US-CERT Bulletin (SB21-256):Vulnerability Summary for the Week of September 6, 2021
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adaptivescale — lxdui | A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system. | 2021-09-03 | 10 | CVE-2021-40494 MISC |
arubanetworks — arubaos | A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability. | 2021-09-07 | 9 | CVE-2021-37724 MISC |
arubanetworks — arubaos | A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability. | 2021-09-07 | 9 | CVE-2021-37723 MISC |
arubanetworks — sd-wan | A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | 2021-09-07 | 9 | CVE-2021-37718 MISC |
arubanetworks — sd-wan | A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | 2021-09-07 | 7.5 | CVE-2021-37716 MISC |
arubanetworks — sd-wan | A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | 2021-09-07 | 9 | CVE-2021-37717 MISC |
arubanetworks — sd-wan | A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | 2021-09-07 | 9 | CVE-2021-37722 MISC |
arubanetworks — sd-wan | A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | 2021-09-07 | 9 | CVE-2021-37721 MISC |
arubanetworks — sd-wan | A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | 2021-09-07 | 9 | CVE-2021-37720 MISC |
arubanetworks — sd-wan | A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | 2021-09-07 | 9 | CVE-2021-37719 MISC |
bluecms_project — bluecms | BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php. | 2021-09-08 | 7.5 | CVE-2020-19853 MISC |
espressif — esp-idf | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload. | 2021-09-07 | 8.3 | CVE-2021-28139 MISC MISC MISC MISC |
moxa — wac-2004_firmware | Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3. | 2021-09-07 | 9 | CVE-2021-39279 MISC MISC |
simple_water_refilling_station_management_system_project — simple_water_refilling_station_management_system | SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter. | 2021-09-07 | 7.5 | CVE-2021-38840 MISC MISC MISC MISC |
sketch — sketch | Sketch before 75 mishandles external library feeds. | 2021-09-06 | 7.5 | CVE-2021-40531 MISC |
telegram — web_k_alpha | Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension. | 2021-09-06 | 7.5 | CVE-2021-40532 MISC |
ulfius_project — ulfius | ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info initialization and a con_info->request NULL check for certain malformed HTTP requests. | 2021-09-07 | 7.5 | CVE-2021-40540 MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alipay_project — alipay | A proid GET parameter of the WordPress支付å®?Alipay|财付通Tenpay|è´?å®?PayPal集æˆ?æ?’件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection. | 2021-09-06 | 6.5 | CVE-2021-24390 MISC MISC |
arubanetworks — arubaos | A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability. | 2021-09-07 | 5.5 | CVE-2021-37728 MISC |
arubanetworks — arubaos | A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | 2021-09-07 | 5.5 | CVE-2021-37729 MISC |
arubanetworks — sd-wan | A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | 2021-09-07 | 5.8 | CVE-2021-37725 MISC |
cashtomer_project — cashtomer | An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 2021-09-06 | 6.5 | CVE-2021-24391 MISC MISC |
cliniccases — cliniccases | Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. | 2021-09-07 | 4.3 | CVE-2021-38704 MISC MISC |
cliniccases — cliniccases | messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter. | 2021-09-07 | 6.5 | CVE-2021-38706 MISC MISC |
cliniccases — cliniccases | ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to create a secondary administrator account for the attacker. | 2021-09-07 | 6.8 | CVE-2021-38705 MISC MISC |
comment_highlighter_project — comment_highlighter | A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 2021-09-06 | 6.5 | CVE-2021-24393 MISC MISC |
contiki-os — contiki | In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and WILL commands because of improper handling of exception condition, which leads to property violations and denial of service. Specifically, a server sometimes sends no response, because a fixed buffer space is available for all responses and that space may have been exhausted. | 2021-09-05 | 5 | CVE-2021-40523 MISC |
cozyvision — sms_alert_order_notifications | The SMS Alert Order Notifications WordPress plugin before 3.4.7 is affected by a cross site scripting (XSS) vulnerability in the plugin’s setting page. | 2021-09-06 | 4.3 | CVE-2021-24588 MISC |
easy_testimonial_manager_project — easy_testimonial_manager | An id GET parameter of the Easy Testimonial Manager WordPress plugin through 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection | 2021-09-06 | 6.5 | CVE-2021-24394 MISC MISC |
eyoucms — eyoucms | EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function. | 2021-09-07 | 5.8 | CVE-2021-39501 MISC MISC |
eyoucms — eyoucms | A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function. | 2021-09-07 | 4.3 | CVE-2021-39499 MISC MISC |
f-secure — atlant | A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. | 2021-09-07 | 4.3 | CVE-2021-33599 MISC MISC |
file-upload-with-preview_project — file-upload-with-preview | This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file). | 2021-09-05 | 4.3 | CVE-2021-23439 CONFIRM CONFIRM CONFIRM |
fortinet — fortimanager | An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL. | 2021-09-06 | 6.5 | CVE-2021-24006 CONFIRM |
fortinet — fortisandbox | An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL. | 2021-09-06 | 4 | CVE-2020-15939 CONFIRM |
gambit — titan_framework | The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues | 2021-09-06 | 4.3 | CVE-2021-24435 MISC |
geekwebsolution — embed_youtube_video | The editid GET parameter of the Embed Youtube Video WordPress plugin through 1.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 2021-09-06 | 6.5 | CVE-2021-24395 MISC MISC |
ghost — ghost | Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability. This issue is patched in Ghost version 4.10.0. As a workaround, disable all non-Administrator accounts to prevent API access. It is highly recommended to regenerate all API keys after patching or applying the workaround. | 2021-09-03 | 6.5 | CVE-2021-39192 CONFIRM MISC |
gibbonedu — gibbon | A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php). | 2021-09-03 | 4.3 | CVE-2021-40492 MISC MISC |
gifsicle_project — gifsicle | The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference. | 2021-09-07 | 5 | CVE-2020-19752 MISC |
gnu — inetutils | The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl. | 2021-09-03 | 4.3 | CVE-2021-40491 MISC MISC MISC |
google — chrome | Heap buffer overflow in TabStrip in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 2021-09-03 | 6.8 | CVE-2021-30614 MISC MISC FEDORA |
google — chrome | Use after free in Permissions in Google Chrome prior to 93.0.4577.63 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2021-09-03 | 6.8 | CVE-2021-30607 MISC MISC FEDORA |
google — chrome | Use after free in Autofill in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-09-03 | 6.8 | CVE-2021-30624 MISC MISC FEDORA |
google — chrome | Use after free in Bookmarks in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 2021-09-03 | 6.8 | CVE-2021-30623 MISC MISC FEDORA |
google — chrome | Use after free in WebApp Installs in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 2021-09-03 | 6.8 | CVE-2021-30622 MISC MISC FEDORA |
google — chrome | Insufficient policy enforcement in Blink in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 2021-09-03 | 6.8 | CVE-2021-30620 MISC MISC FEDORA |
google — chrome | Inappropriate implementation in DevTools in Google Chrome prior to 93.0.4577.63 allowed a remote attacker who had convinced the user to use Chrome headless with remote debugging to execute arbitrary code via a crafted HTML page. | 2021-09-03 | 6.8 | CVE-2021-30618 MISC MISC FEDORA |
google — chrome | Use after free in Media in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-09-03 | 6.8 | CVE-2021-30616 MISC MISC FEDORA |
google — chrome | Use after free in WebRTC in Google Chrome on Linux, ChromeOS prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 2021-09-03 | 6.8 | CVE-2021-30612 MISC MISC FEDORA |
google — chrome | Use after free in Sign-In in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-09-03 | 6.8 | CVE-2021-30609 MISC MISC FEDORA |
google — chrome | Use after free in Blink in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to drag and drop a malicous folder to a page to potentially perform a sandbox escape via a crafted HTML page. | 2021-09-03 | 6.8 | CVE-2021-30606 MISC MISC FEDORA |
google — chrome | Use after free in Extensions API in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-09-03 | 6.8 | CVE-2021-30610 MISC MISC FEDORA |
google — chrome | Inappropriate implementation in Autofill in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to spoof security UI via a crafted HTML page. | 2021-09-03 | 4.3 | CVE-2021-30621 MISC MISC FEDORA |
google — chrome | Inappropriate implementation in Autofill in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to spoof security UI via a crafted HTML page. | 2021-09-03 | 4.3 | CVE-2021-30619 MISC MISC FEDORA |
google — chrome | Policy bypass in Blink in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to bypass site isolation via a crafted HTML page. | 2021-09-03 | 4.3 | CVE-2021-30617 MISC MISC FEDORA |
google — chrome | Inappropriate implementation in Navigation in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2021-09-03 | 4.3 | CVE-2021-30615 MISC MISC FEDORA |
google — chrome | Use after free in Base internals in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-09-03 | 6.8 | CVE-2021-30613 MISC MISC FEDORA |
google — chrome | Use after free in WebRTC in Google Chrome on Linux, ChromeOS prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 2021-09-03 | 6.8 | CVE-2021-30611 MISC MISC FEDORA |
google — chrome | Use after free in Web Share in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-09-03 | 6.8 | CVE-2021-30608 MISC MISC FEDORA |
gpac — gpac | An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read. | 2021-09-07 | 5 | CVE-2020-19750 MISC |
gpac — gpac | An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read. | 2021-09-07 | 6.4 | CVE-2020-19751 MISC |
jbl — tune500bt_firmware | The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data. | 2021-09-07 | 6.1 | CVE-2021-28155 MISC MISC |
jiangqie — official_website_mini_program | The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues | 2021-09-06 | 6.5 | CVE-2021-24303 MISC MISC |
linux — linux_kernel | A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. | 2021-09-03 | 4.4 | CVE-2021-40490 MISC |
moxa — wac-2004_firmware | Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3. | 2021-09-07 | 4.3 | CVE-2021-39278 MISC |
mrdoc — mrdoc | mrdoc is vulnerable to Deserialization of Untrusted Data | 2021-09-06 | 6.8 | CVE-2021-32568 MISC CONFIRM |
ntracker — ntracker_usb_enterprise | A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. | 2021-09-07 | 5 | CVE-2020-7819 MISC |
otrs — otrs | It’s possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. | 2021-09-06 | 5 | CVE-2021-36093 CONFIRM |
otrs — otrs | Malicious attacker is able to find out valid user logins by using the “lost password” feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions. | 2021-09-06 | 5 | CVE-2021-36095 CONFIRM |
parity — frontier | Frontier is Substrate’s Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in `pallet-ethereum` can cause invalid transactions to be included in the Ethereum block state in `pallet-ethereum` due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction will appear to have be included, but is of no effect as it is rejected by the EVM engine. The impact is further limited by Substrate extrinsic size constraints. A patch is available in commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26. There are no workarounds aside from applying the patch. | 2021-09-03 | 5 | CVE-2021-39193 MISC MISC CONFIRM MISC |
phpwcms — phpwcms | phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. | 2021-09-08 | 4.3 | CVE-2020-19855 MISC |
pureftpd — pure-ftpd | In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. | 2021-09-05 | 5 | CVE-2021-40524 MISC |
python — pillow | The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | 2021-09-03 | 5 | CVE-2021-23437 CONFIRM CONFIRM CONFIRM |
simplesystems — libtiff | Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the “invertImage()” function in the component “tiffcrop”. | 2021-09-07 | 5 | CVE-2020-19131 MISC MISC |
swiftcrm — club-management-software | An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 2021-09-06 | 6.5 | CVE-2021-24392 MISC MISC |
versa-networks — versa_director | A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack. | 2021-09-07 | 4.3 | CVE-2021-39285 MISC MISC |
vim — vim | vim is vulnerable to Heap-based Buffer Overflow | 2021-09-06 | 4.6 | CVE-2021-3770 MISC CONFIRM FEDORA |
weechat — weechat | WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin. | 2021-09-05 | 5 | CVE-2021-40516 MISC MISC |
wp-webhooks — email_encoder | The Email Encoder – Protect Email Addresses WordPress plugin before 2.1.2 has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data. | 2021-09-06 | 4.3 | CVE-2021-24599 MISC |
zmartzone — mod_auth_openidc | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version. | 2021-09-03 | 5.8 | CVE-2021-39191 MISC MISC MISC CONFIRM |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
addtoany — addtoany_share_buttons | The AddToAny Share Buttons WordPress plugin before 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2021-09-06 | 3.5 | CVE-2021-24568 MISC |
bluetrum — ab5301a_firmware | The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity. | 2021-09-07 | 3.3 | CVE-2021-34150 MISC MISC |
bookstackapp — bookstack | bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 2021-09-06 | 3.5 | CVE-2021-3768 MISC CONFIRM |
bookstackapp — bookstack | bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 2021-09-06 | 3.5 | CVE-2021-3767 CONFIRM MISC |
cliniccases — cliniccases | Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content. This can result in account takeover via session token theft. | 2021-09-07 | 3.5 | CVE-2021-38707 MISC MISC |
dna88 — highlight | The Highlight WordPress plugin before 0.9.3 does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2021-09-06 | 3.5 | CVE-2021-24591 MISC |
espressif — esp-idf | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet. | 2021-09-07 | 3.3 | CVE-2021-28136 MISC MISC MISC MISC |
eyoucms — eyoucms | Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS. | 2021-09-07 | 3.5 | CVE-2021-39496 MISC MISC |
gdprinfo — cookie_notice_\&_consent_banner_for_gdpr_\&_ccpa_compliance | The Cookie Notice & Consent Banner for GDPR & CCPA Compliance WordPress plugin before 1.7.2 does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin’s design customization options. | 2021-09-06 | 3.5 | CVE-2021-24590 MISC |
geminilabs — site_reviews | The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed | 2021-09-06 | 3.5 | CVE-2021-24603 MISC |
jforum — jforum | ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature. | 2021-09-04 | 3.5 | CVE-2021-40509 MISC MISC FULLDISC MISC |
nextcloud — circles | Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Circles application is upgraded to 0.21.3, 0.20.10 or 0.19.14 to resolve this issue. As a workaround users may use a browser that has support for Content-Security-Policy. A notable exemption is Internet Explorer which does not support CSP properly. | 2021-09-07 | 3.5 | CVE-2021-32782 CONFIRM MISC MISC |
otrs — otrs | It’s possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions. | 2021-09-06 | 3.5 | CVE-2021-36094 CONFIRM |
ti — cc256xcqfn-em_firmware | The Bluetooth Classic implementation on the Texas Instruments CC256XCQFN-EM does not properly handle the reception of continuous LMP_AU_Rand packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after the paging procedure. | 2021-09-07 | 3.3 | CVE-2021-34149 MISC MISC MISC |
trumani — stop_spammers | The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfiltered_html capability is disallowed | 2021-09-06 | 3.5 | CVE-2021-24517 MISC |
web-settler — form_builder | The Form Builder | Create Responsive Contact Forms WordPress plugin before 1.9.8.4 does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed | 2021-09-06 | 3.5 | CVE-2021-24513 MISC |
wpfront — wpfront_notification_bar | The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2021-09-06 | 3.5 | CVE-2021-24601 MISC |
zh-jieli — ac6901_firmware | The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP packet. | 2021-09-07 | 3.3 | CVE-2021-31613 MISC MISC MISC MISC |
zh-jieli — fw-ac63_bt_sdk | The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity. | 2021-09-07 | 3.3 | CVE-2021-34144 MISC MISC MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple — multiple_products |
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files. | 2021-09-08 | not yet calculated | CVE-2021-1836 MISC MISC |
apple — multiple_products |
Multiple issues in apache were addressed by updating apache to version 2.4.46. This issue is fixed in Security Update 2021-004 Mojave. Multiple issues in apache. | 2021-09-08 | not yet calculated | CVE-2021-30690 MISC |
gdpm — gdpm |
qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php. | 2021-09-09 | not yet calculated | CVE-2020-19515 MISC |
accounting — accounting |
An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack. | 2021-09-07 | not yet calculated | CVE-2020-19765 MISC |
adobe — after_effects |
Adobe After Effects version 18.1 (and earlier) is affected by a potential Command injection vulnerability when chained with a development and debugging tool for JavaScript scripts. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-08 | not yet calculated | CVE-2021-28571 MISC |
adobe — creative_cloud_desktop |
Adobe Creative Cloud Desktop 3.5 (and earlier) is affected by an uncontrolled search path vulnerability that could result in elevation of privileges. Exploitation of this issue requires user interaction in that a victim must log on to the attacker’s local machine. | 2021-09-08 | not yet calculated | CVE-2021-28581 MISC |
adobe — genuine_services |
Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. A local authenticated attacker could leverage this vulnerability to achieve privilege escalation in the context of the current user. | 2021-09-08 | not yet calculated | CVE-2021-28568 MISC |
adobe — illustrator |
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-08 | not yet calculated | CVE-2021-21103 MISC |
adobe — illustrator |
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-08 | not yet calculated | CVE-2021-21104 MISC |
adobe — illustrator |
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-08 | not yet calculated | CVE-2021-21105 MISC |
adobe — magento | Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for successful exploitation. | 2021-09-08 | not yet calculated | CVE-2021-28567 MISC |
adobe — magento |
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation. | 2021-09-08 | not yet calculated | CVE-2021-28566 MISC |
adobe — media_encoder |
Adobe Media Encoder version 15.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-08 | not yet calculated | CVE-2021-28569 MISC |
adobe — medium |
Medium by Adobe version 2.4.5.331 (and earlier) is affected by a buffer overflow vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-08 | not yet calculated | CVE-2021-28580 MISC |
advantech — webaccess |
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | 2021-09-09 | not yet calculated | CVE-2021-38408 MISC |
android — samsung | NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. | 2021-09-09 | not yet calculated | CVE-2021-25458 MISC |
android — samsung | An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. | 2021-09-09 | not yet calculated | CVE-2021-25460 MISC |
android — samsung | An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack. | 2021-09-09 | not yet calculated | CVE-2021-25465 MISC |
android — samsung |
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService. | 2021-09-09 | not yet calculated | CVE-2021-25459 MISC |
android — samsung |
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information. | 2021-09-09 | not yet calculated | CVE-2021-25453 MISC |
android — samsung |
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device. | 2021-09-09 | not yet calculated | CVE-2021-25452 MISC |
android — samsung |
Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token. | 2021-09-09 | not yet calculated | CVE-2021-25466 MISC |
android — samsung |
An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak. | 2021-09-09 | not yet calculated | CVE-2021-25464 MISC |
android — samsung |
NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. | 2021-09-09 | not yet calculated | CVE-2021-25462 MISC |
android — samsung |
An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow. | 2021-09-09 | not yet calculated | CVE-2021-25461 MISC |
android — samsung |
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information. | 2021-09-09 | not yet calculated | CVE-2021-25457 MISC |
android — samsung |
OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file. | 2021-09-09 | not yet calculated | CVE-2021-25456 MISC |
android — samsung |
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file. | 2021-09-09 | not yet calculated | CVE-2021-25455 MISC |
android — samsung |
OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file. | 2021-09-09 | not yet calculated | CVE-2021-25454 MISC |
android — samsung |
Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview. | 2021-09-09 | not yet calculated | CVE-2021-25463 MISC |
any23 — any23 |
A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities. | 2021-09-11 | not yet calculated | CVE-2021-40146 CONFIRM MLIST |
any23 — any23 |
An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. | 2021-09-11 | not yet calculated | CVE-2021-38555 CONFIRM |
apache — airflow |
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3. | 2021-09-09 | not yet calculated | CVE-2021-38540 CONFIRM MLIST |
apache — dubbo | Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). These rules are loaded into the configuration center (eg: Zookeeper, Nacos, …) and retrieved by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers will use SnakeYAML library to load the rules which by default will enable calling arbitrary constructors. An attacker with access to the configuration center he will be able to poison the rule so when retrieved by the consumers, it will get RCE on all of them. This was fixed in Dubbo 2.7.13, 3.0.2 | 2021-09-07 | not yet calculated | CVE-2021-36162 MISC |
apache — dubbo |
In Apache Dubbo, users may choose to use the Hessian protocol. The Hessian protocol is implemented on top of HTTP and passes the body of a POST request directly to a HessianSkeleton: New HessianSkeleton are created without any configuration of the serialization factory and therefore without applying the dubbo properties for applying allowed or blocked type lists. In addition, the generic service is always exposed and therefore attackers do not need to figure out a valid service/method name pair. This is fixed in 2.7.13, 2.6.10.1 | 2021-09-07 | not yet calculated | CVE-2021-36163 MISC |
apache — dubbo |
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13 | 2021-09-09 | not yet calculated | CVE-2021-36161 MISC |
apple — big_sur | This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass certain Privacy preferences. | 2021-09-08 | not yet calculated | CVE-2021-30751 MISC |
apple — big_sur |
A local attacker may be able to elevate their privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A memory corruption issue was addressed with improved validation. | 2021-09-08 | not yet calculated | CVE-2021-30739 MISC MISC MISC |
apple — big_sur |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A non-privileged user may be able to modify restricted settings. | 2021-09-08 | not yet calculated | CVE-2021-30718 MISC |
apple — big_sur |
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3. A malicious application may be able to access the user’s recent contacts. | 2021-09-08 | not yet calculated | CVE-2021-30750 MISC |
apple — big_sur |
Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.5. A local attacker may be able to execute code on the Apple T2 Security Chip. | 2021-09-08 | not yet calculated | CVE-2021-30784 MISC |
apple — big_sur |
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-30805 MISC MISC MISC |
apple — big_sur |
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information. | 2021-09-08 | not yet calculated | CVE-2021-30722 MISC MISC MISC |
apple — big_sur |
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information. | 2021-09-08 | not yet calculated | CVE-2021-30721 MISC MISC MISC |
apple — big_sur |
A local user may be able to cause unexpected system termination or read kernel memory. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. An out-of-bounds read issue was addressed by removing the vulnerable code. | 2021-09-08 | not yet calculated | CVE-2021-30719 MISC MISC |
apple — big_sur |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges. | 2021-09-08 | not yet calculated | CVE-2021-30772 MISC |
apple — big_sur |
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to bypass Privacy preferences. | 2021-09-08 | not yet calculated | CVE-2021-30778 MISC |
apple — big_sur |
A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access a user’s recent Contacts. | 2021-09-08 | not yet calculated | CVE-2021-30803 MISC |
apple — big_sur |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina. An unprivileged application may be able to capture USB devices. | 2021-09-08 | not yet calculated | CVE-2021-30731 MISC MISC |
apple — boot_camp |
A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges. | 2021-09-08 | not yet calculated | CVE-2021-30675 MISC |
apple — imovie |
This issue was addressed by enabling hardened runtime. This issue is fixed in iMovie 10.2.4. Entitlements and privacy permissions granted to this app may be used by a malicious app. | 2021-09-08 | not yet calculated | CVE-2021-30757 MISC |
apple — ios |
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | 2021-09-08 | not yet calculated | CVE-2021-30762 MISC |
apple — ios |
This issue was addressed with improved checks. This issue is fixed in iOS 14.7. Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30800 MISC |
apple — ios |
A permissions issue was addressed with improved validation. This issue is fixed in iOS 14.7. A malicious application may be able to access Find My data. | 2021-09-08 | not yet calculated | CVE-2021-30804 MISC |
apple — ios |
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | 2021-09-08 | not yet calculated | CVE-2021-30761 MISC |
apple — ios_and_ipad | A logic issue was addressed with improved validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to execute arbitrary code with system privileges. | 2021-09-08 | not yet calculated | CVE-2021-1812 MISC |
apple — ios_and_ipados | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-1874 MISC |
apple — ios_and_ipados | A certificate validation issue was addressed. This issue is fixed in iOS 14.5 and iPadOS 14.5. An attacker in a privileged network position may be able to alter network traffic. | 2021-09-08 | not yet calculated | CVE-2021-1837 MISC |
apple — ios_and_ipados | The issue was addressed with improved UI handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to view sensitive information in the app switcher. | 2021-09-08 | not yet calculated | CVE-2021-1848 MISC |
apple — ios_and_ipados | This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to gain elevated privileges. | 2021-09-08 | not yet calculated | CVE-2021-1833 MISC |
apple — ios_and_ipados | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory. | 2021-09-08 | not yet calculated | CVE-2021-1852 MISC |
apple — ios_and_ipados | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory. | 2021-09-08 | not yet calculated | CVE-2021-1877 MISC |
apple — ios_and_ipados | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, macOS Big Sur 11.3. A malicious application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-1867 MISC MISC |
apple — ios_and_ipados |
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30742 MISC |
apple — ios_and_ipados |
This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to access notes from the lock screen. | 2021-09-08 | not yet calculated | CVE-2021-1835 MISC |
apple — ios_and_ipados |
The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files. | 2021-09-08 | not yet calculated | CVE-2021-1831 MISC |
apple — ios_and_ipados |
Description: A person with physical access may be able to access contacts. This issue is fixed in iOS 14.5 and iPadOS 14.5. Impact: An issue with Siri search access to information was addressed with improved logic. | 2021-09-08 | not yet calculated | CVE-2021-1862 MISC |
apple — ios_and_ipados |
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. | 2021-09-08 | not yet calculated | CVE-2021-30741 MISC |
apple — ios_and_ipados |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory. | 2021-09-08 | not yet calculated | CVE-2021-1830 MISC |
apple — ios_and_ipados |
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results. | 2021-09-08 | not yet calculated | CVE-2021-30729 MISC |
apple — ios_and_ipados |
A race condition was addressed with improved state handling. This issue is fixed in iOS 14.6 and iPadOS 14.6. An application may be able to cause unexpected system termination or write kernel memory. | 2021-09-08 | not yet calculated | CVE-2021-30714 MISC |
apple — ios_and_ipados |
This issue was addressed with improved checks. This issue is fixed in iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-1838 MISC |
apple — ios_and_ipados |
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code. | 2021-09-08 | not yet calculated | CVE-2021-1864 MISC MISC MISC |
apple — ios_and_ipados |
This issue was addressed with improved checks. This issue is fixed in iOS 14.6 and iPadOS 14.6. A malicious application may disclose restricted memory. | 2021-09-08 | not yet calculated | CVE-2021-30674 MISC |
apple — ios_and_ipados |
This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30662 MISC |
apple — ios_and_ipados |
A validation issue was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. A malicious application may be able to leak sensitive user information. | 2021-09-08 | not yet calculated | CVE-2021-30659 MISC MISC MISC |
apple — ios_and_ipados |
A window management issue was addressed with improved state management. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be able to view restricted content from the lockscreen. | 2021-09-08 | not yet calculated | CVE-2021-30699 MISC |
apple — ios_and_ipados |
A call termination issue with was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A legacy cellular network can automatically answer an incoming call when an ongoing call ends or drops. . | 2021-09-08 | not yet calculated | CVE-2021-1854 MISC |
apple — ios_and_ipados |
An access issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to determine kernel memory layout. | 2021-09-08 | not yet calculated | CVE-2021-30656 MISC |
apple — ios_and_ipados |
An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user’s password may be visible on screen. | 2021-09-08 | not yet calculated | CVE-2021-1865 MISC |
apple — ios_and_ipados |
An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone number. | 2021-09-08 | not yet calculated | CVE-2021-1863 MISC |
apple — ios_and_ipados |
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.6 and iPadOS 14.6. An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism. | 2021-09-08 | not yet calculated | CVE-2021-30667 MISC |
apple — macios |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | 2021-09-08 | not yet calculated | CVE-2021-30666 MISC |
apple — macos_big_sur | This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks. | 2021-09-08 | not yet calculated | CVE-2021-30658 MISC |
apple — macos_big_sur | A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. An out-of-bounds write issue was addressed with improved bounds checking. | 2021-09-08 | not yet calculated | CVE-2021-1841 MISC MISC |
apple — macos_big_sur | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may bypass Gatekeeper checks. | 2021-09-08 | not yet calculated | CVE-2021-30669 MISC MISC MISC |
apple — macos_big_sur | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to access a user’s call history. | 2021-09-08 | not yet calculated | CVE-2021-30673 MISC MISC |
apple — macos_big_sur | A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to send unauthorized Apple events to Finder. | 2021-09-08 | not yet calculated | CVE-2021-30671 MISC MISC |
apple — macos_big_sur | A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.. | 2021-09-08 | not yet calculated | CVE-2021-30713 MISC |
apple — macos_big_sur |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited.. | 2021-09-08 | not yet calculated | CVE-2021-30657 MISC MISC |
apple — macos_big_sur |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A remote attacker may cause an unexpected application termination or arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30684 MISC MISC |
apple — macos_big_sur |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4. A local user may be able to load unsigned kernel extensions. | 2021-09-08 | not yet calculated | CVE-2021-30680 MISC |
apple — macos_big_sur |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A person with physical access to a Mac may be able to bypass Login Window during a software update. | 2021-09-08 | not yet calculated | CVE-2021-30668 MISC |
apple — macos_big_sur |
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges. | 2021-09-08 | not yet calculated | CVE-2021-30672 MISC MISC MISC |
apple — macos_big_sur |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. | 2021-09-08 | not yet calculated | CVE-2021-1810 MISC MISC |
apple — macos_big_sur |
An application may be able to execute arbitrary code with system privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. The issue was addressed with improved permissions logic. | 2021-09-08 | not yet calculated | CVE-2021-30655 MISC MISC |
apple — macos_big_sur |
A malicious application may be able to break out of its sandbox. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A path handling issue was addressed with improved validation. | 2021-09-08 | not yet calculated | CVE-2021-30688 MISC MISC |
apple — macos_big_sur |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application could execute arbitrary code leading to compromise of user information. | 2021-09-08 | not yet calculated | CVE-2021-30683 MISC MISC MISC |
apple — macos_big_sur |
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-1829 MISC |
apple — macos_catalina |
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2020-27942 MISC MISC |
apple — multiple_products | A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. | 2021-09-08 | not yet calculated | CVE-2021-1820 MISC MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30678 MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted ASTC file may disclose memory contents. | 2021-09-08 | not yet calculated | CVE-2021-30705 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to perform denial of service. | 2021-09-08 | not yet calculated | CVE-2021-30716 MISC MISC MISC |
apple — multiple_products | A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory. | 2021-09-08 | not yet calculated | CVE-2021-1809 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory. | 2021-09-08 | not yet calculated | CVE-2021-1808 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. | 2021-09-08 | not yet calculated | CVE-2021-30746 MISC MISC MISC MISC |
apple — multiple_products | A stack overflow was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30759 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30749 MISC MISC MISC MISC MISC |
apple — multiple_products | Processing a maliciously crafted image may lead to disclosure of user information. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. This issue was addressed with improved checks. | 2021-09-08 | not yet calculated | CVE-2021-30706 MISC MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges. | 2021-09-08 | not yet calculated | CVE-2021-1839 MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted server messages may lead to heap corruption. | 2021-09-08 | not yet calculated | CVE-2021-1883 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. | 2021-09-08 | not yet calculated | CVE-2021-30694 MISC MISC MISC MISC |
apple — multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-1881 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-30704 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. Muting a CallKit call while ringing may not result in mute being enabled. | 2021-09-08 | not yet calculated | CVE-2021-1872 MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local attacker may be able to elevate their privileges. | 2021-09-08 | not yet calculated | CVE-2021-1868 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. | 2021-09-08 | not yet calculated | CVE-2021-30692 MISC MISC MISC MISC |
apple — multiple_products | A memory initialization issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to disclose kernel memory. | 2021-09-08 | not yet calculated | CVE-2021-1860 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds write issue was addressed with improved bounds checking. | 2021-09-08 | not yet calculated | CVE-2021-1858 MISC MISC MISC MISC MISC |
apple — multiple_products | A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges. | 2021-09-08 | not yet calculated | CVE-2021-1840 MISC MISC MISC |
apple — multiple_products | An attacker in a privileged network position may be able to misrepresent application state. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A logic issue was addressed with improved state management. | 2021-09-08 | not yet calculated | CVE-2021-30696 MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak sensitive user information. | 2021-09-08 | not yet calculated | CVE-2021-30697 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service. | 2021-09-08 | not yet calculated | CVE-2021-30698 MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A person with physical access to a Mac may be able to bypass Login Window. | 2021-09-08 | not yet calculated | CVE-2021-30702 MISC MISC MISC |
apple — multiple_products | A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-1847 MISC MISC MISC |
apple — multiple_products | A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-30703 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, watchOS 7.4. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-1814 MISC MISC |
apple — multiple_products | An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30760 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system. | 2021-09-08 | not yet calculated | CVE-2021-1822 MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to access restricted files. | 2021-09-08 | not yet calculated | CVE-2021-30782 MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. A sandboxed process may be able to circumvent sandbox restrictions. | 2021-09-08 | not yet calculated | CVE-2021-30768 MISC MISC MISC MISC MISC |
apple — multiple_products | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30802 MISC MISC |
apple — multiple_products | An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious application may be able to bypass code signing checks. | 2021-09-08 | not yet calculated | CVE-2021-30773 MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Playing a malicious audio file may lead to an unexpected application termination. | 2021-09-08 | not yet calculated | CVE-2021-30776 MISC MISC MISC MISC MISC |
apple — multiple_products | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30775 MISC MISC MISC MISC MISC |
apple — multiple_products | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30799 MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents. | 2021-09-08 | not yet calculated | CVE-2021-30788 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6. A malicious application may be able to bypass certain Privacy preferences. | 2021-09-08 | not yet calculated | CVE-2021-30798 MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | 2021-09-08 | not yet calculated | CVE-2021-30770 MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution. | 2021-09-08 | not yet calculated | CVE-2021-30797 MISC MISC MISC MISC MISC |
apple — multiple_products | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30785 MISC MISC MISC MISC MISC |
apple — multiple_products | A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30786 MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30712 MISC MISC MISC |
apple — multiple_products | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30795 MISC MISC MISC MISC MISC |
apple — multiple_products | A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service. | 2021-09-08 | not yet calculated | CVE-2021-1884 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30792 MISC MISC |
apple — multiple_products | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. | 2021-09-08 | not yet calculated | CVE-2021-1826 MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. | 2021-09-08 | not yet calculated | CVE-2021-30709 MISC MISC MISC MISC |
apple — multiple_products | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system. | 2021-09-08 | not yet calculated | CVE-2021-1815 MISC MISC MISC MISC |
apple — multiple_products | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents. | 2021-09-08 | not yet calculated | CVE-2021-30710 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30758 MISC MISC MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing a maliciously crafted image may lead to a denial of service. | 2021-09-08 | not yet calculated | CVE-2021-30796 MISC MISC MISC MISC |
apple — multiple_products | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-30765 MISC MISC MISC |
apple — multiple_products | Processing a maliciously crafted file may lead to arbitrary code execution. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. This issue was addressed with improved checks. | 2021-09-08 | not yet calculated | CVE-2021-30764 MISC MISC MISC |
apple — multiple_products | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.7, watchOS 7.6. A shortcut may be able to bypass Internet permission requirements. | 2021-09-08 | not yet calculated | CVE-2021-30763 MISC MISC |
apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30653 MISC MISC MISC MISC |
apple — multiple_products |
A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption. | 2021-09-08 | not yet calculated | CVE-2021-1875 MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. | 2021-09-08 | not yet calculated | CVE-2021-30723 MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted font may result in the disclosure of process memory. | 2021-09-08 | not yet calculated | CVE-2021-30733 MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30725 MISC MISC MISC MISC |
apple — multiple_products |
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges. | 2021-09-08 | not yet calculated | CVE-2021-30724 MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A logic issue was addressed with improved state management. | 2021-09-08 | not yet calculated | CVE-2021-1770 MISC MISC MISC MISC |
apple — multiple_products |
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. | 2021-09-08 | not yet calculated | CVE-2021-1740 MISC MISC MISC MISC MISC |
apple — multiple_products |
A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system. | 2021-09-08 | not yet calculated | CVE-2021-1784 MISC MISC MISC |
apple — multiple_products |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-30793 MISC MISC MISC |
apple — multiple_products |
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. An application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-30748 MISC MISC |
apple — multiple_products |
Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An out-of-bounds read was addressed with improved input validation. | 2021-09-08 | not yet calculated | CVE-2021-30753 MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A malicious application may be able to gain root privileges. | 2021-09-08 | not yet calculated | CVE-2021-30780 MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted file may disclose user information. | 2021-09-08 | not yet calculated | CVE-2021-30791 MISC MISC |
apple — multiple_products |
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30790 MISC MISC MISC |
apple — multiple_products |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30789 MISC MISC MISC MISC MISC |
apple — multiple_products |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to cause unexpected system termination or write kernel memory. | 2021-09-08 | not yet calculated | CVE-2021-30787 MISC MISC MISC |
apple — multiple_products |
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A sandboxed process may be able to circumvent sandbox restrictions. | 2021-09-08 | not yet calculated | CVE-2021-30783 MISC MISC MISC |
apple — multiple_products |
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A local attacker may be able to cause unexpected application termination or arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30781 MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An out-of-bounds read was addressed with improved input validation. | 2021-09-08 | not yet calculated | CVE-2021-30752 MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-30728 MISC MISC MISC |
apple — multiple_products |
An injection issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges. | 2021-09-08 | not yet calculated | CVE-2021-30777 MISC MISC MISC |
apple — multiple_products |
A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking. | 2021-09-08 | not yet calculated | CVE-2021-30726 MISC MISC MISC |
apple — multiple_products |
A malicious application may be able to overwrite arbitrary files. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Mojave. An issue with path validation logic for hardlinks was addressed with improved path sanitization. | 2021-09-08 | not yet calculated | CVE-2021-30738 MISC MISC |
apple — multiple_products |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-1762 MISC MISC |
apple — multiple_products |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A local user may be able to cause unexpected system termination or read kernel memory. | 2021-09-08 | not yet calculated | CVE-2021-30676 MISC MISC MISC |
apple — multiple_products |
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30663 MISC MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30664 MISC MISC MISC MISC |
apple — multiple_products |
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | 2021-09-08 | not yet calculated | CVE-2021-30665 MISC MISC MISC MISC MISC |
apple — multiple_products |
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | 2021-09-08 | not yet calculated | CVE-2021-30661 MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. | 2021-09-08 | not yet calculated | CVE-2021-30769 MISC MISC MISC |
apple — multiple_products |
A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges. | 2021-09-08 | not yet calculated | CVE-2021-30652 MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-1885 MISC MISC MISC MISC |
apple — multiple_products |
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-1817 MISC MISC MISC MISC |
apple — multiple_products |
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. | 2021-09-08 | not yet calculated | CVE-2021-1739 MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to gain elevated privileges. | 2021-09-08 | not yet calculated | CVE-2021-1882 MISC MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30743 MISC MISC MISC MISC MISC |
apple — multiple_products |
A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-30740 MISC MISC MISC MISC |
apple — multiple_products |
A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted certificate may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30737 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-30736 MISC MISC MISC MISC |
apple — multiple_products |
A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking. | 2021-09-08 | not yet calculated | CVE-2021-30735 MISC MISC MISC |
apple — multiple_products |
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30734 MISC MISC MISC MISC MISC |
apple — multiple_products |
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. | 2021-09-08 | not yet calculated | CVE-2021-30744 MISC MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to disclose kernel memory. | 2021-09-08 | not yet calculated | CVE-2021-30660 MISC MISC MISC MISC |
apple — multiple_products |
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. A malicious application may be able to gain root privileges. | 2021-09-08 | not yet calculated | CVE-2021-30774 MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-30766 MISC MISC MISC |
apple — multiple_products |
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An application may be able to cause unexpected system termination or write kernel memory. | 2021-09-08 | not yet calculated | CVE-2021-1828 MISC MISC MISC |
apple — multiple_products |
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30701 MISC MISC MISC MISC MISC |
apple — multiple_products |
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code. | 2021-09-08 | not yet calculated | CVE-2021-30717 MISC MISC MISC |
apple — multiple_products |
A validation issue was addressed with improved logic. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges. | 2021-09-08 | not yet calculated | CVE-2021-1813 MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service. | 2021-09-08 | not yet calculated | CVE-2021-30715 MISC MISC MISC MISC MISC |
apple — multiple_products |
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-1816 MISC MISC MISC |
apple — multiple_products |
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application with root privileges may be able to access private information. | 2021-09-08 | not yet calculated | CVE-2021-1824 MISC MISC |
apple — multiple_products |
An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. | 2021-09-08 | not yet calculated | CVE-2021-1825 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to disclosure of user information. | 2021-09-08 | not yet calculated | CVE-2021-30700 MISC MISC MISC MISC |
apple — multiple_products |
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files. | 2021-09-08 | not yet calculated | CVE-2021-1807 MISC MISC |
apple — multiple_products |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30708 MISC MISC MISC MISC |
apple — multiple_products |
Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logic. | 2021-09-08 | not yet calculated | CVE-2021-1832 MISC MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-1834 MISC MISC MISC |
apple — multiple_products |
This issue was addressed with improved checks. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-1843 MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
Processing a maliciously crafted audio file may disclose restricted memory. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds read was addressed with improved input validation. | 2021-09-08 | not yet calculated | CVE-2021-1846 MISC MISC MISC MISC MISC |
apple — multiple_products |
A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions. | 2021-09-08 | not yet calculated | CVE-2021-30756 MISC MISC |
apple — multiple_products |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30707 MISC MISC MISC MISC |
apple — multiple_products |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to modify protected parts of the file system. | 2021-09-08 | not yet calculated | CVE-2021-30727 MISC MISC MISC MISC |
apple — multiple_products |
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges. | 2021-09-08 | not yet calculated | CVE-2021-1851 MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to bypass Privacy preferences. | 2021-09-08 | not yet calculated | CVE-2021-1849 MISC MISC MISC MISC |
apple — multiple_products |
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Parsing a maliciously crafted audio file may lead to disclosure of user information. | 2021-09-08 | not yet calculated | CVE-2021-30685 MISC MISC MISC MISC MISC |
apple — multiple_products |
An API issue in Accessibility TCC permissions was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to unexpectedly leak a user’s credentials from secure text fields. | 2021-09-08 | not yet calculated | CVE-2021-1873 MISC MISC MISC |
apple — multiple_products |
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An application may be able to gain elevated privileges. | 2021-09-08 | not yet calculated | CVE-2021-30679 MISC MISC MISC |
apple — multiple_products |
Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5. An out-of-bounds read was addressed with improved input validation. | 2021-09-08 | not yet calculated | CVE-2021-30755 MISC MISC MISC |
apple — multiple_products |
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30779 MISC MISC MISC MISC |
apple — multiple_products |
This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox. | 2021-09-08 | not yet calculated | CVE-2021-30677 MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. | 2021-09-08 | not yet calculated | CVE-2021-30720 MISC MISC MISC MISC MISC |
apple — multiple_products |
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory. | 2021-09-08 | not yet calculated | CVE-2021-1811 MISC MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. | 2021-09-08 | not yet calculated | CVE-2021-30695 MISC MISC MISC MISC |
apple — multiple_products |
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. | 2021-09-08 | not yet calculated | CVE-2021-30691 MISC MISC MISC MISC |
apple — multiple_products |
A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-30693 MISC MISC MISC MISC |
apple — multiple_products |
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. | 2021-09-08 | not yet calculated | CVE-2021-30689 MISC MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user information. | 2021-09-08 | not yet calculated | CVE-2021-30687 MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information. | 2021-09-08 | not yet calculated | CVE-2021-1857 MISC MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted audio file may disclose restricted memory. | 2021-09-08 | not yet calculated | CVE-2021-30686 MISC MISC MISC MISC MISC |
apple — multiple_products |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-1876 MISC MISC MISC |
apple — multiple_products |
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An attacker in a privileged network position may be able to leak sensitive user information. | 2021-09-08 | not yet calculated | CVE-2021-1878 MISC MISC MISC |
apple — multiple_products |
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. | 2021-09-08 | not yet calculated | CVE-2021-30682 MISC MISC MISC MISC MISC |
apple — multiple_products |
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to gain root privileges. | 2021-09-08 | not yet calculated | CVE-2021-30681 MISC MISC MISC MISC MISC |
apple — multiple_products |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, watchOS 7.4. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-09-08 | not yet calculated | CVE-2021-1880 MISC MISC |
apple — tv_app |
This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app. | 2021-09-08 | not yet calculated | CVE-2020-27940 MISC |
arista — metamako_operating_system | In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train | 2021-09-09 | not yet calculated | CVE-2021-28499 MISC |
arista — metamako_operating_system | In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train | 2021-09-09 | not yet calculated | CVE-2021-28497 MISC |
arista — metamako_operating_system | In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train | 2021-09-09 | not yet calculated | CVE-2021-28495 MISC |
arista — metamako_operating_system |
In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases | 2021-09-09 | not yet calculated | CVE-2021-28493 MISC |
arista — metamako_operating_system |
In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases | 2021-09-09 | not yet calculated | CVE-2021-28494 MISC |
arista — metamako_operating_systems | In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista Metamako Operating System MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and prior releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train | 2021-09-09 | not yet calculated | CVE-2021-28498 MISC |
aruba — operating_system_software |
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability. | 2021-09-07 | not yet calculated | CVE-2019-5318 MISC |
aruba — sd-wan_software_and_gateways |
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | 2021-09-07 | not yet calculated | CVE-2021-37733 MISC |
aruba — sd-wan_software_and_gateways |
A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | 2021-09-07 | not yet calculated | CVE-2021-37731 MISC |
atlassian — jira_server | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users’ emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. | 2021-09-08 | not yet calculated | CVE-2021-39122 N/A |
atlassian — jira_server |
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2. | 2021-09-08 | not yet calculated | CVE-2021-39121 MISC |
atlassian — jira_server |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application’s availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.19.0. | 2021-09-08 | not yet calculated | CVE-2021-39116 N/A |
autumn — autumn |
Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component “autumn-cms/user/getAllUser/?page=1&limit=10”. | 2021-09-08 | not yet calculated | CVE-2020-19137 MISC |
bab_technologie — gmbh_eibPort | BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique ‘eibPort String’ which acts as the root SSH key passphrase. This is usable and part of an attack chain to gain SSH root access. | 2021-09-09 | not yet calculated | CVE-2021-28913 MISC |
bab_technologie — gmbh_eibPort | BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key passphrase known as ‘eibPort string’. This is usable and the final part of an attack chain to gain SSH root access. | 2021-09-09 | not yet calculated | CVE-2021-28912 MISC |
bab_technologie — gmbh_eibPort | BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is usable and part of an attack chain to gain SSH root access. | 2021-09-09 | not yet calculated | CVE-2021-28914 MISC |
bab_technologie — gmbh_eibPort |
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as ‘admin’. This is usable and part of an attack chain to gain SSH root access. | 2021-09-09 | not yet calculated | CVE-2021-28909 MISC |
bab_technologie — gmbh_eibPort |
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server. | 2021-09-09 | not yet calculated | CVE-2021-28910 MISC |
bab_technologie — gmbh_eibPort |
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface. This is usable and part of an attack chain to gain SSH root access. | 2021-09-09 | not yet calculated | CVE-2021-28911 MISC |
bandisoftco.ltd — ark_library |
A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check. | 2021-09-09 | not yet calculated | CVE-2021-26603 MISC |
barco — mirrorop_windows_server |
Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS). | 2021-09-07 | not yet calculated | CVE-2021-38142 MISC MISC |
better_errors — better_errors |
better_errors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. better_errors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct “Content-Type” header for these requests, which allowed a cross-origin “simple request” to be made without CORS protection. These together left an application with better_errors enabled open to cross-origin attacks. As a developer tool, better_errors documentation strongly recommends addition only to the `development` bundle group, so this vulnerability should only affect development environments. Please ensure that your project limits better_errors to the `development` group (or the non-Rails equivalent). Starting with release 2.8.x, CSRF protection is enforced. It is recommended that you upgrade to the latest release, or minimally to “~> 2.8.3”. There are no known workarounds to mitigate the risk of using older releases of better_errors. | 2021-09-07 | not yet calculated | CVE-2021-39197 MISC CONFIRM MISC MISC |
bluetrum — ab32vg1_devices |
The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data. | 2021-09-07 | not yet calculated | CVE-2021-31610 MISC MISC MISC MISC |
bluetrum — ats2815_and_ats2819_devices | The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication. | 2021-09-07 | not yet calculated | CVE-2021-31785 MISC MISC MISC |
bluetrum — ats2815_and_ats2819_devices |
The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host. | 2021-09-07 | not yet calculated | CVE-2021-31786 MISC MISC MISC |
bolt-server — bolt-server |
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). | 2021-09-07 | not yet calculated | CVE-2021-27022 MISC |
btcpayserver — btcpayserver |
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 2021-09-10 | not yet calculated | CVE-2021-3646 CONFIRM MISC |
central_dogma — central_dogma |
Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project. | 2021-09-08 | not yet calculated | CVE-2021-38388 MISC |
cisco — broadworks_commpilet_application_osftware |
Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. | 2021-09-09 | not yet calculated | CVE-2021-34785 CISCO |
cisco — broadworks_commpilot_application_software |
Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. | 2021-09-09 | not yet calculated | CVE-2021-34786 CISCO |
cisco — ios_xr_software | A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process. | 2021-09-09 | not yet calculated | CVE-2021-34720 CISCO |
cisco — ios_xr_software | A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by running a specific command. A successful exploit could allow the attacker to view sensitive configuration information that their privileges might not otherwise allow them to access. | 2021-09-09 | not yet calculated | CVE-2021-34771 CISCO |
cisco — ios_xr_software | Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-09-09 | not yet calculated | CVE-2021-34719 CISCO |
cisco — ios_xr_software |
A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the dhcpd process. While the dhcpd process is restarting, which may take up to approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period. Note: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload. | 2021-09-09 | not yet calculated | CVE-2021-34737 CISCO |
cisco — ios_xr_software |
A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An attacker could exploit this vulnerability by sending specific types of Ethernet frames on the segment where the affected line cards are attached. A successful exploit could allow the attacker to cause the affected line card to reboot. | 2021-09-09 | not yet calculated | CVE-2021-34713 CISCO |
cisco — ios_xr_software |
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-09-09 | not yet calculated | CVE-2021-34722 CISCO |
cisco — ios_xr_software |
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-09-09 | not yet calculated | CVE-2021-34721 CISCO |
cisco — ios_xr_software |
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-09-09 | not yet calculated | CVE-2021-34728 CISCO |
cisco — ios_xr_software |
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to. | 2021-09-09 | not yet calculated | CVE-2021-34718 CISCO |
cisco — network_convergence_system |
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-09-09 | not yet calculated | CVE-2021-34709 CISCO |
cisco — network_convergence_systems |
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-09-09 | not yet calculated | CVE-2021-34708 CISCO |
citrix — hypervisor |
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed. | 2021-09-08 | not yet calculated | CVE-2021-28701 MISC CONFIRM MLIST |
cypress — wiced_bt_stack |
The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure. | 2021-09-07 | not yet calculated | CVE-2021-34146 MISC MISC |
cypress — wiced_bt_stack |
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress. | 2021-09-07 | not yet calculated | CVE-2021-34147 MISC MISC |
cypress — wiced_bt_stack |
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. | 2021-09-07 | not yet calculated | CVE-2021-34145 MISC MISC |
cypress — wiced_bt_stack |
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. | 2021-09-07 | not yet calculated | CVE-2021-34148 MISC MISC |
d-link — dsl-3782_devices |
D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface “/cgi-bin/New_GUI/Igmp.asp”. Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter ‘igmpsnoopEnable’ via an HTTP request. | 2021-09-09 | not yet calculated | CVE-2021-40284 MISC MISC |
deskpro — cloud |
Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in social media links on a user profile due to lack of input validation. | 2021-09-07 | not yet calculated | CVE-2021-36696 MISC |
deskpro — cloud |
Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in the download file feature on a manager profile due to lack of input validation. | 2021-09-08 | not yet calculated | CVE-2021-36695 MISC |
deskpro — cloud |
In order to perform a directory traversal attack, all an attacker needs is a web browser and some knowledge on where to blindly find any default files and directories on the system. on the “Name” parameter the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system. | 2021-09-07 | not yet calculated | CVE-2021-36717 CERT |
dotcms — dotcms |
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component “/src/main/java/com/dotmarketing/filters/CMSFilter.java”. | 2021-09-08 | not yet calculated | CVE-2020-19138 MISC |
dswicms — dswicms |
A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. | 2021-09-09 | not yet calculated | CVE-2020-19265 MISC |
dswicms — dswicms |
A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. | 2021-09-09 | not yet calculated | CVE-2020-19266 MISC |
dswicms — dswicms |
An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 2021-09-09 | not yet calculated | CVE-2020-19267 MISC |
dswicms — dswicms |
A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users. | 2021-09-09 | not yet calculated | CVE-2020-19268 MISC |
dubbo — provider |
The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there’s an exception that the attacker can use to skip the security check (when enabled) and reaching a deserialization operation with native java serialization. Apache Dubbo 2.7.13, 3.0.2 fixed this issue by quickly fail when any unrecognized request was found. | 2021-09-09 | not yet calculated | CVE-2021-37579 MISC |
eclipse — keti |
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063. | 2021-09-09 | not yet calculated | CVE-2021-32835 CONFIRM |
eclipse — keti |
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063. | 2021-09-09 | not yet calculated | CVE-2021-32834 CONFIRM |
eigen — nlp |
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users’ profiles and much more. | 2021-09-07 | not yet calculated | CVE-2021-38616 MISC MISC MISC |
eigen — nlp |
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation. | 2021-09-07 | not yet calculated | CVE-2021-38617 MISC MISC MISC |
eigen — nlp |
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information. | 2021-09-07 | not yet calculated | CVE-2021-38615 MISC MISC MISC |
elgamal — botan |
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver’s public key, the generator defined by the receiver’s public key, and the sender’s ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 2021-09-06 | not yet calculated | CVE-2021-40529 MISC MISC MISC MISC |
elgamal — crypto++ |
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver’s public key, the generator defined by the receiver’s public key, and the sender’s ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 2021-09-06 | not yet calculated | CVE-2021-40530 MISC MISC MISC |
emby — server |
Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4.0 and may not be patched in later versions. Known vulnerable routes are /Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer, /Images/Ratings/theme/name and /Images/MediaInfo/theme/name. For more details including proof of concept code, refer to the referenced GHSL-2021-051. This issue may lead to unauthorized access to the system especially when Emby Server is configured to be accessible from the Internet. | 2021-09-09 | not yet calculated | CVE-2021-32833 CONFIRM |
espressif — esp-idf |
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data. | 2021-09-07 | not yet calculated | CVE-2021-28135 MISC MISC MISC MISC |
eyoucms — eyoucms | Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject “../” to escape and write file to writeable directories. | 2021-09-07 | not yet calculated | CVE-2021-39500 MISC MISC |
eyoucms — eyoucms |
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. | 2021-09-07 | not yet calculated | CVE-2021-39497 MISC MISC MISC |
factoryaircommandmanager — factoryaircommandmanager |
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket. | 2021-09-09 | not yet calculated | CVE-2021-25450 MISC |
fish_hunt — fish_hunt |
An insufficient session expiration vulnerability exists in the “Fish | Hunt FL” iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. | 2021-09-08 | not yet calculated | CVE-2021-33982 MISC |
fish_hunt — fish_hunt |
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the “Fish | Hunt FL” iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people’s personal information and images of their hunting/fishing licenses. | 2021-09-08 | not yet calculated | CVE-2021-33981 MISC |
flask-appbuilder — flask-appbuilder |
Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where the `next-site` domain is different from the application you are protecting as a workaround. | 2021-09-08 | not yet calculated | CVE-2021-32805 CONFIRM MISC |
fortinet — fortisandbox |
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | 2021-09-08 | not yet calculated | CVE-2020-29012 CONFIRM |
fortinet — fortiweb |
A Improper neutralization of special elements used in a command (‘Command Injection’) in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests | 2021-09-08 | not yet calculated | CVE-2021-36182 CONFIRM |
fortinet — fortiweb |
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution | 2021-09-08 | not yet calculated | CVE-2021-36179 CONFIRM |
fuel — cms | FUEL CMS 1.5.0 allows SQL Injection via parameter ‘col’ in /fuel/index.php/fuel/logs/items | 2021-09-09 | not yet calculated | CVE-2021-38727 MISC |
fuel — cms |
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php | 2021-09-09 | not yet calculated | CVE-2021-38725 MISC MISC |
fuel — cms |
FUEL CMS 1.5.0 allows SQL Injection via parameter ‘col’ in /fuel/index.php/fuel/pages/items | 2021-09-09 | not yet calculated | CVE-2021-38723 MISC |
fuel — cms |
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability | 2021-09-09 | not yet calculated | CVE-2021-38721 MISC MISC |
garageband — garageband |
This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information. | 2021-09-08 | not yet calculated | CVE-2021-30654 MISC |
github — github |
check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) enabled that triggers on `pull_request_target` (or `schedule`), an attacker can send a crafted Pull Request that causes a `GITHUB_TOKEN` to be exposed. With the `GITHUB_TOKEN`, it’s possible to push commits to the repository bypassing standard approval processes. Commits to the repository could then steal any/all secrets available to the repository. As a workaround users may can either: [Disable the workflow](https://docs.github.com/en/actions/managing-workflow-runs/disabling-and-enabling-a-workflow) until you’ve fixed all branches or Set repository to [Allow specific actions](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#allowing-specific-actions-to-run). check-spelling isn’t a verified creator and it certainly won’t be anytime soon. You could then explicitly add other actions that your repository uses. Set repository [Workflow permissions](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository) to `Read repository contents permission`. Workflows using `check-spelling/check-spelling@main` will get the fix automatically. Workflows using a pinned sha or tagged version will need to change the affected workflows for all repository branches to the latest version. Users can verify who and which Pull Requests have been running the action by looking up the spelling.yml action in the Actions tab of their repositories, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml – you can filter PRs by adding ?query=event%3Apull_request_target, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml?query=event%3Apull_request_target. | 2021-09-09 | not yet calculated | CVE-2021-32724 CONFIRM MISC |
gitlab — ce/ee |
An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. | 2021-09-09 | not yet calculated | CVE-2021-22239 MISC CONFIRM |
glewlwyd — sso_server |
scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration. | 2021-09-08 | not yet calculated | CVE-2021-40818 MISC MISC |
gnu — mailman_postorius |
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place. | 2021-09-10 | not yet calculated | CVE-2021-40347 CONFIRM MISC CONFIRM MISC MISC DEBIAN |
google — chromeon_readiness_tool |
Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls. | 2021-09-08 | not yet calculated | CVE-2021-30605 MISC MISC |
handysoftco.ltd — hshell.dll |
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash. | 2021-09-09 | not yet calculated | CVE-2021-26608 MISC |
haproxy — haproxy |
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | 2021-09-08 | not yet calculated | CVE-2021-40346 MISC DEBIAN MISC MISC MISC MISC MLIST MLIST |
hashicorp — consul_and_consul_enterprise |
HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2. | 2021-09-07 | not yet calculated | CVE-2021-37219 MISC MISC |
hashicorp — consul_and_consul_enterprise |
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2. | 2021-09-07 | not yet calculated | CVE-2021-38698 MISC MISC |
hashicorp — nomad_and_nomad_enterprise_raft |
HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4. | 2021-09-07 | not yet calculated | CVE-2021-37218 MISC MISC |
hitachi — abb_power_grids_system_data_manager |
Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257). | 2021-09-08 | not yet calculated | CVE-2021-35526 CONFIRM |
huawei — ais-bw50-00_devices |
There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device. | 2021-09-09 | not yet calculated | CVE-2021-37101 MISC |
huawei — cx5500_and_cx5100 |
** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2021-09-07 | not yet calculated | CVE-2021-37145 MISC CONFIRM |
icovo — icovo |
A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script. | 2021-09-07 | not yet calculated | CVE-2020-19768 MISC |
ionic_identity — vault |
In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication. | 2021-09-10 | not yet calculated | CVE-2021-3145 MISC MISC |
iphone — macos_big_sur | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to force unnecessary network connections to fetch its favicon. | 2021-09-08 | not yet calculated | CVE-2021-1855 MISC |
iphone — macos_big_sur |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. Locked Notes content may have been unexpectedly unlocked. | 2021-09-08 | not yet calculated | CVE-2021-1859 MISC |
iphone — macos_big_sur |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A local attacker may be able to elevate their privileges. | 2021-09-08 | not yet calculated | CVE-2021-1853 MISC |
iphone — macos_big_sur |
An issue existed in determining cache occupancy. The issue was addressed through improved logic. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to track users by setting state in a cache. | 2021-09-08 | not yet calculated | CVE-2021-1861 MISC |
jeesns — jeesns | A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo. | 2021-09-09 | not yet calculated | CVE-2020-19291 MISC MISC |
jeesns — jeesns | A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question. | 2021-09-09 | not yet calculated | CVE-2020-19292 MISC MISC |
jeesns — jeesns | A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message’s text field. | 2021-09-09 | not yet calculated | CVE-2020-19282 MISC MISC |
jeesns — jeesns | A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field. | 2021-09-09 | not yet calculated | CVE-2020-19285 MISC MISC |
jeesns — jeesns | A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field. | 2021-09-09 | not yet calculated | CVE-2020-19281 MISC MISC |
jeesns — jeesns | A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field. | 2021-09-09 | not yet calculated | CVE-2020-19284 MISC MISC |
jeesns — jeesns |
A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab. | 2021-09-09 | not yet calculated | CVE-2020-19289 MISC MISC |
jeesns — jeesns |
A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article. | 2021-09-09 | not yet calculated | CVE-2020-19293 MISC MISC |
jeesns — jeesns |
A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor. | 2021-09-09 | not yet calculated | CVE-2020-19286 MISC MISC |
jeesns — jeesns |
A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section. | 2021-09-09 | not yet calculated | CVE-2020-19290 MISC MISC |
jeesns — jeesns |
A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message. | 2021-09-09 | not yet calculated | CVE-2020-19288 MISC MISC |
jeesns — jeesns |
A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title. | 2021-09-09 | not yet calculated | CVE-2020-19287 MISC MISC |
jeesns — jeesns |
A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section. | 2021-09-09 | not yet calculated | CVE-2020-19294 MISC MISC |
jeesns — jeesns |
A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. | 2021-09-09 | not yet calculated | CVE-2020-19295 MISC MISC |
jeesns — jeesns |
Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. | 2021-09-09 | not yet calculated | CVE-2020-19280 MISC MISC |
jeesns — jeesns |
A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. | 2021-09-09 | not yet calculated | CVE-2020-19283 MISC MISC |
kaml — kaml |
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in resource starvation and denial of service. This only affects applications that use polymorphic serialization with the default tagged polymorphism style. Applications using the property polymorphism style are not affected. YAML input for a polymorphic type that provided a tag but no value for the object would trigger the issue. Version 0.35.3 or later contain the fix for this issue. | 2021-09-07 | not yet calculated | CVE-2021-39194 MISC MISC CONFIRM |
kubernetes — kubernetes |
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs. | 2021-09-06 | not yet calculated | CVE-2021-25737 MISC MISC |
kubernetes — webhook |
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields. | 2021-09-06 | not yet calculated | CVE-2021-25735 MISC MISC |
libgcrypt — libgcrypt |
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver’s public key, the generator defined by the receiver’s public key, and the sender’s ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 2021-09-06 | not yet calculated | CVE-2021-40528 MISC MISC MISC |
libgd — libgd |
The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks. | 2021-09-08 | not yet calculated | CVE-2021-40812 MISC MISC |
librenms — librenms |
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed. | 2021-09-08 | not yet calculated | CVE-2021-31274 MISC MISC MISC |
libsapeextractor — library |
An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process. | 2021-09-09 | not yet calculated | CVE-2021-25449 MISC |
libtiff — libtiff |
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the “TIFFVGetField” funtion in the component ‘libtiff/tif_dir.c’. | 2021-09-09 | not yet calculated | CVE-2020-19143 MISC MISC MISC |
libtiff — libtiff |
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the ‘in _TIFFmemcpy’ funtion in the component ‘tif_unix.c’. | 2021-09-09 | not yet calculated | CVE-2020-19144 MISC MISC |
line — line |
LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling. | 2021-09-08 | not yet calculated | CVE-2021-36215 MISC |
line — line |
LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection. | 2021-09-08 | not yet calculated | CVE-2021-36216 MISC |
mediatek — smartphone_chipsets | In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964926. | 2021-09-09 | not yet calculated | CVE-2021-32485 MISC |
mediatek — smartphone_chipsets | In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964928. | 2021-09-09 | not yet calculated | CVE-2021-32486 MISC |
mediatek — smartphone_chipsets |
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500736; Issue ID: ALPS04938456. | 2021-09-09 | not yet calculated | CVE-2021-32487 MISC |
mediatek — smartphone_chipsets |
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964917. | 2021-09-09 | not yet calculated | CVE-2021-32484 MISC |
merge — merge |
merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) | 2021-09-10 | not yet calculated | CVE-2021-3645 MISC CONFIRM |
micro_focus — network_automation |
Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication. | 2021-09-07 | not yet calculated | CVE-2021-38123 MISC |
mipcms — mipcms |
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit. | 2021-09-09 | not yet calculated | CVE-2020-19263 MISC |
mipcms — mipcms |
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd. | 2021-09-09 | not yet calculated | CVE-2020-19264 MISC |
misskey — misskey | Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in “Upload from URL” and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been fixed in 12.90.0. However, if you are using a proxy, you will need to take additional measures. As a workaround this exploit may be avoided by appropriately restricting access to private networks from the host where the application is running. | 2021-09-07 | not yet calculated | CVE-2021-39195 CONFIRM MISC MISC |
nessus — agent |
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118. | 2021-09-09 | not yet calculated | CVE-2021-20117 MISC |
nessus — agent |
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117. | 2021-09-09 | not yet calculated | CVE-2021-20118 MISC |
networkpolicymanagerservice — networkpolicymanagerservice |
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data. | 2021-09-09 | not yet calculated | CVE-2021-25451 MISC |
nexacro14 — runtime_active |
Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension. | 2021-09-09 | not yet calculated | CVE-2020-7874 MISC |
nextcloud — circles |
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any “Secret Circle” without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is upgraded to 0.19.15, 0.20.11 or 0.21.4. There are no workarounds for this issue. | 2021-09-07 | not yet calculated | CVE-2021-37630 CONFIRM MISC MISC |
nextcloud — deck |
Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn’t properly check membership of users in a Circle. This allowed other users in the instance to gain access to boards that have been shared with a Circle, even if the user was not a member of the circle. It is recommended that Nextcloud Deck is upgraded to 1.5.1, 1.4.4 or 1.2.9. If you are unable to update it is advised to disable the Deck plugin. | 2021-09-07 | not yet calculated | CVE-2021-37631 CONFIRM MISC MISC MISC |
nextcloud — richdocuments |
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled. | 2021-09-07 | not yet calculated | CVE-2021-37629 MISC CONFIRM MISC |
nextcloud — richdocuments |
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features (“Upload Only” public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application. | 2021-09-07 | not yet calculated | CVE-2021-37628 CONFIRM MISC MISC |
nextcloud — server | Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug. | 2021-09-07 | not yet calculated | CVE-2021-32801 CONFIRM MISC MISC |
nextcloud — server |
Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn’t suited for untrusted user-supplied content. There are several security concerns with passing user-generated content to this library, such as Server-Side-Request-Forgery, file disclosure or potentially executing code on the system. The risk depends on your system configuration and the installed library version. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. These versions do not use this library anymore. As a workaround users may disable previews by setting `enable_previews` to `false` in `config.php`. | 2021-09-07 | not yet calculated | CVE-2021-32802 CONFIRM MISC MISC |
nextcloud — server |
Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. There are no workaround for this vulnerability. | 2021-09-07 | not yet calculated | CVE-2021-32800 CONFIRM MISC MISC |
nextcloud — text |
Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link share has been created with “Upload Only” privileges. (aka “File Drop”). A link share recipient is not expected to see which folders or files exist in a “File Drop” share. Using this vulnerability an attacker is able to enumerate folders in such a share. Exploitation requires that the attacker has access to a valid affected “File Drop” link share. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.0.1. Users who are unable to upgrade are advised to disable the Nextcloud Text application in the app settings. | 2021-09-07 | not yet calculated | CVE-2021-32766 MISC CONFIRM MISC |
ntfs-3g — ntfs-3g | A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. | 2021-09-07 | not yet calculated | CVE-2021-39257 MISC MISC DEBIAN |
ntfs-3g — ntfs-3g | A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. | 2021-09-07 | not yet calculated | CVE-2021-39252 MISC MISC DEBIAN |
ntfs-3g — ntfs-3g | A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. | 2021-09-07 | not yet calculated | CVE-2021-39254 MISC MISC DEBIAN |
ntfs-3g — ntfs-3g | In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. | 2021-09-07 | not yet calculated | CVE-2021-33289 MISC MISC MLIST DEBIAN |
ntfs-3g — ntfs-3g | A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22. | 2021-09-07 | not yet calculated | CVE-2021-39260 MISC MISC DEBIAN |
ntfs-3g — ntfs-3g | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22. | 2021-09-07 | not yet calculated | CVE-2021-39261 MISC MISC DEBIAN |
ntfs-3g — ntfs-3g | A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22. | 2021-09-07 | not yet calculated | CVE-2021-39262 MISC MISC DEBIAN |
ntfs-3g — ntfs-3g | A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. | 2021-09-07 | not yet calculated | CVE-2021-39263 MISC MISC DEBIAN |
ntfs-3g — ntfs-3g | A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22. | 2021-09-07 | not yet calculated | CVE-2021-39258 MISC MISC DEBIAN |
ntfs-3g — ntfs-3g |
A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. | 2021-09-07 | not yet calculated | CVE-2021-39253 MISC MISC DEBIAN |
ntfs-3g — ntfs-3g |
In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. | 2021-09-07 | not yet calculated | CVE-2021-33286 MISC MISC MLIST DEBIAN |
ntfs-3g — ntfs-3g |
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the “bytes_in_use” field should be less than the “bytes_allocated” field. When it is not, the parsing of the records proceeds into the wild. | 2021-09-07 | not yet calculated | CVE-2021-33285 MISC MISC MISC MISC MLIST DEBIAN |
ntfs-3g — ntfs-3g |
A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. | 2021-09-07 | not yet calculated | CVE-2021-39251 MISC MISC MISC MISC MISC DEBIAN |
ntfs-3g — ntfs-3g |
A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22. | 2021-09-07 | not yet calculated | CVE-2021-39255 MISC MISC DEBIAN |
ntfs-3g — ntfs-3g |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22. | 2021-09-07 | not yet calculated | CVE-2021-39256 MISC MISC DEBIAN |
ntfs-3g — ntfs-3g |
In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application. | 2021-09-07 | not yet calculated | CVE-2021-33287 MISC MISC MISC MLIST DEBIAN |
ntfs-3g — ntfs-3g |
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. | 2021-09-07 | not yet calculated | CVE-2021-39259 MISC MISC DEBIAN |
objections.js — objection.js |
objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) | 2021-09-06 | not yet calculated | CVE-2021-3766 CONFIRM MISC |
octorrki — origin_validation |
Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP “MaxLength” value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 – Cloudflare) prior to launching a BGP hijack which during normal operations would be rejected as “RPKI invalid”. Additionally, in certain deployments RTR session flapping in and of itself also could cause BGP routing churn, causing availability issues. | 2021-09-09 | not yet calculated | CVE-2021-3761 CONFIRM |
onlyoffice — document_server |
The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields. | 2021-09-10 | not yet calculated | CVE-2021-40864 MISC MISC |
onyaktech — comments_pro | An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment. | 2021-09-07 | not yet calculated | CVE-2021-33483 MISC MISC |
onyaktech — comments_pro |
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted encryption key (sent as a parameter in the comment form request) by setting this encrypted value as the username, which will appear on the comment page in its decrypted form. Using these two values (combined with the encryption functionality discovered in the decompiled installer), the attacker can encrypt another user’s ID and username. These values can be used as part of the comment posting request in order to spoof the user. | 2021-09-07 | not yet calculated | CVE-2021-33484 MISC MISC |
openbmc — openbmc |
In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system. | 2021-09-09 | not yet calculated | CVE-2021-39296 MISC MISC |
openstack — neutron | An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service. | 2021-09-08 | not yet calculated | CVE-2021-40797 MISC CONFIRM MLIST |
openwall — ntfs-3g |
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges. | 2021-09-07 | not yet calculated | CVE-2021-35268 MISC MISC MLIST DEBIAN |
openwall — ntfs-3g |
NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root. | 2021-09-07 | not yet calculated | CVE-2021-35267 MISC MISC MLIST DEBIAN |
openwall — ntfs-3g |
NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges. | 2021-09-07 | not yet calculated | CVE-2021-35269 MISC MLIST DEBIAN |
openwall — ntfs-3g |
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution. | 2021-09-07 | not yet calculated | CVE-2021-35266 MISC MISC MLIST DEBIAN |
otrs_ag — community_edition |
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. | 2021-09-06 | not yet calculated | CVE-2021-36096 CONFIRM |
owncloud — owncloud |
Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation. | 2021-09-08 | not yet calculated | CVE-2021-40537 MISC |
owncloud — owncloud |
The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL. | 2021-09-07 | not yet calculated | CVE-2021-35947 MISC MISC |
owncloud — owncloud |
The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share. | 2021-09-07 | not yet calculated | CVE-2021-35949 MISC MISC |
owncloud — owncloud |
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions. | 2021-09-07 | not yet calculated | CVE-2021-35946 MISC MISC |
owncloud — owncloud |
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie. | 2021-09-07 | not yet calculated | CVE-2021-35948 MISC MISC |
oxracer — oxracer |
A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script. | 2021-09-07 | not yet calculated | CVE-2020-19767 MISC |
palo_alto_networks — cortex_xsoar_server | An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances. | 2021-09-08 | not yet calculated | CVE-2021-3051 CONFIRM |
palo_alto_networks — cortex_xsoar_server |
An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions. | 2021-09-08 | not yet calculated | CVE-2021-3049 CONFIRM |
palo_alto_networks — pan-os |
An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. This issue does not affect Prisma Access. | 2021-09-08 | not yet calculated | CVE-2021-3053 CONFIRM |
palo_alto_networks — pan-os |
An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.6. This issue does not affect Prisma Access. | 2021-09-08 | not yet calculated | CVE-2021-3055 CONFIRM |
palo_alto_networks — pan-os |
A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7; PAN-OS 10.1 versions earlier than PAN-OS 10.1.2. This issue does not affect Prisma Access. | 2021-09-08 | not yet calculated | CVE-2021-3054 CONFIRM |
palo_alto_networks — pan-os |
A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.20; PAN-OS 9.0 versions earlier than 9.0.14; PAN-OS 9.1 versions earlier than 9.1.10; PAN-OS 10.0 versions earlier than 10.0.2. This issue does not affect Prisma Access. | 2021-09-08 | not yet calculated | CVE-2021-3052 CONFIRM |
parlai — parlai | Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0. | 2021-09-10 | not yet calculated | CVE-2021-24040 MISC CONFIRM |
parlai — parlai |
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0. If upgrading is not possible then users can change the Loader used to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details. | 2021-09-10 | not yet calculated | CVE-2021-39207 MISC MISC CONFIRM |
pcapture — pcapture |
pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filters can effectively limit the scope of information that a user can see in the data captures. If no filter is present, then all data on the local network segment where the program is running can be captured and downloaded. v3.12 fixes this problem. There is no workaround, you must upgrade to v3.12 or greater. | 2021-09-07 | not yet calculated | CVE-2021-39196 CONFIRM MISC MISC |
pepeauctionsale — pepeauctionsale |
The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application. | 2021-09-07 | not yet calculated | CVE-2020-19766 MISC |
phpmywind — phpmywind |
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without “<, >, ?, =, `,….” In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file. | 2021-09-07 | not yet calculated | CVE-2021-39503 MISC MISC |
playsms — playsms |
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI. | 2021-09-10 | not yet calculated | CVE-2021-40373 MISC CONFIRM |
plesk — obsidian |
The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim’s browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability. | 2021-09-10 | not yet calculated | CVE-2021-35976 MISC MISC |
pomerium — pomerium | Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched. | 2021-09-09 | not yet calculated | CVE-2021-39204 CONFIRM MISC MISC |
pomerium — pomerium | Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect authorization or routing decisions may be made by Pomerium. Pomerium v0.14.8 and v0.15.1 contain an upgraded envoy binary with these vulnerabilities patched. This issue can only be triggered when using path prefix based policy. Removing any such policies should provide mitigation. | 2021-09-09 | not yet calculated | CVE-2021-39206 MISC MISC CONFIRM MISC |
pomerium — pomerium |
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered. | 2021-09-09 | not yet calculated | CVE-2021-39162 MISC MISC CONFIRM |
ppgo_jobs — ppgo_jobs |
Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the ‘AjaxRun()’ function. | 2021-09-08 | not yet calculated | CVE-2020-26772 MISC MISC |
prestashop — customer_photo_gallary |
The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection. | 2021-09-08 | not yet calculated | CVE-2021-40814 MISC |
python — python | The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory. | 2021-09-10 | not yet calculated | CVE-2021-40839 MISC MISC MISC MISC |
qnap — multiple_devices |
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later | 2021-09-10 | not yet calculated | CVE-2021-34346 CONFIRM |
qnap — multiple_devices |
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later | 2021-09-10 | not yet calculated | CVE-2021-34345 CONFIRM |
qnap — multiple_products |
A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later | 2021-09-10 | not yet calculated | CVE-2018-19957 CONFIRM |
qnap — multiple_products |
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later | 2021-09-10 | not yet calculated | CVE-2021-34343 CONFIRM |
qnap — qunetswitch |
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later | 2021-09-10 | not yet calculated | CVE-2021-28813 CONFIRM |
qnap — qusbcam2 |
A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSBCam2: QTS 4.5.4: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 5.0: QUSBCam2 2.0.1 ( 2021/08/03 ) and later QTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 4.3.3: QUSBCam2 1.1.4 ( 2021/08/06 ) and later QuTS hero 4.5.3: QUSBCam2 1.1.4 ( 2021/07/30 ) and later | 2021-09-10 | not yet calculated | CVE-2021-34344 CONFIRM |
qnap — multiple_products |
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QTS 4.3.3.1693 build 20210624 and later QTS 4.3.6.1750 build 20210730 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later | 2021-09-10 | not yet calculated | CVE-2021-28816 CONFIRM |
qualcomm — multiple_snapdragon_products |
Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2021-09-09 | not yet calculated | CVE-2021-30295 CONFIRM |
qualcomm — multiple_snapdragon_products |
Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2021-09-08 | not yet calculated | CVE-2020-11301 CONFIRM |
qualcomm — multiple_snapdragon_products |
Possible null pointer dereference due to race condition between timeline fence signal and time line fence destroy in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-09-09 | not yet calculated | CVE-2021-30290 CONFIRM |
qualcomm — multiple_snapdragon_products |
Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2021-09-08 | not yet calculated | CVE-2020-11264 CONFIRM |
qualcomm — multiple_snapdragon_products |
Potential null pointer dereference in KGSL GPU auxiliary command due to improper validation of user input in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-09-09 | not yet calculated | CVE-2021-30294 CONFIRM |
qualcomm — snapdragon_products | Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2021-09-08 | not yet calculated | CVE-2021-1929 CONFIRM |
qualcomm — snapdragon_products | Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2021-09-09 | not yet calculated | CVE-2021-1957 CONFIRM |
qualcomm — snapdragon_products | Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2021-09-08 | not yet calculated | CVE-2021-1972 CONFIRM |
qualcomm — snapdragon_products | Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2021-09-09 | not yet calculated | CVE-2021-1909 CONFIRM |
qualcomm — snapdragon_products | Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | 2021-09-08 | not yet calculated | CVE-2021-1914 CONFIRM |
qualcomm — snapdragon_products | Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2021-09-09 | not yet calculated | CVE-2021-1974 CONFIRM |
qualcomm — snapdragon_products | Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT | 2021-09-08 | not yet calculated | CVE-2021-1923 CONFIRM |
qualcomm — snapdragon_products | Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-09-08 | not yet calculated | CVE-2021-1930 CONFIRM |
qualcomm — snapdragon_products | Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | 2021-09-08 | not yet calculated | CVE-2021-1919 CONFIRM |
qualcomm — snapdragon_products | Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2021-09-09 | not yet calculated | CVE-2021-1946 CONFIRM |
qualcomm — snapdragon_products | Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-09-09 | not yet calculated | CVE-2021-1948 CONFIRM |
qualcomm — snapdragon_products | Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2021-09-09 | not yet calculated | CVE-2021-1956 CONFIRM |
qualcomm — snapdragon_products | A race condition in fastrpc kernel driver for dynamic process creation can lead to use after free scenario in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables | 2021-09-09 | not yet calculated | CVE-2021-1958 CONFIRM |
qualcomm — snapdragon_products | UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | 2021-09-09 | not yet calculated | CVE-2021-1933 CONFIRM |
qualcomm — snapdragon_products |
Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-09-09 | not yet calculated | CVE-2021-1941 CONFIRM |
qualcomm — snapdragon_products |
Buffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum endpoint pair and its size in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2021-09-09 | not yet calculated | CVE-2021-1962 CONFIRM |
qualcomm — snapdragon_products |
Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 2021-09-09 | not yet calculated | CVE-2021-1971 CONFIRM |
qualcomm — snapdragon_products |
Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-09-09 | not yet calculated | CVE-2021-1961 CONFIRM |
qualcomm — snapdragon_products |
Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2021-09-09 | not yet calculated | CVE-2021-1960 CONFIRM |
qualcomm — snapdragon_products |
Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music | 2021-09-09 | not yet calculated | CVE-2021-1952 CONFIRM |
qualcomm — snapdragon_products |
Possible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-09-09 | not yet calculated | CVE-2021-1963 CONFIRM |
qualcomm — snapdragon_products |
Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | 2021-09-09 | not yet calculated | CVE-2021-1935 CONFIRM |
qualcomm — snapdragon_products |
Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2021-09-08 | not yet calculated | CVE-2021-1904 CONFIRM |
qualcomm — snapdragon_products |
Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | 2021-09-08 | not yet calculated | CVE-2021-1916 CONFIRM |
qualcomm — snapdragon_products |
Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT | 2021-09-09 | not yet calculated | CVE-2021-1934 CONFIRM |
qualcomm — snapdragon_products |
Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | 2021-09-08 | not yet calculated | CVE-2021-1920 CONFIRM |
qualcomm — snapdragon_products |
Buffer over read could occur due to incorrect check of buffer size while flashing emmc devices in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2021-09-08 | not yet calculated | CVE-2021-1928 CONFIRM |
raonwizcoltd — dext5 |
A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832) | 2021-09-07 | not yet calculated | CVE-2020-7832 MISC |
raonwizcoltd — execm_coreb2b |
A vulnerability(improper input validation) in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via httpDownload function. A successful exploit could allow the attacker to hijack vulnerable system. | 2021-09-07 | not yet calculated | CVE-2020-7865 MISC |
remark-html — remark-html |
remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user input was not sanitized. This means arbitrary HTML can be passed through leading to potential XSS attacks. The problem has been patched in 13.0.2 and 14.0.1: `remark-html` is now safe by default, and the implementation matches the documentation. On older affected versions, pass `sanitize: true` if you cannot update. | 2021-09-07 | not yet calculated | CVE-2021-39199 MISC MISC CONFIRM MISC |
ribbonsoft — ribbonsoft |
A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | 2021-09-08 | not yet calculated | CVE-2021-21897 MISC |
rittal — cmc_pu_iii_web_management |
Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitize user input on Network TCP/IP configuration page. This allows the attacker to inject commands as root on the device which will be executed once the data is received. | 2021-09-09 | not yet calculated | CVE-2021-40222 MISC |
rittal — cmc_pu_iii_web_management |
Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging filter dialog). This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts). The XSS payload will be triggered when the user accesses some specific sections of the application. | 2021-09-09 | not yet calculated | CVE-2021-40223 MISC |
rob_the_bank — rob_the_bank |
A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script. | 2021-09-07 | not yet calculated | CVE-2020-19769 MISC |
saltstack — salt | An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software. | 2021-09-08 | not yet calculated | CVE-2021-22004 MISC FEDORA FEDORA |
saltstack — salt |
An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion. | 2021-09-08 | not yet calculated | CVE-2021-21996 MISC FEDORA FEDORA |
showdoc — showdoc |
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the ‘file_url’ parameter in the component AdminUpdateController.class.php’. | 2021-09-08 | not yet calculated | CVE-2021-36440 MISC |
silicon — labs_iwrap |
The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet. | 2021-09-07 | not yet calculated | CVE-2021-31609 MISC MISC |
simple_water_refilling_station_management_system — simple_water_refilling_station_and_management_system |
Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action. | 2021-09-07 | not yet calculated | CVE-2021-38841 MISC MISC MISC |
smartertools — smartermail |
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application. | 2021-09-08 | not yet calculated | CVE-2021-40377 MISC |
softcontrol — softcontrol |
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: . | 2021-09-08 | not yet calculated | CVE-2020-24672 MISC |
solarwinds — patch_manager_orion_platform |
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data. | 2021-09-08 | not yet calculated | CVE-2021-35217 MISC MISC CONFIRM |
sonatype — nexus_repository |
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance. | 2021-09-07 | not yet calculated | CVE-2021-40143 MISC CONFIRM |
sqlite-web — sqlite-web |
This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack. | 2021-09-08 | not yet calculated | CVE-2021-23404 MISC MISC |
systeminformation — systeminformation |
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix. | 2021-09-09 | not yet calculated | CVE-2020-26300 MISC MISC CONFIRM MISC |
toyopuc — multiple_devices |
All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between affected devices. | 2021-09-10 | not yet calculated | CVE-2021-33011 MISC |
trend_micro_security — consumer |
Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service. | 2021-09-06 | not yet calculated | CVE-2021-36744 MISC MISC |
wildau — covid-19_contact_tracing |
api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds. | 2021-09-07 | not yet calculated | CVE-2021-33831 MISC MISC |
wordpress — wordpress | The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1. | 2021-09-10 | not yet calculated | CVE-2021-38358 MISC MISC |
wordpress — wordpress | The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selected_menu parameter found in the ~/custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3. | 2021-09-09 | not yet calculated | CVE-2021-38321 MISC MISC |
wordpress — wordpress | The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0. | 2021-09-10 | not yet calculated | CVE-2021-38360 MISC MISC |
wordpress — wordpress | The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1. | 2021-09-10 | not yet calculated | CVE-2021-38359 MISC MISC |
wordpress — wordpress | The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. | 2021-09-10 | not yet calculated | CVE-2021-38326 MISC MISC |
wordpress — wordpress | The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6. | 2021-09-10 | not yet calculated | CVE-2021-38354 MISC MISC |
wordpress — wordpress | The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0. | 2021-09-10 | not yet calculated | CVE-2021-38353 MISC MISC |
wordpress — wordpress | The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. | 2021-09-10 | not yet calculated | CVE-2021-38332 MISC MISC |
wordpress — wordpress | The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3. | 2021-09-10 | not yet calculated | CVE-2021-38351 MISC MISC |
wordpress — wordpress | The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. | 2021-09-10 | not yet calculated | CVE-2021-38328 MISC MISC |
wordpress — wordpress | The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1. | 2021-09-09 | not yet calculated | CVE-2021-38322 MISC MISC |
wordpress — wordpress | The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the ~/user-activation-email.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.0. | 2021-09-09 | not yet calculated | CVE-2021-38325 MISC MISC |
wordpress — wordpress | The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the ~/analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1. | 2021-09-10 | not yet calculated | CVE-2021-38350 MISC MISC |
wordpress — wordpress | The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. | 2021-09-10 | not yet calculated | CVE-2021-38338 MISC MISC |
wordpress — wordpress | WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the custom HTML widget. This has been patched in WordPress 5.8. It was only present during the testing/beta phase of WordPress 5.8. | 2021-09-09 | not yet calculated | CVE-2021-39202 MISC CONFIRM |
wordpress — wordpress | The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/cover-carousel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | 2021-09-09 | not yet calculated | CVE-2021-38318 MISC MISC |
wordpress — wordpress | The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site’s database, in versions up to and including 1.5.3. | 2021-09-09 | not yet calculated | CVE-2021-38324 MISC MISC |
wordpress — wordpress | The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0. | 2021-09-09 | not yet calculated | CVE-2021-38320 MISC MISC |
wordpress — wordpress | The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | 2021-09-10 | not yet calculated | CVE-2021-38336 MISC MISC |
wordpress — wordpress |
The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the ~/bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3. | 2021-09-10 | not yet calculated | CVE-2021-38355 MISC MISC |
wordpress — wordpress |
The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0. | 2021-09-10 | not yet calculated | CVE-2021-38327 MISC MISC |
wordpress — wordpress |
The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the ~/sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1. | 2021-09-10 | not yet calculated | CVE-2021-38357 MISC MISC |
wordpress — wordpress |
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &polyname #2, &polyname, &address. | 2021-09-09 | not yet calculated | CVE-2021-36870 MISC CONFIRM |
wordpress — wordpress |
The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2. | 2021-09-10 | not yet calculated | CVE-2021-38331 MISC MISC |
wordpress — wordpress |
The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2. | 2021-09-10 | not yet calculated | CVE-2021-38329 MISC MISC |
wordpress — wordpress |
The Keyword Meta WordPress plugin through 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing attacker to make a logged in high privilege user save arbitrary setting via a CSRF attack. | 2021-09-06 | not yet calculated | CVE-2021-24611 MISC |
wordpress — wordpress |
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title. | 2021-09-09 | not yet calculated | CVE-2021-36871 MISC CONFIRM |
wordpress — wordpress |
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don’t have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It’s fixed in the final 5.8 release. | 2021-09-09 | not yet calculated | CVE-2021-39203 MISC CONFIRM |
wordpress — wordpress |
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who do not have the permission to post `unfiltered_html`. ### Patches This has been patched in WordPress 5.8, and will be pushed to older versions via minor releases (automatic updates). It’s strongly recommended that you keep auto-updates enabled to receive the fix. ### References https://wordpress.org/news/category/releases/ https://hackerone.com/reports/1142140 ### For more information If you have any questions or comments about this advisory: * Open an issue in [HackerOne](https://hackerone.com/wordpress) | 2021-09-09 | not yet calculated | CVE-2021-39201 MISC CONFIRM |
wordpress — wordpress |
The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1. | 2021-09-10 | not yet calculated | CVE-2021-38333 MISC MISC |
wordpress — wordpress |
The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8. | 2021-09-10 | not yet calculated | CVE-2021-38352 MISC MISC |
wordpress — wordpress |
The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpas_id parameter found in the ~/inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2. | 2021-09-10 | not yet calculated | CVE-2021-38348 MISC MISC |
wordpress — wordpress |
The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. | 2021-09-10 | not yet calculated | CVE-2021-38349 MISC MISC |
wordpress — wordpress |
The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3. | 2021-09-09 | not yet calculated | CVE-2021-38317 MISC MISC |
wordpress — wordpress |
The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2. | 2021-09-10 | not yet calculated | CVE-2021-38347 MISC MISC |
wordpress — wordpress |
The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4. | 2021-09-10 | not yet calculated | CVE-2021-38330 MISC MISC |
wordpress — wordpress |
The WP Academic People List WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category_name parameter in the ~/admin-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.4.1. | 2021-09-09 | not yet calculated | CVE-2021-38316 MISC MISC |
wordpress — wordpress |
The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10. | 2021-09-10 | not yet calculated | CVE-2021-38341 MISC MISC |
wordpress — wordpress |
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It’s strongly recommended that you keep auto-updates enabled to receive the fix. | 2021-09-09 | not yet calculated | CVE-2021-39200 MISC CONFIRM |
wordpress — wordpress |
The RentPress WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the ~/src/rentPress/AjaxRequests.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.6.4. | 2021-09-09 | not yet calculated | CVE-2021-38323 MISC MISC |
wordpress — wordpress |
The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/morefromgoogle.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2. | 2021-09-09 | not yet calculated | CVE-2021-38319 MISC MISC |
wordpress — wordpress |
The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | 2021-09-10 | not yet calculated | CVE-2021-38334 MISC MISC |
wordpress — wordpress |
The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | 2021-09-10 | not yet calculated | CVE-2021-38335 MISC MISC |
wordpress — wordpress |
The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. | 2021-09-10 | not yet calculated | CVE-2021-38337 MISC MISC |
wordpress — wordpress |
The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01. | 2021-09-10 | not yet calculated | CVE-2021-38339 MISC MISC |
wordpress — wordpress |
The WordPress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | 2021-09-10 | not yet calculated | CVE-2021-38340 MISC MISC |
yakamara — media_redaxo |
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code. | 2021-09-09 | not yet calculated | CVE-2021-39459 MISC |
yakamara — media_redaxo |
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables. | 2021-09-09 | not yet calculated | CVE-2021-39458 MISC |
younglimwonco.ltd — activex |
Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution. | 2021-09-09 | not yet calculated | CVE-2020-7873 MISC |
zhuhai — jieli | The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_V1.0 does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after paging procedure. User intervention is required to restart the device. | 2021-09-07 | not yet calculated | CVE-2021-34143 MISC MISC MISC |
zhuhai — jieli_ac690x_and_ac692x_devices |
The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure, allowing attackers in radio range to trigger a deadlock via a crafted LMP packet. | 2021-09-07 | not yet calculated | CVE-2021-31612 MISC MISC MISC |
zhuhai — jieli_ac690x_and_ac692x_devices |
The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot the device to restore communication. | 2021-09-07 | not yet calculated | CVE-2021-31611 MISC MISC MISC MISC |
zoho — manageengine_adselfservice |
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. | 2021-09-10 | not yet calculated | CVE-2021-37423 MISC |
zoho — manageengine_adselfservice_plus |
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. | 2021-09-10 | not yet calculated | CVE-2021-37422 MISC |
zoho — manageengine_adselfservice_plus |
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. | 2021-09-07 | not yet calculated | CVE-2021-40539 MISC MISC |
zoho — manageengine_desktopcentral |
Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows anyone to get a valid user’s APIKEY without authentication. | 2021-09-10 | not yet calculated | CVE-2021-37414 MISC |
zook — solution |
A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing ‘ConnectMe’ command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command. | 2021-09-07 | not yet calculated | CVE-2020-7877 MISC |
zstack — zstack | ZStack is open source IaaS(infrastructure as a service) software. In ZStack before versions 3.10.12 and 4.1.6 there is a pre-auth unsafe deserialization vulnerability in the REST API. An attacker in control of the request body will be able to provide both the class name and the data to be deserialized and therefore will be able to instantiate an arbitrary type and assign arbitrary values to its fields. This issue may lead to a Denial Of Service. If a suitable gadget is available, then an attacker may also be able to exploit this vulnerability to gain pre-auth remote code execution. For additional details see the referenced GHSL-2021-087. | 2021-09-09 | not yet calculated | CVE-2021-32836 CONFIRM MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.