Vulnerability Summary for the Week of October 25, 2021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache -- storm | An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4 | 2021-10-25 | 7.5 | CVE-2021-40865 MISC MISC |
apache -- storm | A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication. | 2021-10-25 | 7.5 | CVE-2021-38294 MISC MISC |
auvesy -- versiondog | The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string. | 2021-10-22 | 7.5 | CVE-2021-38481 CONFIRM |
auvesy -- versiondog | The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database. | 2021-10-22 | 7.5 | CVE-2021-38459 CONFIRM |
auvesy -- versiondog | The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication. | 2021-10-22 | 7.5 | CVE-2021-38457 CONFIRM |
auvesy -- versiondog | The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions. | 2021-10-22 | 9 | CVE-2021-38475 CONFIRM |
auvesy -- versiondog | Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker could rewrite the memory in any location of the affected product. | 2021-10-22 | 7.5 | CVE-2021-38449 CONFIRM |
cct95 -- chichen_tech_cms | Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters. | 2021-10-22 | 10 | CVE-2020-28960 MISC |
checkpoint -- harmony_browse | The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges. | 2021-10-22 | 7.2 | CVE-2021-30359 MISC MISC |
cisco -- adaptive_security_appliance | A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incoming SSL/TLS packets are not properly processed. An attacker could exploit this vulnerability by sending a crafted SSL/TLS packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | 2021-10-27 | 7.8 | CVE-2021-40117 CISCO |
cisco -- adaptive_security_appliance | Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. These vulnerabilities are due to improper input validation when parsing HTTPS requests. An attacker could exploit these vulnerabilities by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2021-10-27 | 7.1 | CVE-2021-40118 CISCO |
cisco -- adaptive_security_appliance | A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability. | 2021-10-27 | 7.8 | CVE-2021-34783 CISCO |
cisco -- adaptive_security_appliance | A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management when connection rates are high. An attacker could exploit this vulnerability by opening a significant number of connections on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2021-10-27 | 7.8 | CVE-2021-34792 CISCO |
cisco -- firepower_management_center | Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP packets. An attacker could exploit this vulnerability by sending a series of ICMP packets through an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device, causing the device to reload. | 2021-10-27 | 7.8 | CVE-2021-40114 CISCO |
cisco -- firepower_management_center | Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable. | 2021-10-27 | 7.1 | CVE-2021-40116 CISCO |
cisco -- firepower_management_center_virtual_appliance | A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to a lack of proper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, which causes a DoS condition on the affected device. The device must be manually reloaded to recover. | 2021-10-27 | 7.1 | CVE-2021-34781 CISCO |
cisco -- firepower_management_center_virtual_appliance | Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-10-27 | 7.2 | CVE-2021-34756 CISCO |
cisco -- firepower_management_center_virtual_appliance | Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-10-27 | 7.2 | CVE-2021-34755 CISCO |
cszcms -- csz_cms | CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php. | 2021-10-27 | 7.5 | CVE-2020-21250 MISC |
eclipse -- openj9 | In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. | 2021-10-25 | 7.5 | CVE-2021-41035 CONFIRM CONFIRM CONFIRM |
flashget -- flashget | FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function. This vulnerability allows attackers to elevate local process privileges via overwriting the registers. | 2021-10-22 | 9 | CVE-2020-28967 MISC |
gestionaleopen -- gestionale_open | An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues. | 2021-10-26 | 9.3 | CVE-2021-37363 MISC MISC |
google -- android | In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594996; Issue ID: ALPS05594996. | 2021-10-25 | 7.2 | CVE-2021-0625 MISC |
google -- android | In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594994; Issue ID: ALPS05594994. | 2021-10-25 | 7.2 | CVE-2021-0634 MISC |
google -- android | In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-192472262 | 2021-10-22 | 9.3 | CVE-2021-0870 MISC MISC |
google -- android | In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel | 2021-10-25 | 7.2 | CVE-2021-0941 MISC |
google -- android | In TBD of TBD, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171315276References: N/A | 2021-10-25 | 7.2 | CVE-2021-0940 MISC |
google -- android | In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel | 2021-10-25 | 7.2 | CVE-2021-0935 MISC |
google -- android | In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-183262161 | 2021-10-22 | 7.2 | CVE-2021-0708 MISC |
google -- android | In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-185388103 | 2021-10-22 | 7.2 | CVE-2021-0705 MISC |
google -- android | In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329 | 2021-10-22 | 7.2 | CVE-2021-0703 MISC |
google -- android | In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844458; Issue ID: ALPS05844458. | 2021-10-25 | 7.2 | CVE-2021-0663 MISC |
google -- android | In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844434; Issue ID: ALPS05844434. | 2021-10-25 | 7.2 | CVE-2021-0662 MISC |
google -- android | In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185178568 | 2021-10-22 | 7.2 | CVE-2021-0652 MISC |
google -- android | In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844413; Issue ID: ALPS05844413. | 2021-10-25 | 7.2 | CVE-2021-0661 MISC |
google -- android | In display driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05585423; Issue ID: ALPS05585423. | 2021-10-25 | 7.2 | CVE-2021-0633 MISC |
gridprosoftware -- request_management | Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap. | 2021-10-25 | 7.5 | CVE-2021-40371 MISC MISC MISC |
huawei -- imanager_neteco_6000_firmware | There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions include:iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210. | 2021-10-27 | 9 | CVE-2021-37127 MISC |
inria -- caml-light | caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install. | 2021-10-26 | 7.5 | CVE-2011-4119 MISC MISC MISC |
krylack -- zip_password_recovery | Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to contain a buffer overflow via the decompress function. | 2021-10-22 | 7.2 | CVE-2020-28963 MISC |
mcafee -- total_protection | Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP. | 2021-10-26 | 7.2 | CVE-2021-23877 MISC |
online_student_admission_system_project -- online_student_admission_system | Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php. | 2021-10-26 | 7.5 | CVE-2021-37371 MISC MISC MISC |
openclinic_ga_project -- openclinic_ga | OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues. | 2021-10-26 | 9.3 | CVE-2021-37364 MISC MISC MISC |
openpowerfoundation -- skiboot | An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion function. | 2021-10-22 | 7.5 | CVE-2021-36357 MISC |
parallels -- parallels_desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13544. | 2021-10-25 | 7.2 | CVE-2021-34854 N/A N/A |
php -- php | In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. | 2021-10-25 | 7.2 | CVE-2021-21703 MISC DEBIAN DEBIAN MLIST MLIST FEDORA FEDORA |
polarssl -- polarssl | PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results. | 2021-10-27 | 7.5 | CVE-2011-4574 MISC |
portable -- playable | Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | 2021-10-22 | 7.5 | CVE-2020-23037 MISC |
salesagility -- suitecrm | SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328. | 2021-10-22 | 9 | CVE-2021-42840 MISC MISC MISC MISC |
showdoc -- showdoc | ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions. | 2021-10-22 | 7.5 | CVE-2021-41745 MISC MISC |
simple_payroll_system_with_dynamic_tax_bracket_project -- simple_payroll_system_with_dynamic_tax_bracket | The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads. | 2021-10-22 | 7.5 | CVE-2021-42169 MISC |
sixapart -- movable_type | Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability. | 2021-10-26 | 7.5 | CVE-2021-20837 MISC MISC MISC |
solarwinds -- kiwi_cattools | As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. | 2021-10-22 | 7.2 | CVE-2021-35230 MISC |
sourcecodester -- complaint_management_system | An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php. | 2021-10-27 | 7.5 | CVE-2020-24932 MISC |
tonec -- internet_download_manager | Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerability allows attackers to escalate local process privileges via unspecified vectors. | 2021-10-22 | 7.2 | CVE-2020-28964 MISC |
websvn -- websvn | A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system. | 2021-10-26 | 9.3 | CVE-2011-2195 MISC |
yonyou -- ufida_product_lifecycle_management | All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle Management) is a strategic management method. It applies a series of enterprise application systems to support the entire process from conceptual design to the end of product life, and the collaborative creation, distribution, application and management of product information across organizations. Yonyou PLM uses jboss by default, and you can access the management control background without authorization An attacker can use this vulnerability to gain server permissions. | 2021-10-22 | 7.5 | CVE-2021-41744 MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
advantech -- webaccess\/nms | WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS. | 2021-10-27 | 5 | CVE-2021-32951 MISC |
air_sender_project -- air_sender | Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file. | 2021-10-22 | 6.5 | CVE-2020-23043 MISC |
anaconda -- dask | An issue was discovered in Dask (aka python-dask) through 2021.09.1. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution. | 2021-10-26 | 6.8 | CVE-2021-42343 MISC |
aplixio -- pdf_shapingup | Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file. | 2021-10-22 | 6.8 | CVE-2020-28969 MISC |
atlassian -- jira | Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1. | 2021-10-26 | 4 | CVE-2021-41308 MISC |
atlassian -- jira | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12.. | 2021-10-26 | 5 | CVE-2021-41305 MISC |
atlassian -- jira | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. | 2021-10-26 | 5 | CVE-2021-41306 MISC |
atlassian -- jira | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. | 2021-10-26 | 5 | CVE-2021-41307 MISC |
atlassian -- jira | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.1. | 2021-10-26 | 4.3 | CVE-2021-41304 MISC |
automatedlogic -- webctrl | The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization. | 2021-10-22 | 4.3 | CVE-2021-31682 MISC MISC MISC |
auvesy -- versiondog | Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. An attacker can manipulate API functions by writing arbitrary data into the resolved address of a raw pointer. | 2021-10-22 | 5 | CVE-2021-38479 CONFIRM |
auvesy -- versiondog | A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control what memory regions will be freed and cause use-after-free condition. | 2021-10-22 | 5.5 | CVE-2021-38467 CONFIRM |
auvesy -- versiondog | The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions. | 2021-10-22 | 5.5 | CVE-2021-38463 CONFIRM |
auvesy -- versiondog | There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files. | 2021-10-22 | 6.4 | CVE-2021-38471 CONFIRM |
auvesy -- versiondog | The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries. | 2021-10-22 | 6.4 | CVE-2021-38461 CONFIRM |
auvesy -- versiondog | Some API functions allow interaction with the registry, which includes reading values as well as data modification. | 2021-10-22 | 6.4 | CVE-2021-38453 CONFIRM |
auvesy -- versiondog | There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files. | 2021-10-22 | 6.4 | CVE-2021-38477 CONFIRM |
auvesy -- versiondog | The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow. | 2021-10-22 | 6.5 | CVE-2021-38473 CONFIRM |
auvesy -- versiondog | The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the value. | 2021-10-22 | 4 | CVE-2021-38455 CONFIRM |
auvesy -- versiondog | The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable. | 2021-10-22 | 4 | CVE-2021-38465 CONFIRM |
auvesy -- versiondog | Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the affected product’s binaries, thus hijacking the loaded DLL. | 2021-10-22 | 4.3 | CVE-2021-38469 CONFIRM |
bqe -- billquick_web_suite | BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell. | 2021-10-22 | 6.8 | CVE-2021-42258 MISC |
cisco -- adaptive_security_appliance | Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming. | 2021-10-27 | 5 | CVE-2021-34790 CISCO |
cisco -- adaptive_security_appliance | A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices configured to use object group search. An attacker could exploit this vulnerability by sending a specially crafted network request to an affected device. A successful exploit could allow the attacker to bypass access control list (ACL) rules on the device, bypass security protections, and send network traffic to unauthorized hosts. | 2021-10-27 | 4.3 | CVE-2021-34787 CISCO |
cisco -- adaptive_security_appliance | Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming. | 2021-10-27 | 5 | CVE-2021-34791 CISCO |
cisco -- adaptive_security_appliance | A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in transparent mode could allow an unauthenticated, remote attacker to poison MAC address tables, resulting in a denial of service (DoS) vulnerability. This vulnerability is due to incorrect handling of certain TCP segments when the affected device is operating in transparent mode. An attacker could exploit this vulnerability by sending a crafted TCP segment through an affected device. A successful exploit could allow the attacker to poison the MAC address tables in adjacent devices, resulting in network disruption. | 2021-10-27 | 5 | CVE-2021-34793 CISCO |
cisco -- adaptive_security_appliance | A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A successful exploit could allow the attacker to send an SNMP query to an affected device and retrieve information from the device. The attacker would need valid credentials to perform the SNMP query. | 2021-10-27 | 5 | CVE-2021-34794 CISCO |
cisco -- adaptive_security_appliance | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. This vulnerability is due to improper control of a resource. An attacker with the ability to spoof a trusted IKEv2 site-to-site VPN peer and in possession of valid IKEv2 credentials for that peer could exploit this vulnerability by sending malformed, authenticated IKEv2 messages to an affected device. A successful exploit could allow the attacker to trigger a reload of the device. | 2021-10-27 | 6.3 | CVE-2021-40125 CISCO |
cisco -- firepower_management_center | Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet. | 2021-10-27 | 5 | CVE-2021-34754 CISCO |
cisco -- firepower_management_center_virtual_appliance | A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges. | 2021-10-27 | 6.6 | CVE-2021-34761 CISCO |
cisco -- firepower_management_center_virtual_appliance | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-10-27 | 5.8 | CVE-2021-34764 CISCO |
cisco -- firepower_management_center_virtual_appliance | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device. | 2021-10-27 | 5.5 | CVE-2021-34762 CISCO |
cloudfoundry -- capi-release | Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query. | 2021-10-27 | 5 | CVE-2021-22101 MISC |
codesys -- codesys | In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. | 2021-10-26 | 5 | CVE-2021-34586 CONFIRM MISC |
codesys -- codesys | In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation. | 2021-10-26 | 5 | CVE-2021-34585 CONFIRM MISC |
codesys -- codesys | Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | 2021-10-26 | 5 | CVE-2021-34583 CONFIRM MISC |
codesys -- codesys | Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | 2021-10-26 | 6.4 | CVE-2021-34584 CONFIRM MISC |
codesys -- plcwinnt | A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. | 2021-10-26 | 5.5 | CVE-2021-34595 CONFIRM |
codesys -- plcwinnt | In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC. | 2021-10-26 | 5 | CVE-2021-34593 CONFIRM FULLDISC |
codesys -- plcwinnt | A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. | 2021-10-26 | 4 | CVE-2021-34596 CONFIRM |
csdn -- csdn_app | Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive information such as user cookies. | 2021-10-22 | 4.3 | CVE-2021-41747 MISC MISC |
customer_relationship_management_system_project -- customer_relationship_management_system | A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. . | 2021-10-27 | 6.5 | CVE-2021-37221 MISC |
d-link -- dap-2020_firmware | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13271. | 2021-10-25 | 5.8 | CVE-2021-34863 N/A N/A |
d-link -- dap-2020_firmware | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13270. | 2021-10-25 | 5.8 | CVE-2021-34862 N/A N/A |
d-link -- dap-2020_firmware | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12104. | 2021-10-25 | 5.8 | CVE-2021-34861 N/A N/A |
dedecms -- dedecms | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 2021-10-22 | 4.3 | CVE-2020-36497 MISC |
dedecms -- dedecms | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 2021-10-22 | 4.3 | CVE-2020-23046 MISC |
dedecms -- dedecms | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 2021-10-22 | 4.3 | CVE-2020-36494 MISC |
dedecms -- dedecms | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 2021-10-22 | 4.3 | CVE-2020-36495 MISC |
dedecms -- dedecms | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 2021-10-22 | 4.3 | CVE-2020-36496 MISC |
dropouts -- air_share | Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request. | 2021-10-22 | 4.3 | CVE-2020-23041 MISC |
dropouts -- super_backup | Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request. | 2021-10-22 | 4.3 | CVE-2020-23042 MISC |
dropouts -- super_backup | Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command. | 2021-10-22 | 5 | CVE-2020-23061 MISC |
elabftw -- elabftw | eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing brute force login protection, as recommended by Owasp with Device Cookies. This mechanism will not impact users and will effectively thwart any brute-force attempts at guessing passwords. The only correct way to address this is to upgrade to version 4.1.0. Adding rate limitation upstream of the eLabFTW service is of course a valid option, with or without upgrading. | 2021-10-22 | 4 | CVE-2021-41171 CONFIRM MISC MISC MISC MISC |
emerson -- wireless_1410_gateway_firmware | The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. | 2021-10-22 | 4 | CVE-2021-42536 CONFIRM |
emerson -- wireless_1410_gateway_firmware | The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure. | 2021-10-22 | 6.5 | CVE-2021-42542 CONFIRM |
emerson -- wireless_1410_gateway_firmware | The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality. | 2021-10-22 | 6.5 | CVE-2021-42540 CONFIRM |
emerson -- wireless_1410_gateway_firmware | The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk. | 2021-10-22 | 6.5 | CVE-2021-38485 CONFIRM |
emerson -- wireless_1410_gateway_firmware | The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input. | 2021-10-22 | 6.5 | CVE-2021-42538 CONFIRM |
emerson -- wireless_1410_gateway_firmware | The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change. | 2021-10-22 | 6.5 | CVE-2021-42539 CONFIRM |
facebook -- hhvm | HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0. | 2021-10-26 | 5.5 | CVE-2019-3556 CONFIRM CONFIRM CONFIRM |
firefly-iii -- firefly_iii | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-10-27 | 4.3 | CVE-2021-3900 MISC CONFIRM |
freeswitch -- freeswitch | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication. | 2021-10-26 | 5 | CVE-2021-41157 CONFIRM MISC MISC FULLDISC |
freeswitch -- freeswitch | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. Abuse of this vulnerability allows attackers to potentially recover gateway passwords by performing a fast offline password cracking attack on the challenge response. The attacker does not require special network privileges, such as the ability to sniff the FreeSWITCH's network traffic, to exploit this issue. Instead, what is required for this attack to work is the ability to cause the victim server to send SIP request messages to the malicious party. Additionally, to exploit this issue, the attacker needs to specify the correct realm which might in some cases be considered secret. However, because many gateways are actually public, this information can easily be retrieved. The vulnerability appears to be due to the code which handles challenges in `sofia_reg.c`, `sofia_reg_handle_sip_r_challenge()` which does not check if the challenge is originating from the actual gateway. The lack of these checks allows arbitrary UACs (and gateways) to challenge any request sent by FreeSWITCH with the realm of the gateway being targeted. This issue is patched in version 10.10.7. Maintainers recommend that one should create an association between a SIP session for each gateway and its realm to make a check be put into place for this association when responding to challenges. | 2021-10-26 | 5 | CVE-2021-41158 CONFIRM MISC FULLDISC |
freeswitch -- freeswitch | Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion. By abusing this vulnerability, an attacker is able to crash any FreeSWITCH instance by flooding it with SIP messages, leading to Denial of Service. The attack does not require authentication and can be carried out over UDP, TCP or TLS. This issue was patched in version 1.10.7. | 2021-10-25 | 5 | CVE-2021-41145 CONFIRM MISC FULLDISC |
freeswitch -- freeswitch | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls can be terminated by remote attackers. This attack can be done continuously, thus denying encrypted calls during the attack. When a media port that is handling SRTP traffic is flooded with a specially crafted SRTP packet, the call is terminated leading to denial of service. This issue was reproduced when using the SDES key exchange mechanism in a SIP environment as well as when using the DTLS key exchange mechanism in a WebRTC environment. The call disconnection occurs due to line 6331 in the source file `switch_rtp.c`, which disconnects the call when the total number of SRTP errors reach a hard-coded threshold (100). By abusing this vulnerability, an attacker is able to disconnect any ongoing calls that are using SRTP. The attack does not require authentication or any special foothold in the caller's or the callee's network. This issue is patched in version 1.10.7. | 2021-10-25 | 5 | CVE-2021-41105 CONFIRM MISC FULLDISC |
froala -- wysiwyg-editor | A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML. | 2021-10-26 | 4.3 | CVE-2020-22864 MISC MISC |
game-server-status_project -- game-server-status | The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page | 2021-10-25 | 6.5 | CVE-2021-24662 MISC |
gjson_project -- gjson | GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack. | 2021-10-22 | 5 | CVE-2021-42836 MISC MISC MISC MISC MISC |
google -- android | In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-153358911 | 2021-10-22 | 4.4 | CVE-2021-0483 MISC |
google -- android | In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173789633References: Upstream kernel | 2021-10-25 | 4.6 | CVE-2021-0936 MISC |
google -- android | In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-67013844 | 2021-10-22 | 4.7 | CVE-2021-0651 MISC |
google -- android | In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-193444889 | 2021-10-22 | 4.9 | CVE-2021-0706 MISC |
google -- android | In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551397; Issue ID: ALPS05551397. | 2021-10-25 | 5 | CVE-2021-0630 MISC |
google -- android | In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551435; Issue ID: ALPS05551435. | 2021-10-25 | 5 | CVE-2021-0631 MISC |
helpu -- helpuviewer | An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator. | 2021-10-27 | 4.6 | CVE-2020-7867 MISC |
huawei -- emui | There is a Configuration defects in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. | 2021-10-28 | 5 | CVE-2021-22405 MISC |
huawei -- emui | There is a Directory traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | 2021-10-28 | 5 | CVE-2021-22404 MISC |
huawei -- emui | There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability can affect service integrity. | 2021-10-28 | 5 | CVE-2021-22401 MISC |
huawei -- emui | There is a DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS attacks. | 2021-10-28 | 5 | CVE-2021-22402 MISC |
huawei -- fusioncube_firmware | There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. | 2021-10-27 | 5 | CVE-2021-37130 MISC |
huawei -- ips_module_firmware | There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20. | 2021-10-27 | 5 | CVE-2021-37129 MISC |
huawei -- manageone | There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. | 2021-10-27 | 6 | CVE-2021-37131 MISC |
ibm -- business_automation_workflow | IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204833. | 2021-10-22 | 4.3 | CVE-2021-29835 CONFIRM XF |
ibm -- engineering_lifecycle_optimization | IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025. | 2021-10-27 | 6 | CVE-2021-29774 XF CONFIRM |
ibm -- planning_analytics | IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755. | 2021-10-27 | 5 | CVE-2021-20526 CONFIRM XF |
ingeteam -- ingepac_da_au_firmware | Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device´s web service could exploit this vulnerability in order to obtain different configuration files. | 2021-10-25 | 5 | CVE-2017-20007 CONFIRM |
jquery -- jquery_ui | jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. | 2021-10-26 | 4.3 | CVE-2021-41182 CONFIRM MISC MISC |
jquery -- jquery_ui | jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. | 2021-10-26 | 4.3 | CVE-2021-41183 MISC MISC CONFIRM MISC |
jquery -- jquery_ui | jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. | 2021-10-26 | 4.3 | CVE-2021-41184 MISC CONFIRM MISC |
jquery-reply-to-comment_project -- jquery-reply-to-comment | The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue. | 2021-10-25 | 4.3 | CVE-2021-24543 MISC |
kumilabs -- swift_file_transfer | Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables. | 2021-10-22 | 5 | CVE-2020-23038 MISC |
macs_cms_project -- macs_cms | Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module. | 2021-10-22 | 4.3 | CVE-2020-23047 MISC |
macs_cms_project -- macs_cms | Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules. | 2021-10-22 | 6.5 | CVE-2020-23045 MISC |
madeportable -- playable | Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file. | 2021-10-22 | 4.6 | CVE-2020-36485 MISC |
mangboard -- mang_board | A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter. The order_type parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information. | 2021-10-26 | 5 | CVE-2021-26609 MISC |
mcafee -- epolicy_orchestrator | Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized. | 2021-10-22 | 4.3 | CVE-2021-31835 CONFIRM |
medianavi -- smacom | MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up requests containing the user password via a man in the middle attack. | 2021-10-22 | 4.3 | CVE-2020-23036 MISC |
mycodo_project -- mycodo | Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has been applied and a release made. Users should upgrade to version 8.12.7. As a workaround, users may manually apply the changes from the fix commit. | 2021-10-26 | 4 | CVE-2021-41185 CONFIRM MISC MISC MISC |
nameko -- nameko | Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file. | 2021-10-26 | 6.8 | CVE-2021-41078 MISC MISC |
nextcloud -- deck | Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. There are no known workarounds aside from upgrading. | 2021-10-25 | 5.5 | CVE-2021-39225 CONFIRM MISC MISC |
nextcloud -- nextcloud_server | Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or `UserRateThrottle`) was thus not rate limited on instances not having a memory cache backend configured. In the case of a default installation, this would notably include the rate-limits on the two factor codes. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 22.2.0. As a workaround, enable a memory cache backend in `config.php`. | 2021-10-25 | 5.5 | CVE-2021-41177 CONFIRM MISC MISC |
nextcloud -- officeonline | Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the OfficeOnline application is upgraded to 1.1.1. As a workaround, one may disable the OfficeOnline application in the app settings. | 2021-10-25 | 5 | CVE-2021-39224 CONFIRM MISC |
nextcloud -- richdocuments | Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the Richdocuments application is upgraded to 3.8.6 or 4.2.3. As a workaround, disable the Richdocuments application in the app settings. | 2021-10-25 | 5 | CVE-2021-39223 MISC CONFIRM MISC |
nextcloud -- server | Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG file that mimics the Nextcloud login form and send a specially crafted link to victims. The XSS risk here is mitigated due to the fact that Nextcloud employs a strict Content-Security-Policy disallowing execution of arbitrary JavaScript. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading. | 2021-10-25 | 4 | CVE-2021-41178 MISC MISC CONFIRM |
nextcloud -- server | Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn't enforced for pages marked as public. Any page marked as `@PublicPage` could thus be accessed with a valid user session that isn't authenticated. This particularly affects the Nextcloud Talk application, as this could be leveraged to gain access to any private chat channel without going through the Two-Factor flow. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading. | 2021-10-25 | 4 | CVE-2021-41179 MISC MISC CONFIRM |
nxp -- mcuxpresso_software_development_kit | NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback(). | 2021-10-25 | 4.6 | CVE-2021-38258 MISC |
nxp -- mcuxpresso_software_development_kit | NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor(). | 2021-10-25 | 4.6 | CVE-2021-38260 MISC |
onepeloton -- peloton | Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application. | 2021-10-25 | 5 | CVE-2021-40527 CONFIRM |
onepeloton -- ttr01_firmware | Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike | 2021-10-25 | 5 | CVE-2021-40526 CONFIRM |
online_student_admission_system_project -- online_student_admission_system | Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution. | 2021-10-26 | 6.5 | CVE-2021-37372 MISC MISC MISC |
parallels -- parallels_desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13581. | 2021-10-25 | 4.6 | CVE-2021-34856 N/A N/A |
parallels -- parallels_desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13601. | 2021-10-25 | 4.6 | CVE-2021-34857 N/A N/A |
parallels -- parallels_desktop | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the WinAppHelper component. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13543. | 2021-10-25 | 4.6 | CVE-2021-34864 N/A |
permalink_manager_lite_project -- permalink_manager_lite | The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection | 2021-10-25 | 6.5 | CVE-2021-24769 MISC |
pterodactyl -- panel | Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. **No user details are leaked, nor is any user data affected, this is simply an annoyance at worst.** This is fixed in version 1.6.3. | 2021-10-25 | 4.3 | CVE-2021-41176 MISC CONFIRM MISC |
rasa -- rasa_x | Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file. | 2021-10-22 | 4.3 | CVE-2021-42556 MISC CONFIRM |
sanskruti -- st-daily-tip | The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, leading to a Stored Cross-Site Scripting issue | 2021-10-25 | 6.8 | CVE-2021-24487 MISC |
seeddms -- seeddms | SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters. | 2021-10-22 | 4.3 | CVE-2020-23048 MISC |
sky_file_project -- sky_file | Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands. | 2021-10-22 | 5 | CVE-2020-23040 MISC |
sky_file_project -- sky_file | An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands. | 2021-10-22 | 4 | CVE-2020-36488 MISC |
skyworth -- penguin_aurora_box_firmware | Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a specific link to remotely control the TV. | 2021-10-26 | 6.4 | CVE-2021-41873 MISC |
solarwinds -- kiwi_syslog_server | The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies. | 2021-10-27 | 5 | CVE-2021-35233 MISC MISC |
solarwinds -- kiwi_syslog_server | As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application". | 2021-10-25 | 4.6 | CVE-2021-35231 MISC MISC |
solarwinds -- kiwi_syslog_server | The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent. | 2021-10-27 | 5 | CVE-2021-35235 MISC MISC |
solarwinds -- kiwi_syslog_server | The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP, there is a potential for the cookie can be sent in clear text. | 2021-10-27 | 5 | CVE-2021-35236 MISC MISC |
sourcecodester -- news247_cms | Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search function in articles. | 2021-10-28 | 4.3 | CVE-2021-41728 MISC |
strategy11 -- formidable_form_builder | The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Link gets clicked, Javascript code can be executed. The vulnerability is due to insufficient sanitization of the "data-frmverify" tag for links in the web-based entry inspection page of affected systems. A successful exploitation incomibantion with CSRF could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These actions include stealing the users account by changing their password or allowing attackers to submit their own code through an authenticated user resulting in Remote Code Execution. If an authenticated user who is able to edit Wordpress PHP Code in any kind, clicks the malicious link, PHP code can be edited. | 2021-10-25 | 6.8 | CVE-2021-24884 MISC MISC MISC |
swiftfiletransfer -- swift_file_transfer | Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself. | 2021-10-22 | 4.3 | CVE-2020-36502 MISC |
swiftfiletransfer -- swift_file_transfer | Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling. | 2021-10-22 | 4.3 | CVE-2020-36486 MISC |
taotesting -- tao_assessment_platform | TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code. | 2021-10-22 | 6 | CVE-2020-23050 MISC |
teamviewer -- teamviewer | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13697. | 2021-10-25 | 6.8 | CVE-2021-34859 N/A N/A |
tonec -- internet_download_manager | Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file. | 2021-10-22 | 6.6 | CVE-2020-23060 MISC |
trane -- tracer_concierge | The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. | 2021-10-27 | 6.5 | CVE-2021-38450 CONFIRM |
trane -- tracer_sc_firmware | The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms. | 2021-10-22 | 4.3 | CVE-2021-42534 CONFIRM |
user-agent_switcher_and_manager_project -- user-agent_switcher_and_manager | A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field. | 2021-10-22 | 4.3 | CVE-2020-23054 MISC |
user_registration_\&_login_and_user_management_system_with_admin_panel_project -- user_registration_\&_login_and_user_management_system_with_admin_panel | Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields. | 2021-10-22 | 4.3 | CVE-2020-23051 MISC |
wp_debugging_project -- wp_debugging | The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any capability and CSRF checks, as a result, the settings can be updated by unauthenticated users. | 2021-10-25 | 4.3 | CVE-2021-24779 MISC |
wpchill -- check_\&_log_email | The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues | 2021-10-25 | 6.5 | CVE-2021-24774 MISC |
yop-poll -- yop-poll | The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting | 2021-10-25 | 4.3 | CVE-2021-24885 CONFIRM MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
akaunting -- akaunting | Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field. | 2021-10-25 | 3.5 | CVE-2020-20908 MISC |
antsword_redis_project -- antsword_redis | AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for AntSword prior to version 0.5 is vulnerable to Self-XSS due to due to insufficient input validation and sanitization via redis server configuration. Self-XSS in the plugin configuration leads to code execution. This issue is patched in version 0.5. | 2021-10-26 | 3.5 | CVE-2021-41172 MISC CONFIRM MISC |
auvesy -- versiondog | The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data. | 2021-10-22 | 3.5 | CVE-2021-38451 CONFIRM |
catalyst -- mahara | Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters. | 2021-10-22 | 3.5 | CVE-2020-23052 MISC |
cimatti -- contact_forms | The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | 2021-10-25 | 3.5 | CVE-2021-24744 MISC |
cisco -- firepower_management_center_virtual_appliance | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory. | 2021-10-27 | 3.5 | CVE-2021-34763 CISCO |
cookie-bar_project -- cookie-bar | The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitise the Cookie Bar Message setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2021-10-25 | 3.5 | CVE-2021-24653 MISC |
d-link -- dap-2020_firmware | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the getpage parameter provided to the webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-12103. | 2021-10-25 | 3.3 | CVE-2021-34860 N/A N/A |
dedecms -- dedecms | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 2021-10-22 | 3.5 | CVE-2020-23044 MISC |
dedecms -- dedecms | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 2021-10-22 | 3.5 | CVE-2020-36490 MISC |
dedecms -- dedecms | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 2021-10-22 | 3.5 | CVE-2020-36493 MISC |
dedecms -- dedecms | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 2021-10-22 | 3.5 | CVE-2020-36492 MISC |
dedecms -- dedecms | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 2021-10-22 | 3.5 | CVE-2020-36491 MISC |
dotnetfoundation -- piranha_cms | In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution. | 2021-10-25 | 3.5 | CVE-2021-25977 CONFIRM MISC |
draytek -- vigorap_1000c_firmware | Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field. | 2021-10-22 | 3.5 | CVE-2020-28968 MISC |
dropouts -- air_share | Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information. | 2021-10-22 | 3.5 | CVE-2020-36489 MISC |
easy_media_download_project -- easy_media_download | The Easy Media Download WordPress plugin before 1.1.7 does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. | 2021-10-25 | 3.5 | CVE-2021-24699 MISC |
emarketdesign -- request_a_quote | The Request a Quote WordPress plugin before 2.3.5 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed. | 2021-10-25 | 3.5 | CVE-2021-24489 MISC |
ethereum -- go_ethereum | Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading. | 2021-10-26 | 3.5 | CVE-2021-41173 MISC MISC CONFIRM MISC |
file_explorer_project -- file_explorer | An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data. | 2021-10-22 | 2.1 | CVE-2020-23058 MISC |
fork-cms -- fork_cms | Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML. | 2021-10-22 | 3.5 | CVE-2020-23049 MISC |
froxlor -- froxlor | Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields. | 2021-10-22 | 3.5 | CVE-2020-28957 MISC |
galette -- galette | Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5. | 2021-10-25 | 3.5 | CVE-2021-21319 CONFIRM MISC MISC MISC MISC |
getgrav -- grav | grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 2021-10-27 | 3.5 | CVE-2021-3904 CONFIRM MISC |
google -- android | In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05489178. | 2021-10-25 | 2.1 | CVE-2021-0613 MISC |
google -- android | In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561369; Issue ID: ALPS05561369. | 2021-10-25 | 2.1 | CVE-2021-0615 MISC |
google -- android | In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561384; Issue ID: ALPS05561384. | 2021-10-25 | 2.1 | CVE-2021-0414 MISC |
google -- android | In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561379; Issue ID: ALPS05561379. | 2021-10-25 | 2.1 | CVE-2021-0413 MISC |
google -- android | In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561366; Issue ID: ALPS05561366. | 2021-10-25 | 2.1 | CVE-2021-0412 MISC |
google -- android | In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561362; Issue ID: ALPS05561362. | 2021-10-25 | 2.1 | CVE-2021-0411 MISC |
google -- android | In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561389; Issue ID: ALPS05561389. | 2021-10-25 | 2.1 | CVE-2021-0616 MISC |
google -- android | In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561391; Issue ID: ALPS05561391. | 2021-10-25 | 2.1 | CVE-2021-0617 MISC |
google -- android | In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561360; Issue ID: ALPS05561360. | 2021-10-25 | 2.1 | CVE-2021-0410 MISC |
google -- android | In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561359; Issue ID: ALPS05561359. | 2021-10-25 | 2.1 | CVE-2021-0409 MISC |
google -- android | In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561394; Issue ID: ALPS05561394. | 2021-10-25 | 2.1 | CVE-2021-0618 MISC |
google -- android | In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-183612370 | 2021-10-22 | 2.1 | CVE-2021-0643 MISC |
google -- android | In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171418586References: Upstream kernel | 2021-10-25 | 2.1 | CVE-2021-0938 MISC |
google -- android | In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker under certain build conditions with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05560246; Issue ID: ALPS05551383. | 2021-10-25 | 3.3 | CVE-2021-0632 MISC |
google -- android | In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186026549References: N/A | 2021-10-25 | 2.1 | CVE-2021-0939 MISC |
google -- android | In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05495528; Issue ID: ALPS05495528. | 2021-10-25 | 2.1 | CVE-2021-0614 MISC |
google -- android | In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-193932765 | 2021-10-22 | 1.9 | CVE-2021-0702 MISC |
great-quotes_project -- great-quotes | The Great Quotes WordPress plugin through 1.0.0 does not sanitise and escape the Quote and Author fields of its Quotes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | 2021-10-25 | 3.5 | CVE-2021-24785 MISC |
hcltech -- traveler_companion | "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" | 2021-10-25 | 2.1 | CVE-2020-14264 MISC |
huawei -- cloudengine_12800_firmware | There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800. | 2021-10-27 | 3.3 | CVE-2021-37122 MISC |
huawei -- harmonyos | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash. | 2021-10-28 | 2.1 | CVE-2021-22453 MISC |
huawei -- harmonyos | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address. | 2021-10-28 | 2.1 | CVE-2021-22452 MISC |
huawei -- pc_smart_full_scene | There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to certain path.Affected product versions include:PC Smart Full Scene 11.1 versions PCManager 11.1.1.97. | 2021-10-27 | 3.3 | CVE-2021-37124 MISC |
ibm -- engineering_lifecycle_optimization | IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482. | 2021-10-27 | 3.5 | CVE-2021-29673 XF CONFIRM |
ibm -- engineering_lifecycle_optimization | IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2021-10-27 | 3.5 | CVE-2021-29713 XF CONFIRM |
lancom-systems -- lcos | ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the /authen/start/ module via the userid and password parameters. | 2021-10-22 | 3.5 | CVE-2020-23055 MISC |
macrob7_macs_framework_content_management_system_project -- macrob7_macs_framework_content_management_system | Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field. | 2021-10-22 | 3.5 | CVE-2020-36498 MISC |
mara_cms_project -- mara_cms | A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2021-10-28 | 3.5 | CVE-2020-25422 MISC |
mcafee -- epolicy_orchestrator | Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. | 2021-10-22 | 3.5 | CVE-2021-31834 CONFIRM |
motopress -- motopress-slider-lite | The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Furthermore, as by default any authenticated user is allowed to create Sliders (https://wordpress.org/support/topic/slider-can-be-changed-from-any-user-even-subscriber/, such settings can be changed in the plugin's settings), this would allow user with a role as low as subscriber to perform Cross-Site Scripting attacks against logged in admins viewing the slider list and could lead to privilege escalation by creating a rogue admin account for example. | 2021-10-25 | 3.5 | CVE-2021-24544 MISC |
mybb -- mybb | MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly. | 2021-10-26 | 3.5 | CVE-2021-41866 CONFIRM MISC |
newsoftwares -- folder_lock | Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name. | 2021-10-22 | 3.5 | CVE-2020-23039 MISC |
nextcloud -- contacts | Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Contacts application is upgraded to 4.0.3. As a workaround, one may use a browser that has support for Content-Security-Policy. | 2021-10-25 | 3.5 | CVE-2021-39221 CONFIRM MISC |
nextcloud -- mail | Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading. | 2021-10-25 | 3.5 | CVE-2021-39220 MISC MISC CONFIRM |
ninjaforms -- contact_form | The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2021-10-25 | 3.5 | CVE-2021-24381 MISC |
nvidia -- gpu_display_driver | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash. | 2021-10-27 | 2.1 | CVE-2021-1116 CONFIRM |
nvidia -- gpu_display_driver | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable component. | 2021-10-27 | 2.1 | CVE-2021-1115 CONFIRM |
origincode -- smart-grid-gallery | The Video Gallery – Vimeo and YouTube Gallery WordPress plugin through 1.1.4 does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting issues | 2021-10-25 | 3.5 | CVE-2021-24515 MISC |
parallels -- parallels_desktop | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13592. | 2021-10-25 | 2.1 | CVE-2021-34855 N/A N/A |
perfexcrm -- perfex_crm | Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter. | 2021-10-22 | 3.5 | CVE-2020-28961 MISC |
pi-hole -- web_interface | Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistics generated by FTLDNS. Prior to version 5.8, cross-site scripting is possible when adding a client via the groups-clients management page. This issue was patched in version 5.8. | 2021-10-26 | 3.5 | CVE-2021-41175 CONFIRM MISC MISC |
shopware -- shopware | Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file will protect against cross-site scripting in this case. There is also a config for those using nginx as a server. The plugin and the configs can be found on the GitHub Security Advisory page for this vulnerability. | 2021-10-26 | 3.5 | CVE-2021-41188 MISC MISC CONFIRM MISC MISC |
sixapart -- movable_type | Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | 2021-10-26 | 3.5 | CVE-2020-5669 MISC MISC |
strategy11 -- formidable_form_builder | The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2021-10-25 | 3.5 | CVE-2021-24608 CONFIRM MISC |
sugarcrm -- sugarcrm | Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields. | 2021-10-22 | 3.5 | CVE-2020-36501 MISC |
sugarcrm -- sugarcrm | SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields. | 2021-10-22 | 3.5 | CVE-2020-28955 MISC |
sugarcrm -- sugarcrm | Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields. | 2021-10-22 | 3.5 | CVE-2020-28956 MISC |
taotesting -- assessment_platform | TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the content parameter of the Rubric Block (Add) module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value. | 2021-10-22 | 3.5 | CVE-2020-36499 MISC |
tibco -- nimbus | The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4.0 and below. | 2021-10-26 | 3.5 | CVE-2021-35499 CONFIRM CONFIRM |
vfbpro -- visual_form_builder | The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed | 2021-10-25 | 3.5 | CVE-2021-24514 MISC |
video_player_for_youtube_project -- video_player_for_youtube | The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode | 2021-10-25 | 3.5 | CVE-2021-24414 MISC |
wp-special-textboxes_project -- wp-special-textboxes | The Special Text Boxes WordPress plugin through 5.9.109 does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | 2021-10-25 | 3.5 | CVE-2021-24485 MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abb -- pcm600 | A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed. | 2021-10-28 | not yet calculated | CVE-2021-22278 MISC MISC |
apple -- ios_and_ipados | The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information. | 2021-10-28 | not yet calculated | CVE-2021-30816 MISC |
apple -- macos | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. | 2021-10-28 | not yet calculated | CVE-2021-30824 MISC MISC MISC |
apple -- macos | A resource exhaustion issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. An attacker in a privileged network position may be able to perform denial of service. | 2021-10-28 | not yet calculated | CVE-2020-10005 MISC |
apple -- macos | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked instance of macOS. | 2021-10-28 | not yet calculated | CVE-2021-30813 MISC |
apple -- macos | A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access data about the accounts the user is using Family Sharing with. | 2021-10-28 | not yet calculated | CVE-2021-30817 MISC |
apple -- macos | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. | 2021-10-28 | not yet calculated | CVE-2021-30821 MISC MISC MISC |
apple -- macos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to read restricted memory. | 2021-10-28 | not yet calculated | CVE-2020-29629 MISC |
apple -- macos | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. | 2021-10-28 | not yet calculated | CVE-2021-30833 MISC |
apple -- multiple_products | A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. | 2021-10-28 | not yet calculated | CVE-2021-30818 MISC MISC MISC MISC MISC |
apple -- multiple_products | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS. | 2021-10-28 | not yet calculated | CVE-2021-30823 MISC MISC MISC MISC MISC |
apple -- multiple_products | This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A malicious application may be able to modify protected parts of the file system. | 2021-10-28 | not yet calculated | CVE-2021-30808 MISC MISC MISC |
apple -- multiple_products | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution. | 2021-10-28 | not yet calculated | CVE-2021-30809 MISC MISC MISC MISC |
apple -- multiple_products | A memory corruption issue was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary code execution. | 2021-10-28 | not yet calculated | CVE-2021-30814 MISC MISC MISC |
apple -- multiple_products | A logic issue was addressed with improved state management. This issue is fixed in watchOS 7.6, macOS Big Sur 11.5. Visiting a maliciously crafted webpage may lead to a system denial of service. | 2021-10-28 | not yet calculated | CVE-2021-1821 MISC MISC |
apple -- multiple_products | An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution. | 2021-10-28 | not yet calculated | CVE-2020-9897 MISC MISC |
apple -- multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted font may result in the disclosure of process memory. | 2021-10-28 | not yet calculated | CVE-2021-30831 MISC MISC MISC |
apple -- multiple_products | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution. | 2021-10-28 | not yet calculated | CVE-2021-30834 MISC MISC MISC MISC MISC |
apple -- multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory. | 2021-10-28 | not yet calculated | CVE-2021-30836 MISC MISC MISC MISC |
apple -- multiple_products | This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted dfont file may lead to arbitrary code execution. | 2021-10-28 | not yet calculated | CVE-2021-30840 MISC MISC MISC |
baijiacms -- baijiacms | A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "id" parameter. | 2021-10-29 | not yet calculated | CVE-2020-25873 MISC |
bind -- bind | In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing. | 2021-10-27 | not yet calculated | CVE-2021-25219 CONFIRM DEBIAN |
bitdefender -- endpoint_secruity_tools | Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26. | 2021-10-28 | not yet calculated | CVE-2021-3576 MISC |
bitdefender -- endpoint_secruity_tools | Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65. | 2021-10-28 | not yet calculated | CVE-2021-3579 MISC |
bitdefender -- gravityzone | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249. | 2021-10-28 | not yet calculated | CVE-2021-3823 CONFIRM |
bookstack -- bookstack | bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type | 2021-10-27 | not yet calculated | CVE-2021-3906 MISC CONFIRM |
calibre -- calibre | A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root. | 2021-10-27 | not yet calculated | CVE-2011-4125 MISC MISC MISC MISC |
calibre -- calibre | Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere. | 2021-10-27 | not yet calculated | CVE-2011-4126 MISC MISC MISC MISC |
calibre -- calibre | Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges. | 2021-10-27 | not yet calculated | CVE-2011-4124 MISC MISC MISC MISC |
cfeengine -- enterprise | CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation. | 2021-10-27 | not yet calculated | CVE-2021-36756 MISC MISC |
cfeengine -- enterprise | The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure. | 2021-10-27 | not yet calculated | CVE-2021-38379 MISC MISC |
dext5 -- dext5 | DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | 2021-10-28 | not yet calculated | CVE-2020-7875 MISC |
dhis2 -- dhis2 | DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL Injection vulnerability in the Tracker component in DHIS2 Server allows authenticated remote attackers to execute arbitrary SQL commands via unspecified vectors. This vulnerability affects the `/api/trackedEntityInstances` and `/api/trackedEntityInstances/query` API endpoints in all DHIS2 versions 2.34, 2.35, and 2.36. It also affects versions 2.32 and 2.33 which have reached _end of support_ - exceptional security updates have been added to the latest *end of support* builds for these versions. Versions 2.31 and older are unaffected. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. The vulnerability is not exposed to a non-malicious user - the vulnerability requires a conscious attack to be exploited. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance. There are no known exploits of the security vulnerabilities addressed by these patch releases. Security patches are available in DHIS2 versions 2.32-EOS, 2.33-EOS, 2.34.7, 2.35.7, and 2.36.4. There is no straightforward known workaround for DHIS2 instances using the Tracker functionality other than upgrading the affected DHIS2 server to one of the patches in which this vulnerability has been fixed. For implementations which do NOT use Tracker functionality, it may be possible to block all network access to POST to the `/api/trackedEntityInstances`, and `/api/trackedEntityInstances/query` endpoints as a temporary workaround while waiting to upgrade. | 2021-10-29 | not yet calculated | CVE-2021-39179 CONFIRM MISC MISC |
dspace -- dspace | DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in version 7.1. As a workaround, users of 7.0 may temporarily disable the ability for community or collection administrators to manage permissions or workflows settings. | 2021-10-29 | not yet calculated | CVE-2021-41189 MISC MISC CONFIRM MISC |
dxgkddiescape -- dxgkddiescape | Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation, which may lead to denial of service. | 2021-10-27 | not yet calculated | CVE-2021-1117 CONFIRM |
firefly-iii -- firefly-iii | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-10-27 | not yet calculated | CVE-2021-3901 MISC CONFIRM |
flatcore-cms -- flatcore-cms | flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type | 2021-10-28 | not yet calculated | CVE-2021-3745 CONFIRM MISC |
fluentd -- fluentd | Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd). | 2021-10-29 | not yet calculated | CVE-2021-41186 MISC MISC CONFIRM |
freeswitch -- freeswitch | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing. By default, SIP requests of the type MESSAGE (RFC 3428) are not authenticated in the affected versions of FreeSWITCH. MESSAGE requests are relayed to SIP user agents registered with the FreeSWITCH server without requiring any authentication. Although this behaviour can be changed by setting the `auth-messages` parameter to `true`, it is not the default setting. Abuse of this security issue allows attackers to send SIP MESSAGE messages to any SIP user agent that is registered with the server without requiring authentication. Additionally, since no authentication is required, chat messages can be spoofed to appear to come from trusted entities. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. This issue is patched in version 1.10.7. Maintainers recommend that this SIP message type is authenticated by default so that FreeSWITCH administrators do not need to be explicitly set the `auth-messages` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication. | 2021-10-25 | not yet calculated | CVE-2021-37624 CONFIRM MISC MLIST FULLDISC MISC |
frogcms -- frogcms | A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter. | 2021-10-29 | not yet calculated | CVE-2020-25872 MISC |
godomall5 -- godomall5 | The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code. | 2021-10-27 | not yet calculated | CVE-2021-26610 MISC |
gradle -- enterprise | In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymous write access to the build cache. If access control to the build cache is not changed from the default open configuration, a malicious actor with network access can populate the cache with manipulated entries that may execute malicious code as part of a build process. This applies to the build cache provided with Gradle Enterprise and the separate build cache node service if used. If access control to the user interface is not changed from the default open configuration, a malicious actor can undo build cache access control in order to populate the cache with manipulated entries that may execute malicious code as part of a build process. This does not apply to the build cache provided with Gradle Enterprise, but does apply to the separate build cache node service if used. | 2021-10-27 | not yet calculated | CVE-2021-41589 MISC MISC |
gradle -- enterprise | In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify the listening TCP ports available to the server, revealing information about the internal network environment. | 2021-10-27 | not yet calculated | CVE-2021-41590 MISC MISC |
gradle -- enterprise | An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface (available to administrators) allows specifying arbitrary Java Virtual Machine startup options. Some of these options, such as -XX:OnOutOfMemoryError, allow specifying a command to be run on the host. This can be abused to run arbitrary commands on the host, should an attacker gain administrative access to the application. | 2021-10-27 | not yet calculated | CVE-2021-41619 MISC MISC |
grandstream -- ht801_analog_telephone_adaptor | An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host. | 2021-10-28 | not yet calculated | CVE-2021-37915 MISC MISC MISC |
grandstream -- ht801_devices | Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate. | 2021-10-28 | not yet calculated | CVE-2021-37748 MISC MISC MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause System functions which are unavailable. | 2021-10-28 | not yet calculated | CVE-2021-22459 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism. | 2021-10-28 | not yet calculated | CVE-2021-22460 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion. | 2021-10-28 | not yet calculated | CVE-2021-22450 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Local attackers may exploit this vulnerability to cause arbitrary code execution. | 2021-10-28 | not yet calculated | CVE-2021-22458 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bounds write. | 2021-10-28 | not yet calculated | CVE-2021-22457 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable. | 2021-10-28 | not yet calculated | CVE-2021-22456 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause the memory which is not released. | 2021-10-28 | not yet calculated | CVE-2021-22455 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump. | 2021-10-28 | not yet calculated | CVE-2021-22454 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. | 2021-10-28 | not yet calculated | CVE-2021-22451 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause kernel crash. | 2021-10-28 | not yet calculated | CVE-2021-22462 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this vulnerability to cause Kernel Information disclosure. | 2021-10-28 | not yet calculated | CVE-2021-22463 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash. | 2021-10-28 | not yet calculated | CVE-2021-22471 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain. | 2021-10-28 | not yet calculated | CVE-2021-22470 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read. | 2021-10-28 | not yet calculated | CVE-2021-22469 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Local attackers may exploit this vulnerability to cause kernel address leakage. | 2021-10-28 | not yet calculated | CVE-2021-22468 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address. | 2021-10-28 | not yet calculated | CVE-2021-22467 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash. | 2021-10-28 | not yet calculated | CVE-2021-22466 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable. | 2021-10-28 | not yet calculated | CVE-2021-22465 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause system Soft Restart. | 2021-10-28 | not yet calculated | CVE-2021-22464 MISC |
harmonyos -- harmonyos | A component of the HarmonyOS has a Allocation of Resources Without Limits or Throttling vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash. | 2021-10-28 | not yet calculated | CVE-2021-22461 MISC |
hewlett_packard -- laserjet | Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS). | 2021-10-29 | not yet calculated | CVE-2021-3662 MISC |
hewlett_packard -- officejet_7110_eprinter | A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS). | 2021-10-29 | not yet calculated | CVE-2021-3441 MISC |
huawei -- multiple_devices | There is a SSID vulnerability with Wi-Fi network connections in Huawei devices.Successful exploitation of this vulnerability may affect service confidentiality. | 2021-10-28 | not yet calculated | CVE-2021-22485 MISC |
huawei -- smartphones | There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | 2021-10-28 | not yet calculated | CVE-2021-22472 MISC |
huawei -- smartphones | There is an Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. | 2021-10-28 | not yet calculated | CVE-2021-22406 MISC |
huawei -- smartphones | There is an Out-of-bounds read vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service availability. | 2021-10-28 | not yet calculated | CVE-2021-22487 MISC |
huawei -- smartphones | There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist. | 2021-10-28 | not yet calculated | CVE-2021-36994 MISC |
huawei -- smartphones | There is a issue that nodes in the linked list being freed for multiple times in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause the system to restart. | 2021-10-28 | not yet calculated | CVE-2021-36987 MISC |
huawei -- smartphones | There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups. | 2021-10-28 | not yet calculated | CVE-2021-36995 MISC |
huawei -- smartphones | There is a Public key verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | 2021-10-28 | not yet calculated | CVE-2021-36992 MISC |
huawei -- smartphones | There is a issue of Unstandardized field names in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. | 2021-10-28 | not yet calculated | CVE-2021-22486 MISC |
huawei -- smartphones | There is a Permission verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect the device performance. | 2021-10-28 | not yet calculated | CVE-2021-22490 MISC |
huawei -- smartphones | There is a Low memory error in Huawei Smartphone due to the unlimited size of images to be parsed.Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly. | 2021-10-28 | not yet calculated | CVE-2021-36997 MISC |
huawei -- smartphones | There is a Logic Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service integrity and availability. | 2021-10-28 | not yet calculated | CVE-2021-22436 MISC |
huawei -- smartphones | There is an Improper permission management vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | 2021-10-28 | not yet calculated | CVE-2021-22475 MISC |
huawei -- smartphones | There is an Out-of-bounds memory access in Huawei Smartphone.Successful exploitation of this vulnerability may cause process exceptions. | 2021-10-28 | not yet calculated | CVE-2021-22474 MISC |
huawei -- smartphones | There is a vulnerability of hijacking unverified providers in Huawei Smartphone.Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands. | 2021-10-28 | not yet calculated | CVE-2021-22403 MISC |
huawei -- smartphones | There is a Memory out-of-bounds access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed. | 2021-10-28 | not yet calculated | CVE-2021-37002 MISC |
huawei -- smartphones | There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause transmission of certain virtual information. | 2021-10-28 | not yet calculated | CVE-2021-36996 MISC |
huawei -- smartphones | There is a Register tampering vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow the register value to be modified. | 2021-10-28 | not yet calculated | CVE-2021-37001 MISC |
huawei -- smartphones | There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to read an array that is out of bounds. | 2021-10-28 | not yet calculated | CVE-2021-36998 MISC |
huawei -- smartphones | There is a Buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution. | 2021-10-28 | not yet calculated | CVE-2021-36999 MISC |
huawei -- smartphones | There is a Memory leaks vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. | 2021-10-28 | not yet calculated | CVE-2021-36993 MISC |
huawei -- smartphones | There is a Parameter verification issue in Huawei Smartphone.Successful exploitation of this vulnerability can affect service integrity. | 2021-10-28 | not yet calculated | CVE-2021-36988 MISC |
huawei -- smartphones | There is a Kernel crash vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. | 2021-10-28 | not yet calculated | CVE-2021-36989 MISC |
huawei -- smartphones | There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. | 2021-10-28 | not yet calculated | CVE-2021-36990 MISC |
huawei -- smartphones | There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access. | 2021-10-28 | not yet calculated | CVE-2021-36991 MISC |
huawei -- smartphones | There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. | 2021-10-28 | not yet calculated | CVE-2021-36986 MISC |
huawei -- smartphones | There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. | 2021-10-28 | not yet calculated | CVE-2021-22491 MISC |
huawei -- smartphones | There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups. | 2021-10-28 | not yet calculated | CVE-2021-22488 MISC |
huawei -- smartphones | There is a issue of IP address spoofing in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS. | 2021-10-28 | not yet calculated | CVE-2021-22483 MISC |
huawei -- smartphones | There is an Uninitialized variable vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause transmission of invalid data. | 2021-10-28 | not yet calculated | CVE-2021-22482 MISC |
huawei -- smartphones | There is a Verification errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | 2021-10-28 | not yet calculated | CVE-2021-22481 MISC |
huawei -- smartphones | There is an Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | 2021-10-28 | not yet calculated | CVE-2021-22473 MISC |
huawei -- smartphones | There is a Configuration defects in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | 2021-10-28 | not yet calculated | CVE-2021-22407 MISC |
huawei -- smartphones | There is a Code injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart. | 2021-10-28 | not yet calculated | CVE-2021-36985 MISC |
hznuoj -- hznuoj | A cross-site scripting (XSS) vulnerability was discovered in the OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0. | 2021-10-28 | not yet calculated | CVE-2020-22312 MISC |
ibm -- i2_ibase | IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213. | 2021-10-27 | not yet calculated | CVE-2021-29868 CONFIRM XF |
ibm -- jazz_team_server | IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | 2021-10-27 | not yet calculated | CVE-2021-29844 XF CONFIRM |
ibm -- jazz_team_server | IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172. | 2021-10-27 | not yet calculated | CVE-2021-29786 XF CONFIRM |
installbuilder -- installbuilder | Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers. | 2021-10-29 | not yet calculated | CVE-2021-22037 MISC |
installbuilder -- installbuilder | On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers. | 2021-10-29 | not yet calculated | CVE-2021-22038 MISC |
irfanview -- irfanview | IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a "Data from Faulting Address controls Branch Selection starting at FORMATS!GetPlugInInfo+0x00000000000047f6". | 2021-10-28 | not yet calculated | CVE-2020-23549 MISC MISC |
irfanview -- irfanview | IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981. | 2021-10-28 | not yet calculated | CVE-2020-23546 MISC MISC MISC |
jupyterhub -- jupyterhub | FirstUseAuthenticator is a JupyterHub authenticator that helps new users set their password on their first login to JupyterHub. When JupyterHub is used with FirstUseAuthenticator, a vulnerability in versions prior to 1.0.0 allows unauthorized access to any user's account if `create_users=True` and the username is known or guessed. One may upgrade to version 1.0.0 or apply a patch manually to mitigate the vulnerability. For those who cannot upgrade, there is no complete workaround, but a partial mitigation exists. One can disable user creation with `c.FirstUseAuthenticator.create_users = False`, which will only allow login with fully normalized usernames for already existing users prior to jupyterhub-firstuserauthenticator 1.0.0. If any users have never logged in with their normalized username (i.e. lowercase), they will still be vulnerable until a patch or upgrade occurs. | 2021-10-28 | not yet calculated | CVE-2021-41194 MISC CONFIRM MISC |
kiwi -- syslog_server | A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server. | 2021-10-29 | not yet calculated | CVE-2021-35237 MISC MISC |
libmysofa -- libmysofa | libmysofa is vulnerable to Heap-based Buffer Overflow | 2021-10-29 | not yet calculated | CVE-2021-3756 MISC CONFIRM |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task. | 2021-10-28 | not yet calculated | CVE-2021-43057 MISC MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. | 2021-10-28 | not yet calculated | CVE-2021-43056 MISC MISC MISC MLIST |
m-files_web -- m-files_web | In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server. | 2021-10-28 | not yet calculated | CVE-2021-37254 MISC MISC |
mara -- mara | A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file. | 2021-10-28 | not yet calculated | CVE-2021-36547 MISC |
monstra -- monstra | A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file. | 2021-10-28 | not yet calculated | CVE-2021-36548 MISC |
mymbconnect24 -- mymbconnect24 | In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts. | 2021-10-27 | not yet calculated | CVE-2021-34580 CONFIRM |
nagios -- xi | An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands. | 2021-10-26 | not yet calculated | CVE-2021-40345 MISC MISC MISC |
nagios -- xi | An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution. | 2021-10-26 | not yet calculated | CVE-2021-40344 MISC MISC MISC |
nagios -- xi | An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user. | 2021-10-26 | not yet calculated | CVE-2021-40343 MISC MISC MISC |
nexacr017 -- nexacr017 | An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems. | 2021-10-26 | not yet calculated | CVE-2021-26607 MISC |
nginx -- nginx | A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. | 2021-10-29 | not yet calculated | CVE-2021-25742 MLIST CONFIRM |
nvidia -- virtual_gpu_manager | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin through this vulnerability, which may lead to information disclosure, data tampering, unauthorized code execution, and denial of service. | 2021-10-29 | not yet calculated | CVE-2021-1120 CONFIRM |
nvidia -- virtual_gpu_manager | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service. | 2021-10-29 | not yet calculated | CVE-2021-1122 CONFIRM |
nvidia -- virtual_gpu_manager | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service | 2021-10-29 | not yet calculated | CVE-2021-1118 CONFIRM |
nvidia -- virtual_gpu_manager | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting integrity and availability. | 2021-10-29 | not yet calculated | CVE-2021-1119 CONFIRM |
nvidia -- virtual_gpu_manager | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel driver, where a vGPU can cause resource starvation among other vGPUs hosted on the same GPU, which may lead to denial of service. | 2021-10-29 | not yet calculated | CVE-2021-1121 CONFIRM |
nvidia -- virtual_gpu_manager | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can deadlock, which may lead to denial of service. | 2021-10-29 | not yet calculated | CVE-2021-1123 CONFIRM |
oretnom23 -- pharmacy_point_of_sale_system | An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php. | 2021-10-29 | not yet calculated | CVE-2021-41676 MISC |
phpgurukul -- news_portal_project | SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database. | 2021-10-27 | not yet calculated | CVE-2021-37808 MISC |
phpgurukul -- online_shopping_portal | An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database. | 2021-10-27 | not yet calculated | CVE-2021-37807 MISC |
portainer -- portainer | An Incorrect Access Control issue exists in all versions of Portainer.via an unauthorized access vulnerability. The vulnerability is also CNVD-2021-49547 | 2021-10-29 | not yet calculated | CVE-2021-41748 MISC |
portainer -- portainer | An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information. | 2021-10-29 | not yet calculated | CVE-2021-41874 MISC |
ranko -- ranko | A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted .txt file. | 2021-10-29 | not yet calculated | CVE-2020-25881 MISC MISC MISC |
roblox-purchasing-hub -- roblox-purchasing-hub | Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website.py` under the route for `/v1/products`. | 2021-10-27 | not yet calculated | CVE-2021-41191 MISC CONFIRM MISC |
skyworth -- digital_technology_penguin_aurora_box | Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service. | 2021-10-27 | not yet calculated | CVE-2021-41872 MISC |
sophos -- sophos | A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115. | 2021-10-30 | not yet calculated | CVE-2021-36808 CONFIRM |
sorececodster -- online_covid_vaccination_scheduler_system | An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.0 via the username in lognin.php . | 2021-10-27 | not yet calculated | CVE-2021-37803 MISC |
sorececodster -- vehicle_parking_managemenr_system | A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. | 2021-10-27 | not yet calculated | CVE-2021-37805 MISC |
sorececodster -- vehicle_parking_management_system | An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database. | 2021-10-27 | not yet calculated | CVE-2021-37806 MISC |
sourcecodester -- budget_and_expense_tracker_system | Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. . | 2021-10-29 | not yet calculated | CVE-2021-41645 MISC |
sourcecodester -- church_management_system | Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field. | 2021-10-29 | not yet calculated | CVE-2021-41643 MISC |
sourcecodester -- e-negosyo_system | A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. . | 2021-10-29 | not yet calculated | CVE-2021-41675 MISC |
sourcecodester -- e-negosyo_system | An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php. | 2021-10-29 | not yet calculated | CVE-2021-41674 MISC |
sourcecodester -- online_food_ordering_system | Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters. | 2021-10-29 | not yet calculated | CVE-2021-41644 MISC |
sourcecodester -- online_reviewer_system | Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters.. | 2021-10-29 | not yet calculated | CVE-2021-41646 MISC |
spring -- spring | In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. | 2021-10-28 | not yet calculated | CVE-2021-22096 MISC |
spring -- spring | In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called. | 2021-10-28 | not yet calculated | CVE-2021-22097 MISC |
spring -- spring | In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration. | 2021-10-28 | not yet calculated | CVE-2021-22047 MISC |
spring -- spring | In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. | 2021-10-28 | not yet calculated | CVE-2021-22044 MISC |
sysaid -- sysaid | SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication. | 2021-10-29 | not yet calculated | CVE-2021-31862 MISC MISC |
tenda -- ac1200_router | Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg. | 2021-10-29 | not yet calculated | CVE-2020-22079 MISC MISC |
tenda -- ac9 | Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter. | 2021-10-29 | not yet calculated | CVE-2021-31627 MISC MISC |
tenda -- ac9 | Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter. | 2021-10-29 | not yet calculated | CVE-2021-31624 MISC MISC |
tikiwiki -- tikiwiki | TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module. | 2021-10-28 | not yet calculated | CVE-2021-36550 MISC |
tikiwiki -- tikiwiki | TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module. | 2021-10-28 | not yet calculated | CVE-2021-36551 MISC |
vim -- vim | vim is vulnerable to Heap-based Buffer Overflow | 2021-10-27 | not yet calculated | CVE-2021-3903 MISC CONFIRM |
yonyou -- turbocrm | SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information. | 2021-10-29 | not yet calculated | CVE-2021-41746 MISC MISC |
zoom -- call_recording | Zoom Call Recording 6.3.1 from ZOOM International is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host. | 2021-10-28 | not yet calculated | CVE-2019-19810 MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.