US-CERT Bulletin (SB21-291):Vulnerability Summary for the Week of October 11, 2021
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ardour — ardour | Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext. | 2021-10-08 | 7.5 | CVE-2020-22617 MISC MISC |
| digi — realport | An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution. | 2021-10-08 | 7.5 | CVE-2021-35977 MISC |
| sophos — hitmanpro.alert | A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. | 2021-10-08 | 7.2 | CVE-2021-25270 CONFIRM |
| tadtools_project — tadtools | The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in. | 2021-10-08 | 7.5 | CVE-2021-41566 MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| accesspressthemes — access_demo_importer | Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable to arbitrary file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the ~/inc/demo-functions.php. | 2021-10-11 | 6.5 | CVE-2021-39317 MISC MISC MISC |
| alkacon — opencms | An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server’s file system by uploading a crafted SVG document. | 2021-10-08 | 4 | CVE-2021-3312 MISC MISC |
| digi — realport | An issue was discovered in Digi RealPort through 4.8.488.0. The ‘encrypted’ mode is vulnerable to man-in-the-middle attacks and does not perform authentication. | 2021-10-08 | 6.8 | CVE-2021-35979 MISC |
| extendify — editorskit | The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code | 2021-10-11 | 6.5 | CVE-2021-24546 MISC |
| f-secure — atlant | A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | 2021-10-08 | 4.3 | CVE-2021-33603 MISC MISC |
| f-secure — atlant | A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | 2021-10-08 | 4.3 | CVE-2021-40832 MISC MISC |
| flatpak — flatpak | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak’s denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version. | 2021-10-08 | 4.6 | CVE-2021-41133 MISC MISC MISC MISC MISC MISC CONFIRM MISC MISC FEDORA DEBIAN |
| frontend_uploader_project — frontend_uploader | The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly | 2021-10-11 | 4.3 | CVE-2021-24563 MISC |
| google — chrome | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2021-10-08 | 4.3 | CVE-2021-37965 MISC MISC FEDORA |
| google — chrome | Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. | 2021-10-08 | 4.3 | CVE-2021-37963 MISC MISC FEDORA |
| google — chrome | Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. | 2021-10-08 | 4.3 | CVE-2021-37964 MISC MISC FEDORA |
| google — chrome | Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. | 2021-10-08 | 5.8 | CVE-2021-37958 MISC MISC FEDORA |
| google — chrome | Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-30625 MISC MISC FEDORA |
| google — chrome | Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2021-10-08 | 4.3 | CVE-2021-37971 MISC MISC FEDORA |
| google — chrome | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2021-10-08 | 4.3 | CVE-2021-37968 MISC MISC FEDORA |
| google — chrome | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | 2021-10-08 | 4.3 | CVE-2021-37967 MISC MISC FEDORA |
| google — chrome | Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2021-10-08 | 4.3 | CVE-2021-37966 MISC MISC FEDORA |
| google — chrome | Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2021-10-08 | 4.3 | CVE-2021-37976 MISC MISC FEDORA |
| google — chrome | Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-37975 MISC MISC FEDORA |
| google — chrome | Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-37974 MISC MISC FEDORA |
| google — chrome | Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-37957 MISC MISC FEDORA |
| google — chrome | Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-30626 MISC MISC FEDORA |
| google — chrome | Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-30627 MISC MISC FEDORA |
| google — chrome | Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-30628 MISC MISC FEDORA |
| google — chrome | Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-30629 MISC MISC FEDORA |
| google — chrome | Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-30632 MISC MISC FEDORA |
| google — chrome | Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-30633 MISC MISC FEDORA |
| google — chrome | Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-37956 MISC MISC FEDORA |
| google — chrome | Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-37959 MISC MISC FEDORA |
| google — chrome | Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-37973 MISC MISC FEDORA |
| google — chrome | Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-37961 MISC MISC FEDORA |
| google — chrome | Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-37962 MISC MISC FEDORA |
| google — chrome | Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. | 2021-10-08 | 6.8 | CVE-2021-37969 MISC MISC FEDORA |
| google — chrome | Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-37970 MISC MISC FEDORA |
| google — chrome | Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | 6.8 | CVE-2021-37972 MISC MISC FEDORA FEDORA |
| google — chrome | Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | 2021-10-08 | 4.3 | CVE-2021-30630 MISC MISC FEDORA |
| ibm — sterling_file_gateway | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090. | 2021-10-08 | 4 | CVE-2020-4654 CONFIRM XF |
| intelliants — subrion_cms | A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode. | 2021-10-08 | 6.5 | CVE-2021-41947 MISC |
| johnsoncontrols — exacqvision_server | An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition. | 2021-10-11 | 5 | CVE-2021-27665 CERT CONFIRM |
| kriesi — enfold | The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder. | 2021-10-11 | 4.3 | CVE-2021-24719 MISC |
| mediawiki — mediawiki | MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. | 2021-10-11 | 4.3 | CVE-2021-41798 MISC FEDORA FEDORA |
| mitsubishielectric — r12ccpu-v_firmware | Uncontrolled resource consumption in MELSEC iQ-R series C Controller Module R12CCPU-V all versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up. | 2021-10-08 | 4.3 | CVE-2021-20600 MISC MISC MISC |
| openwaygroup — way4 | OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter. | 2021-10-11 | 4.3 | CVE-2021-35059 MISC MISC |
| php-fusion — phpfusion | PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without “//” in descript() function An authenticated user can trigger XSS by appending “//” in the end of text. | 2021-10-11 | 4.3 | CVE-2021-40541 MISC |
| postgresql — postgresql | A flaw was found in postgresql. Using an UPDATE … RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. | 2021-10-08 | 4 | CVE-2021-32029 MISC MISC |
| projectsend — projectsend | Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value `2` for `chunks` parameter to bypass `fileName` sanitization. | 2021-10-11 | 4 | CVE-2021-40886 MISC |
| projectsend — projectsend | Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application. | 2021-10-11 | 5.5 | CVE-2021-40884 MISC |
| rconfig — rconfig | rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server. | 2021-10-11 | 4 | CVE-2021-29006 MISC MISC |
| rconfig — rconfig | rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If –secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely. | 2021-10-11 | 6.5 | CVE-2021-29004 MISC MISC MISC MISC |
| tad_book3_project — tad_book3 | Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission. | 2021-10-08 | 6.4 | CVE-2021-41974 MISC |
| tad_book3_project — tad_book3 | Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks. | 2021-10-08 | 4.3 | CVE-2021-41563 MISC |
| tad_honor_project — tad_honor | Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in. | 2021-10-08 | 5 | CVE-2021-41564 MISC |
| tad_uploader_project — tad_uploader | Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in. | 2021-10-08 | 5 | CVE-2021-41976 MISC |
| tad_uploader_project — tad_uploader | The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks. | 2021-10-08 | 4.3 | CVE-2021-41567 MISC |
| tad_web_project — tad_web | Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system. | 2021-10-08 | 6.4 | CVE-2021-41568 MISC |
| tadtools_project — tadtools | TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in. | 2021-10-08 | 6.4 | CVE-2021-41975 MISC |
| tadtools_project — tadtools | TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks. | 2021-10-08 | 4.3 | CVE-2021-41565 MISC |
| tipsandtricks-hq — software_license_manager | The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack | 2021-10-11 | 6.8 | CVE-2021-24711 MISC MISC |
| verint — workforce_optimization | Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter. | 2021-10-08 | 5 | CVE-2021-41825 MISC MISC |
| webtareas_project — webtareas | webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application. | 2021-10-08 | 5 | CVE-2021-41920 MISC |
| webtareas_project — webtareas | webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers. | 2021-10-08 | 6.5 | CVE-2021-41919 MISC |
| webtareas_project — webtareas | A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim’s knowledge, by enticing an authenticated admin user to visit an attacker’s web page. | 2021-10-08 | 6.8 | CVE-2021-41916 MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| awplife — weather_effect | The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues | 2021-10-11 | 3.5 | CVE-2021-24709 MISC |
| ayecode — geodirectory | The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS). | 2021-10-11 | 3.5 | CVE-2021-24720 CONFIRM MISC MISC |
| duplicatepro — duplicate_page | The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2021-10-11 | 3.5 | CVE-2021-24681 MISC |
| dwbooster — appointment_hour_booking | The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars. | 2021-10-11 | 3.5 | CVE-2021-24712 MISC |
| expresstech — quiz_and_survey_master | The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2021-10-11 | 3.5 | CVE-2021-24691 MISC |
| gvectors — wpdiscuz | The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2021-10-11 | 3.5 | CVE-2021-24737 MISC |
| ibm — app_connect_enterprise_certified_container | IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630. | 2021-10-08 | 1.9 | CVE-2021-29906 CONFIRM XF |
| kibokolabs — chained_quiz | The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin’s settings. | 2021-10-11 | 3.5 | CVE-2021-24690 MISC |
| sophos — hitmanpro | A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318. | 2021-10-08 | 3.6 | CVE-2021-25271 CONFIRM |
| webtareas_project — webtareas | webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter. | 2021-10-08 | 3.5 | CVE-2021-41917 MISC |
| webtareas_project — webtareas | webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the application because it is related on how each URL is echoed back on every response page. | 2021-10-08 | 3.5 | CVE-2021-41918 MISC |
| wp_html_author_bio_project — wp_html_author_bio | The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a result, user with a role as low as author could perform Cross-Site Scripting attacks against users, which could potentially lead to privilege escalation when an admin view the related post/s. | 2021-10-11 | 3.5 | CVE-2021-24545 MISC |
| wpbrigade — simple_social_buttons | The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts (depending on the settings used), allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2021-10-11 | 3.5 | CVE-2021-24656 MISC |
| wpdevart — coming_soon_and_maintenance_mode | The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode pages, leading to stored XSS. | 2021-10-11 | 3.5 | CVE-2021-24577 MISC |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — acrobat_reader | Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-10-15 | not yet calculated | CVE-2021-40728 MISC |
| adobe — acrobat_reader | Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | 2021-10-15 | not yet calculated | CVE-2021-40729 MISC |
| adobe — acrobat_reader |
Acrobat Reader for Android versions 21.8.0 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-10-15 | not yet calculated | CVE-2021-40724 MISC |
| adobe — acrobat_reader |
Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by an out-of-bounds write vulnerability when parsing a crafted JPEG2000 file, which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-10-15 | not yet calculated | CVE-2021-40731 MISC |
| adobe — acrobat_reader |
Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free that allow a remote attacker to disclose sensitive information on affected installations of of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG2000 images. | 2021-10-15 | not yet calculated | CVE-2021-40730 MISC |
| adobe — commerce |
Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation. | 2021-10-15 | not yet calculated | CVE-2021-39864 MISC |
| adobe — connect |
Adobe Connect version 11.2.2 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2021-10-15 | not yet calculated | CVE-2021-40721 MISC |
| advantech — webaccess |
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users. | 2021-10-15 | not yet calculated | CVE-2021-38431 MISC |
| anker_eufy — homebase_2 | A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution. | 2021-10-12 | not yet calculated | CVE-2021-21941 MISC |
| anker_eufy — homebase_2 |
A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | 2021-10-12 | not yet calculated | CVE-2021-21940 MISC |
| anuko — time_tracker |
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. When a logged on user selects a date in Time Tracker, it is being passed on via the date parameter in URI. Because of not checking this parameter for sanity in versions prior to 1.19.30.5600, it was possible to craft the URI with malicious JavaScript, use social engineering to convince logged on user to click on such link, and have the attacker-supplied JavaScript to be executed in user’s browser. This issue is patched in version 1.19.30.5600. As a workaround, one may introduce `ttValidDbDateFormatDate` function as in the latest version and add a call to it within the access checks block in time.php. | 2021-10-13 | not yet calculated | CVE-2021-41139 CONFIRM MISC MISC |
| anydesk — anydesk |
AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications. | 2021-10-14 | not yet calculated | CVE-2021-40854 MISC |
| apache — couchdb |
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2 | 2021-10-14 | not yet calculated | CVE-2021-38295 MISC |
| apache — openoffice | It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory. | 2021-10-11 | not yet calculated | CVE-2021-41832 CONFIRM MLIST |
| apache — openoffice |
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory. | 2021-10-11 | not yet calculated | CVE-2021-41830 CONFIRM MLIST |
| apache — openoffice |
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory. | 2021-10-11 | not yet calculated | CVE-2021-41831 CONFIRM MLIST |
| apache — tomcat |
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. | 2021-10-14 | not yet calculated | CVE-2021-42340 MISC |
| apache — traffic_control_traffic_ops |
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3. | 2021-10-12 | not yet calculated | CVE-2021-42009 MISC MISC MLIST MLIST MLIST |
| api/notify — api/notify |
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files. | 2021-10-14 | not yet calculated | CVE-2020-19954 MISC |
| aruba — clearpass_policy_manager | A remote directory traversal vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-40988 MISC |
| aruba — clearpass_policy_manager | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-40998 MISC |
| aruba — clearpass_policy_manager | A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-40990 MISC |
| aruba — clearpass_policy_manager | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-40994 MISC |
| aruba — clearpass_policy_manager | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-40996 MISC |
| aruba — clearpass_policy_manager |
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-40999 MISC |
| aruba — clearpass_policy_manager |
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-40991 MISC |
| aruba — clearpass_policy_manager |
A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-40993 MISC |
| aruba — clearpass_policy_manager |
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-40986 MISC |
| aruba — clearpass_policy_manager |
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-40987 MISC |
| aruba — clearpass_policy_manager |
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-40995 MISC |
| aruba — clearpass_policy_manager |
A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-40989 MISC |
| aruba — clearpass_policy_manager |
A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-40992 MISC |
| aruba — clearpass_policy_manager |
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-40997 MISC |
| bookstack — bookstack |
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 2021-10-15 | not yet calculated | CVE-2021-3874 MISC CONFIRM |
| brandy_basic — v_interpreter |
A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function. | 2021-10-11 | not yet calculated | CVE-2020-27372 MISC |
| check_smart — check_smart |
check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression. | 2021-10-11 | not yet calculated | CVE-2021-42257 MISC MISC MISC MLIST |
| cmsuno — cmsuno |
CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into password.php and then use the login function to execute code. | 2021-10-11 | not yet calculated | CVE-2021-40889 MISC |
| corenlp — corenlp |
corenlp is vulnerable to Improper Restriction of XML External Entity Reference | 2021-10-15 | not yet calculated | CVE-2021-3878 CONFIRM MISC |
| cybozu — remote_service | Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox. | 2021-10-13 | not yet calculated | CVE-2021-20797 MISC MISC |
| cybozu — remote_service | Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | 2021-10-13 | not yet calculated | CVE-2021-20799 MISC MISC |
| cybozu — remote_service | Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | 2021-10-13 | not yet calculated | CVE-2021-20800 MISC MISC |
| cybozu — remote_service | Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 2021-10-13 | not yet calculated | CVE-2021-20807 MISC MISC |
| cybozu — remote_service |
Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2021-10-13 | not yet calculated | CVE-2021-20806 MISC MISC |
| cybozu — remote_service |
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors. | 2021-10-13 | not yet calculated | CVE-2021-20804 MISC MISC |
| cybozu — remote_service |
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | 2021-10-13 | not yet calculated | CVE-2021-20805 MISC MISC |
| cybozu — remote_service |
Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen. | 2021-10-13 | not yet calculated | CVE-2021-20803 MISC MISC |
| cybozu — remote_service |
HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product. | 2021-10-13 | not yet calculated | CVE-2021-20802 MISC MISC |
| cybozu — remote_service |
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox. | 2021-10-13 | not yet calculated | CVE-2021-20801 MISC MISC |
| cybozu — remote_service |
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | 2021-10-13 | not yet calculated | CVE-2021-20798 MISC MISC |
| cybozu — remote_service |
Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors. | 2021-10-13 | not yet calculated | CVE-2021-20796 MISC MISC |
| cybozu — remote_service |
Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors. | 2021-10-13 | not yet calculated | CVE-2021-20795 MISC MISC |
| deno — deno |
Deno before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations. | 2021-10-11 | not yet calculated | CVE-2021-42139 MISC MISC MISC |
| django — unicorn |
The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053. | 2021-10-11 | not yet calculated | CVE-2021-42134 MISC MISC |
| draytek — vigorconnect | An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root privileges. | 2021-10-13 | not yet calculated | CVE-2021-20125 MISC |
| draytek — vigorconnect | An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs. | 2021-10-13 | not yet calculated | CVE-2021-20129 MISC |
| draytek — vigorconnect | An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges. | 2021-10-13 | not yet calculated | CVE-2021-20127 MISC |
| draytek — vigorconnect |
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. | 2021-10-13 | not yet calculated | CVE-2021-20123 MISC |
| draytek — vigorconnect |
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. | 2021-10-13 | not yet calculated | CVE-2021-20124 MISC |
| draytek — vigorconnect |
Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | 2021-10-13 | not yet calculated | CVE-2021-20126 MISC |
| draytek — vigorconnect |
The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized. | 2021-10-13 | not yet calculated | CVE-2021-20128 MISC |
| dzzoffice — dzzoffice |
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php. | 2021-10-11 | not yet calculated | CVE-2021-40191 MISC |
| dzzoffice — dzzoffice |
A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter. | 2021-10-12 | not yet calculated | CVE-2021-40292 MISC |
| easytest — easytest | The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions. | 2021-10-15 | not yet calculated | CVE-2021-42333 CONFIRM |
| easytest — easytest | Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack. | 2021-10-15 | not yet calculated | CVE-2021-42335 CONFIRM |
| easytest — easytest |
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters. | 2021-10-15 | not yet calculated | CVE-2021-42336 CONFIRM |
| easytest — easytest |
The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions. | 2021-10-15 | not yet calculated | CVE-2021-42334 CONFIRM |
| electron — electron |
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a “thumbnail” image of an arbitrary file on the user’s system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one’s app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it. | 2021-10-12 | not yet calculated | CVE-2021-39184 MISC CONFIRM |
| ericsson — network_manager |
** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to. | 2021-10-14 | not yet calculated | CVE-2021-32571 MISC |
| ericsson — network_manager |
** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting. This problem is completely resolved in new Ericsson library browsing tool ELEX used in systems like Ericsson Network Manager. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to. | 2021-10-14 | not yet calculated | CVE-2021-32569 MISC |
| exacqvision — server |
Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server. | 2021-10-11 | not yet calculated | CVE-2021-27664 CERT CONFIRM |
| fatek — automation_communication_server |
FATEK Automation Communication Server Versions 1.13 and prior lacks proper validation of user-supplied data, which could result in a stack-based buffer overflow condition and allow an attacker to remotely execute code. | 2021-10-15 | not yet calculated | CVE-2021-38432 MISC |
| frontier — frontier |
Frontier is Substrate’s Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for `pallet-ethereum`, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of this to put invalid transactions into a block. The attack is limited in that the signature is always validated, and the majority of the validation is done again in the subsequent `pallet-evm` execution logic. However, do note that a chain ID replay attack was possible. In addition, spamming attacks are of main concerns, while they are limited by Substrate block size limits and other factors. The issue is patched in commit `146bb48849e5393004be5c88beefe76fdf009aba`. | 2021-10-13 | not yet calculated | CVE-2021-41138 MISC MISC CONFIRM |
| froxlor — froxlor |
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name. | 2021-10-12 | not yet calculated | CVE-2021-42325 MISC |
| gajim — gajim |
Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID. | 2021-10-11 | not yet calculated | CVE-2021-41055 MISC MISC |
| getclientlp — getclientlp |
A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts. | 2021-10-14 | not yet calculated | CVE-2020-19962 MISC |
| gitlab — gitlab |
An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with ‘external’ status which is granted ‘Maintainer’ role on any project on the GitLab instance where ‘project tokens’ are allowed may elevate its privilege to ‘Internal’ and access Internal projects. | 2021-10-11 | not yet calculated | CVE-2021-22263 MISC MISC CONFIRM |
| goahead — goahead |
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts. | 2021-10-14 | not yet calculated | CVE-2021-42342 MISC |
| google — android |
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-182282956 | 2021-10-11 | not yet calculated | CVE-2021-0583 MISC |
| gpac — gpac |
An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. | 2021-10-12 | not yet calculated | CVE-2020-22678 MISC |
| gpac — gpac |
An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input. | 2021-10-12 | not yet calculated | CVE-2020-22674 MISC |
| gpac — gpac |
An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. | 2021-10-12 | not yet calculated | CVE-2020-22675 MISC |
| gpac — gpac |
Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input. | 2021-10-12 | not yet calculated | CVE-2020-22673 MISC |
| gpac — gpac |
An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. | 2021-10-12 | not yet calculated | CVE-2020-22677 MISC |
| gpac — gpac |
Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input. | 2021-10-12 | not yet calculated | CVE-2020-22679 MISC |
| hashicorp — vault |
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials. | 2021-10-11 | not yet calculated | CVE-2021-42135 MISC |
| hero — ct060 |
There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user’s identity. Successful exploit could allow the attacker to do certain operations which the user are supposed not to do. | 2021-10-11 | not yet calculated | CVE-2021-37123 MISC |
| hewlett_packard_enterprises — aruba_instant | A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability. | 2021-10-12 | not yet calculated | CVE-2021-37726 MISC |
| hewlett_packard_enterprises — aruba_instant | A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability. | 2021-10-12 | not yet calculated | CVE-2021-37727 MISC |
| hewlett_packard_enterprises — aruba_instant | A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-37737 MISC |
| hewlett_packard_enterprises — aruba_instant | A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability. | 2021-10-12 | not yet calculated | CVE-2021-37735 MISC |
| hewlett_packard_enterprises — aruba_instant | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-37739 MISC |
| hewlett_packard_enterprises — aruba_instant | A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant 8.7.x.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability. | 2021-10-12 | not yet calculated | CVE-2021-37732 MISC |
| hewlett_packard_enterprises — aruba_instant | A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability. | 2021-10-12 | not yet calculated | CVE-2021-37730 MISC |
| hewlett_packard_enterprises — aruba_instant |
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-37736 MISC |
| hewlett_packard_enterprises — aruba_instant |
A remote unauthorized read access to files vulnerability was discovered in Aruba Instant version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.19 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below; Aruba Instant 8.8.x.x: 8.8.0.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability. | 2021-10-12 | not yet calculated | CVE-2021-37734 MISC |
| hewlett_packard_enterprises — aruba_instant |
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 – – ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 – – ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | 2021-10-15 | not yet calculated | CVE-2021-37738 MISC |
| hewlett_packard_enterprises — primera_storage |
A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware. | 2021-10-11 | not yet calculated | CVE-2021-26588 MISC |
| hitachi — jp1/it_desktop_manager2_agent | Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system. | 2021-10-12 | not yet calculated | CVE-2021-29645 MISC |
| hitachi — jp1/it_desktop_manager2_agent |
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. An attacker with network access to port 31016 may exploit this issue to execute code with unrestricted privileges on the underlying OS. | 2021-10-12 | not yet calculated | CVE-2021-29644 MISC |
| huntflow — enterprise |
An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter. | 2021-10-14 | not yet calculated | CVE-2021-37933 MISC |
| ibm — cognos_analytics |
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915. | 2021-10-15 | not yet calculated | CVE-2021-29679 CONFIRM XF |
| ibm — cognos_analytics |
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information. | 2021-10-15 | not yet calculated | CVE-2020-4951 CONFIRM XF |
| ibm — cognos_analytics |
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the ‘New Job’ page to which they should not have access to. IBM X-Force ID: 201695. | 2021-10-15 | not yet calculated | CVE-2021-29745 XF CONFIRM |
| ibm — data_risk_manager |
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980. | 2021-10-12 | not yet calculated | CVE-2021-38862 XF CONFIRM |
| ibm — data_risk_manager |
IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947. | 2021-10-12 | not yet calculated | CVE-2021-38915 CONFIRM XF |
| ifsc — code_finder_project |
SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php. | 2021-10-13 | not yet calculated | CVE-2021-42224 MISC MISC MISC |
| imagicle — application_suite |
Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the “Export to CSV” feature of the Contact Manager web GUI. | 2021-10-14 | not yet calculated | CVE-2021-42369 MISC MISC |
| inbody — inbody |
InBody App for iOS versions prior to 2.3.30 and InBody App for Android versions prior to 2.2.90(510) contain a vulnerability which may lead to information disclosure only when it works with the body composition analyzer InBody Dial. This may allow an attacker who can connect to the InBody Dial with InBody App may obtain a victim’s measurement result measured by InBody Dial. | 2021-10-13 | not yet calculated | CVE-2021-20832 MISC MISC |
| keypair — keypair |
keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This would mean that the library is generating identical P, Q (and thus N) values which, in practical terms, is impossible with RSA-2048 keys. Generating identical values, repeatedly, usually indicates an issue with poor random number generation, or, poor handling of CSPRNG output. Issue 1: Poor random number generation (`GHSL-2021-1012`). The library does not rely entirely on a platform provided CSPRNG, rather, it uses it’s own counter-based CMAC approach. Where things go wrong is seeding the CMAC implementation with “true” random data in the function `defaultSeedFile`. In order to seed the AES-CMAC generator, the library will take two different approaches depending on the JavaScript execution environment. In a browser, the library will use [`window.crypto.getRandomValues()`](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L971). However, in a nodeJS execution environment, the `window` object is not defined, so it goes down a much less secure solution, also of which has a bug in it. It does look like the library tries to use node’s CSPRNG when possible unfortunately, it looks like the `crypto` object is null because a variable was declared with the same name, and set to `null`. So the node CSPRNG path is never taken. However, when `window.crypto.getRandomValues()` is not available, a Lehmer LCG random number generator is used to seed the CMAC counter, and the LCG is seeded with `Math.random`. While this is poor and would likely qualify in a security bug in itself, it does not explain the extreme frequency in which duplicate keys occur. The main flaw: The output from the Lehmer LCG is encoded incorrectly. The specific [line][https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L1008] with the flaw is: `b.putByte(String.fromCharCode(next & 0xFF))` The [definition](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L350-L352) of `putByte` is `util.ByteBuffer.prototype.putByte = function(b) {this.data += String.fromCharCode(b);};`. Simplified, this is `String.fromCharCode(String.fromCharCode(next & 0xFF))`. The double `String.fromCharCode` is almost certainly unintentional and the source of weak seeding. Unfortunately, this does not result in an error. Rather, it results most of the buffer containing zeros. Since we are masking with 0xFF, we can determine that 97% of the output from the LCG are converted to zeros. The only outputs that result in meaningful values are outputs 48 through 57, inclusive. The impact is that each byte in the RNG seed has a 97% chance of being 0 due to incorrect conversion. When it is not, the bytes are 0 through 9. In summary, there are three immediate concerns: 1. The library has an insecure random number fallback path. Ideally the library would require a strong CSPRNG instead of attempting to use a LCG and `Math.random`. 2. The library does not correctly use a strong random number generator when run in NodeJS, even though a strong CSPRNG is available. 3. The fallback path has an issue in the implementation where a majority of the seed data is going to effectively be zero. Due to the poor random number generation, keypair generates RSA keys that are relatively easy to guess. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim. | 2021-10-11 | not yet calculated | CVE-2021-41117 CONFIRM MISC |
| kindeditor — kindeditor |
Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed). | 2021-10-14 | not yet calculated | CVE-2021-42227 MISC |
| kindeditor — kindeditor |
A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html. | 2021-10-14 | not yet calculated | CVE-2021-42228 MISC |
| kubernetes — java_client |
Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. | 2021-10-11 | not yet calculated | CVE-2021-25738 MISC MISC |
| ledgersmb — ledgersmb |
LedgerSMB does not set the ‘Secure’ attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network traffic. LedgerSMB 1.8 and newer switched from Basic authentication to using cookie authentication with encrypted cookies. Although an attacker can’t access the information inside the cookie, nor the password of the user, possession of the cookie is enough to access the application as the user from which the cookie has been obtained. In order for the attacker to obtain the cookie, first of all the server must be configured to respond to unencrypted requests, the attacker must be suitably positioned to eavesdrop on the network traffic between the client and the server *and* the user must be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit Integrity impact of the attack vector. Users of LedgerSMB 1.8 are urged to upgrade to known-fixed versions. Users of LedgerSMB 1.7 or 1.9 are unaffected by this vulnerability and don’t need to take action. As a workaround, users may configure their Apache or Nginx reverse proxy to add the Secure attribute at the network boundary instead of relying on LedgerSMB. For Apache, please refer to the ‘Header always edit’ configuration command in the mod_headers module. For Nginx, please refer to the ‘proxy_cookie_flags’ configuration command. | 2021-10-14 | not yet calculated | CVE-2021-3882 CONFIRM MISC MISC |
| libmobi — libmobi |
libmobi is vulnerable to Out-of-bounds Read | 2021-10-15 | not yet calculated | CVE-2021-3881 MISC CONFIRM |
| libreoffice — libreoffice |
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. | 2021-10-12 | not yet calculated | CVE-2021-25634 MISC DEBIAN |
| libreoffice — libreoffice |
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. | 2021-10-11 | not yet calculated | CVE-2021-25633 MISC DEBIAN |
| linux — linux_kernel |
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. | 2021-10-11 | not yet calculated | CVE-2021-42252 MISC MISC |
| manageengine — admanager_plus_build |
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. | 2021-10-13 | not yet calculated | CVE-2021-20130 MISC |
| manageengine — admanager_plus_build |
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. | 2021-10-13 | not yet calculated | CVE-2021-20131 MISC |
| mediawiki — mediawiki |
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog) | 2021-10-11 | not yet calculated | CVE-2021-41801 CONFIRM MISC |
| mediawiki — mediawiki |
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled. | 2021-10-11 | not yet calculated | CVE-2021-41800 MISC MISC CONFIRM FEDORA FEDORA |
| mediawiki — mediawiki |
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan. | 2021-10-11 | not yet calculated | CVE-2021-41799 CONFIRM MISC FEDORA FEDORA |
| melsec — iq-r_series_safety_cpu |
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password. | 2021-10-14 | not yet calculated | CVE-2021-20599 MISC MISC |
| mercury_router — pptp_server | A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router MER1200G v1.0.1. | 2021-10-14 | not yet calculated | CVE-2020-22724 MISC |
| microsoft — dynamics_365 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41354 MISC |
| microsoft — dynamics_365 |
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41353 MISC |
| microsoft — dynamics_365 |
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40457 MISC |
| microsoft — excel |
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40474, CVE-2021-40485. | 2021-10-13 | not yet calculated | CVE-2021-40479 MISC |
| microsoft — excel |
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40473, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485. | 2021-10-13 | not yet calculated | CVE-2021-40471 MISC |
| microsoft — excel |
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40474, CVE-2021-40479. | 2021-10-13 | not yet calculated | CVE-2021-40485 MISC |
| microsoft — excel |
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485. | 2021-10-13 | not yet calculated | CVE-2021-40473 MISC |
| microsoft — excel |
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40479, CVE-2021-40485. | 2021-10-13 | not yet calculated | CVE-2021-40474 MISC |
| microsoft — excel |
Microsoft Excel Information Disclosure Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40472 MISC |
| microsoft — exchange_server | Microsoft Exchange Server Denial of Service Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-34453 MISC |
| microsoft — exchange_server |
Microsoft Exchange Server Spoofing Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41350 MISC |
| microsoft — exchange_server |
Microsoft Exchange Server Elevation of Privilege Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41348 MISC |
| microsoft — exchange_server |
Microsoft Exchange Server Remote Code Execution Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-26427 MISC |
| microsoft — microsoft |
Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-41345. | 2021-10-13 | not yet calculated | CVE-2021-40489 MISC MISC |
| microsoft — microsoft |
Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40489, CVE-2021-41345. | 2021-10-13 | not yet calculated | CVE-2021-40488 MISC MISC |
| microsoft — office | Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40480. | 2021-10-13 | not yet calculated | CVE-2021-40481 MISC MISC |
| microsoft — office |
Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40481. | 2021-10-13 | not yet calculated | CVE-2021-40480 MISC MISC |
| microsoft — sharepoint |
Microsoft SharePoint Server Information Disclosure Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40482 MISC |
| microsoft — sharepoint |
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40483. | 2021-10-13 | not yet calculated | CVE-2021-40484 MISC |
| microsoft — sharepoint |
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41344. | 2021-10-13 | not yet calculated | CVE-2021-40487 MISC |
| microsoft — sharepoint |
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40484. | 2021-10-13 | not yet calculated | CVE-2021-40483 MISC |
| microsoft — sharepoint |
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40487. | 2021-10-13 | not yet calculated | CVE-2021-41344 MISC |
| microsoft — win32k |
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-40450. | 2021-10-13 | not yet calculated | CVE-2021-41357 MISC |
| microsoft — windows | Windows AD FS Security Feature Bypass Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40456 MISC |
| microsoft — windows | Windows Installer Spoofing Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40455 MISC |
| microsoft — windows | Rich Text Edit Control Information Disclosure Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40454 MISC |
| microsoft — windows | Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38672. | 2021-10-13 | not yet calculated | CVE-2021-40461 MISC |
| microsoft — windows | Windows Nearby Sharing Elevation of Privilege Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40464 MISC |
| microsoft — windows | Windows AppContainer Elevation Of Privilege Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40476 MISC |
| microsoft — windows | Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40467. | 2021-10-13 | not yet calculated | CVE-2021-40466 MISC |
| microsoft — windows | Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40460 MISC |
| microsoft — windows | Windows Print Spooler Information Disclosure Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41332 MISC |
| microsoft — windows | Windows Fast FAT File System Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38662. | 2021-10-13 | not yet calculated | CVE-2021-41343 MISC |
| microsoft — windows | SCOM Information Disclosure Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41352 MISC |
| microsoft — windows | Windows Kernel Elevation of Privilege Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41335 MISC |
| microsoft — windows | Windows Media Audio Decoder Remote Code Execution Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41331 MISC |
| microsoft — windows | Windows AppX Deployment Service Elevation of Privilege Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41347 MISC MISC |
| microsoft — windows |
Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40466, CVE-2021-40467. | 2021-10-13 | not yet calculated | CVE-2021-40443 MISC |
| microsoft — windows |
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357. | 2021-10-13 | not yet calculated | CVE-2021-40449 MISC |
| microsoft — windows |
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-41357. | 2021-10-13 | not yet calculated | CVE-2021-40450 MISC |
| microsoft — windows |
Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489. | 2021-10-13 | not yet calculated | CVE-2021-41345 MISC MISC |
| microsoft — windows |
Console Window Host Security Feature Bypass Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41346 MISC |
| microsoft — windows |
Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40461. | 2021-10-13 | not yet calculated | CVE-2021-38672 MISC |
| microsoft — windows |
Windows MSHTML Platform Remote Code Execution Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41342 MISC |
| microsoft — windows |
Windows HTTP.sys Elevation of Privilege Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-26442 MISC |
| microsoft — windows |
Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40462 MISC |
| microsoft — windows |
Windows NAT Denial of Service Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40463 MISC |
| microsoft — windows |
Active Directory Federation Server Spoofing Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41361 MISC |
| microsoft — windows |
Windows Text Shaping Remote Code Execution Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40465 MISC |
| microsoft — windows |
Intune Management Extension Security Feature Bypass Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41363 MISC |
| microsoft — windows |
Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40466. | 2021-10-13 | not yet calculated | CVE-2021-40467 MISC |
| microsoft — windows |
.NET Core and Visual Studio Information Disclosure Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41355 MISC |
| microsoft — windows |
DirectX Graphics Kernel Elevation of Privilege Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40470 MISC |
| microsoft — windows |
Windows exFAT File System Information Disclosure Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-38663 MISC |
| microsoft — windows |
Windows Desktop Bridge Elevation of Privilege Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41334 MISC |
| microsoft — windows |
Windows Fast FAT File System Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41343. | 2021-10-13 | not yet calculated | CVE-2021-38662 MISC |
| microsoft — windows |
Windows Print Spooler Spoofing Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-36970 MISC |
| microsoft — windows |
Windows TCP/IP Denial of Service Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-36953 MISC |
| microsoft — windows |
Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41330 MISC |
| microsoft — windows |
Windows DNS Server Remote Code Execution Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40469 MISC |
| microsoft — windows |
Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345. | 2021-10-13 | not yet calculated | CVE-2021-40478 MISC MISC |
| microsoft — windows |
Windows Event Tracing Elevation of Privilege Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40477 MISC |
| microsoft — windows |
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40475 MISC |
| microsoft — windows |
Windows Kernel Information Disclosure Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41336 MISC |
| microsoft — windows |
Active Directory Security Feature Bypass Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41337 MISC |
| microsoft — windows |
Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41338 MISC |
| microsoft — windows |
Microsoft DWM Core Library Elevation of Privilege Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41339 MISC |
| microsoft — windows |
Windows Graphics Component Remote Code Execution Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-41340 MISC |
| microsoft — windows |
Windows Bind Filter Driver Information Disclosure Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40468 MISC |
| microsoft — word |
Microsoft Word Remote Code Execution Vulnerability | 2021-10-13 | not yet calculated | CVE-2021-40486 MISC MISC |
| miniftpd — miniftpd |
A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c | 2021-10-11 | not yet calculated | CVE-2021-40239 MISC |
| minio — minio |
Minio is a Kubernetes native application for cloud storage. All users on release `RELEASE.2021-10-10T16-53-30Z` are affected by a vulnerability that involves bypassing policy restrictions on regular users. Normally, checkKeyValid() should return owner true for rootCreds. In the affected version, policy restriction did not work properly for users who did not have service (svc) or security token service (STS) accounts. This issue is fixed in `RELEASE.2021-10-13T00-23-17Z`. A downgrade back to release `RELEASE.2021-10-08T23-58-24Z` is available as a workaround. | 2021-10-13 | not yet calculated | CVE-2021-41137 CONFIRM MISC MISC MISC |
| mitsubishi_electric — smartrtu_devices |
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI. | 2021-10-15 | not yet calculated | CVE-2018-16060 MISC |
| mitsubishi_electric — smartrtu_devices |
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php. | 2021-10-15 | not yet calculated | CVE-2018-16061 MISC |
| moxa — mxview_network_management_software |
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | 2021-10-12 | not yet calculated | CVE-2021-38456 MISC |
| moxa — mxview_network_management_software |
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | 2021-10-12 | not yet calculated | CVE-2021-38460 MISC |
| moxa — mxview_network_management_software |
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | 2021-10-12 | not yet calculated | CVE-2021-38452 MISC |
| moxa — mxview_network_management_software |
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | 2021-10-12 | not yet calculated | CVE-2021-38454 MISC |
| moxa — mxview_network_management_software |
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | 2021-10-12 | not yet calculated | CVE-2021-38458 MISC |
| mozilla — firefox |
A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS vulnerability is possible if the URL contains invalid characters `curl –path-as-is “http://localhost:3000//^/..”`The issue shows up on all the `fastify-static` applications that set `redirect: true` option. By default, it is `false`. | 2021-10-14 | not yet calculated | CVE-2021-22964 MISC |
| mozilla — firefox |
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false. | 2021-10-14 | not yet calculated | CVE-2021-22963 MISC |
| nagios — xi | The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload. | 2021-10-14 | not yet calculated | CVE-2021-33179 MISC |
| nagios — xi |
The Manage Backgrounds functionality within Nagvis versions prior to 2.0.9 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system. | 2021-10-14 | not yet calculated | CVE-2021-33178 MISC |
| nagios — xi |
The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries. | 2021-10-14 | not yet calculated | CVE-2021-33177 MISC |
| netapp — cloud_manager |
NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy. | 2021-10-11 | not yet calculated | CVE-2021-27002 MISC |
| nike — app |
Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | 2021-10-13 | not yet calculated | CVE-2021-20834 MISC MISC MISC |
| og_tags — og_tags |
Cross-site request forgery (CSRF) vulnerability in OG Tags versions prior to 2.0.2 allows a remote attacker to hijack the authentication of administrators and unintended operation may be performed via unspecified vectors. | 2021-10-13 | not yet calculated | CVE-2021-20831 MISC MISC |
| omero — omero |
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of “jQuery.html()“, there are a whole host of cross-site scripting possibilities with specially crafted input to a variety of fields. This issue is patched in version 5.11.0. There are no known workarounds aside from upgrading. | 2021-10-14 | not yet calculated | CVE-2021-41132 CONFIRM MISC MISC |
| online_dj_booking_management_system– online_dj_booking_management_system | Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php. | 2021-10-13 | not yet calculated | CVE-2021-42223 MISC |
| ontap — ontap |
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. | 2021-10-12 | not yet calculated | CVE-2021-27003 MISC |
| openrc — checkpath |
checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the ‘\0’ byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development. | 2021-10-14 | not yet calculated | CVE-2021-42341 MISC MISC MISC MISC MISC MISC |
| opensis — classic |
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php. | 2021-10-11 | not yet calculated | CVE-2021-40617 MISC |
| opensis — classic |
An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php. | 2021-10-12 | not yet calculated | CVE-2021-40618 MISC |
| opensis — classic |
Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET[‘usrid’] and $_GET[‘prof_id’] in the PasswordCheck.php file. | 2021-10-11 | not yet calculated | CVE-2021-40543 MISC |
| opensis — classic |
Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine. | 2021-10-15 | not yet calculated | CVE-2021-40720 MISC |
| opensis — classic |
Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php. | 2021-10-11 | not yet calculated | CVE-2021-40542 MISC |
| openway — way4 |
/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system. | 2021-10-11 | not yet calculated | CVE-2021-35060 MISC MISC |
| orchard — core_cms |
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed. | 2021-10-10 | not yet calculated | CVE-2021-25966 MISC MISC |
| palo_alto_networks — globalprotect_app |
A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform; GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux. | 2021-10-13 | not yet calculated | CVE-2021-3057 CONFIRM |
| phpfusion — phpfusion |
PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to “webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code. | 2021-10-11 | not yet calculated | CVE-2021-40189 MISC |
| phpfusion — phpfusion |
PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as “.php, .php7, .phtml, .php5, …”. An attacker can upload a malicious file and execute code on the server. | 2021-10-11 | not yet calculated | CVE-2021-40188 MISC |
| phpmywind — phpmywind |
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. | 2021-10-14 | not yet calculated | CVE-2020-19964 MISC MISC MISC |
| postgresql — postgresql |
A flaw was found in postgresql. Using an INSERT … ON CONFLICT … DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. | 2021-10-11 | not yet calculated | CVE-2021-32028 MISC MISC |
| prefetch — prefetch |
A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information. | 2021-10-13 | not yet calculated | CVE-2021-26318 MISC |
| projectsend — projectsend | Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code. | 2021-10-11 | not yet calculated | CVE-2021-40888 MISC MISC |
| projectsend — projectsend |
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder. | 2021-10-11 | not yet calculated | CVE-2021-40887 MISC |
| proofpoint — enterprise_protection |
Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass. | 2021-10-13 | not yet calculated | CVE-2021-39304 MISC MISC |
| proofpoint — proofpoint |
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected. | 2021-10-13 | not yet calculated | CVE-2021-40843 MISC MISC |
| proofpoint — proofpoint |
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected. | 2021-10-13 | not yet calculated | CVE-2021-40842 MISC MISC |
| proofpoint — spam_engine |
Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass. | 2021-10-13 | not yet calculated | CVE-2021-34814 MISC MISC |
| protype_pollution — protype_pollution |
All versions of package config-handler are vulnerable to Prototype Pollution when loading config files. | 2021-10-11 | not yet calculated | CVE-2021-23448 MISC MISC |
| puma — puma |
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request’s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`. | 2021-10-12 | not yet calculated | CVE-2021-41136 CONFIRM MISC |
| rconfig — server |
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server. | 2021-10-11 | not yet calculated | CVE-2021-29005 MISC MISC |
| redmine — redmine |
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter. | 2021-10-12 | not yet calculated | CVE-2021-42326 MISC MISC MISC MISC |
| ruggedcom — multiple_products |
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service. | 2021-10-12 | not yet calculated | CVE-2021-41546 MISC |
| samba — berberos_server |
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server – Request). An authenticated user could use this flaw to crash the samba server. | 2021-10-12 | not yet calculated | CVE-2021-3671 MISC MISC MISC |
| sap — business_one | SAP Business One – version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim’s computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution. | 2021-10-12 | not yet calculated | CVE-2021-38180 MISC MISC |
| sap — business_one |
Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials. | 2021-10-12 | not yet calculated | CVE-2021-38179 MISC MISC |
| sap — businessobjects_analysis |
SAP BusinessObjects Analysis (edition for OLAP) – versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its version. | 2021-10-12 | not yet calculated | CVE-2021-40497 MISC MISC |
| sap — businessobjects_business_intelligence_platform |
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) – versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server. | 2021-10-12 | not yet calculated | CVE-2021-40500 MISC MISC |
| sap — cloud_print_manager |
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP – versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | 2021-10-12 | not yet calculated | CVE-2021-40499 MISC MISC |
| sap — internet_communication_framework |
SAP Internet Communication framework (ICM) – versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details. | 2021-10-12 | not yet calculated | CVE-2021-40496 MISC MISC |
| sap — netweaver | SAP NetWeaver – versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in Cross-Site Scripting vulnerability. | 2021-10-12 | not yet calculated | CVE-2021-38183 MISC MISC |
| sap — netweaver | The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions – 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data. | 2021-10-12 | not yet calculated | CVE-2021-38178 MISC MISC |
| sap — netweaver | SAP NetWeaver AS ABAP and ABAP Platform – versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 2021-10-12 | not yet calculated | CVE-2021-38181 MISC MISC |
| sap — netweaver_application_server |
There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform – versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform. | 2021-10-12 | not yet calculated | CVE-2021-40495 MISC MISC |
| sap — successfactors_mobile_application |
A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android – versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is related to Android implementation methods that are widely used across Android mobile applications, and such methods are embedded into the SAP SuccessFactors mobile application. These Android methods begin executing once the user accesses their profile on the mobile application. While executing, it can also pick up the activities from other Android applications that are running in the background of the users device and are using the same types of methods in the application. Such vulnerability can also lead to phishing attacks that can be used for staging other types of attacks. | 2021-10-12 | not yet calculated | CVE-2021-40498 MISC MISC |
| shinher — studyonline_system |
The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks. | 2021-10-15 | not yet calculated | CVE-2021-42329 CONFIRM |
| shinher — studyonline_system |
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters. | 2021-10-15 | not yet calculated | CVE-2021-42330 CONFIRM |
| shinher — studyonline_system |
The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters. | 2021-10-15 | not yet calculated | CVE-2021-42331 CONFIRM |
| shinher — studyonline_system |
The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters. | 2021-10-15 | not yet calculated | CVE-2021-42332 CONFIRM |
| simatic — process_historian |
A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data. | 2021-10-12 | not yet calculated | CVE-2021-27395 MISC |
| sinec — nms | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database. | 2021-10-12 | not yet calculated | CVE-2021-33729 MISC |
| sinec — nms | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system. | 2021-10-12 | not yet calculated | CVE-2021-33723 MISC |
| sinec — nms | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path. | 2021-10-12 | not yet calculated | CVE-2021-33724 MISC |
| sinec — nms | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | 2021-10-12 | not yet calculated | CVE-2021-33726 MISC |
| sinec — nms | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system. | 2021-10-12 | not yet calculated | CVE-2021-33727 MISC |
| sinec — nms | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges. | 2021-10-12 | not yet calculated | CVE-2021-33728 MISC |
| sinec — nms | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | 2021-10-12 | not yet calculated | CVE-2021-33731 MISC |
| sinec — nms | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | 2021-10-12 | not yet calculated | CVE-2021-33730 MISC |
| sinec — nms | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | 2021-10-12 | not yet calculated | CVE-2021-33736 MISC |
| sinec — nms | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | 2021-10-12 | not yet calculated | CVE-2021-33732 MISC |
| sinec — nms | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | 2021-10-12 | not yet calculated | CVE-2021-33733 MISC |
| sinec — nms | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | 2021-10-12 | not yet calculated | CVE-2021-33735 MISC |
| sinec — nms |
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | 2021-10-12 | not yet calculated | CVE-2021-33725 MISC |
| sinec — nms |
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | 2021-10-12 | not yet calculated | CVE-2021-33734 MISC |
| sinec — nms |
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system. | 2021-10-12 | not yet calculated | CVE-2021-33722 MISC |
| sinumerik — 808d |
A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don’t process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device. | 2021-10-12 | not yet calculated | CVE-2021-37199 MISC |
| snkrdunk — market_place_app |
The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on and/or alter encrypted communication via a crafted certificate. | 2021-10-13 | not yet calculated | CVE-2021-20833 MISC MISC |
| solarwinds — pingdom |
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021. | 2021-10-12 | not yet calculated | CVE-2021-35214 MISC |
| sonicwall — sonicos |
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. | 2021-10-12 | not yet calculated | CVE-2021-20031 CONFIRM MISC |
| stb_image — stb_image |
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. | 2021-10-15 | not yet calculated | CVE-2021-28021 MISC |
| storage_spaces — controller_elevation |
Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345. | 2021-10-13 | not yet calculated | CVE-2021-26441 MISC MISC |
| telus — wifi_hub |
The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and making a series of crafted requests to the device’s web interface. | 2021-10-11 | not yet calculated | CVE-2021-20121 MISC |
| telus — wifi_hub |
The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router’s LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain a shell as root on the target device. | 2021-10-11 | not yet calculated | CVE-2021-20122 MISC |
| tibco_software_inc — multiple_products | The XMLA Connections component of TIBCO Software Inc.’s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server – Community Edition, TIBCO JasperReports Server – Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server – Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server – Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0. | 2021-10-12 | not yet calculated | CVE-2021-35496 CONFIRM CONFIRM |
| tibco_software_inc — multiple_products | The Rest API component of TIBCO Software Inc.’s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server – Community Edition, TIBCO JasperReports Server – Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contain a race condition that allows a low privileged authenticated attacker via the REST API to obtain read access to temporary objects created by other users on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server – Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server – Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0. | 2021-10-12 | not yet calculated | CVE-2021-35494 CONFIRM CONFIRM |
| tibco_software_inc — multiple_products |
The Scheduler Connection component of TIBCO Software Inc.’s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server – Community Edition, TIBCO JasperReports Server – Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows an authenticated attacker with network access to obtain FTP server passwords for other users of the affected system. Affected releases are TIBCO Software Inc.’s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server – Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server – Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0. | 2021-10-12 | not yet calculated | CVE-2021-35495 CONFIRM CONFIRM |
| tibco_software_inc — multiple_products |
The TIBCO EBX Web Server component of TIBCO Software Inc.’s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.’s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0. | 2021-10-13 | not yet calculated | CVE-2021-35498 CONFIRM CONFIRM |
| tinyxml — tinyxml |
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service. | 2021-10-11 | not yet calculated | CVE-2021-42260 MISC |
| tuleap — open_alm | Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to its personal dashboard could execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue. | 2021-10-15 | not yet calculated | CVE-2021-41148 MISC MISC CONFIRM MISC |
| tuleap — open_alm |
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the capability to add and remove attachment to an artifact could force a victim to execute uncontrolled code. Tuleap Community Edition 11.17.99.146 and Tuleap Enterprise Edition 12.11-2 contain a fix for the issue. | 2021-10-14 | not yet calculated | CVE-2021-41142 MISC MISC CONFIRM MISC |
| tuleap — open_alm |
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard service can execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue. | 2021-10-15 | not yet calculated | CVE-2021-41147 MISC CONFIRM MISC MISC |
| vaadin — server |
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data. | 2021-10-13 | not yet calculated | CVE-2021-33609 CONFIRM CONFIRM |
| vim — vim |
vim is vulnerable to Heap-based Buffer Overflow | 2021-10-15 | not yet calculated | CVE-2021-3875 CONFIRM MISC |
| vmware — vrealize |
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure. | 2021-10-13 | not yet calculated | CVE-2021-22036 MISC |
| vmware — vrealize |
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user’s environment. | 2021-10-13 | not yet calculated | CVE-2021-22035 MISC |
| vmware — vrealize |
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. | 2021-10-13 | not yet calculated | CVE-2021-22033 MISC |
| wallstreet_suite — wallstreet_suite |
A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user. | 2021-10-15 | not yet calculated | CVE-2021-41320 MISC MISC |
| wordpress — wordpress | The Formidable Form Builder WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found in the ~/classes/helpers/FrmAppHelper.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 5.0.06. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | 2021-10-14 | not yet calculated | CVE-2021-39330 MISC MISC |
| wordpress — wordpress | The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/jobs_function.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | 2021-10-15 | not yet calculated | CVE-2021-39337 MISC MISC MISC |
| wordpress — wordpress | The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash. | 2021-10-11 | not yet calculated | CVE-2021-24651 MISC |
| wordpress — wordpress | The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | 2021-10-15 | not yet calculated | CVE-2021-39344 MISC MISC MISC |
| wordpress — wordpress | The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | 2021-10-15 | not yet calculated | CVE-2021-39335 MISC MISC MISC |
| wordpress — wordpress | The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.7.25. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | 2021-10-15 | not yet calculated | CVE-2021-39336 MISC MISC MISC |
| wordpress — wordpress | The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | 2021-10-15 | not yet calculated | CVE-2021-39349 MISC MISC MISC |
| wordpress — wordpress | The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | 2021-10-15 | not yet calculated | CVE-2021-39338 MISC MISC MISC |
| wordpress — wordpress | The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with “../” to perform directory traversal, and the file contents were populated via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin added a .jpg extension to all uploaded filenames, a double extension attack was still possible, e.g. a file named shell.php would be saved as shell.php.jpg, and would be executable on a number of common configurations. | 2021-10-14 | not yet calculated | CVE-2021-38346 MISC |
| wordpress — wordpress |
The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127. | 2021-10-14 | not yet calculated | CVE-2021-38345 MISC |
| wordpress — wordpress |
The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page. | 2021-10-14 | not yet calculated | CVE-2021-38344 MISC |
| wordpress — wordpress |
The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | 2021-10-15 | not yet calculated | CVE-2021-39345 MISC MISC MISC |
| wordpress — wordpress |
The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjb_exp_in and the psjb_curr_in parameters found in the ~/job-settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | 2021-10-15 | not yet calculated | CVE-2021-39334 MISC MISC MISC |
| wordpress — wordpress |
The Easy Accordion WordPress plugin before 2.0.22 does not properly sanitize inputs when adding new items to an accordion. | 2021-10-11 | not yet calculated | CVE-2021-24576 MISC |
| wordpress — wordpress |
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue. | 2021-10-11 | not yet calculated | CVE-2021-24683 MISC |
| wordpress — wordpress |
The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | 2021-10-15 | not yet calculated | CVE-2021-39332 MISC |
| wuzhicms — wuzhicms |
Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. | 2021-10-12 | not yet calculated | CVE-2020-28145 MISC MISC |
| xmp — toolkit |
XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file. | 2021-10-13 | not yet calculated | CVE-2021-40732 MISC |
| yealink — device_management |
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. | 2021-10-15 | not yet calculated | CVE-2021-27561 MISC |
| yellowfin — yellowfin | In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page “MIIAvatarImage.i4”. | 2021-10-14 | not yet calculated | CVE-2021-36388 MISC MISC MISC |
| yellowfin — yellowfin | In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page “ActivityStreamAjax.i4”. | 2021-10-14 | not yet calculated | CVE-2021-36387 MISC MISC MISC MISC |
| yellowfin — yellowfin | In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page “MIImage.i4”. | 2021-10-14 | not yet calculated | CVE-2021-36389 MISC MISC MISC |
| zammad — zammad |
An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc. | 2021-10-11 | not yet calculated | CVE-2021-42137 MISC |
| zephyr — ieee_802154 |
Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3 | 2021-10-12 | not yet calculated | CVE-2021-3322 MISC |
| zephyr — ieee_802154 |
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99 | 2021-10-12 | not yet calculated | CVE-2021-3321 MISC |
| zephyr — zephyr | Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc | 2021-10-12 | not yet calculated | CVE-2021-3323 MISC |
| zephyr — zephyr |
RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456 | 2021-10-12 | not yet calculated | CVE-2021-3330 MISC |
| zoho_manageengine — opmanager |
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API. | 2021-10-13 | not yet calculated | CVE-2021-40493 MISC |
| zoho_manageengine — opmanager |
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. | 2021-10-13 | not yet calculated | CVE-2021-41075 MISC |
| zz_cms — zz_cms | A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie. | 2021-10-14 | not yet calculated | CVE-2020-19960 MISC |
| zz_cms — zz_cms |
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php. | 2021-10-14 | not yet calculated | CVE-2020-19961 MISC MISC MISC |
| zz_cms — zz_cms |
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie. | 2021-10-14 | not yet calculated | CVE-2020-19959 MISC |
| zz_cms — zz_cms |
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page. | 2021-10-14 | not yet calculated | CVE-2020-19957 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
