US-CERT Bulletin (SB21-284):Vulnerability Summary for the Week of October 4, 2021
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
archibus — web_central | ** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the testers to modify the application logic. It is also possible to set the value of the session token, client-side, simply by making an unauthenticated GET Request to the Home Page and adding an arbitrary value to the JSESSIONID field. The application, following the login, does not assign a new token, continuing to keep the inserted one, as the identifier of the entire session. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020. | 2021-10-05 | 7.5 | CVE-2021-41553 MISC |
aviatorscript_project — aviatorscript | AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL). | 2021-10-02 | 7.5 | CVE-2021-41862 MISC |
commonwl — cwlviewer | cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de (dated 2021-09-30) contains a patch. There are no available workarounds aside from installing the patch. The SnakeYaml constructor, by default, allows any data to be parsed. To fix the issue the object needs to be created with a `SafeConstructor` object, as seen in the patch. | 2021-10-01 | 7.5 | CVE-2021-41110 MISC MISC CONFIRM |
corel — pdf_fusion | Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | 2021-10-01 | 9.3 | CVE-2021-38096 MISC MISC |
corel — pdf_fusion | Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | 2021-10-01 | 9.3 | CVE-2021-38097 MISC MISC |
corel — photopaint_2020 | CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. This is different from CVE-2021-38101. | 2021-10-01 | 9.3 | CVE-2021-38099 MISC MISC |
corel — presentations_2020 | IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. | 2021-10-01 | 9.3 | CVE-2021-38103 MISC MISC |
dell — isilon_insightiq_firmware | Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity. | 2021-10-01 | 7.5 | CVE-2021-36298 MISC |
galera — galera_webtemplate | Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow. | 2021-10-01 | 7.5 | CVE-2021-40960 MISC MISC |
getcomposer — composer | Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue. | 2021-10-05 | 7.5 | CVE-2021-41116 MISC CONFIRM |
hotel_and_lodge_booking_management_system_project — hotel_and_lodge_booking_management_system | Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. | 2021-10-01 | 7.5 | CVE-2020-21012 MISC |
lodging_reservation_management_system_project — lodging_reservation_management_system | The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication. | 2021-10-04 | 7.5 | CVE-2021-41511 MISC MISC MISC |
online-shopping-system-advanced_project — online-shopping-system-advanced | An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input. | 2021-10-01 | 7.5 | CVE-2021-41649 MISC |
ptcl — hg150-ub_firmware | An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path. | 2021-10-04 | 7.5 | CVE-2021-35296 MISC |
qnap — qvr | A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later | 2021-10-01 | 7.5 | CVE-2021-34352 MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
3xlogic — infinias_access_control | An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credentials. Also, an authorized user of one zone can send API requests to unlock electronic locks associated with zones they are unauthorized to have access to. They can also create new user logins for zones they were not authorized to access, including the root zone of the software. | 2021-10-01 | 6.5 | CVE-2021-41847 MISC MISC MISC |
53kf — 53kf | Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window. | 2021-10-04 | 4.3 | CVE-2020-28119 MISC |
afian — filerun | Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. | 2021-10-05 | 4.3 | CVE-2021-35503 MISC MISC |
afian — filerun | Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action. | 2021-10-05 | 4.3 | CVE-2021-35506 MISC MISC |
alfred-spotify-mini-player — alfred_spotify_mini_player | Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter. | 2021-10-01 | 4.3 | CVE-2021-40927 MISC MISC |
archibus — web_central | ** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML code or client-side executable code (e.g., Javascript) is entered as input, the expected execution flow could be altered. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020. | 2021-10-05 | 4.3 | CVE-2021-41555 MISC |
archibus — web_central | ** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw, /archibus/schema/ab-core/views/process-navigator/ab-my-user-profile.axvw. By not verifying the permissions for access to resources, it allows a potential attacker to view pages that are not allowed. Specifically, it was found that any authenticated user can reach the administrative console for user management by directly requesting access to the page via URL. This allows a malicious user to modify all users’ profiles, to elevate any privileges to administrative ones, or to create or delete any type of user. It is also possible to modify the emails of other users, through a misconfiguration of the username parameter, on the user profile page. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020. | 2021-10-05 | 6.5 | CVE-2021-41554 MISC |
bosch — rexroth_indramotion_mlc_l20_firmware | The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. | 2021-10-04 | 4.3 | CVE-2021-23856 CONFIRM |
canonical — apport | An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; | 2021-10-01 | 4.7 | CVE-2021-3710 MISC MISC MISC MISC |
canonical — multipass | The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation. | 2021-10-01 | 4.6 | CVE-2021-3626 MISC |
canonical — multipass | The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner. | 2021-10-01 | 4.6 | CVE-2021-3747 MISC |
codesolz — better_find_and_replace | The Better Find and Replace WordPress plugin before 1.2.9 does not escape the ‘s’ GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue | 2021-10-04 | 4.3 | CVE-2021-24676 MISC |
coinmarketstats — woo-altcoin-payment-gateway | The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the ‘s’ GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue | 2021-10-04 | 4.3 | CVE-2021-24679 MISC |
concrete5-legacy_project — concrete5-legacy | Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter. | 2021-10-01 | 4.3 | CVE-2021-41463 MISC MISC |
concrete5-legacy_project — concrete5-legacy | Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. | 2021-10-01 | 4.3 | CVE-2021-41465 MISC MISC |
concrete5-legacy_project — concrete5-legacy | Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. | 2021-10-01 | 4.3 | CVE-2021-41464 MISC MISC |
concrete5-legacy_project — concrete5-legacy | Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID parameter. | 2021-10-01 | 4.3 | CVE-2021-41462 MISC MISC |
concrete5-legacy_project — concrete5-legacy | Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | 2021-10-01 | 4.3 | CVE-2021-41461 MISC MISC |
corel — coreldraw_2020 | CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file. | 2021-10-02 | 4.3 | CVE-2021-38107 MISC MISC |
corel — coreldraw_2020 | Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file. | 2021-10-02 | 4.3 | CVE-2021-38109 MISC MISC |
corel — pdf_fusion | Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | 2021-10-01 | 6.8 | CVE-2021-38098 MISC MISC |
corel — photopaint_2020 | Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. | 2021-10-01 | 6.8 | CVE-2021-38100 MISC MISC |
corel — photopaint_2020 | CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. This is different from CVE-2021-38099. | 2021-10-01 | 6.8 | CVE-2021-38101 MISC MISC |
corel — presentations_2020 | IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is different from CVE-2021-38102. | 2021-10-01 | 4.3 | CVE-2021-38105 MISC MISC |
corel — presentations_2020 | IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. | 2021-10-01 | 4.3 | CVE-2021-38104 MISC MISC |
corel — presentations_2020 | UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. | 2021-10-01 | 4.3 | CVE-2021-38106 MISC MISC |
corel — presentations_2020 | IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is different from CVE-2021-38105. | 2021-10-01 | 4.3 | CVE-2021-38102 MISC MISC |
corel — wordperfect_2020 | Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file. | 2021-10-02 | 4.3 | CVE-2021-38108 MISC MISC |
corel — wordperfect_2020 | Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file. | 2021-10-01 | 6.8 | CVE-2021-38110 MISC MISC |
dell — enterprise_sonic_os | Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks. | 2021-10-01 | 4 | CVE-2021-36309 MISC |
detector_project — detector | Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter. | 2021-10-01 | 4.3 | CVE-2021-40921 MISC |
docker — command_line_interface | Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH. | 2021-10-04 | 5 | CVE-2021-41092 MISC CONFIRM |
ecommerce-codeigniter-bootstrap_project — ecommerce-codeigniter-bootstrap | Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title parameter. | 2021-10-01 | 4.3 | CVE-2021-40975 MISC |
emlog — emlog | emlog v6.0.0 contains a SQL injection via /admin/comment.php. | 2021-10-01 | 6.5 | CVE-2020-21013 MISC |
emlog — emlog | emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php. | 2021-10-01 | 5.5 | CVE-2020-21014 MISC |
esri — portal_for_arcgis | There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker to impersonate another account. | 2021-10-01 | 6.5 | CVE-2021-29108 CONFIRM |
esri — portal_for_arcgis | A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. | 2021-10-01 | 4.3 | CVE-2021-29109 CONFIRM |
faveohelpdesk — faveo | Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER[“PHP_SELF”] parameter. | 2021-10-01 | 4.3 | CVE-2021-40925 MISC MISC |
getid3 — getid3 | Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter. | 2021-10-01 | 4.3 | CVE-2021-40926 MISC MISC |
gitlab — gitlab | The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses | 2021-10-05 | 4 | CVE-2021-22258 CONFIRM MISC MISC |
gitlab — gitlab | A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API. | 2021-10-04 | 4 | CVE-2021-22259 MISC CONFIRM |
gitlab — gitlab | In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin’s impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensitive info disclosure. | 2021-10-05 | 4 | CVE-2021-39891 MISC CONFIRM |
gitlab — gitlab | In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch. | 2021-10-05 | 4 | CVE-2021-39889 MISC MISC CONFIRM |
gitlab — gitlab | Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references. | 2021-10-05 | 4 | CVE-2021-39886 MISC CONFIRM |
gitlab — gitlab | A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware. | 2021-10-05 | 4 | CVE-2021-39880 CONFIRM MISC MISC |
gitlab — gitlab | In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call. | 2021-10-05 | 4 | CVE-2021-39870 MISC MISC CONFIRM |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user enumeration on such instances. | 2021-10-05 | 5 | CVE-2021-22257 MISC CONFIRM |
gitlab — gitlab | Missing access control in GitLab version 13.10 and above with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page | 2021-10-05 | 5 | CVE-2021-22262 CONFIRM MISC MISC |
gitlab — gitlab | A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. | 2021-10-05 | 5 | CVE-2021-39893 MISC CONFIRM |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. Under specialized conditions, an invited group member may continue to have access to a project even after the invited group, which the member was part of, is deleted. | 2021-10-05 | 4.3 | CVE-2021-22264 CONFIRM MISC |
glimmrtv — flextv | Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter. | 2021-10-01 | 4.3 | CVE-2021-40928 MISC MISC |
google — android | In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-179289753 | 2021-10-06 | 4.6 | CVE-2021-0692 MISC |
google — android | In the SELinux policy configured in system_app.te, there is a possible way for system_app to gain code execution in other processes due to an overly-permissive SELinux policy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-188554048 | 2021-10-06 | 4.6 | CVE-2021-0691 MISC |
google — android | When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product: Androidversion: Android-10Android ID: A-189392423 | 2021-10-06 | 6.8 | CVE-2021-0636 MISC |
google — android | In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-191055353 | 2021-10-06 | 4.6 | CVE-2021-0685 MISC |
google — android | In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179839665 | 2021-10-06 | 4.6 | CVE-2021-0684 MISC |
google — android | When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product: Androidversion:Android-10Android ID: A-189402477 | 2021-10-06 | 6.8 | CVE-2021-0635 MISC |
google — android | In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-185398942 | 2021-10-06 | 4.6 | CVE-2021-0683 MISC |
google — android | In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-182152757 | 2021-10-06 | 4.3 | CVE-2021-0690 MISC |
google — android | In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-177457096 | 2021-10-06 | 4.6 | CVE-2021-0595 MISC |
google — android | In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180422108 | 2021-10-06 | 4.4 | CVE-2021-0598 MISC |
google — android | In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-161149543 | 2021-10-06 | 4.4 | CVE-2021-0688 MISC |
gpac — mp4box | There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability. | 2021-10-01 | 5 | CVE-2021-41459 MISC |
gpac — mp4box | There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability. | 2021-10-01 | 5 | CVE-2021-41456 MISC |
gpac — mp4box | There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability. | 2021-10-01 | 5 | CVE-2021-41457 MISC |
grafana — grafana | Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot “public_mode” configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot “public_mode” setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects. | 2021-10-05 | 6.8 | CVE-2021-39226 MISC MISC CONFIRM MISC MLIST |
hkurl — i-panel_administration_system | A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button. | 2021-10-04 | 4.3 | CVE-2021-41878 MISC MISC |
ibm — sterling_b2b_integrator | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. IBM X-Force ID: 202169. | 2021-10-06 | 4 | CVE-2021-29758 CONFIRM XF |
ibm — sterling_b2b_integrator | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213. | 2021-10-06 | 4 | CVE-2021-29760 CONFIRM XF |
ibm — sterling_b2b_integrator | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265. | 2021-10-06 | 4 | CVE-2021-29761 CONFIRM XF |
jizhicms — jizhicms | JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. | 2021-10-01 | 4.3 | CVE-2020-21228 MISC MISC MISC |
justwriting_project — justwriting | Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. | 2021-10-01 | 4.3 | CVE-2021-41467 MISC MISC |
linux — linux_kernel | prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. | 2021-10-02 | 4.6 | CVE-2021-41864 MISC MISC FEDORA |
maccms — maccms | A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. | 2021-10-04 | 6.8 | CVE-2020-21386 MISC |
maccms — maccms | A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. | 2021-10-04 | 4.3 | CVE-2020-21387 MISC |
mcafee — drive_encryption | Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer. | 2021-10-01 | 4.6 | CVE-2021-23893 CONFIRM |
meowapps — media_file_renamer_-_auto_\&_manual_rename | Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters “post_title”, “filename”, “lock”. This allows changing the uploaded media title, media file name, and media locking state. | 2021-10-04 | 4.3 | CVE-2021-36850 CONFIRM MISC |
meowapps — meow_gallery | The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned values to be manipulated in a way that could lead to data disclosure and arbitrary objects to be deserialized. | 2021-10-04 | 5.5 | CVE-2021-24465 MISC |
mobyproject — moby | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. | 2021-10-04 | 4.4 | CVE-2021-41089 MISC CONFIRM |
mysurvey — survey_solutions | Survey Solutions is a survey management and data collection system. In affected versions the Headquarters application publishes /metrics endpoint available to any user. None of the survey answers are ever exposed, only the aggregate counters, including count of interviews, or count of assignments. Starting from version 21.09.1 the endpoint is turned off by default. | 2021-10-04 | 5 | CVE-2021-41123 MISC CONFIRM |
omikron — multicash | Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a debugger to the process or create a patch that manipulates the behavior of the login function. When the function always returns the success value (corresponding to a correct password), an attacker can login with any desired account, such as the administrative account of the application. | 2021-10-05 | 4.6 | CVE-2021-41286 MISC |
online-shopping-system-advanced_project — online-shopping-system-advanced | An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input. | 2021-10-01 | 5 | CVE-2021-41648 MISC MISC |
online_food_ordering_web_app_project — online_food_ordering_web_app | An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable “username” parameter in login.php and retrieve sensitive database information, as well as add an administrative user. | 2021-10-01 | 6.4 | CVE-2021-41647 MISC MISC MISC MISC |
pardus — liderahenk | On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it’s configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials. | 2021-10-01 | 5 | CVE-2021-3825 CONFIRM CONFIRM |
php — php | In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions. | 2021-10-04 | 4.3 | CVE-2021-21706 CONFIRM |
php — php | In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications – like contacting a wrong server or making a wrong access decision. | 2021-10-04 | 5 | CVE-2021-21705 CONFIRM |
php — php | In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption. | 2021-10-04 | 4.3 | CVE-2021-21704 CONFIRM CONFIRM CONFIRM CONFIRM |
pixeline — bugs | Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter. | 2021-10-01 | 4.3 | CVE-2021-40923 MISC MISC |
pixeline — bugs | Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter. | 2021-10-01 | 4.3 | CVE-2021-40924 MISC MISC |
pixeline — bugs | Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter. | 2021-10-01 | 4.3 | CVE-2021-40922 MISC MISC |
redis — hiredis | Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn’t itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible. | 2021-10-04 | 6.5 | CVE-2021-32765 MISC CONFIRM MISC |
redislabs — redis | Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. | 2021-10-04 | 4 | CVE-2021-32672 CONFIRM MISC |
scalabium — dbase_viewer | Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SEH) records and redirect execution to attacker-controlled code. | 2021-10-01 | 6.8 | CVE-2021-35297 MISC |
spotweb_project — spotweb | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. | 2021-10-01 | 4.3 | CVE-2021-40973 MISC MISC |
spotweb_project — spotweb | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter. | 2021-10-01 | 4.3 | CVE-2021-40971 MISC MISC |
spotweb_project — spotweb | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. | 2021-10-01 | 4.3 | CVE-2021-40970 MISC MISC |
spotweb_project — spotweb | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter. | 2021-10-01 | 4.3 | CVE-2021-40968 MISC MISC |
spotweb_project — spotweb | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. | 2021-10-01 | 4.3 | CVE-2021-40972 MISC MISC |
thycotic — secret_server | A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006. | 2021-10-01 | 4 | CVE-2021-41845 MISC MISC |
tibco — activespaces | The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.’s TIBCO ActiveSpaces – Community Edition, TIBCO ActiveSpaces – Developer Edition, TIBCO ActiveSpaces – Enterprise Edition, TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, TIBCO FTL – Enterprise Edition, TIBCO eFTL – Community Edition, TIBCO eFTL – Developer Edition, and TIBCO eFTL – Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.’s TIBCO ActiveSpaces – Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces – Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces – Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL – Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL – Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL – Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL – Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL – Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL – Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0. | 2021-10-05 | 6 | CVE-2021-35497 CONFIRM CONFIRM |
typo3 — typo3 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described. | 2021-10-05 | 6.8 | CVE-2021-41113 MISC CONFIRM MISC |
typo3 — typo3 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in TYPO3-CORE-SA-2014-001 (CVE-2014-3941). A regression, introduced during TYPO3 v11 development, led to this situation. The already existing setting $GLOBALS[‘TYPO3_CONF_VARS’][‘SYS’][‘trustedHostsPattern’] (used as an effective mitigation strategy in previous TYPO3 versions) was not evaluated anymore, and reintroduced the vulnerability. | 2021-10-05 | 5 | CVE-2021-41114 CONFIRM MISC MISC |
wowza — streaming_engine | A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. | 2021-10-05 | 5.8 | CVE-2021-35491 MISC MISC MISC |
wowza — streaming_engine | Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. (Manual intervention is required to free filesystem resources and return the application to an operational state.) | 2021-10-05 | 4 | CVE-2021-35492 MISC MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
calibre-web_project — calibre-web | In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered. | 2021-10-04 | 3.5 | CVE-2021-25964 MISC MISC |
canonical — apport | Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; | 2021-10-01 | 2.1 | CVE-2021-3709 MISC MISC MISC MISC |
cminds — enhanced-tooltipglossary | The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks | 2021-10-04 | 3.5 | CVE-2021-24678 MISC |
dwbooster — appointment_hour_booking | The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2021-10-04 | 3.5 | CVE-2021-24673 MISC |
esri — portal_for_arcgis | Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. | 2021-10-01 | 3.5 | CVE-2021-29110 CONFIRM |
gitlab — gitlab | A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim’s behalf. | 2021-10-05 | 3.5 | CVE-2021-39887 MISC CONFIRM MISC |
gitlab — gitlab | In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description. | 2021-10-05 | 3.5 | CVE-2021-39881 MISC CONFIRM MISC |
gitlab — gitlab | A stored Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.7 and above allows an attacker to execute arbitrary JavaScript code on the victim’s behalf via malicious Jira API responses | 2021-10-05 | 3.5 | CVE-2021-22261 MISC CONFIRM MISC |
google — android | In ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-188913943 | 2021-10-06 | 1.9 | CVE-2021-0687 MISC |
google — android | In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-159624555 | 2021-10-06 | 2.1 | CVE-2021-0682 MISC |
google — android | In conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-181053462 | 2021-10-06 | 2.1 | CVE-2021-0644 MISC |
google — android | In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184046948 | 2021-10-06 | 2.1 | CVE-2021-0693 MISC |
google — android | In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-177927831 | 2021-10-06 | 2.1 | CVE-2021-0686 MISC |
google — android | In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-190188264 | 2021-10-06 | 2.1 | CVE-2021-0689 MISC |
google — android | In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535337 | 2021-10-06 | 2.1 | CVE-2021-0681 MISC |
google — android | In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-184018316References: Upstream kernel | 2021-10-06 | 2.1 | CVE-2021-0695 MISC |
google — android | In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535676 | 2021-10-06 | 2.1 | CVE-2021-0680 MISC |
ibm — sterling_b2b_integrator | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 202268. | 2021-10-06 | 3.5 | CVE-2021-29764 XF CONFIRM |
icehrm — icehrm | A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands. | 2021-10-04 | 3.5 | CVE-2021-38822 MISC |
maccms — maccms | Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field. | 2021-10-04 | 3.5 | CVE-2020-21434 MISC |
qnap — image2pdf | A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later | 2021-10-01 | 3.5 | CVE-2021-38675 MISC |
qnap — photo_station | A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later | 2021-10-01 | 3.5 | CVE-2021-34356 MISC |
qnap — photo_station | A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later | 2021-10-01 | 3.5 | CVE-2021-34355 MISC |
qnap — photo_station | A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later | 2021-10-01 | 3.5 | CVE-2021-34354 MISC |
telegram — telegram | The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory. | 2021-10-04 | 2.1 | CVE-2021-41861 MISC MISC MISC MISC |
webnus — modern_events_calendar_lite | The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2021-10-04 | 3.5 | CVE-2021-24687 MISC |
wpeverest — user_registration | The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed | 2021-10-04 | 3.5 | CVE-2021-24654 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
N/A — N/A |
IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. IBM X-Force ID: 210162. | 2021-10-06 | not yet calculated | CVE-2021-38923 XF CONFIRM |
N/A — N/A |
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. | 2021-10-04 | not yet calculated | CVE-2021-41591 MISC MISC MISC MISC |
accel-ppp — accel-ppp |
ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication. | 2021-10-07 | not yet calculated | CVE-2021-42054 MISC |
adobe — acrobat_reader_dc |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2021-10-07 | not yet calculated | CVE-2021-40725 MISC |
adobe — acrobat_reader_dc |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2021-10-07 | not yet calculated | CVE-2021-40726 MISC |
adobe — xmp_toolkit_sdk |
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file. | 2021-10-04 | not yet calculated | CVE-2021-36051 MISC |
afian — filerun_2021.03.26 |
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. | 2021-10-05 | not yet calculated | CVE-2021-35505 MISC MISC |
afian — filerun_2021.03.26 |
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. | 2021-10-05 | not yet calculated | CVE-2021-35504 MISC MISC |
akamai — enterprise_application_access_client |
In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution. | 2021-10-04 | not yet calculated | CVE-2021-40683 MISC CONFIRM |
alkacon — opencms |
An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server’s file system by uploading a crafted SVG document. | 2021-10-08 | not yet calculated | CVE-2021-3312 MISC MISC |
apache — http_server_2.4 |
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. | 2021-10-05 | not yet calculated | CVE-2021-41524 MISC MLIST FEDORA CISCO |
apache — http_server_2.4.49 |
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration “require all denied”, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. | 2021-10-05 | not yet calculated | CVE-2021-41773 MISC MLIST MLIST MLIST MISC MLIST MISC MLIST MLIST MLIST CISCO MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST |
apache — http_server_2.4.50 |
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration “require all denied”, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. | 2021-10-07 | not yet calculated | CVE-2021-42013 MISC MLIST MLIST MLIST CISCO JVN MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST |
apache — openoffice |
While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packaging should upgrade to the latest version of Apache OpenOffice. | 2021-10-07 | not yet calculated | CVE-2021-28129 MISC MLIST MLIST MLIST |
apache — openoffice |
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a “Billion Laughs” entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched. | 2021-10-07 | not yet calculated | CVE-2021-40439 MISC MLIST MLIST MLIST |
axis — axis_devices |
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients. | 2021-10-05 | not yet calculated | CVE-2021-31987 MISC |
axis — axis_devices |
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email. | 2021-10-05 | not yet calculated | CVE-2021-31988 MISC |
axis — axis_devices |
User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. | 2021-10-05 | not yet calculated | CVE-2021-31986 MISC |
ballistix_mod_utility — ballistix_mod_utility |
Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call (mapping physical memory into a virtual address space). Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITY\SYSTEM. | 2021-10-04 | not yet calculated | CVE-2021-41285 MISC MISC |
biqs_it_biqs-drive — biqs_it_biqs-drive |
A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. | 2021-10-04 | not yet calculated | CVE-2021-39433 MISC MISC |
bosch — rexrooth_indramotion_mlc_and_indralogic_xlc |
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system. | 2021-10-04 | not yet calculated | CVE-2021-23857 CONFIRM |
bosch — rexrooth_indramotion_mlc_and_indralogic_xlc |
The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables. | 2021-10-04 | not yet calculated | CVE-2021-23855 CONFIRM |
bosch — rexrooth_indramotion_mlc_and_indralogic_xlc |
Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource. | 2021-10-04 | not yet calculated | CVE-2021-23858 CONFIRM |
boston_scientific — zoom_latitude_programmer/recorder/monitor_model_3120 | An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted. | 2021-10-04 | not yet calculated | CVE-2021-38394 MISC |
boston_scientific — zoom_latitude_programmer/recorder/monitor_model_3120 | The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities. | 2021-10-04 | not yet calculated | CVE-2021-38398 MISC |
boston_scientific — zoom_latitude_programmer/recorder/monitor_model_3120 | An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password. | 2021-10-04 | not yet calculated | CVE-2021-38400 MISC |
boston_scientific — zoom_latitude_programmer/recorder/monitor_model_3120 | The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB. | 2021-10-04 | not yet calculated | CVE-2021-38396 MISC |
boston_scientific — zoom_latitude_programmer/recorder/monitor_model_3120 |
A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world. | 2021-10-04 | not yet calculated | CVE-2021-38392 MISC |
cisco — anyconnect_secure_mobility_client |
A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for shared library files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with root privileges. To exploit this vulnerability, the attacker must have a valid account on the system. | 2021-10-06 | not yet calculated | CVE-2021-34788 CISCO |
cisco — asyncos |
A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management in the proxy service of an affected device. An attacker could exploit this vulnerability by establishing a large number of HTTPS connections to the affected device. A successful exploit could allow the attacker to cause the system to stop processing new connections, which could result in a DoS condition. Note: Manual intervention may be required to recover from this situation. | 2021-10-06 | not yet calculated | CVE-2021-34698 CISCO |
cisco — asyncos_software |
A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device. | 2021-10-06 | not yet calculated | CVE-2021-1534 CISCO |
cisco — ata_190_series_analog_telephone_adapter_software |
Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-10-06 | not yet calculated | CVE-2021-34710 CISCO |
cisco — ata_190_series_analog_telephone_adapter_software |
Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-10-06 | not yet calculated | CVE-2021-34735 CISCO |
cisco — business_220_series_smart_switches_firmware |
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-10-06 | not yet calculated | CVE-2021-34744 CISCO |
cisco — business_220_series_smart_switches_firmware |
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-10-06 | not yet calculated | CVE-2021-34757 CISCO |
cisco — dna_center |
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application. | 2021-10-06 | not yet calculated | CVE-2021-34782 CISCO |
cisco — identity_services_engine |
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the web application to perform arbitrary HTTP requests on behalf of the attacker. | 2021-10-06 | not yet calculated | CVE-2021-34706 CISCO |
cisco — identity_services_engine |
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker with read-only administrator access to the web-based management interface could exploit this vulnerability by browsing to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. | 2021-10-06 | not yet calculated | CVE-2021-34702 CISCO |
cisco — identity_services_engine |
A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting and modifying specific internode communications from one ISE persona to another ISE persona. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying operating system. To exploit this vulnerability, the attacker would need to decrypt HTTPS traffic between two ISE personas that are located on separate nodes. | 2021-10-06 | not yet calculated | CVE-2021-1594 CISCO |
cisco — intersight_virtual_appliance |
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device. | 2021-10-06 | not yet calculated | CVE-2021-34748 CISCO |
cisco — ip_phone_software |
A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system. | 2021-10-06 | not yet calculated | CVE-2021-34711 CISCO |
cisco — orbital |
A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage. This vulnerability is due to improper validation of URL paths in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted URL. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability, known as an open redirect attack, is used in phishing attacks to persuade users to visit malicious sites. | 2021-10-06 | not yet calculated | CVE-2021-34772 CISCO |
cisco — small_business_220_series_smart_switches |
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. | 2021-10-06 | not yet calculated | CVE-2021-34779 CISCO |
cisco — small_business_220_series_smart_switches |
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. | 2021-10-06 | not yet calculated | CVE-2021-34780 CISCO |
cisco — small_business_220_series_smart_switches |
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. | 2021-10-06 | not yet calculated | CVE-2021-34775 CISCO |
cisco — small_business_220_series_smart_switches |
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. | 2021-10-06 | not yet calculated | CVE-2021-34776 CISCO |
cisco — small_business_220_series_smart_switches |
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. | 2021-10-06 | not yet calculated | CVE-2021-34777 CISCO |
cisco — small_business_220_series_smart_switches |
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. | 2021-10-06 | not yet calculated | CVE-2021-34778 CISCO |
cisco — smart_software_manager_on-prem |
A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource. A successful exploit could allow the attacker to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI. | 2021-10-06 | not yet calculated | CVE-2021-34766 CISCO |
cisco — telepresence_collaboration_endpoint_and_roomos_software |
A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot. | 2021-10-06 | not yet calculated | CVE-2021-34758 CISCO |
cisco — vision_dynamic_signage_director |
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2021-10-06 | not yet calculated | CVE-2021-34742 CISCO |
cobbler — cobbler | Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. | 2021-10-04 | not yet calculated | CVE-2021-40324 MISC MISC |
cobbler — cobbler | Cobbler before 3.3.0 allows authorization bypass for modification of settings. | 2021-10-04 | not yet calculated | CVE-2021-40325 MISC MISC |
cobbler — cobbler |
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. | 2021-10-04 | not yet calculated | CVE-2021-40323 MISC MISC |
concretecms — concrete5 |
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N | 2021-10-07 | not yet calculated | CVE-2021-22958 MISC MISC |
containerd — containerd |
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. | 2021-10-04 | not yet calculated | CVE-2021-41103 MISC CONFIRM |
digi — realport |
An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution. | 2021-10-08 | not yet calculated | CVE-2021-35977 MISC |
digi — realport |
An issue was discovered in Digi RealPort through 4.8.488.0. The ‘encrypted’ mode is vulnerable to man-in-the-middle attacks and does not perform authentication. | 2021-10-08 | not yet calculated | CVE-2021-35979 MISC |
digi — realport |
In Digi RealPort through 4.8.488.0, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server’s access password. The attacker may then crack this hash offline in order to successfully login to the server. | 2021-10-08 | not yet calculated | CVE-2021-36767 MISC |
django — unicorn |
The Unicorn framework through 0.35.3 for Django allows XSS via component.name. | 2021-10-07 | not yet calculated | CVE-2021-42053 MISC MISC MISC |
emlog — emlog |
emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file. | 2021-10-06 | not yet calculated | CVE-2020-21654 MISC |
extensible_service_proxy — extensible_service_proxy |
Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header “X-Endpoint-API-UserInfo”, the application can use it to do authorization. But if there are two “X-Endpoint-API-UserInfo” headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two “X-Endpoint-API-UserInfo” headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the “X-Endpoint-API-UserInfo” header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If your docker image is using tag “:1”, needs to re-start the container to pick up the new version. The tag “:1” will automatically point to the latest version. * If your docker image tag pings to a specific minor version, e.g. “:1.57”. You need to update it to “:1.58” and re-start the container. There are no workaround for this issue. | 2021-10-07 | not yet calculated | CVE-2021-41130 MISC MISC CONFIRM MISC |
f-secure — antivirus_engine |
A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. | 2021-10-06 | not yet calculated | CVE-2021-33602 MISC |
f-secure — atlant |
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | 2021-10-08 | not yet calculated | CVE-2021-33603 MISC MISC |
f-secure — atlant |
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | 2021-10-08 | not yet calculated | CVE-2021-40832 MISC MISC |
flatpak — flatpak |
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak’s denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version. | 2021-10-08 | not yet calculated | CVE-2021-41133 MISC MISC MISC MISC MISC MISC CONFIRM MISC MISC |
forcepoint — ngfw_engine |
Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured. | 2021-10-04 | not yet calculated | CVE-2021-41530 MISC |
fortiguard — fortianalyzer |
An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks. | 2021-10-06 | not yet calculated | CVE-2021-24021 CONFIRM |
fortiguard — fortianalyzervm_and_fortimanagervm |
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext. | 2021-10-06 | not yet calculated | CVE-2021-36170 CONFIRM |
fortiguard — forticlientems |
A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages. | 2021-10-06 | not yet calculated | CVE-2020-15941 CONFIRM |
fortiguard — forticlientems |
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | 2021-10-06 | not yet calculated | CVE-2021-24019 CONFIRM |
fortiguard — fortinet_fortisdnconnector |
A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup. | 2021-10-06 | not yet calculated | CVE-2021-36178 CONFIRM |
fortiguard — fortiwebmanager |
An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device. | 2021-10-06 | not yet calculated | CVE-2021-36175 CONFIRM |
gclib — gffline |
An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file. | 2021-10-04 | not yet calculated | CVE-2021-42006 MISC |
gfos_workforce_management — gfos_workforce_management |
In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user’s credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement. | 2021-10-04 | not yet calculated | CVE-2021-38618 MISC |
gila_cms — gila_cms |
A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim’s browser. | 2021-10-04 | not yet calculated | CVE-2021-39486 MISC |
gila_cms — gila_cms |
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure. | 2021-10-04 | not yet calculated | CVE-2021-37777 MISC |
gitlab — gitlab | A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file. | 2021-10-04 | not yet calculated | CVE-2021-39877 MISC MISC CONFIRM |
gitlab — gitlab | A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code. | 2021-10-05 | not yet calculated | CVE-2021-39878 MISC MISC CONFIRM |
gitlab — gitlab |
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs. | 2021-10-04 | not yet calculated | CVE-2021-39900 MISC CONFIRM |
gitlab — gitlab |
A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens. | 2021-10-05 | not yet calculated | CVE-2021-39866 CONFIRM MISC MISC |
gitlab — gitlab_cc/ee | In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands. | 2021-10-04 | not yet calculated | CVE-2021-39874 MISC MISC CONFIRM |
gitlab — gitlab_ce/ee | In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call. | 2021-10-04 | not yet calculated | CVE-2021-39871 CONFIRM MISC MISC |
gitlab — gitlab_ce/ee | In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration. | 2021-10-05 | not yet calculated | CVE-2021-39872 CONFIRM MISC MISC |
gitlab — gitlab_ce/ee | In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response. | 2021-10-04 | not yet calculated | CVE-2021-39873 MISC MISC CONFIRM |
gitlab — gitlab_ce/ee | In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export. | 2021-10-04 | not yet calculated | CVE-2021-39868 MISC CONFIRM MISC |
gitlab — gitlab_ce/ee | In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project. | 2021-10-05 | not yet calculated | CVE-2021-39869 MISC MISC CONFIRM |
gitlab — gitlab_ce/ee | In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks. | 2021-10-05 | not yet calculated | CVE-2021-39894 MISC CONFIRM |
gitlab — gitlab_ce/ee |
In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues. | 2021-10-04 | not yet calculated | CVE-2021-39896 CONFIRM MISC |
gitlab — gitlab_ce/ee |
In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint. | 2021-10-05 | not yet calculated | CVE-2021-39875 CONFIRM MISC MISC |
gitlab — gitlab_ce/ee |
Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim’s session to disable two-factor authentication | 2021-10-04 | not yet calculated | CVE-2021-39879 CONFIRM MISC |
gitlab — gitlab_ce/ee |
In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks. | 2021-10-05 | not yet calculated | CVE-2021-39867 CONFIRM MISC |
gitlab — gitlab_ce/ee |
In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user. | 2021-10-05 | not yet calculated | CVE-2021-39882 MISC CONFIRM |
gitlab — gitlab_ce/ee |
In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations. | 2021-10-04 | not yet calculated | CVE-2021-39899 CONFIRM MISC |
gitlab — gitlab_ee | In all versions of GitLab EE since version 13.10, a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates. | 2021-10-05 | not yet calculated | CVE-2021-39888 MISC CONFIRM MISC |
gitlab — gitlab_ee |
A Stored XSS in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim’s behalf via malicious approval rule names | 2021-10-04 | not yet calculated | CVE-2021-39885 MISC CONFIRM MISC |
gitlab — gitlab_ee |
In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project. | 2021-10-05 | not yet calculated | CVE-2021-39884 MISC CONFIRM MISC |
gitlab — gitlab_ee |
Improper authorization checks in GitLab EE > 13.11 allows subgroup members to see epics from all parent subgroups. | 2021-10-04 | not yet calculated | CVE-2021-39883 CONFIRM MISC |
google — chrome | Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37962 MISC MISC FEDORA |
google — chrome | Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37961 MISC MISC FEDORA |
google — chrome | Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37963 MISC MISC FEDORA |
google — chrome | Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. | 2021-10-08 | not yet calculated | CVE-2021-37964 MISC MISC FEDORA |
google — chrome | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37965 MISC MISC FEDORA |
google — chrome | Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37966 MISC MISC FEDORA |
google — chrome | Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37958 MISC MISC FEDORA |
google — chrome | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37968 MISC MISC FEDORA |
google — chrome | Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. | 2021-10-08 | not yet calculated | CVE-2021-37969 MISC MISC FEDORA |
google — chrome | Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37970 MISC MISC FEDORA |
google — chrome | Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37971 MISC MISC FEDORA |
google — chrome | Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37957 MISC MISC FEDORA |
google — chrome | Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37959 MISC MISC FEDORA |
google — chrome | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37967 MISC MISC FEDORA |
google — chrome | Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37975 MISC MISC |
google — chrome | Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37976 MISC MISC |
google — chrome | Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37974 MISC MISC |
google — chrome | Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37973 MISC MISC FEDORA |
google — chrome | Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37972 MISC MISC FEDORA FEDORA |
google — chrome |
Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-37956 MISC MISC FEDORA |
google — chrome |
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-30633 MISC MISC FEDORA |
google — chrome |
Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-30626 MISC MISC FEDORA |
google — chrome |
Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-30625 MISC MISC FEDORA |
google — chrome |
Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-30627 MISC MISC FEDORA |
google — chrome |
Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-30628 MISC MISC FEDORA |
google — chrome |
Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-30629 MISC MISC FEDORA |
google — chrome |
Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-30630 MISC MISC FEDORA |
google — chrome |
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-10-08 | not yet calculated | CVE-2021-30632 MISC MISC FEDORA |
google — slo_generator |
SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173 | 2021-10-04 | not yet calculated | CVE-2021-22557 CONFIRM MISC |
hashicorp — nomad_and_nomad_enterprise | HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6. | 2021-10-07 | not yet calculated | CVE-2021-41865 MISC |
hashicorp — vault_and_vault_enterprise |
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4. | 2021-10-08 | not yet calculated | CVE-2021-41802 MISC |
hongcms — hongcms |
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. | 2021-10-04 | not yet calculated | CVE-2020-21431 MISC |
hygeia — hygeia |
Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports (Statistics & BAG MED) contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get executed upon ingestion of the exported file. There is no validation or sanitization of these formula fields and so malicious may construct malicious code. This vulnerability has been resolved in version 1.30.4. There are no workarounds and all users are advised to upgrade their package. | 2021-10-06 | not yet calculated | CVE-2021-41128 MISC MISC MISC CONFIRM MISC |
ibm — app_connect_enterprise_certified_container |
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630. | 2021-10-08 | not yet calculated | CVE-2021-29906 CONFIRM XF |
ibm — sterling_b2b_integrator |
IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246. | 2021-10-07 | not yet calculated | CVE-2021-20571 XF CONFIRM |
ibm — sterling_b2b_integrator_standard_edition |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656. | 2021-10-07 | not yet calculated | CVE-2021-29700 CONFIRM XF |
ibm — sterling_b2b_integrator_standard_edition |
IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171. | 2021-10-06 | not yet calculated | CVE-2021-38925 CONFIRM XF |
ibm — sterling_b2b_integrator_standard_edition |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734. | 2021-10-06 | not yet calculated | CVE-2021-29798 CONFIRM XF |
ibm — sterling_b2b_integrator_standard_edition |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204912. | 2021-10-06 | not yet calculated | CVE-2021-29836 CONFIRM XF |
ibm — sterling_b2b_integrator_standard_edition |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913. | 2021-10-06 | not yet calculated | CVE-2021-29837 XF CONFIRM |
ibm — sterling_b2b_integrator_standard_edition |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205684. | 2021-10-06 | not yet calculated | CVE-2021-29855 XF CONFIRM |
ibm — sterling_b2b_integrator_standard_edition |
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506. | 2021-10-06 | not yet calculated | CVE-2021-29903 CONFIRM XF |
ibm — sterling_file_gateway |
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567. | 2021-10-07 | not yet calculated | CVE-2021-20375 CONFIRM XF |
ibm — sterling_file_gateway |
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090. | 2021-10-08 | not yet calculated | CVE-2020-4654 CONFIRM XF |
ibm — sterling_file_gateway |
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user’s service due to insufficient permission checking. IBM X-Force ID: 195518. | 2021-10-07 | not yet calculated | CVE-2021-20372 XF CONFIRM |
ibm — sterling_file_gateway |
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170. | 2021-10-07 | not yet calculated | CVE-2021-20552 CONFIRM XF |
ibm — sterling_file_gateway |
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568. | 2021-10-07 | not yet calculated | CVE-2021-20376 CONFIRM XF |
ibm — sterling_file_gateway |
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503. | 2021-10-07 | not yet calculated | CVE-2021-20481 CONFIRM XF |
ibm — sterling_file_gateway |
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790. | 2021-10-07 | not yet calculated | CVE-2021-20489 XF CONFIRM |
ibm — sterling_file_gateway |
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230. | 2021-10-07 | not yet calculated | CVE-2021-20561 XF CONFIRM |
ibm — sterling_file_gateway |
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397. | 2021-10-07 | not yet calculated | CVE-2021-20584 CONFIRM XF |
ibm — sterling_file_gateway |
IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944. | 2021-10-07 | not yet calculated | CVE-2021-20473 CONFIRM XF |
ibm — ts7700_management_interface |
The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747. | 2021-10-06 | not yet calculated | CVE-2021-29908 CONFIRM XF |
icehrm — icehrm |
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser. | 2021-10-04 | not yet calculated | CVE-2021-38823 MISC |
integria_ims — integria_ims | Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS). | 2021-10-07 | not yet calculated | CVE-2021-3834 CONFIRM CONFIRM |
integria_ims — integria_ims |
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability. | 2021-10-07 | not yet calculated | CVE-2021-3832 CONFIRM CONFIRM |
integria_ims — integria_ims |
Integria IMS login check uses a loose comparator (“==”) to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords. | 2021-10-07 | not yet calculated | CVE-2021-3833 CONFIRM CONFIRM |
intelliants — subrion_cms |
A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode. | 2021-10-08 | not yet calculated | CVE-2021-41947 MISC |
jeecms — jeecms |
JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2021-10-07 | not yet calculated | CVE-2020-21729 MISC |
jenkins — git_plugin |
Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. | 2021-10-06 | not yet calculated | CVE-2021-21684 CONFIRM MLIST |
jenkins — jenkins |
Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows. | 2021-10-06 | not yet calculated | CVE-2021-21682 CONFIRM MLIST |
jenkins — jenkins |
The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files. | 2021-10-06 | not yet calculated | CVE-2021-21683 CONFIRM MLIST |
lancom — lcos |
In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. (However, changing the password of the root user via LANconfig does change the password of the root user for SNMPv3 access.) | 2021-10-07 | not yet calculated | CVE-2021-33903 MISC |
laravel — booking_system_booking_core |
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser. | 2021-10-04 | not yet calculated | CVE-2021-37333 MISC |
laravel — booking_system_booking_core |
Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar, an XSS will trigger. | 2021-10-04 | not yet calculated | CVE-2021-37330 MISC |
laravel — booking_system_booking_core |
Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL. | 2021-10-04 | not yet calculated | CVE-2021-37331 MISC |
lcds_laquis_scada — lcds_laquis_scada |
LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution. | 2021-10-04 | not yet calculated | CVE-2021-41579 MISC |
liftoff — gate_one |
An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list. | 2021-10-06 | not yet calculated | CVE-2020-19003 MISC |
lightning_network — blockstream_c-lightning |
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. | 2021-10-04 | not yet calculated | CVE-2021-41592 MISC MISC MISC MISC MISC |
lightning_network — lightning_labs |
Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure. | 2021-10-04 | not yet calculated | CVE-2021-41593 MISC MISC MISC MISC MISC MISC |
limesurvey — limesurvey |
The “File upload question” functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. | 2021-10-08 | not yet calculated | CVE-2021-42112 MISC MISC |
linux — linux_kernel |
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. | 2021-10-05 | not yet calculated | CVE-2021-42008 MISC MISC MISC |
maian_cart — maian_cart |
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin. | 2021-10-07 | not yet calculated | CVE-2021-32172 MISC MISC MISC MISC |
mediawiki — mediawiki |
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query. | 2021-10-06 | not yet calculated | CVE-2021-42043 MISC MISC |
mediawiki — mediawiki |
An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript. | 2021-10-06 | not yet calculated | CVE-2021-42042 MISC MISC |
mediawiki — mediawiki |
An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log. | 2021-10-06 | not yet calculated | CVE-2021-42041 MISC MISC |
mediawiki — mediawiki |
An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion. | 2021-10-06 | not yet calculated | CVE-2021-42040 MISC MISC |
mediawiki — mediawiki |
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings[‘functionalRichness’] = 0;` or disable DynamicPageList3 to mitigate. | 2021-10-04 | not yet calculated | CVE-2021-41118 MISC MISC CONFIRM |
mediawiki — mediawiki |
An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript. | 2021-10-06 | not yet calculated | CVE-2021-42044 MISC MISC |
meross — msg100_devices |
Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message). | 2021-10-07 | not yet calculated | CVE-2021-35067 MISC MISC |
mitsubishi_electric — got_and_tension_controller |
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets. | 2021-10-07 | not yet calculated | CVE-2021-20605 MISC MISC |
mitsubishi_electric — got_and_tension_controller |
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets. | 2021-10-07 | not yet calculated | CVE-2021-20604 MISC MISC |
mitsubishi_electric — got_and_tension_controller |
Improper Handling of Exceptional Conditions vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets. | 2021-10-07 | not yet calculated | CVE-2021-20602 MISC MISC |
mitsubishi_electric — got_and_tension_controller |
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets. | 2021-10-07 | not yet calculated | CVE-2021-20603 MISC MISC |
mitsubishi_electric — melsec_iq-r_series_c_controller_module_r12ccpu-v |
Uncontrolled resource consumption in MELSEC iQ-R series C Controller Module R12CCPU-V all versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up. | 2021-10-08 | not yet calculated | CVE-2021-20600 MISC MISC MISC |
mkdocs — mkdocs |
** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1. | 2021-10-07 | not yet calculated | CVE-2021-40978 MISC MISC MISC MISC |
moby — moby |
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers. | 2021-10-04 | not yet calculated | CVE-2021-41091 MISC CONFIRM |
myscada_mydesigner_8.20.0 — myscada_mydesigner_8.20.0 |
mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This would typically lead to code execution. | 2021-10-04 | not yet calculated | CVE-2021-41578 MISC |
myucms — myucms |
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method. | 2021-10-06 | not yet calculated | CVE-2020-21650 MISC |
myucms — myucms |
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method. | 2021-10-06 | not yet calculated | CVE-2020-21651 MISC |
myucms — myucms |
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method. | 2021-10-06 | not yet calculated | CVE-2020-21652 MISC |
myucms — myucms |
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sj() method. | 2021-10-06 | not yet calculated | CVE-2020-21653 MISC |
myucms — myucms |
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method. | 2021-10-06 | not yet calculated | CVE-2020-21649 MISC |
nagios_enterprises — nagiosxi | Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files. | 2021-10-05 | not yet calculated | CVE-2021-37223 MISC MISC |
netsarang — xshell |
Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. | 2021-10-07 | not yet calculated | CVE-2021-42095 MISC |
node.js — node.js |
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | 2021-10-07 | not yet calculated | CVE-2021-22930 MISC MISC |
october — october_cms |
October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the october/october package. There are no workarounds for this issue and all users should update. | 2021-10-06 | not yet calculated | CVE-2021-41126 CONFIRM MISC |
octopus — server |
When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. | 2021-10-07 | not yet calculated | CVE-2021-26556 MISC |
octopus — tentacle |
When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. | 2021-10-07 | not yet calculated | CVE-2021-26557 MISC |
onionshare — onionshare |
An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the –chat feature. | 2021-10-04 | not yet calculated | CVE-2021-41867 MISC MISC |
onionshare — onionshare |
OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the –receive functionality. | 2021-10-04 | not yet calculated | CVE-2021-41868 MISC MISC |
open5gs — open5gs |
ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with “internet” as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, ‘i’ gets interpreted as 105 bytes to copy from the source buffer to the destination buffer. | 2021-10-07 | not yet calculated | CVE-2021-41794 MISC |
opensns — opensns |
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter. | 2021-10-07 | not yet calculated | CVE-2020-21726 MISC |
opensns — opensns |
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter. | 2021-10-07 | not yet calculated | CVE-2020-21725 MISC |
ping_identity — pingfederate |
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. | 2021-10-07 | not yet calculated | CVE-2021-41770 MISC MISC |
polycom — poly_vvx_400/410 |
Poly VVX 400/410 through 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process. | 2021-10-04 | not yet calculated | CVE-2021-41322 MISC MISC |
postgressql — postgressql |
A flaw was found in postgresql. Using an UPDATE … RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. | 2021-10-08 | not yet calculated | CVE-2021-32029 MISC MISC |
pterodactyl — pterodactyl |
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user must target an account with two-factor authentication enabled, and then must provide a correct two-factor authentication token before being authenticated as that user. Due to a validation flaw in the logic handling user authentication during the two-factor authentication process a malicious user can trick the system into loading credentials for an arbitrary user by modifying the token sent to the server. This authentication flaw is present in the `LoginCheckpointController@__invoke` method which handles two-factor authentication for a user. This controller looks for a request input parameter called `confirmation_token` which is expected to be a 64 character random alpha-numeric string that references a value within the Panel’s cache containing a `user_id` value. This value is then used to fetch the user that attempted to login, and lookup their two-factor authentication token. Due to the design of this system, any element in the cache that contains only digits could be referenced by a malicious user, and whatever value is stored at that position would be used as the `user_id`. There are a few different areas of the Panel that store values into the cache that are integers, and a user who determines what those cache keys are could pass one of those keys which would cause this code pathway to reference an arbitrary user. At its heart this is a high-risk login bypass vulnerability. However, there are a few additional conditions that must be met in order for this to be successfully executed, notably: 1.) The account referenced by the malicious cache key must have two-factor authentication enabled. An account without two-factor authentication would cause an exception to be triggered by the authentication logic, thusly exiting this authentication flow. 2.) Even if the malicious user is able to reference a valid cache key that references a valid user account with two-factor authentication, they must provide a valid two-factor authentication token. However, due to the design of this endpoint once a valid user account is found with two-factor authentication enabled there is no rate-limiting present, thusly allowing an attacker to brute force combinations until successful. This leads to a third condition that must be met: 3.) For the duration of this attack sequence the cache key being referenced must continue to exist with a valid `user_id` value. Depending on the specific key being used for this attack, this value may disappear quickly, or be changed by other random user interactions on the Panel, outside the control of the attacker. In order to mitigate this vulnerability the underlying authentication logic was changed to use an encrypted session store that the user is therefore unable to control the value of. This completely removed the use of a user-controlled value being used. In addition, the code was audited to ensure this type of vulnerability is not present elsewhere. | 2021-10-06 | not yet calculated | CVE-2021-41129 MISC MISC MISC CONFIRM |
raymart_dg/ahmed_helal_hotel-mgmt-system — raymart_dg/ahmed_helal_hotel-mgmt-system |
A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php. | 2021-10-04 | not yet calculated | CVE-2021-41651 MISC MISC |
red_hat — openjdk-1.8_and_openjdk-11_containers |
An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | 2021-10-06 | not yet calculated | CVE-2021-20264 MISC |
redis — redis | Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. | 2021-10-04 | not yet calculated | CVE-2021-32687 CONFIRM MISC |
redis — redis |
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. | 2021-10-04 | not yet calculated | CVE-2021-32628 MISC CONFIRM |
redis — redis |
Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates. | 2021-10-04 | not yet calculated | CVE-2021-32675 MISC CONFIRM |
redis — redis |
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. | 2021-10-04 | not yet calculated | CVE-2021-32762 CONFIRM MISC |
redis — redis |
Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. | 2021-10-04 | not yet calculated | CVE-2021-32627 MISC CONFIRM |
redis — redis |
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. | 2021-10-04 | not yet calculated | CVE-2021-41099 MISC CONFIRM |
redis — redis |
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. | 2021-10-04 | not yet calculated | CVE-2021-32626 MISC CONFIRM |
samsung — bluetoothsettingsprovider |
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information. | 2021-10-06 | not yet calculated | CVE-2021-25472 MISC |
samsung — cmfa_framework |
SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information. | 2021-10-06 | not yet calculated | CVE-2021-25482 MISC |
samsung — dsp_kernel_driver |
A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. | 2021-10-06 | not yet calculated | CVE-2021-25475 MISC |
samsung — exynos_cp_booting_drive |
An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory. | 2021-10-06 | not yet calculated | CVE-2021-25481 MISC |
samsung — exynos_cp_chipset |
A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. | 2021-10-06 | not yet calculated | CVE-2021-25479 MISC |
samsung — exynos_cp_chipset |
A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. | 2021-10-06 | not yet calculated | CVE-2021-25478 MISC |
samsung — factoryaircommandmanager |
Path traversal vulnerability in FactoryAirCommandManager prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket. | 2021-10-06 | not yet calculated | CVE-2021-25485 MISC |
samsung — inputmanagerservice |
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event. | 2021-10-06 | not yet calculated | CVE-2021-25484 MISC |
samsung — ipcdump |
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log. | 2021-10-06 | not yet calculated | CVE-2021-25486 MISC |
samsung — keymaster |
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process. | 2021-10-06 | not yet calculated | CVE-2021-25490 MISC |
samsung — livfivextractor_library |
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read. | 2021-10-06 | not yet calculated | CVE-2021-25483 MISC |
samsung — mediatek_rrc_protocol |
An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service. | 2021-10-06 | not yet calculated | CVE-2021-25477 MISC |
samsung — mfc_driver |
A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference. | 2021-10-06 | not yet calculated | CVE-2021-25491 MISC |
samsung — modem_interface_driver |
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read. | 2021-10-06 | not yet calculated | CVE-2021-25488 MISC |
samsung — modem_interface_driver |
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. | 2021-10-06 | not yet calculated | CVE-2021-25489 MISC |
samsung — modem_interface_driver |
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer. | 2021-10-06 | not yet calculated | CVE-2021-25487 MISC |
samsung — notes |
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read. | 2021-10-06 | not yet calculated | CVE-2021-25492 MISC |
samsung — notes |
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read | 2021-10-06 | not yet calculated | CVE-2021-25493 MISC |
samsung — notes |
A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. | 2021-10-06 | not yet calculated | CVE-2021-25494 MISC |
samsung — notes |
A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. | 2021-10-06 | not yet calculated | CVE-2021-25495 MISC |
samsung — notes |
A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. | 2021-10-06 | not yet calculated | CVE-2021-25496 MISC |
samsung — notes |
A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. | 2021-10-06 | not yet calculated | CVE-2021-25497 MISC |
samsung — notes |
A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. | 2021-10-06 | not yet calculated | CVE-2021-25498 MISC |
samsung — qualcomm_modem |
A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection. | 2021-10-06 | not yet calculated | CVE-2021-25480 MISC |
samsung — samsungaccountsdksigninactivity_of_galaxy_store |
Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store. | 2021-10-06 | not yet calculated | CVE-2021-25499 MISC |
samsung — security_mode_command |
A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion. | 2021-10-06 | not yet calculated | CVE-2021-25471 MISC |
samsung — systemui |
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset. | 2021-10-06 | not yet calculated | CVE-2021-25473 MISC |
samsung — systemui |
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset. | 2021-10-06 | not yet calculated | CVE-2021-25474 MISC |
samsung — teegris_secure_os |
An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE. | 2021-10-06 | not yet calculated | CVE-2021-25470 MISC |
samsung — vision_dsp_kernel_driver |
Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library. | 2021-10-06 | not yet calculated | CVE-2021-25467 MISC |
samsung — widevine_ta |
An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE. | 2021-10-06 | not yet calculated | CVE-2021-25476 MISC |
samsung — widevine_trustlet |
A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address. | 2021-10-06 | not yet calculated | CVE-2021-25468 MISC |
samsung — widevine_trustlet |
A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution. | 2021-10-06 | not yet calculated | CVE-2021-25469 MISC |
scrapy — scrapy |
Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`, or as requests reached through redirects. Upgrade to Scrapy 2.5.1 and use the new `http_auth_domain` spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.5.1 is not an option, you may upgrade to Scrapy 1.8.1 instead. If you cannot upgrade, set your HTTP authentication credentials on a per-request basis, using for example the `w3lib.http.basic_auth_header` function to convert your credentials into a value that you can assign to the `Authorization` header of your request, instead of defining your credentials globally using `HttpAuthMiddleware`. | 2021-10-06 | not yet calculated | CVE-2021-41125 MISC MISC CONFIRM MISC |
scrapy-splash — scrapy-splash |
Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth) (i.e. the `http_user` and `http_pass` spider attributes) for Splash authentication will have any non-Splash request expose your credentials to the request target. This includes `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`. Upgrade to scrapy-splash 0.8.0 and use the new `SPLASH_USER` and `SPLASH_PASS` settings instead to set your Splash authentication credentials safely. If you cannot upgrade, set your Splash request credentials on a per-request basis, [using the `splash_headers` request parameter](https://github.com/scrapy-plugins/scrapy-splash/tree/0.8.x#http-basic-auth), instead of defining them globally using the [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth). Alternatively, make sure all your requests go through Splash. That includes disabling the [robots.txt middleware](https://docs.scrapy.org/en/latest/topics/downloader-middleware.html#topics-dlmw-robots). | 2021-10-05 | not yet calculated | CVE-2021-41124 MISC CONFIRM |
silverstripe — silverstripe |
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass. | 2021-10-07 | not yet calculated | CVE-2021-28661 MISC MISC |
silverstripe — silverstripe_framework |
SilverStripe Framework through 4.8.1 allows XSS. | 2021-10-07 | not yet calculated | CVE-2021-36150 MISC MISC |
sophos — hitmanpro |
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318. | 2021-10-08 | not yet calculated | CVE-2021-25271 CONFIRM |
sophos — hitmanpro.alert |
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. | 2021-10-08 | not yet calculated | CVE-2021-25270 CONFIRM |
suitecrm — suitecrm |
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality. | 2021-10-04 | not yet calculated | CVE-2021-41596 CONFIRM CONFIRM MISC MISC MISC |
suitecrm — suitecrm |
SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. | 2021-10-04 | not yet calculated | CVE-2021-41869 MISC MISC MISC MISC MISC |
suitecrm — suitecrm |
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality. | 2021-10-04 | not yet calculated | CVE-2021-41595 MISC CONFIRM CONFIRM MISC |
sylius — sylius/paypalplugin |
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id (/pay-with-paypal/{id}) and therefore it was easy to predict. The problem is that the Credit card form has prefilled “credit card holder” field with the Customer’s first and last name and hence this can lead to personally identifiable information exposure. Additionally, the mentioned form did not require authentication. The problem has been patched in Sylius/PayPalPlugin 1.2.4 and 1.3.1. If users are unable to update they can override a sylius_paypal_plugin_pay_with_paypal_form route and change its URL parameters to (for example) {orderToken}/{paymentId}, then override the Sylius\PayPalPlugin\Controller\PayWithPayPalFormAction service, to operate on the payment taken from the repository by these 2 values. It would also require usage of custom repository method. Additionally, one could override the @SyliusPayPalPlugin/payWithPaypal.html.twig template, to add contingencies: [‘SCA_ALWAYS’] line in hostedFields.submit(…) function call (line 421). It would then have to be handled in the function callback. | 2021-10-05 | not yet calculated | CVE-2021-41120 MISC MISC CONFIRM |
tad_book3 — tad_book3 |
Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks. | 2021-10-08 | not yet calculated | CVE-2021-41563 MISC |
tad_book3 — tad_book3 |
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission. | 2021-10-08 | not yet calculated | CVE-2021-41974 MISC |
tad_honor — tad_honor |
Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in. | 2021-10-08 | not yet calculated | CVE-2021-41564 MISC |
tad_uploader — tad_uploader |
The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks. | 2021-10-08 | not yet calculated | CVE-2021-41567 MISC |
tad_uploader — tad_uploader |
Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in. | 2021-10-08 | not yet calculated | CVE-2021-41976 MISC |
tad_web — tad_web |
Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system. | 2021-10-08 | not yet calculated | CVE-2021-41568 MISC |
tadtools — tadtools |
TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks. | 2021-10-08 | not yet calculated | CVE-2021-41565 MISC |
tadtools — tadtools |
The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in. | 2021-10-08 | not yet calculated | CVE-2021-41566 MISC |
tadtools — tadtools |
TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in. | 2021-10-08 | not yet calculated | CVE-2021-41975 MISC |
teddy — teddy |
This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string). | 2021-10-07 | not yet calculated | CVE-2021-23447 MISC MISC MISC |
thinkphp50-cms — thinkphp50-cms |
ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha. | 2021-10-07 | not yet calculated | CVE-2020-21865 MISC |
tracker — ardour |
Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext. | 2021-10-08 | not yet calculated | CVE-2020-22617 MISC MISC |
trend_micro — multiple_products |
An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2021-10-06 | not yet calculated | CVE-2021-3848 MISC |
verint — workforce_optimization |
Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter. | 2021-10-08 | not yet calculated | CVE-2021-41825 MISC MISC |
visual_tools — dvr_vx16 |
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py Uaer-Agent HTTP header. | 2021-10-07 | not yet calculated | CVE-2021-42071 MISC MISC |
vitec — exterity_iptv_products |
VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root. | 2021-10-08 | not yet calculated | CVE-2021-42109 MISC MISC |
vyperlang — vyper |
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0. | 2021-10-05 | not yet calculated | CVE-2021-41122 CONFIRM MISC |
vyperlang — vyper |
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0. | 2021-10-06 | not yet calculated | CVE-2021-41121 CONFIRM MISC |
waimai — waimai_super_cms |
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add. | 2021-10-05 | not yet calculated | CVE-2020-21506 MISC |
waimai — waimai_super_cms |
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?&m=Public&a=login. | 2021-10-05 | not yet calculated | CVE-2020-21504 MISC |
waimai — waimai_super_cms |
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave. | 2021-10-05 | not yet calculated | CVE-2020-21505 MISC |
waimai — waimai_super_cms |
waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free. | 2021-10-05 | not yet calculated | CVE-2020-21503 MISC |
wdja — wdja |
WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php. | 2021-10-06 | not yet calculated | CVE-2020-21648 MISC |
wdja — wdja |
A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL. | 2021-10-06 | not yet calculated | CVE-2020-21658 MISC |
webtareas — webtareas |
webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the application because it is related on how each URL is echoed back on every response page. | 2021-10-08 | not yet calculated | CVE-2021-41918 MISC |
webtareas — webtareas |
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application. | 2021-10-08 | not yet calculated | CVE-2021-41920 MISC |
webtareas — webtareas |
webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers. | 2021-10-08 | not yet calculated | CVE-2021-41919 MISC |
webtareas — webtareas |
A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim’s knowledge, by enticing an authenticated admin user to visit an attacker’s web page. | 2021-10-08 | not yet calculated | CVE-2021-41916 MISC |
webtareas — webtareas |
webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter. | 2021-10-08 | not yet calculated | CVE-2021-41917 MISC |
wire — wire |
Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentication cookie. See wire-ios-sync-engine and wire-ios-transport references. This is the root advisory that pulls the changes together. | 2021-10-04 | not yet calculated | CVE-2021-41093 MISC MISC MISC MISC CONFIRM |
wire — wire |
Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, however it will fail silently if no device passcode is set. The user has no indication that encryption at rest is not active since the feature is hidden to them. This issue has been resolved in version 3.70 | 2021-10-04 | not yet calculated | CVE-2021-41094 MISC CONFIRM |
wire-server — wire-server |
Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as means of authentication by the client for less critical requests to the backend, the ability to change the email address with a short-lived token constitutes a privilege escalation attack. Since the attacker can change the password after setting the email address to one that they control, changing the email address can result in an account takeover by the attacker. Short-lived tokens can be requested from the backend by Wire clients using the long lived tokens, after which the long lived tokens can be stored securely, for example on the devices key chain. The short lived tokens can then be used to authenticate the client towards the backend for frequently performed actions such as sending and receiving messages. While short-lived tokens should not be available to an attacker per-se, they are used more often and in the shape of an HTTP header, increasing the risk of exposure to an attacker relative to the long-lived tokens, which are stored and transmitted in cookies. If you are running an on-prem instance and provision all users with SCIM, you are not affected by this issue (changing email is blocked for SCIM users). SAML single-sign-on is unaffected by this issue, and behaves identically before and after this update. The reason is that the email address used as SAML NameID is stored in a different location in the databse from the one used to contact the user outside wire. Version 2021-08-16 and later provide a new end-point that requires both the long-lived client cookie and `Authorization` header. The old end-point has been removed. If you are running an on-prem instance with at least some of the users invited or provisioned via SAML SSO and you cannot update then you can block `/self/email` on nginz (or in any other proxies or firewalls you may have set up). You don’t need to discriminate by verb: `/self/email` only accepts `PUT` and `DELETE`, and `DELETE` is almost never used. | 2021-10-04 | not yet calculated | CVE-2021-41100 CONFIRM |
wordpress — wordpress | The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 – 7.5.2.727. | 2021-10-06 | not yet calculated | CVE-2021-39350 MISC MISC |
wordpress — wordpress | The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows attackers to exfiltrate sensitive information from vulnerable sites. This issue affects versions 2.0.0 – 4.0.2. | 2021-10-06 | not yet calculated | CVE-2021-39351 MISC MISC |
wordpress — wordpress |
The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases with their payment accounts. This affects versions 3.0.0 – 3.3.9. | 2021-10-04 | not yet calculated | CVE-2021-39347 MISC MISC |
xen — certain_pci_devices |
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, “RMRR”). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption. | 2021-10-06 | not yet calculated | CVE-2021-28702 MISC MLIST |
xiuno — xiuno_bbs |
A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0. | 2021-10-04 | not yet calculated | CVE-2020-21494 MISC MISC |
xiuno — xiuno_bbs |
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter. | 2021-10-04 | not yet calculated | CVE-2020-21495 MISC MISC |
xiuno — xiuno_bbs |
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter. | 2021-10-04 | not yet calculated | CVE-2020-21496 MISC MISC |
xiuno — xiuno_bbs |
An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames. | 2021-10-04 | not yet calculated | CVE-2020-21493 MISC MISC |
xyhcms — xyhcms |
XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index. | 2021-10-06 | not yet calculated | CVE-2020-21656 MISC |
zammad — zammad | An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket. | 2021-10-07 | not yet calculated | CVE-2021-42092 MISC |
zammad — zammad | An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration. | 2021-10-07 | not yet calculated | CVE-2021-42091 MISC |
zammad — zammad | An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled. | 2021-10-07 | not yet calculated | CVE-2021-42090 MISC |
zammad — zammad | An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information. | 2021-10-07 | not yet calculated | CVE-2021-42089 MISC |
zammad — zammad | An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled. | 2021-10-07 | not yet calculated | CVE-2021-42088 MISC |
zammad — zammad | An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API. | 2021-10-07 | not yet calculated | CVE-2021-42087 MISC |
zammad — zammad | An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request. | 2021-10-07 | not yet calculated | CVE-2021-42086 MISC |
zammad — zammad | An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar. | 2021-10-07 | not yet calculated | CVE-2021-42085 MISC |
zammad — zammad | An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service. | 2021-10-07 | not yet calculated | CVE-2021-42084 MISC |
zammad — zammad |
An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers. | 2021-10-07 | not yet calculated | CVE-2021-42093 MISC |
zammad — zammad |
An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages. | 2021-10-07 | not yet calculated | CVE-2021-42094 MISC |
zehpyr_project-rtos — zephyr |
Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5 | 2021-10-05 | not yet calculated | CVE-2021-3581 MISC |
zehpyr_project-rtos — zephyr_json_decoder |
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 | 2021-10-05 | not yet calculated | CVE-2021-3510 MISC |
zephyrproject-rtos — zephyr |
Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363 | 2021-10-05 | not yet calculated | CVE-2021-3625 MISC |
zephyrproject-rtos — zephyr |
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63 | 2021-10-05 | not yet calculated | CVE-2021-3436 MISC |
zephyrproject-rtos — zephyr |
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364 | 2021-10-05 | not yet calculated | CVE-2021-3319 MISC |
zoho — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | 2021-10-07 | not yet calculated | CVE-2021-37930 MISC MISC |
zoho — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | 2021-10-07 | not yet calculated | CVE-2021-37931 MISC MISC |
zoho — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | 2021-10-07 | not yet calculated | CVE-2021-37921 MISC MISC |
zoho — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another. | 2021-10-07 | not yet calculated | CVE-2021-37922 MISC MISC |
zoho — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | 2021-10-07 | not yet calculated | CVE-2021-37923 MISC MISC |
zoho — manageengine_admanager_plus |
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | 2021-10-07 | not yet calculated | CVE-2021-37918 MISC MISC |
zoho — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | 2021-10-07 | not yet calculated | CVE-2021-37924 MISC MISC |
zoho — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | 2021-10-07 | not yet calculated | CVE-2021-37926 MISC MISC |
zoho — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | 2021-10-07 | not yet calculated | CVE-2021-37928 MISC MISC |
zoho — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | 2021-10-07 | not yet calculated | CVE-2021-37929 MISC MISC |
zoho — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | 2021-10-07 | not yet calculated | CVE-2021-37920 MISC MISC |
zoho — manageengine_admanager_plus |
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. | 2021-10-07 | not yet calculated | CVE-2021-38298 CONFIRM |
zoho — manageengine_admanager_plus |
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. | 2021-10-07 | not yet calculated | CVE-2021-37919 MISC MISC |
zoho — manageengine_admanager_plus |
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution. | 2021-10-07 | not yet calculated | CVE-2021-37762 MISC MISC |
zoho — zoho |
A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application’s users and not the application itself while using your application as the attack’s vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4. | 2021-10-05 | not yet calculated | CVE-2021-33849 MISC MISC |
zulip — zulip |
Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure “linkifiers” that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organization administrators could subject the server to a denial-of-service via regular expression complexity attacks; most simply, by configuring a quadratic-time regular expression in a linkifier, and sending messages that exploited it. A regular expression attempted to parse the user-provided regexes to verify that they were safe from ReDoS — this was both insufficient, as well as _itself_ subject to ReDoS if the organization administrator entered a sufficiently complex invalid regex. Affected users should [upgrade to the just-released Zulip 4.7](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-to-a-release), or [`main`](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository). | 2021-10-07 | not yet calculated | CVE-2021-41115 CONFIRM MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.