11-09 | 5 | CVE-2021-40364 MISC |
| speex — speex | A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. | 2021-11-10 | 4.3 | CVE-2020-23904 MISC |
| tailor_management_system_project — tailor_management_system | Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester Tailor Management 1.0 via the (1) eid parameter in (a) partedit.php and (b) customeredit.php, the (2) id parameter in (a) editmeasurement.php and (b) addpayment.php, and the (3) error parameter in index.php. | 2021-11-08 | 4.3 | CVE-2021-40260 MISC |
| thruk — thruk | Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it. | 2021-11-09 | 4.3 | CVE-2021-35489 MISC MISC |
| thruk — thruk | Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it. | 2021-11-09 | 4.3 | CVE-2021-35488 MISC MISC |
| tipsandtricks-hq — simple_download_monitor | The Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download. | 2021-11-08 | 4 | CVE-2021-24698 MISC |
| tipsandtricks-hq — simple_download_monitor | The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | 2021-11-08 | 4.3 | CVE-2021-24697 MISC |
| tipsandtricks-hq — simple_download_monitor | The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the “File Thumbnail” post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the Download is in a review state, contributor could make JavaScript code execute in a context of a reviewer such as admin and make them create a rogue admin account, or install a malicious plugin | 2021-11-08 | 6 | CVE-2021-24693 MISC |
| tipsandtricks-hq — simple_download_monitor | The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames | 2021-11-08 | 5 | CVE-2021-24695 MISC |
| unlimited_popups_project — unlimited_popups | The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection | 2021-11-08 | 6.5 | CVE-2021-24631 MISC MISC |
| vfront — vfront | Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter in search_all.php and the (2) msg parameter in add.attach.php. | 2021-11-08 | 4.3 | CVE-2021-39420 MISC |
| vim — vim | vim is vulnerable to Stack-based Buffer Overflow | 2021-11-05 | 4.6 | CVE-2021-3928 CONFIRM MISC FEDORA |
| vim — vim | vim is vulnerable to Heap-based Buffer Overflow | 2021-11-05 | 6.8 | CVE-2021-3927 CONFIRM MISC FEDORA |
| vmware — spring_cloud_gateway | Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer. | 2021-11-08 | 4 | CVE-2021-22051 MISC |
| wclovers — frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM – WooCommerce Multivendor plugin such as WCFM – WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks | 2021-11-08 | 6.5 | CVE-2021-24835 MISC |
| web-dorado — spidercatalog | The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the ‘parent’ and ‘ordering’ parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category | 2021-11-08 | 6.5 | CVE-2021-24625 MISC MISC |
| wildbit-soft — wildbit_viewer | A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted JPG file. Related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at JPGCodec+0x753648. | 2021-11-10 | 4.3 | CVE-2020-23890 MISC MISC |
| wildbit-soft — wildbit_viewer | A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. | 2021-11-10 | 4.3 | CVE-2020-23901 MISC MISC |
| wildbit-soft — wildbit_viewer | A User Mode Write AV in Editor+0x576b of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | 2021-11-10 | 4.3 | CVE-2020-23896 MISC MISC |
| wildbit-soft — wildbit_viewer | A User Mode Write AV in Editor!TMethodImplementationIntercept+0x3c3682 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | 2021-11-10 | 4.3 | CVE-2020-23893 MISC MISC |
| wildbit-soft — wildbit_viewer | A User Mode Write AV in Editor+0x5cd7 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | 2021-11-10 | 4.3 | CVE-2020-23891 MISC MISC |
| wildbit-soft — wildbit_viewer | A User Mode Write AV in Editor!TMethodImplementationIntercept+0x53f6c3 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted psd file. | 2021-11-10 | 4.3 | CVE-2020-23888 MISC MISC |
| wildbit-soft — wildbit_viewer | A User Mode Write AV in ntdll!RtlpCoalesceFreeBlocks+0x268 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | 2021-11-10 | 4.3 | CVE-2020-23894 MISC MISC |
| wildbit-soft — wildbit_viewer | A User Mode Write AV starting at Editor!TMethodImplementationIntercept+0x4189c6 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted ico file. | 2021-11-10 | 4.3 | CVE-2020-23889 MISC MISC |
| wildbit-soft — wildbit_viewer | A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address may be used as a return value starting at Editor!TMethodImplementationIntercept+0x528a3. | 2021-11-10 | 4.3 | CVE-2020-23902 MISC MISC |
| wildbit-soft — wildbit_viewer | A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | 2021-11-10 | 4.3 | CVE-2020-23895 MISC MISC |
| wildbit-soft — wildbit_viewer | A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b. | 2021-11-10 | 4.3 | CVE-2020-23900 MISC MISC |
| wildbit-soft — wildbit_viewer | A User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. | 2021-11-10 | 4.3 | CVE-2020-23899 MISC MISC |
| wildbit-soft — wildbit_viewer | A User Mode Write AV in Editor+0x5ea2 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. | 2021-11-10 | 4.3 | CVE-2020-23898 MISC MISC |
| wildbit-soft — wildbit_viewer | A User Mode Write AV in Editor!TMethodImplementationIntercept+0x54dcec of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. | 2021-11-10 | 4.3 | CVE-2020-23897 MISC MISC |
| wow-company — wow_forms | The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a ‘did’ GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection | 2021-11-08 | 6.5 | CVE-2021-24628 MISC MISC |
| wp-buy — visitor_traffic_real_time_statistics | The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue | 2021-11-08 | 6.5 | CVE-2021-24829 MISC |
| wp_seo_redirect_301_project — wp_seo_redirect_301 | The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack | 2021-11-08 | 4.3 | CVE-2021-24832 MISC |
| wp_survey_plus_project — wp_survey_plus | The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys’ Title, this could also lead to Stored Cross-Site Scripting issues | 2021-11-08 | 4.3 | CVE-2021-24801 MISC |
| wpaffiliatemanager — affiliates_manager | The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue | 2021-11-08 | 6.5 | CVE-2021-24844 CONFIRM MISC |
| xorux — lpar2rrd | A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.) | 2021-11-08 | 4.3 | CVE-2021-42370 CONFIRM CONFIRM |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| addtoany — addtoany_share_buttons | The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2021-11-08 | 3.5 | CVE-2021-24616 MISC CONFIRM |
| airangel — hsmx-app-25_firmware | Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access. | 2021-11-10 | 3.5 | CVE-2021-40517 MISC MISC |
| apostrophecms — apostrophecms | Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed. | 2021-11-07 | 3.5 | CVE-2021-25978 MISC |
| azeotech — daqfactory | An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account. | 2021-11-05 | 2.6 | CVE-2021-42701 MISC |
| bookingholdings — booking.com_banner_creator | The Booking.com Banner Creator WordPress plugin through 1.4.2 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2021-11-08 | 3.5 | CVE-2021-24646 MISC |
| bookingholdings — booking.com_product_helper | The Booking.com Product Helper WordPress plugin through 1.0.1 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2021-11-08 | 3.5 | CVE-2021-24645 MISC |
| engineers_online_portal_project — engineers_online_portal | A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. | 2021-11-05 | 3.5 | CVE-2021-42664 MISC MISC MISC MISC |
| eset — cyber_security | ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot. | 2021-11-08 | 2.1 | CVE-2021-37850 MISC |
| gitlab — gitlab | Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE since version 11.3 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances | 2021-11-05 | 3.5 | CVE-2021-39909 MISC MISC CONFIRM |
| gitlab — gitlab | In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source. | 2021-11-05 | 2.1 | CVE-2021-39895 MISC CONFIRM MISC |
| google — android | A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. | 2021-11-05 | 2.1 | CVE-2021-25502 MISC |
| google — android | A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise. | 2021-11-05 | 2.1 | CVE-2021-25500 MISC |
| google — android | An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers. | 2021-11-05 | 2.1 | CVE-2021-25501 MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41197 CONFIRM MISC MISC MISC MISC MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow’s implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41196 MISC CONFIRM MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 3.6 | CVE-2021-41205 CONFIRM MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the implementation of `tf.math.segment_*` operations results in a `CHECK`-fail related abort (and denial of service) if a segment id in `segment_ids` is large. This is similar to CVE-2021-29584 (and similar other reported vulnerabilities in TensorFlow, localized to specific APIs): the implementation (both on CPU and GPU) computes the output shape using `AddDim`. However, if the number of elements in the tensor overflows an `int64_t` value, `AddDim` results in a `CHECK` failure which provokes a `std::abort`. Instead, code should use `AddDimWithStatus`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41195 CONFIRM MISC MISC MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions if `tf.image.resize` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too much for the `int64_t` type and the overflow is detected via a `CHECK` statement. This aborts the process. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41199 CONFIRM MISC MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41200 MISC CONFIRM MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64 = condition ? int64 : double`. Due to C++ implicit conversion rules, both branches of the condition will be cast to `double` and the result would be truncated before the assignment. This result in overflows. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41202 CONFIRM MISC MISC MISC MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions if `tf.tile` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too much for the `int64_t` type and the overflow is detected via a `CHECK` statement. This aborts the process. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41198 MISC CONFIRM MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the `tstring` TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41227 CONFIRM MISC MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow’s Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41204 MISC CONFIRM |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41209 MISC CONFIRM |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 3.6 | CVE-2021-41210 MISC CONFIRM |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs whenever `axis` is a negative value less than `-1`. In this case, we are accessing data before the start of a heap buffer. The code allows `axis` to be an optional argument (`s` would contain an `error::NOT_FOUND` error code). Otherwise, it assumes that `axis` is a valid index into the dimensions of the `input` tensor. If `axis` is less than `-1` then this results in a heap OOB read. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected. | 2021-11-05 | 3.6 | CVE-2021-41211 CONFIRM MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 3.6 | CVE-2021-41212 CONFIRM MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 3.6 | CVE-2021-41223 MISC CONFIRM |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of `indices` does not match the size of `values`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 3.6 | CVE-2021-41224 MISC CONFIRM |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is because of missing validation between the elements of the `values` argument and the shape of the sparse output. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 3.6 | CVE-2021-41226 MISC CONFIRM |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the implementation of `ParallelConcat` misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41207 CONFIRM MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions TensorFlow’s Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41225 MISC CONFIRM |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one value and at least one value is negative. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41222 CONFIRM MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count` argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41218 CONFIRM MISC |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an `Enter` node) always exists when encountering the second node (e.g., an `Exit` node). When this is not the case, `parent` is `nullptr` so dereferencing it causes a crash. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41217 MISC CONFIRM |
| google — tensorflow | TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `DeserializeSparse` can trigger a null pointer dereference. This is because the shape inference function assumes that the `serialize_sparse` tensor is a tensor with positive rank (and having `3` as the last dimension). The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | 2021-11-05 | 2.1 | CVE-2021-41215 MISC CONFIRM |
| gtranslate — google_language_translator | The Translate WordPress – Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2021-11-08 | 3.5 | CVE-2021-24594 CONFIRM MISC |
| ibm — qradar_network_security | IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174269. | 2021-11-08 | 3.5 | CVE-2020-4153 CONFIRM XF |
| ibm — security_guardium | IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2021-11-08 | 3.5 | CVE-2021-29735 CONFIRM XF |
| igexsolutions — wpschoolpress | The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues. | 2021-11-08 | 3.5 | CVE-2021-24664 MISC |
| jetbrains — teamcity | In JetBrains TeamCity before 2021.1.2, stored XSS is possible. | 2021-11-09 | 3.5 | CVE-2021-43198 MISC |
| jetbrains — youtrack | JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS. | 2021-11-09 | 3.5 | CVE-2021-43186 MISC |
| jetbrains — youtrack | In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. | 2021-11-09 | 3.5 | CVE-2021-43184 MISC |
| mendix — mendix | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache. | 2021-11-09 | 1.9 | CVE-2021-42015 MISC |
| microsoft — azure_real_time_operating_system | Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-42301, CVE-2021-42323. | 2021-11-10 | 1.9 | CVE-2021-26444 MISC |
| microsoft — azure_sphere | Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41374, CVE-2021-41375. | 2021-11-10 | 2.1 | CVE-2021-41376 MISC |
| microsoft — azure_sphere | Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41375, CVE-2021-41376. | 2021-11-10 | 2.1 | CVE-2021-41374 MISC |
| microsoft — azure_sphere | Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41374, CVE-2021-41376. | 2021-11-10 | 2.1 | CVE-2021-41375 MISC |
| microsoft — fslogix | FSLogix Information Disclosure Vulnerability | 2021-11-10 | 2.1 | CVE-2021-41373 MISC |
| microsoft — windows_10 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41371. | 2021-11-10 | 2.1 | CVE-2021-38631 MISC |
| microsoft — windows_10 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38631. | 2021-11-10 | 2.1 | CVE-2021-41371 MISC |
| microsoft — windows_10 | Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability | 2021-11-10 | 2.1 | CVE-2021-42274 MISC |
| online_enrollment_management_system_in_php_project — online_enrollment_management_system_in_php | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter. | 2021-11-08 | 3.5 | CVE-2021-40577 MISC |
| online_event_booking_and_reservation_system_project — online_event_booking_and_reservation_system | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. | 2021-11-05 | 3.5 | CVE-2021-42662 MISC MISC MISC MISC |
| poweradmin — pa_server_monitor | A cross-site scripting (XSS) vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe. | 2021-11-05 | 3.5 | CVE-2021-26844 MISC MISC |
| print-o-matic_project — print-o-matic | The Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2021-11-08 | 3.5 | CVE-2021-24710 MISC CONFIRM |
| publify_project — publify | In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article. | 2021-11-10 | 3.5 | CVE-2021-25974 CONFIRM MISC |
| publify_project — publify | In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file. | 2021-11-10 | 3.5 | CVE-2021-25975 CONFIRM MISC |
| quiz_tool_lite_project — quiz_tool_lite | The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2021-11-08 | 3.5 | CVE-2021-24701 MISC |
| qwizcards_project — qwizcards | The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2021-11-08 | 3.5 | CVE-2021-24706 MISC |
| samsung — group_sharing | Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information. | 2021-11-05 | 2.1 | CVE-2021-25504 MISC |
| samsung — health | Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. | 2021-11-05 | 2.1 | CVE-2021-25506 MISC |
| samsung — samsung_flow | A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders. | 2021-11-05 | 3.6 | CVE-2021-25509 MISC |
| samsung — samsung_flow | Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization. | 2021-11-05 | 2.7 | CVE-2021-25507 MISC |
| schiocco — support_board | The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed. | 2021-11-08 | 3.5 | CVE-2021-24807 MISC MISC MISC |
| siemens — simatic_rtls_locating_manager | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the application service. | 2021-11-09 | 2.1 | CVE-2020-10054 MISC |
| siemens — simatic_rtls_locating_manager | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks. | 2021-11-09 | 2.1 | CVE-2020-10053 MISC |
| siemens — simatic_rtls_locating_manager | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks. | 2021-11-09 | 2.1 | CVE-2020-10052 MISC |
| wooassist — storefront_footer_text | The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the “Footer Credit Text” added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed. | 2021-11-08 | 3.5 | CVE-2021-24607 MISC |
| wp_all_export_project — wp_all_export | The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export’s Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2021-11-08 | 3.5 | CVE-2021-24708 MISC |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| airangel — airangel |
Airangel HSMX Gateway devices through 5.2.04 allow CSRF. | 2021-11-10 | not yet calculated | CVE-2021-40518 MISC MISC |
| airangel — airangel |
Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials. | 2021-11-10 | not yet calculated | CVE-2021-40520 MISC MISC |
| alquistmanager — alquistmanager |
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access. | 2021-11-12 | not yet calculated | CVE-2021-43492 MISC |
| antilles — antilles |
A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi. | 2021-11-12 | not yet calculated | CVE-2021-3840 CONFIRM |
| apache — shardingspehere |
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0. | 2021-11-11 | not yet calculated | CVE-2021-26558 MISC MLIST |
| apache — superset |
Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way. | 2021-11-12 | not yet calculated | CVE-2021-41972 CONFIRM CONFIRM |
| apache — traffic_control_traffic_ops |
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter. | 2021-11-11 | not yet calculated | CVE-2021-43350 CONFIRM MLIST MLIST |
| arris — surfboard_sb8200 |
The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password. | 2021-11-09 | not yet calculated | CVE-2021-20119 MISC |
| asus — routers |
ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users’ connections by sending specially crafted SAE authentication frames. | 2021-11-12 | not yet calculated | CVE-2021-37910 MISC |
| belledonne — belle-sip | Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via ” \ ” in the display name of a From header. | 2021-11-12 | not yet calculated | CVE-2021-43611 MISC MISC |
| belledonne — belle-sip |
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056. | 2021-11-12 | not yet calculated | CVE-2021-43610 MISC MISC |
| binatone — hubble_cameras | An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device. | 2021-11-12 | not yet calculated | CVE-2021-3788 CONFIRM |
| binatone — hubble_cameras |
A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device. | 2021-11-12 | not yet calculated | CVE-2021-3790 CONFIRM |
| binatone — hubble_cameras |
A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services. | 2021-11-12 | not yet calculated | CVE-2021-3787 CONFIRM |
| binatone — hubble_cameras |
An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware. | 2021-11-12 | not yet calculated | CVE-2021-3793 CONFIRM |
| binatone — hubble_cameras |
Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker. | 2021-11-12 | not yet calculated | CVE-2021-3792 CONFIRM |
| binatone — hubble_cameras |
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages. | 2021-11-12 | not yet calculated | CVE-2021-3789 CONFIRM |
| binatone — hubble_cameras |
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password. | 2021-11-12 | not yet calculated | CVE-2021-3791 CONFIRM |
| bitdefender — enpoint_security_tools |
Improper Link Resolution Before File Access (‘Link Following’) vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions. | 2021-11-09 | not yet calculated | CVE-2021-3641 CONFIRM |
| blackberry — protect | A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system and gaining the ability to delete data from the local system. | 2021-11-10 | not yet calculated | CVE-2021-32022 MISC |
| blackberry — protect |
A denial of service vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system. | 2021-11-10 | not yet calculated | CVE-2021-32021 MISC |
| blackberry — protect |
An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system. | 2021-11-10 | not yet calculated | CVE-2021-32023 MISC |
| bluez — bluez |
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash. | 2021-11-12 | not yet calculated | CVE-2021-41229 CONFIRM |
| bookstack — bookstack |
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type | 2021-11-13 | not yet calculated | CVE-2021-3915 MISC CONFIRM |
| broadcom — emulex_hba_manager | Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated. | 2021-11-12 | not yet calculated | CVE-2021-42775 MISC CONFIRM |
| broadcom — emulex_hba_manager |
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated. | 2021-11-12 | not yet calculated | CVE-2021-42774 MISC CONFIRM |
| broadcom — emulex_hba_manager |
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated. | 2021-11-12 | not yet calculated | CVE-2021-42773 MISC CONFIRM |
| commit — commit |
Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. | 2021-11-12 | not yet calculated | CVE-2021-43496 MISC |
| cradlepoint — cradlepoint |
Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device’s NetCloud Manager console, local console and SSH command-line. | 2021-11-07 | not yet calculated | CVE-2021-37471 MISC MISC |
| dell — bios |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | 2021-11-12 | not yet calculated | CVE-2021-36325 MISC |
| dell — bios |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | 2021-11-12 | not yet calculated | CVE-2021-36324 MISC |
| dell — bios |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | 2021-11-12 | not yet calculated | CVE-2021-36323 MISC |
| dell — emc_powerscale_nodes |
Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity. | 2021-11-12 | not yet calculated | CVE-2021-36315 MISC |
| dell — emc_powerscale_onefs |
Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions. | 2021-11-12 | not yet calculated | CVE-2021-21528 MISC |
| dell — powerscale_onefs |
Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB. | 2021-11-12 | not yet calculated | CVE-2021-36305 MISC |
| dheater — dheater |
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. | 2021-11-11 | not yet calculated | CVE-2002-20001 MISC MISC MISC MISC |
| django — helpdesk |
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 2021-11-13 | not yet calculated | CVE-2021-3945 MISC CONFIRM |
| docsis — docsis |
Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd component to execute commands on the device. | 2021-11-10 | not yet calculated | CVE-2021-39474 MISC MISC |
| ets5password — ets5password |
** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported. | 2021-11-09 | not yet calculated | CVE-2021-43575 MISC |
| ffmpeg — ffmpeg |
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity. | 2021-11-10 | not yet calculated | CVE-2020-23906 MISC |
| firefly-iii — firefly-iii |
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-11-13 | not yet calculated | CVE-2021-3921 CONFIRM MISC |
| formalms — formalms |
An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform. | 2021-11-10 | not yet calculated | CVE-2021-43136 MISC MISC MISC MISC |
| fort — validator |
FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation. | 2021-11-09 | not yet calculated | CVE-2021-43114 MISC |
| github — enterprise_server |
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program. | 2021-11-10 | not yet calculated | CVE-2021-22870 MISC MISC MISC |
| google — google |
An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability. | 2021-11-10 | not yet calculated | CVE-2021-43561 MISC |
| hewlett_packard — laserjet_solution_software |
A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client. | 2021-11-09 | not yet calculated | CVE-2019-18916 MISC |
| hewlett_packard — multiple_printers |
During installation with certain driver software or application packages an arbitrary code execution could occur. | 2021-11-09 | not yet calculated | CVE-2020-28419 MISC |
| hewlett_packard — officejet_pro_printers |
A Buffer Overflow and Information Disclosure issue exists in HP OfficeJet Pro Printers before 001.1937C, and HP PageWide Managed Printers and HP PageWide Pro Printers before 001.1937D exists; A maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device. | 2021-11-09 | not yet calculated | CVE-2019-16240 MISC |
| hewlett_packard — printers |
A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link. | 2021-11-09 | not yet calculated | CVE-2019-18914 MISC |
| ibm — security_siteprotector_system |
IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052. | 2021-11-12 | not yet calculated | CVE-2020-4140 XF CONFIRM |
| ibm — security_siteprotector_system |
IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing ‘HttpOnly’ flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129. | 2021-11-12 | not yet calculated | CVE-2020-4146 CONFIRM XF |
| ibm — system_x_servers |
A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session. | 2021-11-12 | not yet calculated | CVE-2021-3723 CONFIRM |
| ibm — tivoli_key_lifecycle_ma |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | 2021-11-12 | not yet calculated | CVE-2021-38985 XF CONFIRM |
| ibm — tivoli_key_lifecycle_maager | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | 2021-11-12 | not yet calculated | CVE-2021-38973 CONFIRM XF |
| ibm — tivoli_key_lifecycle_manager |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | 2021-11-12 | not yet calculated | CVE-2021-38972 XF CONFIRM |
| icms — icms |
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. | 2021-11-12 | not yet calculated | CVE-2020-21141 MISC |
| icrem — h8 |
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality. | 2021-11-10 | not yet calculated | CVE-2021-3380 MISC MISC MISC MISC |
| jamf — pro |
The server in Jamf Pro before 10.32.0 has a vulnerability affecting integrity and availability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability. | 2021-11-12 | not yet calculated | CVE-2021-39303 MISC CONFIRM |
| jenkins — active_choices_plugin |
Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 2021-11-12 | not yet calculated | CVE-2021-21699 CONFIRM MLIST |
| jenkins — owasp |
Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2021-11-12 | not yet calculated | CVE-2021-43577 CONFIRM MLIST |
| jenkins — performance_plugin |
Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2021-11-12 | not yet calculated | CVE-2021-21701 CONFIRM MLIST |
| jenkins — pom2config |
Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | 2021-11-12 | not yet calculated | CVE-2021-43576 CONFIRM MLIST |
| jenkins — scriptler_plugin |
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts. | 2021-11-12 | not yet calculated | CVE-2021-21700 CONFIRM MLIST |
| jenkins — squash_tm_publisher |
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string. | 2021-11-12 | not yet calculated | CVE-2021-43578 CONFIRM MLIST |
| jetbrains — youtrack_mobile | In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete. | 2021-11-09 | not yet calculated | CVE-2021-43189 MISC |
| jetbrains — youtrack_mobile |
In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete. | 2021-11-09 | not yet calculated | CVE-2021-43188 MISC |
| json-schema — json-schema |
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) | 2021-11-13 | not yet calculated | CVE-2021-3918 MISC CONFIRM |
| kubernetes — kuztomize-controller |
kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could execute commands inside the kustomize-controller container by embedding a shell script in a Kubernetes Secret. This can be used to run `kubectl` commands under the Service Account of kustomize-controller, thus allowing an authenticated Kubernetes user to gain cluster admin privileges. In affected versions multitenant environments where non-admin users have permissions to create Flux Kustomization objects are affected by this issue. This vulnerability was fixed in kustomize-controller v0.15.0 (included in flux2 v0.18.0) released on 2021-10-08. Starting with v0.15, the kustomize-controller no longer executes shell commands on the container OS and the `kubectl` binary has been removed from the container image. To prevent the creation of Kubernetes Service Accounts with `secrets` in namespaces owned by tenants, a Kubernetes validation webhook such as Gatekeeper OPA or Kyverno can be used. | 2021-11-12 | not yet calculated | CVE-2021-41254 CONFIRM |
| legion — phone_pro |
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data. | 2021-11-12 | not yet calculated | CVE-2021-3720 CONFIRM |
| lenovo — desktop |
A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the “BIOS Password At Boot Device List” BIOS setting is Yes. | 2021-11-12 | not yet calculated | CVE-2021-3519 CONFIRM |
| lenovo — notebook_and_thinkpad |
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. | 2021-11-12 | not yet calculated | CVE-2021-3786 CONFIRM |
| lenovo — thinkcentre_and_thnkstation |
A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 2021-11-12 | not yet calculated | CVE-2021-3719 CONFIRM |
| lenovo — thinkpad |
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 2021-11-12 | not yet calculated | CVE-2021-3843 CONFIRM |
| lenovo — thinkpad |
A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS. | 2021-11-12 | not yet calculated | CVE-2021-3718 CONFIRM |
| lenovo — thinkpad |
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 2021-11-12 | not yet calculated | CVE-2021-3599 CONFIRM |
| liquidfiles — liquidfiles |
LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin. | 2021-11-11 | not yet calculated | CVE-2021-43397 CONFIRM MISC |
| microsoft — 3d_viewer |
3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-43208. | 2021-11-10 | not yet calculated | CVE-2021-43209 MISC |
| microsoft — 3d_viewer |
3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-43209. | 2021-11-10 | not yet calculated | CVE-2021-43208 MISC |
| microsoft — azure | Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42303, CVE-2021-42304. | 2021-11-10 | not yet calculated | CVE-2021-42302 MISC |
| microsoft — azure | Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42302, CVE-2021-42303. | 2021-11-10 | not yet calculated | CVE-2021-42304 MISC |
| microsoft — azure |
Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26444, CVE-2021-42301. | 2021-11-10 | not yet calculated | CVE-2021-42323 MISC |
| microsoft — azure |
Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26444, CVE-2021-42323. | 2021-11-10 | not yet calculated | CVE-2021-42301 MISC |
| microsoft — azure |
Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42302, CVE-2021-42304. | 2021-11-10 | not yet calculated | CVE-2021-42303 MISC |
| microsoft — azure |
Azure Sphere Tampering Vulnerability | 2021-11-10 | not yet calculated | CVE-2021-42300 MISC |
| microsoft — dynamics_365 |
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | 2021-11-10 | not yet calculated | CVE-2021-42316 MISC |
| microsoft — exchange_server_spoofing |
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-41349. | 2021-11-10 | not yet calculated | CVE-2021-42305 MISC |
| microsoft — visual_studio | Visual Studio Code Elevation of Privilege Vulnerability | 2021-11-10 | not yet calculated | CVE-2021-42322 MISC |
| microsoft — visual_studio |
Visual Studio Elevation of Privilege Vulnerability | 2021-11-10 | not yet calculated | CVE-2021-42319 MISC |
| microsoft — windows |
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack. | 2021-11-12 | not yet calculated | CVE-2021-43332 MISC CONFIRM |
| microsoft — windows |
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. | 2021-11-12 | not yet calculated | CVE-2021-43331 MISC CONFIRM |
| microsoft — windows |
There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. | 2021-11-12 | not yet calculated | CVE-2021-42563 MISC |
| microsoft — windows |
Microsoft Defender Remote Code Execution Vulnerability | 2021-11-10 | not yet calculated | CVE-2021-42298 MISC |
| microsoft — windows |
Windows Hello Security Feature Bypass Vulnerability | 2021-11-10 | not yet calculated | CVE-2021-42288 MISC |
| motorola — binatone_hubble_cameras |
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device. | 2021-11-12 | not yet calculated | CVE-2021-3577 CONFIRM |
| nim — nim |
Nim is a systems programming language with a focus on efficiency, expressiveness, and elegance. In affected versions the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI validation. For example: parseUri(“http://localhost\0hello”).hostname is set to “localhost\0hello”. Additionally, httpclient.getContent accepts null bytes in the input URL and ignores any data after the first null byte. Example: getContent(“http://localhost\0hello”) makes a request to localhost:80. An attacker can use a null bytes to bypass the check and mount a SSRF attack. | 2021-11-12 | not yet calculated | CVE-2021-41259 CONFIRM |
| npm — ci_command |
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. | 2021-11-13 | not yet calculated | CVE-2021-43616 MISC MISC |
| octorpki — octorpki | OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character). | 2021-11-11 | not yet calculated | CVE-2021-3910 MISC |
| octorpki — octorpki | OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash). | 2021-11-11 | not yet calculated | CVE-2021-3912 MISC |
| octorpki — octorpki |
OctoRPKI does not escape a URI with a filename containing “..”, this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on. | 2021-11-11 | not yet calculated | CVE-2021-3907 MISC |
| octorpki — octorpki |
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. | 2021-11-11 | not yet calculated | CVE-2021-3908 MISC |
| octorpki — octorpki |
OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive. | 2021-11-11 | not yet calculated | CVE-2021-3909 MISC |
| octorpki — octorpki |
If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. | 2021-11-11 | not yet calculated | CVE-2021-3911 MISC |
| ohmyzsh — ohmyzsh |
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command | 2021-11-12 | not yet calculated | CVE-2021-3934 CONFIRM MISC |
| opencv-rest-api — opencv-rest-api |
OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. | 2021-11-12 | not yet calculated | CVE-2021-43494 MISC |
| openzeppelin — openzeppelin |
OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrade; initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301). | 2021-11-12 | not yet calculated | CVE-2021-41264 MISC CONFIRM MISC |
| palo_alto_networks — pan-os | A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue. | 2021-11-10 | not yet calculated | CVE-2021-3064 CONFIRM |
| palo_alto_networks — pan-os | An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 firewalls are impacted by this issue. | 2021-11-10 | not yet calculated | CVE-2021-3061 CONFIRM |
| palo_alto_networks — pan-os |
An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue. | 2021-11-10 | not yet calculated | CVE-2021-3060 CONFIRM CONFIRM CONFIRM |
| palo_alto_networks — pan-os |
An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20 VM-Series firewalls; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11 VM-Series firewalls; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14 VM-Series firewalls; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8 VM-Series firewalls. Prisma Access customers are not impacted by this issue. | 2021-11-10 | not yet calculated | CVE-2021-3062 CONFIRM |
| palo_alto_networks — pan-os |
An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h4; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8-h4; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers are not impacted by this issue. | 2021-11-10 | not yet calculated | CVE-2021-3063 CONFIRM |
| palo_alto_networks — pan-os |
An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 Preferred or Prisma Access 2.1 Innovation firewalls are impacted by this issue. | 2021-11-10 | not yet calculated | CVE-2021-3059 CONFIRM |
| palo_alto_networks — pan-os |
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. This issue does not impact Prisma Access firewalls. | 2021-11-10 | not yet calculated | CVE-2021-3058 CONFIRM |
| palo_alto_networks — pan-os |
A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue. | 2021-11-10 | not yet calculated | CVE-2021-3056 CONFIRM |
| phoenix — contact | In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active | 2021-11-10 | not yet calculated | CVE-2021-34598 CONFIRM |
| phoenix — contact |
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file. | 2021-11-10 | not yet calculated | CVE-2021-34582 CONFIRM |
| python — discord |
Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the token filter does not trigger. This means that by including any non-blacklisted URL moderation filters can be bypassed. This issue has been resolved in commit 67390298852513d13e0213870e50fb3cff1424e0 | 2021-11-05 | not yet calculated | CVE-2021-41250 MISC CONFIRM |
| qnap — nas |
A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Multimedia Console. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Multimedia Console: Multimedia Console 1.4.3 ( 2021/10/05 ) and later | 2021-11-13 | not yet calculated | CVE-2021-38684 MISC |
| qnap — qmailagent | A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later | 2021-11-13 | not yet calculated | CVE-2021-34357 MISC |
| qualcomm — multiple_snapdragon_products | Possible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-11-12 | not yet calculated | CVE-2021-1979 CONFIRM |
| qualcomm — multiple_snapdragon_products | Possible denial of service scenario due to improper input validation of received NAS OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-11-12 | not yet calculated | CVE-2021-1982 CONFIRM |
| qualcomm — multiple_snapdragon_products | A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-11-12 | not yet calculated | CVE-2021-1973 CONFIRM |
| qualcomm — multiple_snapdragon_products | Possible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-11-12 | not yet calculated | CVE-2021-30284 CONFIRM |
| qualcomm — multiple_snapdragon_products | Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2021-11-12 | not yet calculated | CVE-2021-30259 CONFIRM |
| qualcomm — multiple_snapdragon_products |
Possible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-11-12 | not yet calculated | CVE-2021-1912 CONFIRM |
| qualcomm — multiple_snapdragon_products |
Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2021-11-12 | not yet calculated | CVE-2021-30263 CONFIRM |
| qualcomm — multiple_snapdragon_products |
Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2021-11-12 | not yet calculated | CVE-2021-30264 CONFIRM |
| qualcomm — multiple_snapdragon_products |
Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity | 2021-11-12 | not yet calculated | CVE-2021-30321 CONFIRM |
| qualcomm — multiple_snapdragon_products |
Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-11-12 | not yet calculated | CVE-2021-30254 CONFIRM |
| qualcomm — multiple_snapdragon_products |
Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-11-12 | not yet calculated | CVE-2021-30255 CONFIRM |
| qualcomm — multiple_snapdragon_products |
Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | 2021-11-12 | not yet calculated | CVE-2021-1975 CONFIRM |
| qualcomm — multiple_snapdragon_products |
Possible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-11-12 | not yet calculated | CVE-2021-1981 CONFIRM |
| qualcomm — multiple_snapdragon_products |
Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-11-12 | not yet calculated | CVE-2021-30266 CONFIRM |
| qualcomm — multiple_snapdragon_products |
Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-11-12 | not yet calculated | CVE-2021-1921 CONFIRM |
| qualcomm — multiple_snapdragon_products |
Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-11-12 | not yet calculated | CVE-2021-1903 CONFIRM |
| qualcomm — multiple_snapdragon_products |
Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2021-11-12 | not yet calculated | CVE-2021-1924 CONFIRM |
| qualcomm — multple_snapdragon_products | Possible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and Route statistics in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-11-12 | not yet calculated | CVE-2021-30265 CONFIRM |
| rcdevs — openotp |
An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. | 2021-11-10 | not yet calculated | CVE-2021-42111 MISC |
| red_hat — red_hat |
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. | 2021-11-10 | not yet calculated | CVE-2021-3572 MISC |
| sap — cloud_sdk |
@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some cases, when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its permissions. By default, destination caching is disabled. The security for caching has been increased. The changes are released in version 1.52.0. Users unable to upgrade are advised to disable destination caching (it is disabled by default). | 2021-11-05 | not yet calculated | CVE-2021-41251 MISC CONFIRM MISC |
| sap — erp_hcm_portugal |
SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts. | 2021-11-10 | not yet calculated | CVE-2021-42062 MISC MISC |
| sap — sap |
An information disclosure vulnerability exists in SAP GUI for Windows – versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user. | 2021-11-10 | not yet calculated | CVE-2021-40503 MISC MISC |
| servermanager — servermanager |
ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code. | 2021-11-12 | not yet calculated | CVE-2021-43493 MISC |
| showdoc — showdoc |
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-11-13 | not yet calculated | CVE-2021-3775 MISC CONFIRM |
| showdoc — showdoc |
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-11-13 | not yet calculated | CVE-2021-3683 CONFIRM MISC |
| showdoc — showdoc |
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-11-13 | not yet calculated | CVE-2021-3776 MISC CONFIRM |
| siveillance — video_dlna_server |
A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application’s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks. | 2021-11-09 | not yet calculated | CVE-2021-42021 MISC |
| snipe-it — snipe-it | snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 2021-11-13 | not yet calculated | CVE-2021-3938 MISC CONFIRM |
| snipe-it — snipe-it |
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-11-13 | not yet calculated | CVE-2021-3931 CONFIRM MISC |
| softing — industrial_automation |
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted. | 2021-11-10 | not yet calculated | CVE-2021-40873 MISC MISC |
| softing — industrial_automation |
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted. | 2021-11-10 | not yet calculated | CVE-2021-40871 MISC MISC |
| softing — industrial_automation |
An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted. | 2021-11-10 | not yet calculated | CVE-2021-40872 MISC MISC |
| speex — speex |
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. | 2021-11-10 | not yet calculated | CVE-2020-23903 MISC |
| talkyard — talkyard |
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account. | 2021-11-11 | not yet calculated | CVE-2021-25980 CONFIRM MISC |
| thymelead-spring — thymelead-spring |
In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution. | 2021-11-09 | not yet calculated | CVE-2021-43466 MISC |
| tp-link — tl-wr840n_routers |
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | 2021-11-13 | not yet calculated | CVE-2021-41653 MISC MISC MISC |
| twill — twill |
twill is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-11-13 | not yet calculated | CVE-2021-3932 CONFIRM MISC |
| typo3 — typo3 |
An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this. | 2021-11-10 | not yet calculated | CVE-2021-43562 MISC |
| typo3 — typo3 |
An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to download various media files from the DAM system. | 2021-11-10 | not yet calculated | CVE-2021-43563 MISC |
| typo3 — typo3 |
An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf). | 2021-11-10 | not yet calculated | CVE-2021-43564 MISC |
| uclibc — uclibc |
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur. | 2021-11-10 | not yet calculated | CVE-2021-43523 MISC MISC MISC |
| vivo — jovi_smart_scene |
The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission. | 2021-11-10 | not yet calculated | CVE-2020-12488 CONFIRM |
| vmware — vcenter_server |
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group. | 2021-11-10 | not yet calculated | CVE-2021-22048 MISC |
| xnview — mp |
XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree. | 2021-11-10 | not yet calculated | CVE-2020-23886 MISC MISC |
| xnview — mp |
XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33. | 2021-11-10 | not yet calculated | CVE-2020-23887 MISC MISC |
| zoho — manageengine | Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. | 2021-11-11 | not yet calculated | CVE-2021-42002 CONFIRM |
| zoho — manageengine |
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. | 2021-11-11 | not yet calculated | CVE-2021-42847 CONFIRM |
| zoho — manageengine_network_configuration_manager |
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search. | 2021-11-11 | not yet calculated | CVE-2021-41081 CONFIRM |
| zoho — manageengine_network_configuration_manager |
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search. | 2021-11-11 | not yet calculated | CVE-2021-41080 CONFIRM |
| zoho — manageengine_patch_connect_plus |
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. | 2021-11-11 | not yet calculated | CVE-2021-41833 CONFIRM CONFIRM |
| zoom — client_for_meetings |
In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. This could allow meeting participants to be targeted for social engineering attacks. | 2021-11-11 | not yet calculated | CVE-2021-34419 MISC |
| zoom — client_for_meetings |
The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer. | 2021-11-11 | not yet calculated | CVE-2021-34420 MISC MISC |
| zoom — keybase_client | The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution. | 2021-11-11 | not yet calculated | CVE-2021-34422 MISC |
| zoom — keybase_client |
The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer’s device. | 2021-11-11 | not yet calculated | CVE-2021-34421 MISC |
| zoom — on-premise_meeting_connector |
The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703, Zoom On-Premise Recording Connector before version 3.8.45.20210703, Zoom On-Premise Virtual Room Connector before version 4.4.6868.20210703, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5496.20210703 fails to validate input sent in requests to set the network proxy password. This could lead to remote command injection by a web portal administrator. | 2021-11-11 | not yet calculated | CVE-2021-34417 MISC |
| zoom — on-premise_meeting_connector |
The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise Recording Connector before version 3.8.42.20200905, Zoom On-Premise Virtual Room Connector before version 4.4.6344.20200612, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5492.20200616 fails to validate that a NULL byte was sent while authenticating. This could lead to a crash of the login service. | 2021-11-11 | not yet calculated | CVE-2021-34418 MISC |
| zydis — zydis |
Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap buffer overflows. Older versions of Zydis failed to properly initialize the string object within the formatter buffer, forgetting to initialize a few fields, leaving their value to chance. This could then in turn cause zycore functions like `ZyanStringAppend` to make incorrect calculations for the new target size, resulting in heap memory corruption. This does not affect the regular uncustomized Zydis formatter, because Zydis internally doesn’t use the string functions in zycore that act upon these fields. However, because the zycore string functions are the intended way to work with the formatter buffer for users of the library that wish to extend the formatter, we still consider this to be a vulnerability in Zydis. This bug is patched starting in version 3.2.1. As a workaround, users may refrain from using zycore string functions in their formatter hooks until updating to a patched version. | 2021-11-08 | not yet calculated | CVE-2021-41253 MISC MISC MISC CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
