US-CERT Bulletins

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Original release date: September 20, 2021

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. 2021-09-10 7.5 CVE-2021-37422
MISC
zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. 2021-09-10 7.5 CVE-2021-37423
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
amazingweb — wp-design-maps-places The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. 2021-09-10 4.3 CVE-2021-38334
MISC
MISC
carrcommunications — rsvpmaker_excel The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. 2021-09-10 4.3 CVE-2021-38337
MISC
MISC
devondev — simple_matted_thumbnails The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01. 2021-09-10 4.3 CVE-2021-38339
MISC
MISC
dj_emailpublish_project — dj_emailpublish The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2. 2021-09-10 4.3 CVE-2021-38329
MISC
MISC
dreamfoxmedia — woocommerce_payment_gateway_per_category The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10. 2021-09-10 4.3 CVE-2021-38341
MISC
MISC
elyazalee — sms-ovh The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the ~/sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1. 2021-09-10 4.3 CVE-2021-38357
MISC
MISC
feedify — web_push_notifications The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8. 2021-09-10 4.3 CVE-2021-38352
MISC
MISC
notices_project — notices The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. 2021-09-10 4.3 CVE-2021-38328
MISC
MISC
ops-robots-txt_project — ops-robots-txt The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. 2021-09-10 4.3 CVE-2021-38332
MISC
MISC
outsidesource — osd_subscribe The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3. 2021-09-10 4.3 CVE-2021-38351
MISC
MISC
spideranalyse_project — spideranalyse The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the ~/analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1. 2021-09-10 4.3 CVE-2021-38350
MISC
MISC
sw-guide — edit_comments_xt The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. 2021-09-10 4.3 CVE-2021-38336
MISC
MISC
tromit — yabp The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4. 2021-09-10 4.3 CVE-2021-38330
MISC
MISC
ueberhamm-design — youtube_video_inserter The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0. 2021-09-10 4.3 CVE-2021-38327
MISC
MISC
webodid — dropdown_and_scrollable_text The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0. 2021-09-10 4.3 CVE-2021-38353
MISC
MISC
wiseagent — wise_agent_capture_forms The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. 2021-09-10 4.3 CVE-2021-38335
MISC
MISC
wp_scrippets_project — wp_scrippets The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1. 2021-09-10 4.3 CVE-2021-38333
MISC
MISC
wpleet — post_title_counter The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. 2021-09-10 4.3 CVE-2021-38326
MISC
MISC
zohocorp — manageengine_desktop_central Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows anyone to get a valid user’s APIKEY without authentication. 2021-09-10 5 CVE-2021-37414
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
elastic — enterprise_search_app Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines. 2021-09-15 not yet calculated CVE-2021-22148
MISC
MISC
elastic — enterprise_search_app
 
Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users. 2021-09-15 not yet calculated CVE-2021-22149
MISC
MISC
adminlte — adminlte
 
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-09-17 not yet calculated CVE-2021-3812
CONFIRM
MISC
adminlte — adminlte
 
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-09-17 not yet calculated CVE-2021-3811
CONFIRM
MISC
ansi-regex — ansi-regex
 
ansi-regex is vulnerable to Inefficient Regular Expression Complexity 2021-09-17 not yet calculated CVE-2021-3807
MISC
CONFIRM
any23 — any23
 
A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities. 2021-09-11 not yet calculated CVE-2021-40146
CONFIRM
MLIST
any23 — streamutils.java
 
An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. 2021-09-11 not yet calculated CVE-2021-38555
CONFIRM
apache — http_server
 
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. 2021-09-16 not yet calculated CVE-2021-39275
MISC
apache — http_server
 
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). 2021-09-16 not yet calculated CVE-2021-36160
MISC
MLIST
MLIST
apache — http_server
 
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. 2021-09-16 not yet calculated CVE-2021-34798
MISC
apache — http_server
 
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. 2021-09-16 not yet calculated CVE-2021-40438
MISC
apache — jena
 
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server. 2021-09-16 not yet calculated CVE-2021-39239
MISC
MLIST
apache — shiro
 
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0. 2021-09-17 not yet calculated CVE-2021-41303
MISC
apache — tomcat
 
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. 2021-09-16 not yet calculated CVE-2021-41079
MISC
apogee — mbc
 
A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges. 2021-09-14 not yet calculated CVE-2021-27391
MISC
ari — adminer
 
Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the ‘Title’ parameter of the ‘Add New Connections’ component when the ‘save()’ function is called. 2021-09-15 not yet calculated CVE-2020-19156
MISC
assyst — assyst
 
Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points. 2021-09-15 not yet calculated CVE-2021-30137
MISC
atftp — atftp
 
tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options. 2021-09-13 not yet calculated CVE-2021-41054
MISC
atlassian — jira_server_and_data_center Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1. 2021-09-16 not yet calculated CVE-2021-39128
MISC
atlassian — jira_server_and_data_center
 
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0. 2021-09-14 not yet calculated CVE-2021-39118
MISC
atlassian — jira_server_and_data_center
 
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/<version>/check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1. 2021-09-14 not yet calculated CVE-2019-20101
N/A
N/A
atlassian — jira_server_and_data_center
 
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. 2021-09-14 not yet calculated CVE-2021-39125
MISC
atlassian — jira_server_and_data_center
 
The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request. 2021-09-14 not yet calculated CVE-2021-39124
MISC
atlassian — jira_server_and_data_center
 
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application’s availability via a Denial of Service (DoS) vulnerability in the /rest/gadget/1.0/createdVsResolved/generate endpoint. The affected versions are before version 8.16.0. 2021-09-14 not yet calculated CVE-2021-39123
MISC
autodesk — fbx_review
 
A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure. 2021-09-15 not yet calculated CVE-2021-27044
MISC
autodesk — navisworks
 
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code. 2021-09-15 not yet calculated CVE-2021-40156
MISC
autodesk — navisworks
 
A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code. 2021-09-15 not yet calculated CVE-2021-27045
MISC
autodesk — navisworks
 
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code. 2021-09-15 not yet calculated CVE-2021-40155
MISC
autodesk — navisworks
 
A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files. 2021-09-15 not yet calculated CVE-2021-27046
MISC
autodesk — navisworks
 
A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system. 2021-09-15 not yet calculated CVE-2021-40157
MISC
aviatrix — controller An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. 2021-09-13 not yet calculated CVE-2021-40870
MISC
MISC
beego — beego
 
Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the “Request Statistics” page. 2021-09-14 not yet calculated CVE-2021-39391
MISC
MISC
big-ip — big-ip On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23038
MISC
big-ip — big-ip On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23042
MISC
big-ip — big-ip On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23041
MISC
big-ip — big-ip On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23040
MISC
big-ip — big-ip On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote (IPSec) peer, which already has a negotiated Security Association, can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23039
MISC
big-ip — big-ip On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a BIG-IP DNS system is configured with non-default Wide IP and pool settings, undisclosed DNS responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23032
MISC
big-ip — big-ip On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23030
MISC
big-ip — big-ip On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23031
MISC
big-ip — big-ip On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23036
MISC
big-ip — big-ip On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23035
MISC
big-ip — big-ip On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23034
MISC
big-ip — big-ip On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23046
MISC
big-ip — big-ip On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when the Intel QuickAssist Technology (QAT) compression driver is used on affected BIG-IP hardware and BIG-IP Virtual Edition (VE) platforms, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23044
MISC
big-ip — big-ip On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23033
MISC
big-ip — big-ip On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel (TMM) memory utilization resulting in an out-of-memory condition and a denial-of-service (DoS). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23049
MISC
big-ip — big-ip On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23050
MISC
big-ip — big-ip
 
On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23047
MISC
big-ip — big-ip
 
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP messages can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23048
MISC
big-ip — big-ip
 
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23028
MISC
big-ip — big-ip
 
BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23026
MISC
big-ip — big-ip
 
On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23029
MISC
big-ip — big-ip
 
On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23025
MISC
big-ip — big-ip
 
On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23037
MISC
big-ip — big-ip
 
On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23053
MISC
big-ip — big-ip
 
On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23052
MISC
big-ip — big-ip
 
On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This is due to an incomplete fix for CVE-2020-5862. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23051
MISC
big-ip — big-ip
 
On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to access arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23043
MISC
big-ip — big-ip
 
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when an SCTP profile with multiple paths is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23045
MISC
big-ip — big-ip
 
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23027
MISC
body-parser-xml — body-parser-xml
 
body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) 2021-09-13 not yet calculated CVE-2021-3666
CONFIRM
MISC
boost — note
 
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API. 2021-09-17 not yet calculated CVE-2021-41392
MISC
btcpayserver — btcpayserver
 
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-09-10 not yet calculated CVE-2021-3646
CONFIRM
MISC
cerberus — dms
 
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability. 2021-09-14 not yet calculated CVE-2021-37181
MISC
clearance — clearance
 
This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com). 2021-09-12 not yet calculated CVE-2021-23435
CONFIRM
CONFIRM
cms — made_simple
 
An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1). 2021-09-17 not yet calculated CVE-2019-9060
CONFIRM
CONFIRM
CONFIRM
CONFIRM
code-server — code-server
 
code-server is vulnerable to Inefficient Regular Expression Complexity 2021-09-17 not yet calculated CVE-2021-3810
CONFIRM
MISC
cookie/deep — cookie/deep
 
This affects all versions of package @cookiex/deep. The global proto object can be polluted using the __proto__ object. 2021-09-17 not yet calculated CVE-2021-23442
MISC
MISC
MISC
cs-cart — cs-cart
 
In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the “post description” filed in the blog post creation page. 2021-09-14 not yet calculated CVE-2021-32202
MISC
dahua — dahua
 
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. 2021-09-15 not yet calculated CVE-2021-33044
MISC
dahua — dahua
 
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. 2021-09-15 not yet calculated CVE-2021-33045
MISC
delta — electronic_dopsoft2 Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process. 2021-09-17 not yet calculated CVE-2021-38406
MISC
delta — electronic_dopsoft2
 
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. 2021-09-17 not yet calculated CVE-2021-38402
MISC
delta — electronic_dopsoft2
 
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. 2021-09-17 not yet calculated CVE-2021-38404
MISC
desigo — cc
 
A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. 2021-09-14 not yet calculated CVE-2021-31891
MISC
device42 — main_appliance
 
The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector. 2021-09-17 not yet calculated CVE-2021-41316
MISC
MISC
MISC
device42 — remote_collector
 
The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges. 2021-09-17 not yet calculated CVE-2021-41315
MISC
MISC
digi — portserver
 
Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in. 2021-09-17 not yet calculated CVE-2021-38412
MISC
ec-cube — ec-cube Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote attacker to inject an arbitrary script via unspecified vectors. 2021-09-17 not yet calculated CVE-2021-20828
MISC
MISC
ec-cube — ec-cube
 
Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. 2021-09-17 not yet calculated CVE-2021-20825
MISC
MISC
eclipse — equinox
 
In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code. 2021-09-13 not yet calculated CVE-2021-41033
CONFIRM
elastic — elasticsearch
 
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view. 2021-09-15 not yet calculated CVE-2021-22147
MISC
MISC
emlog — emlog
 
emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles. 2021-09-15 not yet calculated CVE-2020-21321
MISC
enbra — ewm
 
Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data. 2021-09-16 not yet calculated CVE-2021-34572
CONFIRM
enbra — ewm
 
In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and “no flow” are not reconized or misinterpreted. This may lead to wrong values and missing events. 2021-09-16 not yet calculated CVE-2021-34573
CONFIRM
enbra — m-bus_devices
 
Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM. 2021-09-16 not yet calculated CVE-2021-34571
CONFIRM
ericsson — ecm
 
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. 2021-09-17 not yet calculated CVE-2021-41390
MISC
ericsson — ecm
 
In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover. 2021-09-17 not yet calculated CVE-2021-41391
MISC
expertpdf — expertpdf
 
A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read. 2021-09-15 not yet calculated CVE-2020-35340
MISC
feehi — feehi
 
An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file. 2021-09-15 not yet calculated CVE-2020-21322
MISC
fig2dev — fig2dev fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. 2021-09-16 not yet calculated CVE-2020-21534
MISC
fig2dev — fig2dev fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. 2021-09-16 not yet calculated CVE-2020-21531
MISC
fig2dev — fig2dev
 
fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. 2021-09-16 not yet calculated CVE-2020-21529
MISC
fig2dev — fig2dev
 
fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. 2021-09-16 not yet calculated CVE-2020-21530
MISC
fig2dev — fig2dev
 
fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. 2021-09-16 not yet calculated CVE-2020-21532
MISC
fig2dev — fig2dev
 
fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. 2021-09-16 not yet calculated CVE-2020-21533
MISC
fig2dev — fig2dev
 
fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. 2021-09-16 not yet calculated CVE-2020-21535
MISC
flexnet — publisher
 
A Denial of Service vulnerability has been identified in FlexNet Publisher’s lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash. 2021-09-17 not yet calculated CVE-2020-12080
MISC
geutebruck — geutebruck Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33550
CONFIRM
CONFIRM
geutebruck — geutebruck Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33551
CONFIRM
CONFIRM
geutebruck — geutebruck Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33553
CONFIRM
CONFIRM
geutebruck — geutebruck Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33548
CONFIRM
CONFIRM
geutebruck — geutebruck Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33544
CONFIRM
CONFIRM
geutebruck — geutebruck
 
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33545
CONFIRM
CONFIRM
geutebruck — geutebruck
 
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33554
CONFIRM
CONFIRM
geutebruck — geutebruck
 
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33546
CONFIRM
CONFIRM
geutebruck — geutebruck
 
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33552
CONFIRM
CONFIRM
geutebruck — geutebruck
 
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33549
CONFIRM
CONFIRM
MISC
geutebruck — geutebruck
 
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33547
CONFIRM
CONFIRM
geutebruck — geutebruck
 
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. 2021-09-13 not yet calculated CVE-2021-33543
CONFIRM
CONFIRM
gibbon — gibbon
 
Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component. 2021-09-13 not yet calculated CVE-2021-40214
MISC
MISC
MISC
glpi — glpi GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI. 2021-09-15 not yet calculated CVE-2021-39211
CONFIRM
MISC
glpi — glpi
 
GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading. 2021-09-15 not yet calculated CVE-2021-39209
CONFIRM
MISC
glpi — glpi
 
GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround. 2021-09-15 not yet calculated CVE-2021-39213
CONFIRM
MISC
glpi — glpi
 
GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the “remember me” feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue is fixed in version 9.5.6. As a workaround, one may avoid using the “remember me” feature. 2021-09-15 not yet calculated CVE-2021-39210
CONFIRM
MISC
MISC
gnu — mailman_postorius
 
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place. 2021-09-10 not yet calculated CVE-2021-40347
CONFIRM
MISC
CONFIRM
MISC
MISC
DEBIAN
gpac — gpac The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. 2021-09-13 not yet calculated CVE-2021-32134
MISC
MISC
gpac — gpac Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. 2021-09-13 not yet calculated CVE-2021-33363
MISC
MISC
gpac — gpac Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. 2021-09-13 not yet calculated CVE-2021-32136
MISC
MISC
gpac — gpac Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. 2021-09-13 not yet calculated CVE-2021-32137
MISC
MISC
gpac — gpac
 
The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. 2021-09-13 not yet calculated CVE-2021-32138
MISC
MISC
gpac — gpac
 
Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. 2021-09-13 not yet calculated CVE-2021-33366
MISC
MISC
gpac — gpac
 
The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. 2021-09-13 not yet calculated CVE-2021-32139
MISC
MISC
gpac — gpac
 
The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. 2021-09-13 not yet calculated CVE-2021-32132
MISC
MISC
gpac — gpac
 
Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. 2021-09-13 not yet calculated CVE-2021-33364
MISC
MISC
gpac — gpac
 
Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. 2021-09-13 not yet calculated CVE-2021-33362
MISC
MISC
gpac — gpac
 
Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. 2021-09-13 not yet calculated CVE-2021-33361
MISC
MISC
gpac — gpac
 
The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. 2021-09-13 not yet calculated CVE-2021-32135
MISC
MISC
gpac — gpac
 
Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. 2021-09-13 not yet calculated CVE-2021-33365
MISC
MISC
hashicorp — terraform_enterprise
 
HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1. 2021-09-15 not yet calculated CVE-2021-40862
MISC
hestiacp — hestiacp
 
hestiacp is vulnerable to Use of Wrong Operator in String Comparison 2021-09-15 not yet calculated CVE-2021-3797
CONFIRM
MISC
hgiga — oaklouds
 
The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in. 2021-09-15 not yet calculated CVE-2021-37912
CONFIRM
hgiga — oaklouds
 
The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in. 2021-09-15 not yet calculated CVE-2021-37913
CONFIRM
hunter — express
 
XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths. 2021-09-17 not yet calculated CVE-2021-41317
MISC
MISC
MISC
ibm — db2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470. 2021-09-16 not yet calculated CVE-2021-29825
XF
CONFIRM
ibm — db2
 
IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780. 2021-09-16 not yet calculated CVE-2021-29752
CONFIRM
XF
ibm — db2
 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267. 2021-09-16 not yet calculated CVE-2021-29763
CONFIRM
XF
ibm — financial_transaction_manager
 
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. 2021-09-14 not yet calculated CVE-2021-29841
XF
CONFIRM
ibm — qradar_siem
 
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201778. 2021-09-15 not yet calculated CVE-2021-29750
CONFIRM
XF
ibm — security_guardium
 
IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345. 2021-09-15 not yet calculated CVE-2021-20433
CONFIRM
XF
ibm — security_guardium
 
IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865. 2021-09-15 not yet calculated CVE-2021-29773
CONFIRM
XF
ibm — security_secret_server
 
IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 199328. 2021-09-14 not yet calculated CVE-2021-20582
CONFIRM
XF
ibm — security_secret_server
 
IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243. 2021-09-14 not yet calculated CVE-2021-20569
XF
CONFIRM
ibm — security_secret_server
 
IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322. 2021-09-14 not yet calculated CVE-2021-20508
XF
CONFIRM
ibm — websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. 2021-09-16 not yet calculated CVE-2021-29842
CONFIRM
XF
imagemagick — imagemagick
 
ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain=”module” rights=”none” pattern=”PS” />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain=”coder” rights=”none” pattern=”{PS,EPI,EPS,EPSF,EPSI}” />. 2021-09-13 not yet calculated CVE-2021-39212
CONFIRM
MISC
MISC
industrial_edge — management
 
A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system. 2021-09-14 not yet calculated CVE-2021-37184
MISC
ionic_identity — vault
 
In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication. 2021-09-10 not yet calculated CVE-2021-3145
MISC
MISC
jfinal — cms Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the ‘FileManager.delete()’ function in the component ‘modules/filemanager/FileManagerController.java’. 2021-09-15 not yet calculated CVE-2020-19150
MISC
jfinal — cms Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the ‘Nickname’ parameter in the component ‘/jfinal_cms/front/person/profile.html’. 2021-09-15 not yet calculated CVE-2020-19148
MISC
jfinal — cms
 
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the ‘FileManager.rename()’ function in the component ‘modules/filemanager/FileManagerController.java’. 2021-09-15 not yet calculated CVE-2020-19155
MISC
jfinal — cms
 
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the ‘getFolder()’ function in the component ‘/modules/filemanager/FileManager.java’. 2021-09-15 not yet calculated CVE-2020-19147
MISC
jfinal — cms
 
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the ‘FileManager.editFile()’ function in the component ‘modules/filemanager/FileManagerController.java’. 2021-09-15 not yet calculated CVE-2020-19154
MISC
jfinal — cms
 
Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component ‘jfinal_cms/admin/filemanager/list’. 2021-09-15 not yet calculated CVE-2020-19151
MISC
jfinal — cms
 
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the ‘TemplatePath’ parameter in the component ‘jfinal_cms/admin/folder/list’. 2021-09-15 not yet calculated CVE-2020-19146
MISC
jfinal — jfinal
 
Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js. 2021-09-15 not yet calculated CVE-2021-40639
MISC
MISC
MISC
jitsi — meet
 
Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading. 2021-09-15 not yet calculated CVE-2021-39205
MISC
MISC
MISC
CONFIRM
jitsi — meet
 
Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue is fixed in Jitsi Meet 2.0.5963. There are no known workarounds aside from updating. 2021-09-15 not yet calculated CVE-2021-39215
MISC
CONFIRM
jizhicms — jizhicms
 
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file. 2021-09-15 not yet calculated CVE-2020-21483
MISC
johnson — controls_kt-1
 
The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01 2021-09-15 not yet calculated CVE-2021-27662
CERT
CONFIRM
kaden — picoflux_air
 
In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties. 2021-09-16 not yet calculated CVE-2021-34576
CONFIRM
kitecms — kitecms
 
A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account. 2021-09-13 not yet calculated CVE-2020-20671
MISC
kitecms — kitecms
 
An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file. 2021-09-13 not yet calculated CVE-2020-20672
MISC
kooboo — cms
 
Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server. 2021-09-14 not yet calculated CVE-2021-36581
MISC
MISC
kooboo — cms
 
In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL. 2021-09-14 not yet calculated CVE-2021-36582
MISC
MISC
laiketui — laiketui
 
Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component ‘/index.php?module=member&action=add’. 2021-09-15 not yet calculated CVE-2020-19159
MISC
libde265 — libde265 libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21602
MISC
libde265 — libde265 libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21598
MISC
libde265 — libde265 libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21595
MISC
libde265 — libde265 libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21597
MISC
libde265 — libde265 libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21596
MISC
libde265 — libde265
 
libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21600
MISC
libde265 — libde265
 
libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21599
MISC
libde265 — libde265
 
libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21605
MISC
libde265 — libde265
 
libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21594
MISC
libde265 — libde265
 
libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21603
MISC
libde265 — libde265
 
libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21604
MISC
libde265 — libde265
 
libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21606
MISC
libde265 — libde265
 
libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21601
MISC
libmobi — libmobi
 
libmobi is vulnerable to Out-of-bounds Write 2021-09-15 not yet calculated CVE-2021-3751
CONFIRM
MISC
libsixel — libsixel Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. 2021-09-17 not yet calculated CVE-2020-21548
MISC
libsixel — libsixel Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. 2021-09-17 not yet calculated CVE-2020-21547
MISC
libsixel — libsixel
 
Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c. 2021-09-14 not yet calculated CVE-2020-21050
MISC
MISC
MISC
MISC
MISC
libsixel — libsixel
 
An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file. 2021-09-14 not yet calculated CVE-2020-21049
MISC
MISC
MISC
MISC
MISC
libsixel — libsixel
 
An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file. 2021-09-14 not yet calculated CVE-2020-21048
MISC
MISC
MISC
MISC
MISC
logo! — cmr2020
 
A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU 3000 family (All versions). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information. 2021-09-14 not yet calculated CVE-2021-37186
MISC
maccms — maccms A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names. 2021-09-14 not yet calculated CVE-2020-21082
MISC
maccms — maccms
 
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL. 2021-09-14 not yet calculated CVE-2020-21081
MISC
matrix-js-sdk — matrix-js-sdk

 

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end-to-end encrypted messages sent by affected clients. 2021-09-13 not yet calculated CVE-2021-40824
MISC
MISC
matrix-js-sdk — matrix-js-sdk
 
A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-end encrypted messages sent by affected clients. 2021-09-13 not yet calculated CVE-2021-40823
MISC
MISC
mcafee — data_loss_prevention_discover
 
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. 2021-09-17 not yet calculated CVE-2021-31845
CONFIRM
mcafee — data_loss_prevention_endpoint
 
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. 2021-09-17 not yet calculated CVE-2021-31844
CONFIRM
mcafee — endpoint_security
 
Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location. 2021-09-17 not yet calculated CVE-2021-31843
CONFIRM
mcafee — endpoint_security
 
XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process. 2021-09-17 not yet calculated CVE-2021-31842
CONFIRM
metinfo — metinfo
 
MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel. 2021-09-15 not yet calculated CVE-2020-21127
MISC
metinfo — metinfo
 
MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo. 2021-09-15 not yet calculated CVE-2020-21126
MISC
microsoft — azure
 
Azure Sphere Information Disclosure Vulnerability 2021-09-15 not yet calculated CVE-2021-36956
MISC
microsoft — dynamics_business
 
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability 2021-09-15 not yet calculated CVE-2021-40440
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Tampering Vulnerability 2021-09-15 not yet calculated CVE-2021-38669
MISC
microsoft — excel
 
Microsoft Excel Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-38655
MISC
MISC
microsoft — office Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38660. 2021-09-15 not yet calculated CVE-2021-38658
MISC
MISC
microsoft — office Microsoft Office Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-38659
MISC
MISC
microsoft — office
 
Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38653. 2021-09-15 not yet calculated CVE-2021-38654
MISC
MISC
microsoft — office
 
Microsoft Office Graphics Component Information Disclosure Vulnerability 2021-09-15 not yet calculated CVE-2021-38657
MISC
microsoft — office
 
Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38658. 2021-09-15 not yet calculated CVE-2021-38660
MISC
microsoft — office
 
Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38654. 2021-09-15 not yet calculated CVE-2021-38653
MISC
MISC
microsoft — sharepoint

 

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-38651. 2021-09-15 not yet calculated CVE-2021-38652
MISC
microsoft — sharepoint
 
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-38652. 2021-09-15 not yet calculated CVE-2021-38651
MISC
microsoft — visual_studio
 
Visual Studio Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-26434
MISC
MISC
microsoft — visual_studio
 
Visual Studio Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-36952
MISC
MISC
microsoft — visual_studio
 
Visual Studio Code Spoofing Vulnerability 2021-09-15 not yet calculated CVE-2021-26437
MISC
microsoft — win32k
 
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639. 2021-09-15 not yet calculated CVE-2021-36975
MISC
microsoft — windows Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36969, CVE-2021-38636. 2021-09-15 not yet calculated CVE-2021-38635
MISC
microsoft — windows Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36960. 2021-09-15 not yet calculated CVE-2021-36972
MISC
microsoft — windows Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36963, CVE-2021-38633. 2021-09-15 not yet calculated CVE-2021-36955
MISC
microsoft — windows Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38649. 2021-09-15 not yet calculated CVE-2021-38648
MISC
microsoft — windows Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38648, CVE-2021-38649. 2021-09-15 not yet calculated CVE-2021-38645
MISC
microsoft — windows Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-38633. 2021-09-15 not yet calculated CVE-2021-36963
MISC
microsoft — windows Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38628. 2021-09-15 not yet calculated CVE-2021-38638
MISC
microsoft — windows Windows Storage Information Disclosure Vulnerability 2021-09-15 not yet calculated CVE-2021-38637
MISC
microsoft — windows Windows WLAN AutoConfig Service Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-36965
MISC
microsoft — windows Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-36963. 2021-09-15 not yet calculated CVE-2021-38633
MISC
microsoft — windows Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36964. 2021-09-15 not yet calculated CVE-2021-38630
MISC
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38671, CVE-2021-40447. 2021-09-15 not yet calculated CVE-2021-38667
MISC
microsoft — windows Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-38671. 2021-09-15 not yet calculated CVE-2021-40447
MISC
microsoft — windows
 
Microsoft Windows Update Client Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-38634
MISC
MISC
microsoft — windows
 
adminlte is vulnerable to Sensitive Cookie Without ‘HttpOnly’ Flag 2021-09-15 not yet calculated CVE-2021-3706
MISC
CONFIRM
microsoft — windows
 
Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38635, CVE-2021-38636. 2021-09-15 not yet calculated CVE-2021-36969
MISC
microsoft — windows
 
HEVC Video Extensions Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-38661
MISC
microsoft — windows
 
Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-36973
MISC
microsoft — windows
 
Windows SMB Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-36974
MISC
microsoft — windows
 
Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-40447. 2021-09-15 not yet calculated CVE-2021-38671
MISC
microsoft — windows
 
Windows DNS Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-36968
MISC
microsoft — windows
 
Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38648. 2021-09-15 not yet calculated CVE-2021-38649
MISC
microsoft — windows
 
Windows Key Storage Provider Security Feature Bypass Vulnerability 2021-09-15 not yet calculated CVE-2021-38624
MISC
microsoft — windows
 
Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36969, CVE-2021-38635. 2021-09-15 not yet calculated CVE-2021-38636
MISC
microsoft — windows
 
Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38626. 2021-09-15 not yet calculated CVE-2021-38625
MISC
microsoft — windows
 
Open Management Infrastructure Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-38647
MISC
microsoft — windows
 
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-38646
MISC
microsoft — windows
 
Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38625. 2021-09-15 not yet calculated CVE-2021-38626
MISC
microsoft — windows
 
Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-38644
MISC
microsoft — windows
 
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38638. 2021-09-15 not yet calculated CVE-2021-38628
MISC
microsoft — windows
 
Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability 2021-09-15 not yet calculated CVE-2021-38629
MISC
microsoft — windows
 
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975. 2021-09-15 not yet calculated CVE-2021-38639
MISC
microsoft — windows
 
BitLocker Security Feature Bypass Vulnerability 2021-09-15 not yet calculated CVE-2021-38632
MISC
microsoft — windows
 
Microsoft Office Spoofing Vulnerability 2021-09-15 not yet calculated CVE-2021-38650
MISC
microsoft — windows
 
Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-36967
MISC
microsoft — windows
 
Windows Bind Filter Driver Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-36954
MISC
microsoft — windows
 
Windows Scripting Engine Memory Corruption Vulnerability 2021-09-15 not yet calculated CVE-2021-26435
MISC
microsoft — windows
 
Microsoft MSHTML Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-40444
MISC
microsoft — windows
 
Microsoft Accessibility Insights for Android Information Disclosure Vulnerability 2021-09-15 not yet calculated CVE-2021-40448
MISC
microsoft — windows
 
Windows Subsystem for Linux Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-36966
MISC
microsoft — windows
 
Windows Authenticode Spoofing Vulnerability 2021-09-15 not yet calculated CVE-2021-36959
MISC
microsoft — windows
 
Windows Installer Denial of Service Vulnerability 2021-09-15 not yet calculated CVE-2021-36961
MISC
MISC
microsoft — windows
 
Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38630. 2021-09-15 not yet calculated CVE-2021-36964
MISC
microsoft — windows
 
Windows Installer Information Disclosure Vulnerability 2021-09-15 not yet calculated CVE-2021-36962
MISC
microsoft — windows
 
Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36972. 2021-09-15 not yet calculated CVE-2021-36960
MISC
microsoft — word
 
Microsoft Word Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-38656
MISC
MISC
misp — misp In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. 2021-09-17 not yet calculated CVE-2021-41326
MISC
MISC
mitmproxy — mitmproxy
 
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response’s HTTP message body. While a smuggled request is still captured as part of another request’s body, it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless one uses mitmproxy to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 7.0.3 and above. 2021-09-16 not yet calculated CVE-2021-39214
CONFIRM
mobility — mobility The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v12.14. 2021-09-16 not yet calculated CVE-2021-40067
MISC
mobility — mobility
 
The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v11.76 and Mobility v12.14. 2021-09-16 not yet calculated CVE-2021-40066
MISC
mylittlebackup — mylittlebackup
 
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers’ installations) in web.config, and can be used to send serialized ASP code. 2021-09-15 not yet calculated CVE-2021-39392
MISC
MISC
nagios — xi
 
In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard. 2021-09-15 not yet calculated CVE-2021-38156
MISC
MISC
netgear — multiple_smart_switches Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind the same NAT device, or already in possession of a foothold on an admin’s machine). This occurs because the multi-step HTTP authentication process is effectively tied only to the source IP address. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. 2021-09-13 not yet calculated CVE-2021-40867
MISC
MISC
netgear — multiple_smart_switches
 
Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. 2021-09-13 not yet calculated CVE-2021-40866
MISC
MISC
netgear — r6020_devices
 
setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field. 2021-09-17 not yet calculated CVE-2021-41383
MISC
netgear — smart_switches Certain NETGEAR smart switches are affected by a \n injection in the web UI’s password field, which – due to several faulty aspects of the authentication scheme – allows the attacker to create (or overwrite) a file with specific content (e.g., the “2” string). This leads to admin session crafting and therefore gaining full web UI admin privileges by an unauthenticated attacker. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. 2021-09-16 not yet calculated CVE-2021-41314
MISC
MISC
netiq — access_manager Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 2021-09-13 not yet calculated CVE-2021-22526
CONFIRM
CONFIRM
netiq — access_manager Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 2021-09-13 not yet calculated CVE-2021-22524
CONFIRM
CONFIRM
netiq — access_manager
 
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 2021-09-13 not yet calculated CVE-2021-22528
CONFIRM
CONFIRM
netiq — access_manager
 
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 2021-09-13 not yet calculated CVE-2021-22527
CONFIRM
CONFIRM
ni-pal — ni-pal
 
Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access. 2021-09-17 not yet calculated CVE-2021-38304
MISC
nitro — pro_pdf
 
An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability. 2021-09-15 not yet calculated CVE-2021-21798
MISC
nlight — eclypse
 
nLight ECLYPSE (nECY) system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of an affected device. nECY system controllers utilize an encrypted channel to secure SensorViewTM configuration and monitoring software and nECY to nECY communications. Impacted devices are at risk of exploitation. A remote attacker with IP access to an impacted device could submit lighting control commands to the nECY by leveraging the default key. A successful attack may result in the attacker gaining the ability to modify lighting conditions or gain the ability to update the software on lighting devices. The impacted key is referred to as the SensorView Password in the nECY nLight Explorer Interface and the Gateway Password in the SensorView application. An attacker cannot authenticate to or modify the configuration or software of the nECY system controller. 2021-09-17 not yet calculated CVE-2021-40825
MISC
MISC
nodejs-tmpl — nodejs-tmpl
 
nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity 2021-09-15 not yet calculated CVE-2021-3777
CONFIRM
MISC
nth-check — nth-check
 
nth-check is vulnerable to Inefficient Regular Expression Complexity 2021-09-17 not yet calculated CVE-2021-3803
MISC
CONFIRM
nx — 1980_series A vulnerability has been identified in NX 1980 Series (All versions < V1984). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process. 2021-09-14 not yet calculated CVE-2021-37202
MISC
nx — 1980_series
 
A vulnerability has been identified in NX 1980 Series (All versions < V1984). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations. 2021-09-14 not yet calculated CVE-2021-37203
MISC
object-path — object-path
 
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) 2021-09-17 not yet calculated CVE-2021-3805
CONFIRM
MISC
onlyoffice — document_server
 
The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields. 2021-09-10 not yet calculated CVE-2021-40864
MISC
MISC
opensis — community_edition OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the “filename” parameter. 2021-09-16 not yet calculated CVE-2021-27341
MISC
MISC
MISC
opensis — community_edition
 
OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the “opt” parameter. 2021-09-16 not yet calculated CVE-2021-27340
MISC
MISC
MISC
openssh — openssh
 
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. 2021-09-15 not yet calculated CVE-2016-20012
MISC
MISC
MISC
MISC
pardus — software_center A path traversal vulnerability on Pardus Software Center’s “extractArchive” function could allow anyone on the same network to do a man-in-the-middle and write files on the system. 2021-09-18 not yet calculated CVE-2021-3806
CONFIRM
CONFIRM
parlai — parlai
 
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0. 2021-09-10 not yet calculated CVE-2021-24040
MISC
CONFIRM
MISC
parlai — parlai
 
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0. If upgrading is not possible then users can change the Loader used to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details. 2021-09-10 not yet calculated CVE-2021-39207
MISC
MISC
CONFIRM
pdftron — webviewer
 
PDFTron’s WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code. 2021-09-15 not yet calculated CVE-2021-39307
MISC
MISC
peertube — peertube
 
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-09-15 not yet calculated CVE-2021-3780
CONFIRM
MISC
phpgurukul — apartment_visitors_management_system
 
SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE. 2021-09-13 not yet calculated CVE-2021-38833
MISC
MISC
pimcore — pimcore
 
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually. 2021-09-15 not yet calculated CVE-2021-39189
MISC
CONFIRM
MISC
MISC
plesk — obsideian
 
The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim’s browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability. 2021-09-10 not yet calculated CVE-2021-35976
MISC
MISC
MISC
pligg — cms
 
Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file. 2021-09-15 not yet calculated CVE-2020-21121
MISC
prism — prism
 
prism is vulnerable to Inefficient Regular Expression Complexity 2021-09-15 not yet calculated CVE-2021-3801
CONFIRM
MISC
prtg — network_monitor
 
PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsanitized string imported from a User Object in a connected Active Directory instance. 2021-09-13 not yet calculated CVE-2021-29643
MISC
MISC
publiccms — publiccms
 
An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code. 2021-09-15 not yet calculated CVE-2021-40881
MISC
qualcomm — multiple_snapdragon_products A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-09-17 not yet calculated CVE-2021-1976
CONFIRM
qualcomm — multiple_snapdragon_products
 
Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-09-17 not yet calculated CVE-2021-30260
CONFIRM
qualcomm — multiple_snapdragon_products
 
Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-17 not yet calculated CVE-2021-30261
CONFIRM
qualcomm — multiple_snapdragon_products
 
Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-09-17 not yet calculated CVE-2021-1947
CONFIRM
qualcomm — multiple_snapdragon_products
 
Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables 2021-09-17 not yet calculated CVE-2021-1939
CONFIRM
realvnc — viewer
 
RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data. 2021-09-17 not yet calculated CVE-2021-41380
MISC
revoworks — browser
 
Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors. 2021-09-17 not yet calculated CVE-2021-20790
MISC
MISC
revoworks — browser
 
Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors. 2021-09-17 not yet calculated CVE-2021-20791
MISC
MISC
rgcms — rgcms A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attackers to obtain the administrator’s cookie via a crafted payload in the Name field under the Message Board module 2021-09-15 not yet calculated CVE-2020-21482
MISC
rgcms — rgcms
 
An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file. 2021-09-15 not yet calculated CVE-2020-21481
MISC
rgcms — rgcms
 
An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file. 2021-09-15 not yet calculated CVE-2020-21480
MISC
riot-os — riot-os
 
In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows attackers to break encryption by triggering reboots. 2021-09-15 not yet calculated CVE-2021-41061
MISC
ruggedcom — rox_mx5000 A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices. 2021-09-14 not yet calculated CVE-2021-37175
MISC
ruggedcom — rox_mx5000
 
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have an exposure of sensitive information vulnerability, if exploited, it could allow an authenticated attacker to extract data via Secure Shell (SSH). 2021-09-14 not yet calculated CVE-2021-37173
MISC
ruggedcom — rox_mx5000
 
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access. 2021-09-14 not yet calculated CVE-2021-37174
MISC
s — cms
 
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the ‘Site Title’ parameter of the component ‘/data/admin/#/app/config/’. 2021-09-15 not yet calculated CVE-2020-19158
MISC
sap — 3d_visual_enterprise_viewer
 
When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version – 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-09-14 not yet calculated CVE-2021-38174
MISC
MISC
sap — analysis_for_microsoft_office
 
SAP Analysis for Microsoft Office – version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. The attack would not lead to an impact on the availability of the system, but there would be an impact on integrity and confidentiality. 2021-09-14 not yet calculated CVE-2021-38175
MISC
MISC
sap — business_client
 
When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions – 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid. 2021-09-14 not yet calculated CVE-2021-38150
MISC
MISC
sap — business_one
 
SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained. 2021-09-14 not yet calculated CVE-2021-33688
MISC
MISC
sap — business_one
 
The Service Layer of SAP Business One, version – 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users. 2021-09-15 not yet calculated CVE-2021-33704
MISC
MISC
sap — business_one
 
SAP Business One, version – 10.0, allows a local attacker with access to the victim’s browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application. 2021-09-15 not yet calculated CVE-2021-33700
MISC
MISC
sap — business_one
 
SAP Business One, version – 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation. 2021-09-15 not yet calculated CVE-2021-33698
MISC
MISC
sap — business_one
 
SAP Business One version – 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data 2021-09-14 not yet calculated CVE-2021-33685
MISC
MISC
sap — business_one
 
Under certain conditions, SAP Business One version – 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree. 2021-09-14 not yet calculated CVE-2021-33686
MISC
MISC
sap — business_one
 
SAP Business One version – 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User. 2021-09-14 not yet calculated CVE-2021-37532
MISC
MISC
sap — businessobjects_bi_platform
 
The SAP BusinessObjects BI Platform version – 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence allowing the attacker to compromise their confidentiality and integrity. 2021-09-14 not yet calculated CVE-2021-33679
MISC
MISC
sap — businessobjects_business_intelligence_platform
 
SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions – 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site. 2021-09-15 not yet calculated CVE-2021-33696
MISC
MISC
sap — businessobjects_business_intelligence_platform
 
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions – 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. 2021-09-15 not yet calculated CVE-2021-33697
MISC
MISC
sap — cloud_connector SAP Cloud Connector, version – 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as ‘..’ and ‘/’ separators, for attackers to escape outside of the restricted location to access files or directories. 2021-09-15 not yet calculated CVE-2021-33692
MISC
MISC
sap — cloud_connector
 
SAP Cloud Connector, version – 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution. 2021-09-15 not yet calculated CVE-2021-33693
MISC
MISC
sap — cloud_connector
 
SAP Cloud Connector, version – 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting. 2021-09-15 not yet calculated CVE-2021-33694
MISC
MISC
sap — cloud_connector
 
Potentially, SAP Cloud Connector, version – 2.0 communication with the backend is accepted without sufficient validation of the certificate. 2021-09-15 not yet calculated CVE-2021-33695
MISC
MISC
sap — commoncryptolib
 
SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system. 2021-09-14 not yet calculated CVE-2021-38177
MISC
MISC
sap — contact_center
 
Due to missing encoding in SAP Contact Center’s Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the attacker can further execute operating system level commands in the chat recipient’s scope. This could lead to a complete compromise of their confidentiality, integrity, and could temporarily impact their availability. 2021-09-14 not yet calculated CVE-2021-33672
MISC
MISC
sap — contact_center
 
Under certain conditions, SAP Contact Center – version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting (XSS) vulnerability when a user browses through the employee directory and to execute arbitrary code on the victim’s browser. Due to the usage of ActiveX in the application, the attacker can further execute operating system level commands. 2021-09-14 not yet calculated CVE-2021-33673
MISC
MISC
sap — contact_center
 
Under certain conditions, SAP Contact Center – version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability when creating a new email and to execute arbitrary code on the victim’s browser. 2021-09-14 not yet calculated CVE-2021-33674
MISC
MISC
sap — contact_center
 
Under certain conditions, SAP Contact Center – version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability through phishing and to execute arbitrary code on the victim’s browser. 2021-09-14 not yet calculated CVE-2021-33675
MISC
MISC
sap — dmis_mobile
 
DMIS Mobile Plug-In or SAP S/4HANA, versions – DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability. 2021-09-15 not yet calculated CVE-2021-33701
MISC
MISC
sap — erp_financial_accouting
 
SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions – SAP_APPL – 600, 602, 603, 604, 605, 606, 616, SAP_FIN – 617, 618, 700, 720, 730, SAPSCORE – 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to. 2021-09-14 not yet calculated CVE-2021-38164
MISC
MISC
sap — netweaver Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions – 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries. Due to this, the threat actor could completely compromise sensitive data residing on the Server and impact its availability.Note: The impact of this vulnerability depends on whether SAP NetWeaver Development Infrastructure (NWDI) runs on the intranet or internet. The CVSS score reflects the impact considering the worst-case scenario that it runs on the internet. 2021-09-15 not yet calculated CVE-2021-33690
MISC
MISC
sap — netweaver
 
SAP NetWeaver (Visual Composer 7.0 RT) versions – 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable. 2021-09-14 not yet calculated CVE-2021-38163
MISC
MISC
sap — netweaver
 
NWDI Notification Service versions – 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to a victim. If the victim has an active session when the crafted script gets executed, the threat actor could compromise information in victims session, and gain access to some sensitive information also. 2021-09-15 not yet calculated CVE-2021-33691
MISC
MISC
sap — netweaver_application_server_java
 
SAP NetWeaver Application Server Java (JMS Connector Service) – versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges. 2021-09-14 not yet calculated CVE-2021-37535
MISC
MISC
sap — netweaver_enterprise_portal
 
SAP NetWeaver Enterprise Portal versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges to store a malicious script on the portal. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of portal content. 2021-09-14 not yet calculated CVE-2021-21489
MISC
MISC
sap — netweaver_knowledge_management
 
SAP NetWeaver Knowledge Management XML Forms versions – 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system. 2021-09-14 not yet calculated CVE-2021-37531
MISC
MISC
sap — netweaver_portal
 
The SAP NetWeaver Portal, versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g. POST, GET) to any internal or external server. This can result in the accessing or modification of data accessible from the Portal but will not affect its availability. 2021-09-15 not yet calculated CVE-2021-33705
MISC
MISC
sap — sap
 
Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system. 2021-09-14 not yet calculated CVE-2021-38176
MISC
MISC
sap — web_dispatcher
 
SAP Web Dispatcher versions – 7.49, 7.53, 7.77, 7.81, KRNL64NUC – 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL – 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify any information on the server or consume server resources making it temporarily unavailable. 2021-09-14 not yet calculated CVE-2021-38162
MISC
MISC
seatd — seated-launch
 
seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. 2021-09-17 not yet calculated CVE-2021-41387
MISC
semver-regex — semver-regex
 
semver-regex is vulnerable to Inefficient Regular Expression Complexity 2021-09-15 not yet calculated CVE-2021-3795
MISC
CONFIRM
set-value — set-value
 
This affects the package set-value before 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays. 2021-09-12 not yet calculated CVE-2021-23440
MISC
MISC
MISC
MISC
MISC
sharpcompress — sharpcompress
 
SharpCompress is a fully managed C# library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to prevent extraction outside the destination directory the destinationFileName path is verified to begin with fullDestinationDirectoryPath. However, prior to version 0.29.0, it is not enforced that fullDestinationDirectoryPath ends with slash. If the destinationDirectory is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints the arbitrary file creation impact is limited and depends on the use case. This issue is fixed in SharpCompress version 0.29.0. 2021-09-16 not yet calculated CVE-2021-39208
CONFIRM
MISC
MISC
siemens — teamcenter A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The affected application contains Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to use user-supplied input to access objects directly. 2021-09-14 not yet calculated CVE-2021-40355
MISC
siemens — teamcenter A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All versions < V5.2.1). A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host. 2021-09-14 not yet calculated CVE-2021-40357
MISC
siemens — teamcenter
 
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The “surrogate” functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the “inbox/surrogate tasks”. 2021-09-14 not yet calculated CVE-2021-40354
MISC
siemens — teamcenter
 
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. 2021-09-14 not yet calculated CVE-2021-40356
MISC
simatic — cp_1543-1
 
A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext. 2021-09-14 not yet calculated CVE-2021-33716
MISC
simatic — cp_343-1
 
A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions). Sending a specially crafted packet to port 102/tcp of an affected device could cause a Denial-of-Service condition. A restart is needed to restore normal operations. 2021-09-14 not yet calculated CVE-2021-33737
MISC
simcenter — femap_v2020.2
 
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). The femap.exe application lacks proper validation of user-supplied data when parsing modfem files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14260) 2021-09-14 not yet calculated CVE-2021-37176
MISC
MISC
simcenter — star-ccm+_viewer A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2021.2.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13700) 2021-09-14 not yet calculated CVE-2021-25665
MISC
MISC
sinec — nms
 
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link. 2021-09-14 not yet calculated CVE-2021-37201
MISC
sinec — nms
 
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request. 2021-09-14 not yet calculated CVE-2021-37200
MISC
sinema — remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software. 2021-09-14 not yet calculated CVE-2021-37191
MISC
sinema — remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage. 2021-09-14 not yet calculated CVE-2021-37192
MISC
sinema — remote_connect_server
 
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system. 2021-09-14 not yet calculated CVE-2021-37177
MISC
sinema — remote_connect_server
 
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices. 2021-09-14 not yet calculated CVE-2021-37183
MISC
sinema — remote_connect_server
 
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user. 2021-09-14 not yet calculated CVE-2021-37190
MISC
sinema — remote_connect_server
 
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa). 2021-09-14 not yet calculated CVE-2021-37193
MISC
sinema — server
 
A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected system, and successful exploitation requires no system privileges. 2021-09-14 not yet calculated CVE-2019-10941
MISC
siprotec — 5

 

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition. 2021-09-14 not yet calculated CVE-2021-33720
MISC
siprotec — 5
 
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution. 2021-09-14 not yet calculated CVE-2021-33719
MISC
siprotec — 5
 
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device. 2021-09-14 not yet calculated CVE-2021-37206
MISC
sita — software_azur
 
Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the (1) NOM_CLI , (2) ADRESSE , (3) ADRESSE2, (4) LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the (5) nom_liste parameter to /eshop/products/json/addCustomerFavorite. 2021-09-15 not yet calculated CVE-2021-28901
MISC
spring — code_insight
 
A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). 2021-09-17 not yet calculated CVE-2020-12082
CONFIRM
spring — code_insight
 
An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). 2021-09-17 not yet calculated CVE-2020-12083
CONFIRM
taro — taro
 
taro is vulnerable to Inefficient Regular Expression Complexity 2021-09-17 not yet calculated CVE-2021-3804
CONFIRM
MISC
techradar — techradar
 
The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar. 2021-09-15 not yet calculated CVE-2021-37412
MISC
teleport — teleport Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations. 2021-09-18 not yet calculated CVE-2021-41394
MISC
MISC
MISC
MISC
teleport — teleport
 
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations. 2021-09-18 not yet calculated CVE-2021-41393
MISC
MISC
MISC
MISC
teleport — teleport
 
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username. 2021-09-18 not yet calculated CVE-2021-41395
MISC
MISC
tinyfilemanager — tinyfilemanager
 
A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the “fullpath” parameter containing path traversal strings (../ and ..\) in order to escape the server’s intended working directory and write malicious files onto any directory on the computer. 2021-09-15 not yet calculated CVE-2021-40964
MISC
MISC
tinyfilemanager — tinyfilemanager
 
A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker. 2021-09-15 not yet calculated CVE-2021-40965
MISC
MISC
tinyfilemanager — tinyfilemanager
 
A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server. 2021-09-15 not yet calculated CVE-2021-40966
MISC
MISC
travis_ci — travis_ci
 
The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. In particular, the desired behavior (if .travis.yml has been created locally by a customer, and added to git) is for a Travis service to perform builds in a way that prevents public access to customer-specific secret environment data such as signing keys, access credentials, and API tokens. However, during the stated 8-day interval, secret data could be revealed to an unauthorized actor who forked a public repository and printed files during a build process. 2021-09-14 not yet calculated CVE-2021-41077
MISC
MISC
MISC
MISC
MISC
MISC
tremor — tremor
 
Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case, affected versions of Tremor and the tremor-script crate maintains references to memory that might have been freed already. And these memory regions can be accessed by retrieving the `state`, e.g. send it over TCP or HTTP. This requires the Tremor server (or any other program using tremor-script) to execute a tremor-script script that uses the mentioned language construct. The issue has been patched in version 0.11.6 by removing the optimization and always cloning the target expression of a Merge or Patch. If an upgrade is not possible, a possible workaround is to avoid the optimization by introducing a temporary variable and not immediately reassigning to `state`. 2021-09-17 not yet calculated CVE-2021-39228
MISC
MISC
MISC
CONFIRM
unsquash — squash-opendir
 
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem. 2021-09-14 not yet calculated CVE-2021-41072
MISC
MISC
ureport — ureport UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page. 2021-09-15 not yet calculated CVE-2020-21124
MISC
ureport — ureport An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code. 2021-09-15 not yet calculated CVE-2020-21125
MISC
ureport — ureport
 
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. 2021-09-15 not yet calculated CVE-2020-21122
MISC
vim — vim
 
vim is vulnerable to Heap-based Buffer Overflow 2021-09-15 not yet calculated CVE-2021-3778
MISC
CONFIRM
vim — vim
 
vim is vulnerable to Use After Free 2021-09-15 not yet calculated CVE-2021-3796
MISC
CONFIRM
vmware — esxi
 
VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory. 2021-09-15 not yet calculated CVE-2020-3960
MISC
vuelidate — vuelidate
 
vuelidate is vulnerable to Inefficient Regular Expression Complexity 2021-09-15 not yet calculated CVE-2021-3794
CONFIRM
MISC
wasmtime — wasmtime
 
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses `externref`s, the host creates non-null `externrefs`, Wasmtime performs a garbage collection (GC), and there has to be a Wasm frame on the stack that is at a GC safepoint where there are no live references at this safepoint, and there is a safepoint with live references earlier in this frame’s function. Under this scenario, Wasmtime would incorrectly use the GC stack map for the safepoint from earlier in the function instead of the empty safepoint. This would result in Wasmtime treating arbitrary stack slots as `externref`s that needed to be rooted for GC. At the *next* GC, it would be determined that nothing was referencing these bogus `externref`s (because nothing could ever reference them, because they are not really `externref`s) and then Wasmtime would deallocate them and run `<ExternRef as Drop>::drop` on them. This results in a free of memory that is not necessarily on the heap (and shouldn’t be freed at this moment even if it was), as well as potential out-of-bounds reads and writes. Even though support for `externref`s (via the reference types proposal) is enabled by default, unless you are creating non-null `externref`s in your host code or explicitly triggering GCs, you cannot be affected by this bug. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime at this time, you can avoid this bug by disabling the reference types proposal by passing `false` to `wasmtime::Config::wasm_reference_types`. 2021-09-17 not yet calculated CVE-2021-39218
MISC
CONFIRM
MISC
wasmtime — wasmtime
 
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple `externref`s from the host to a Wasm instance at the same time, either by passing multiple `externref`s as arguments from host code to a Wasm function, or returning multiple `externref`s to Wasm from a multi-value return function defined in the host. If you do not have host code that matches one of these shapes, then you are not impacted. If Wasmtime’s `VMExternRefActivationsTable` became filled to capacity after passing the first `externref` in, then passing in the second `externref` could trigger a garbage collection. However the first `externref` is not rooted until we pass control to Wasm, and therefore could be reclaimed by the collector if nothing else was holding a reference to it or otherwise keeping it alive. Then, when control was passed to Wasm after the garbage collection, Wasm could use the first `externref`, which at this point has already been freed. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. The bug has been fixed, and users should upgrade to Wasmtime 0.30.0. If you cannot upgrade Wasmtime yet, you can avoid the bug by disabling reference types support in Wasmtime by passing `false` to `wasmtime::Config::wasm_reference_types`. 2021-09-17 not yet calculated CVE-2021-39216
MISC
MISC
CONFIRM
wasmtime — wasmtime
 
Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never use `unsafe` then it should not be possible to have memory unsafety issues in their embeddings of Wasmtime. An issue was discovered in the safe API of `Linker::func_*` APIs. These APIs were previously not sound when one `Engine` was used to create the `Linker` and then a different `Engine` was used to create a `Store` and then the `Linker` was used to instantiate a module into that `Store`. Cross-`Engine` usage of functions is not supported in Wasmtime and this can result in type confusion of function pointers, resulting in being able to safely call a function with the wrong type. Triggering this bug requires using at least two `Engine` values in an embedding and then additionally using two different values with a `Linker` (one at the creation time of the `Linker` and another when instantiating a module with the `Linker`). It’s expected that usage of more-than-one `Engine` in an embedding is relatively rare since an `Engine` is intended to be a globally shared resource, so the expectation is that the impact of this issue is relatively small. The fix implemented is to change this behavior to `panic!()` in Rust instead of silently allowing it. Using different `Engine` instances with a `Linker` is a programmer bug that `wasmtime` catches at runtime. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime and are using more than one `Engine` in your embedding it’s recommended to instead use only one `Engine` for the entire program if possible. An `Engine` is designed to be a globally shared resource that is suitable to have only one for the lifetime of an entire process. If using multiple `Engine`s is required then code should be audited to ensure that `Linker` is only used with one `Engine`. 2021-09-17 not yet calculated CVE-2021-39219
MISC
MISC
CONFIRM
webfocus — reporting_server
 
The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.’s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim’s local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO WebFOCUS Client: versions 8207.27.0 and below, TIBCO WebFOCUS Installer: versions 8207.27.0 and below, and TIBCO WebFOCUS Reporting Server: versions 8207.27.0 and below. 2021-09-14 not yet calculated CVE-2021-35493
CONFIRM
CONFIRM
webuzo — webuzo
 
A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the “Error Log” page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the “Cron Jobs” functionality of Webuzo. 2021-09-15 not yet calculated CVE-2021-40238
MISC
MISC
wenku — cms
 
Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the ‘Intro’ parameter for the component ‘/index.php?m=ucenter&a=index’. 2021-09-15 not yet calculated CVE-2020-19157
MISC
wordpress — wordpress The create_post_page AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6 (available to authenticated user) does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue 2021-09-13 not yet calculated CVE-2021-24605
MISC
wordpress — wordpress The Book appointment online WordPress plugin before 1.39 does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-09-13 not yet calculated CVE-2021-24614
MISC
wordpress — wordpress The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue 2021-09-13 not yet calculated CVE-2021-24560
MISC
wordpress — wordpress The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-09-13 not yet calculated CVE-2021-24623
MISC
wordpress — wordpress The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s 2021-09-13 not yet calculated CVE-2021-24724
MISC
MISC
CONFIRM
wordpress — wordpress The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections 2021-09-13 not yet calculated CVE-2021-24727
MISC
MISC
CONFIRM
wordpress — wordpress The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could also make a logged admin upload a malicious PHP file, which would lead to RCE 2021-09-13 not yet calculated CVE-2021-24620
MISC
wordpress — wordpress
 
The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting payload in them, which will be executed in the frontend for all users 2021-09-13 not yet calculated CVE-2021-24431
MISC
wordpress — wordpress
 
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1. 2021-09-17 not yet calculated CVE-2021-39327
MISC
MISC
wordpress — wordpress
 
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. 2021-09-13 not yet calculated CVE-2021-24728
CONFIRM
MISC
MISC
wordpress — wordpress
 
The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting (feature mentioned by the plugin), this could lead to Stored XSS issue which will be triggered either in the backend, frontend or both depending on the payload used. 2021-09-13 not yet calculated CVE-2021-24586
MISC
wordpress — wordpress
 
The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue 2021-09-13 not yet calculated CVE-2021-24726
MISC
MISC
wordpress — wordpress
 
The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its ‘Delete comments easily’, which could allow attackers to make logged in admin delete arbitrary comments 2021-09-13 not yet calculated CVE-2021-24725
MISC
MISC
wordpress — wordpress
 
The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack 2021-09-13 not yet calculated CVE-2021-24491
MISC
wordpress — wordpress
 
The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues. 2021-09-13 not yet calculated CVE-2021-24619
MISC
wordpress — wordpress
 
The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfiltered_html capability is disallowed, which could lead to Stored Cross-Site Scripting issues 2021-09-13 not yet calculated CVE-2021-24621
MISC
wordpress — wordpress
 
The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denying access to everything in the folder the file is uploaded to, the malicious uploaded file will only be accessible on Web Servers such as Nginx/IIS 2021-09-13 not yet calculated CVE-2021-24490
MISC
wordpress — wordpress
 
The shopp_upload_file AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to upload arbitrary files and leading to RCE 2021-09-13 not yet calculated CVE-2021-24493
MISC
wordpress — wordpress
 
The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issues. 2021-09-13 not yet calculated CVE-2021-24523
MISC
wordpress — wordpress
 
The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue 2021-09-13 not yet calculated CVE-2021-24510
MISC
wordpress — wordpress
 
The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does not sanitise or escape the feedID POST parameter in its feed_locator AJAX action (available to both authenticated and unauthenticated users) before outputting a truncated version of it in the admin dashboard, leading to an unauthenticated Stored Cross-Site Scripting issue which will be executed in the context of a logged in administrator. 2021-09-13 not yet calculated CVE-2021-24508
MISC
writeregistry — writeregistry
 
WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code. 2021-09-15 not yet calculated CVE-2021-37909
CONFIRM
wuzhi — wuzhi
 
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file. 2021-09-16 not yet calculated CVE-2021-40670
MISC
wuzhi — wuzhi
 
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file. 2021-09-16 not yet calculated CVE-2021-40669
MISC
xiaomi — ax3600_router There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12 2021-09-16 not yet calculated CVE-2020-14119
MISC
xiaomi — ax3600_router Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809 2021-09-16 not yet calculated CVE-2020-14130
MISC
xiaomi — ax3600_router
 
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12. 2021-09-16 not yet calculated CVE-2020-14124
MISC
xiaomi — ax3600_router
 
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12 2021-09-16 not yet calculated CVE-2020-14109
MISC
yandex — browser
 
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing 2021-09-13 not yet calculated CVE-2020-27969
MISC
yandex — browser
 
Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar 2021-09-13 not yet calculated CVE-2020-27970
MISC
yourls — yourls
 
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-09-15 not yet calculated CVE-2021-3783
CONFIRM
MISC
yourls — yourls
 
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-09-15 not yet calculated CVE-2021-3785
MISC
CONFIRM
zenitel — alphacom_xe_audio_server
 
The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory. 2021-09-15 not yet calculated CVE-2021-40845
MISC
MISC
MISC
MISC
zkeacms — zkeacms
 
An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file. 2021-09-13 not yet calculated CVE-2020-20670
MISC
zrender — zrender
 
ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. One workaround is available: Check if there is `__proto__` in the object keys. Omit it before using it as an parameter in these affected methods. Or in `echarts.util.merge` and `setOption` if project is using ECharts. 2021-09-17 not yet calculated CVE-2021-39227
CONFIRM
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: September 13, 2021

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adaptivescale — lxdui A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system. 2021-09-03 10 CVE-2021-40494
MISC
arubanetworks — arubaos A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37724
MISC
arubanetworks — arubaos A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37723
MISC
arubanetworks — sd-wan A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37718
MISC
arubanetworks — sd-wan A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 7.5 CVE-2021-37716
MISC
arubanetworks — sd-wan A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37717
MISC
arubanetworks — sd-wan A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37722
MISC
arubanetworks — sd-wan A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37721
MISC
arubanetworks — sd-wan A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37720
MISC
arubanetworks — sd-wan A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37719
MISC
bluecms_project — bluecms BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php. 2021-09-08 7.5 CVE-2020-19853
MISC
espressif — esp-idf The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload. 2021-09-07 8.3 CVE-2021-28139
MISC
MISC
MISC
MISC
moxa — wac-2004_firmware Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3. 2021-09-07 9 CVE-2021-39279
MISC
MISC
simple_water_refilling_station_management_system_project — simple_water_refilling_station_management_system SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter. 2021-09-07 7.5 CVE-2021-38840
MISC
MISC
MISC
MISC
sketch — sketch Sketch before 75 mishandles external library feeds. 2021-09-06 7.5 CVE-2021-40531
MISC
telegram — web_k_alpha Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension. 2021-09-06 7.5 CVE-2021-40532
MISC
ulfius_project — ulfius ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info initialization and a con_info->request NULL check for certain malformed HTTP requests. 2021-09-07 7.5 CVE-2021-40540
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alipay_project — alipay A proid GET parameter of the WordPress支付å®?Alipay|财付通Tenpay|è´?å®?PayPal集æˆ?æ?’件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection. 2021-09-06 6.5 CVE-2021-24390
MISC
MISC
arubanetworks — arubaos A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability. 2021-09-07 5.5 CVE-2021-37728
MISC
arubanetworks — arubaos A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 5.5 CVE-2021-37729
MISC
arubanetworks — sd-wan A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 5.8 CVE-2021-37725
MISC
cashtomer_project — cashtomer An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2021-09-06 6.5 CVE-2021-24391
MISC
MISC
cliniccases — cliniccases Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. 2021-09-07 4.3 CVE-2021-38704
MISC
MISC
cliniccases — cliniccases messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter. 2021-09-07 6.5 CVE-2021-38706
MISC
MISC
cliniccases — cliniccases ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to create a secondary administrator account for the attacker. 2021-09-07 6.8 CVE-2021-38705
MISC
MISC
comment_highlighter_project — comment_highlighter A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2021-09-06 6.5 CVE-2021-24393
MISC
MISC
contiki-os — contiki In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and WILL commands because of improper handling of exception condition, which leads to property violations and denial of service. Specifically, a server sometimes sends no response, because a fixed buffer space is available for all responses and that space may have been exhausted. 2021-09-05 5 CVE-2021-40523
MISC
cozyvision — sms_alert_order_notifications The SMS Alert Order Notifications WordPress plugin before 3.4.7 is affected by a cross site scripting (XSS) vulnerability in the plugin’s setting page. 2021-09-06 4.3 CVE-2021-24588
MISC
easy_testimonial_manager_project — easy_testimonial_manager An id GET parameter of the Easy Testimonial Manager WordPress plugin through 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection 2021-09-06 6.5 CVE-2021-24394
MISC
MISC
eyoucms — eyoucms EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function. 2021-09-07 5.8 CVE-2021-39501
MISC
MISC
eyoucms — eyoucms A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function. 2021-09-07 4.3 CVE-2021-39499
MISC
MISC
f-secure — atlant A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. 2021-09-07 4.3 CVE-2021-33599
MISC
MISC
file-upload-with-preview_project — file-upload-with-preview This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file). 2021-09-05 4.3 CVE-2021-23439
CONFIRM
CONFIRM
CONFIRM
fortinet — fortimanager An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL. 2021-09-06 6.5 CVE-2021-24006
CONFIRM
fortinet — fortisandbox An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL. 2021-09-06 4 CVE-2020-15939
CONFIRM
gambit — titan_framework The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues 2021-09-06 4.3 CVE-2021-24435
MISC
geekwebsolution — embed_youtube_video The editid GET parameter of the Embed Youtube Video WordPress plugin through 1.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2021-09-06 6.5 CVE-2021-24395
MISC
MISC
ghost — ghost Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability. This issue is patched in Ghost version 4.10.0. As a workaround, disable all non-Administrator accounts to prevent API access. It is highly recommended to regenerate all API keys after patching or applying the workaround. 2021-09-03 6.5 CVE-2021-39192
CONFIRM
MISC
gibbonedu — gibbon A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php). 2021-09-03 4.3 CVE-2021-40492
MISC
MISC
gifsicle_project — gifsicle The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference. 2021-09-07 5 CVE-2020-19752
MISC
gnu — inetutils The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl. 2021-09-03 4.3 CVE-2021-40491
MISC
MISC
MISC
google — chrome Heap buffer overflow in TabStrip in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30614
MISC
MISC
FEDORA
google — chrome Use after free in Permissions in Google Chrome prior to 93.0.4577.63 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30607
MISC
MISC
FEDORA
google — chrome Use after free in Autofill in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30624
MISC
MISC
FEDORA
google — chrome Use after free in Bookmarks in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30623
MISC
MISC
FEDORA
google — chrome Use after free in WebApp Installs in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30622
MISC
MISC
FEDORA
google — chrome Insufficient policy enforcement in Blink in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to bypass content security policy via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30620
MISC
MISC
FEDORA
google — chrome Inappropriate implementation in DevTools in Google Chrome prior to 93.0.4577.63 allowed a remote attacker who had convinced the user to use Chrome headless with remote debugging to execute arbitrary code via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30618
MISC
MISC
FEDORA
google — chrome Use after free in Media in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30616
MISC
MISC
FEDORA
google — chrome Use after free in WebRTC in Google Chrome on Linux, ChromeOS prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30612
MISC
MISC
FEDORA
google — chrome Use after free in Sign-In in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30609
MISC
MISC
FEDORA
google — chrome Use after free in Blink in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to drag and drop a malicous folder to a page to potentially perform a sandbox escape via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30606
MISC
MISC
FEDORA
google — chrome Use after free in Extensions API in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30610
MISC
MISC
FEDORA
google — chrome Inappropriate implementation in Autofill in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to spoof security UI via a crafted HTML page. 2021-09-03 4.3 CVE-2021-30621
MISC
MISC
FEDORA
google — chrome Inappropriate implementation in Autofill in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to spoof security UI via a crafted HTML page. 2021-09-03 4.3 CVE-2021-30619
MISC
MISC
FEDORA
google — chrome Policy bypass in Blink in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to bypass site isolation via a crafted HTML page. 2021-09-03 4.3 CVE-2021-30617
MISC
MISC
FEDORA
google — chrome Inappropriate implementation in Navigation in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-09-03 4.3 CVE-2021-30615
MISC
MISC
FEDORA
google — chrome Use after free in Base internals in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30613
MISC
MISC
FEDORA
google — chrome Use after free in WebRTC in Google Chrome on Linux, ChromeOS prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30611
MISC
MISC
FEDORA
google — chrome Use after free in Web Share in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30608
MISC
MISC
FEDORA
gpac — gpac An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read. 2021-09-07 5 CVE-2020-19750
MISC
gpac — gpac An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read. 2021-09-07 6.4 CVE-2020-19751
MISC
jbl — tune500bt_firmware The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data. 2021-09-07 6.1 CVE-2021-28155
MISC
MISC
jiangqie — official_website_mini_program The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues 2021-09-06 6.5 CVE-2021-24303
MISC
MISC
linux — linux_kernel A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. 2021-09-03 4.4 CVE-2021-40490
MISC
moxa — wac-2004_firmware Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3. 2021-09-07 4.3 CVE-2021-39278
MISC
mrdoc — mrdoc mrdoc is vulnerable to Deserialization of Untrusted Data 2021-09-06 6.8 CVE-2021-32568
MISC
CONFIRM
ntracker — ntracker_usb_enterprise A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. 2021-09-07 5 CVE-2020-7819
MISC
otrs — otrs It’s possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. 2021-09-06 5 CVE-2021-36093
CONFIRM
otrs — otrs Malicious attacker is able to find out valid user logins by using the “lost password” feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions. 2021-09-06 5 CVE-2021-36095
CONFIRM
parity — frontier Frontier is Substrate’s Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in `pallet-ethereum` can cause invalid transactions to be included in the Ethereum block state in `pallet-ethereum` due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction will appear to have be included, but is of no effect as it is rejected by the EVM engine. The impact is further limited by Substrate extrinsic size constraints. A patch is available in commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26. There are no workarounds aside from applying the patch. 2021-09-03 5 CVE-2021-39193
MISC
MISC
CONFIRM
MISC
phpwcms — phpwcms phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. 2021-09-08 4.3 CVE-2020-19855
MISC
pureftpd — pure-ftpd In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. 2021-09-05 5 CVE-2021-40524
MISC
python — pillow The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. 2021-09-03 5 CVE-2021-23437
CONFIRM
CONFIRM
CONFIRM
simplesystems — libtiff Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the “invertImage()” function in the component “tiffcrop”. 2021-09-07 5 CVE-2020-19131
MISC
MISC
swiftcrm — club-management-software An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2021-09-06 6.5 CVE-2021-24392
MISC
MISC
versa-networks — versa_director A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack. 2021-09-07 4.3 CVE-2021-39285
MISC
MISC
vim — vim vim is vulnerable to Heap-based Buffer Overflow 2021-09-06 4.6 CVE-2021-3770
MISC
CONFIRM
FEDORA
weechat — weechat WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin. 2021-09-05 5 CVE-2021-40516
MISC
MISC
wp-webhooks — email_encoder The Email Encoder – Protect Email Addresses WordPress plugin before 2.1.2 has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data. 2021-09-06 4.3 CVE-2021-24599
MISC
zmartzone — mod_auth_openidc mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version. 2021-09-03 5.8 CVE-2021-39191
MISC
MISC
MISC
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
addtoany — addtoany_share_buttons The AddToAny Share Buttons WordPress plugin before 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2021-09-06 3.5 CVE-2021-24568
MISC
bluetrum — ab5301a_firmware The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity. 2021-09-07 3.3 CVE-2021-34150
MISC
MISC
bookstackapp — bookstack bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-09-06 3.5 CVE-2021-3768
MISC
CONFIRM
bookstackapp — bookstack bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-09-06 3.5 CVE-2021-3767
CONFIRM
MISC
cliniccases — cliniccases Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content. This can result in account takeover via session token theft. 2021-09-07 3.5 CVE-2021-38707
MISC
MISC
dna88 — highlight The Highlight WordPress plugin before 0.9.3 does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2021-09-06 3.5 CVE-2021-24591
MISC
espressif — esp-idf The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet. 2021-09-07 3.3 CVE-2021-28136
MISC
MISC
MISC
MISC
eyoucms — eyoucms Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS. 2021-09-07 3.5 CVE-2021-39496
MISC
MISC
gdprinfo — cookie_notice_\&_consent_banner_for_gdpr_\&_ccpa_compliance The Cookie Notice & Consent Banner for GDPR & CCPA Compliance WordPress plugin before 1.7.2 does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin’s design customization options. 2021-09-06 3.5 CVE-2021-24590
MISC
geminilabs — site_reviews The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed 2021-09-06 3.5 CVE-2021-24603
MISC
jforum — jforum ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature. 2021-09-04 3.5 CVE-2021-40509
MISC
MISC
FULLDISC
MISC
nextcloud — circles Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Circles application is upgraded to 0.21.3, 0.20.10 or 0.19.14 to resolve this issue. As a workaround users may use a browser that has support for Content-Security-Policy. A notable exemption is Internet Explorer which does not support CSP properly. 2021-09-07 3.5 CVE-2021-32782
CONFIRM
MISC
MISC
otrs — otrs It’s possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions. 2021-09-06 3.5 CVE-2021-36094
CONFIRM
ti — cc256xcqfn-em_firmware The Bluetooth Classic implementation on the Texas Instruments CC256XCQFN-EM does not properly handle the reception of continuous LMP_AU_Rand packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after the paging procedure. 2021-09-07 3.3 CVE-2021-34149
MISC
MISC
MISC
trumani — stop_spammers The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfiltered_html capability is disallowed 2021-09-06 3.5 CVE-2021-24517
MISC
web-settler — form_builder The Form Builder | Create Responsive Contact Forms WordPress plugin before 1.9.8.4 does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed 2021-09-06 3.5 CVE-2021-24513
MISC
wpfront — wpfront_notification_bar The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-09-06 3.5 CVE-2021-24601
MISC
zh-jieli — ac6901_firmware The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP packet. 2021-09-07 3.3 CVE-2021-31613
MISC
MISC
MISC
MISC
zh-jieli — fw-ac63_bt_sdk The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity. 2021-09-07 3.3 CVE-2021-34144
MISC
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — multiple_products A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files. 2021-09-08 not yet calculated CVE-2021-1836
MISC
MISC
apple — multiple_products Multiple issues in apache were addressed by updating apache to version 2.4.46. This issue is fixed in Security Update 2021-004 Mojave. Multiple issues in apache. 2021-09-08 not yet calculated CVE-2021-30690
MISC
gdpm — gdpm qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php. 2021-09-09 not yet calculated CVE-2020-19515
MISC
accounting — accounting
 
An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack. 2021-09-07 not yet calculated CVE-2020-19765
MISC
adobe — after_effects
 
Adobe After Effects version 18.1 (and earlier) is affected by a potential Command injection vulnerability when chained with a development and debugging tool for JavaScript scripts. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-08 not yet calculated CVE-2021-28571
MISC
adobe — creative_cloud_desktop
 
Adobe Creative Cloud Desktop 3.5 (and earlier) is affected by an uncontrolled search path vulnerability that could result in elevation of privileges. Exploitation of this issue requires user interaction in that a victim must log on to the attacker’s local machine. 2021-09-08 not yet calculated CVE-2021-28581
MISC
adobe — genuine_services
 
Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. A local authenticated attacker could leverage this vulnerability to achieve privilege escalation in the context of the current user. 2021-09-08 not yet calculated CVE-2021-28568
MISC
adobe — illustrator
 
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-08 not yet calculated CVE-2021-21103
MISC
adobe — illustrator
 
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-08 not yet calculated CVE-2021-21104
MISC
adobe — illustrator
 
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-08 not yet calculated CVE-2021-21105
MISC
adobe — magento Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for successful exploitation. 2021-09-08 not yet calculated CVE-2021-28567
MISC
adobe — magento
 
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation. 2021-09-08 not yet calculated CVE-2021-28566
MISC
adobe — media_encoder
 
Adobe Media Encoder version 15.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-08 not yet calculated CVE-2021-28569
MISC
adobe — medium
 
Medium by Adobe version 2.4.5.331 (and earlier) is affected by a buffer overflow vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-08 not yet calculated CVE-2021-28580
MISC
advantech — webaccess
 
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. 2021-09-09 not yet calculated CVE-2021-38408
MISC
android — samsung NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. 2021-09-09 not yet calculated CVE-2021-25458
MISC
android — samsung An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. 2021-09-09 not yet calculated CVE-2021-25460
MISC
android — samsung An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack. 2021-09-09 not yet calculated CVE-2021-25465
MISC
android — samsung
 
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService. 2021-09-09 not yet calculated CVE-2021-25459
MISC
android — samsung
 
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information. 2021-09-09 not yet calculated CVE-2021-25453
MISC
android — samsung
 
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device. 2021-09-09 not yet calculated CVE-2021-25452
MISC
android — samsung
 
Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token. 2021-09-09 not yet calculated CVE-2021-25466
MISC
android — samsung
 
An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak. 2021-09-09 not yet calculated CVE-2021-25464
MISC
android — samsung
 
NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. 2021-09-09 not yet calculated CVE-2021-25462
MISC
android — samsung
 
An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow. 2021-09-09 not yet calculated CVE-2021-25461
MISC
android — samsung
 
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information. 2021-09-09 not yet calculated CVE-2021-25457
MISC
android — samsung
 
OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file. 2021-09-09 not yet calculated CVE-2021-25456
MISC
android — samsung
 
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file. 2021-09-09 not yet calculated CVE-2021-25455
MISC
android — samsung
 
OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file. 2021-09-09 not yet calculated CVE-2021-25454
MISC
android — samsung
 
Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview. 2021-09-09 not yet calculated CVE-2021-25463
MISC
any23 — any23
 
A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities. 2021-09-11 not yet calculated CVE-2021-40146
CONFIRM
MLIST
any23 — any23
 
An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. 2021-09-11 not yet calculated CVE-2021-38555
CONFIRM
apache — airflow
 
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3. 2021-09-09 not yet calculated CVE-2021-38540
CONFIRM
MLIST
apache — dubbo Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). These rules are loaded into the configuration center (eg: Zookeeper, Nacos, …) and retrieved by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers will use SnakeYAML library to load the rules which by default will enable calling arbitrary constructors. An attacker with access to the configuration center he will be able to poison the rule so when retrieved by the consumers, it will get RCE on all of them. This was fixed in Dubbo 2.7.13, 3.0.2 2021-09-07 not yet calculated CVE-2021-36162
MISC
apache — dubbo
 
In Apache Dubbo, users may choose to use the Hessian protocol. The Hessian protocol is implemented on top of HTTP and passes the body of a POST request directly to a HessianSkeleton: New HessianSkeleton are created without any configuration of the serialization factory and therefore without applying the dubbo properties for applying allowed or blocked type lists. In addition, the generic service is always exposed and therefore attackers do not need to figure out a valid service/method name pair. This is fixed in 2.7.13, 2.6.10.1 2021-09-07 not yet calculated CVE-2021-36163
MISC
apache — dubbo
 
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13 2021-09-09 not yet calculated CVE-2021-36161
MISC
apple — big_sur This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass certain Privacy preferences. 2021-09-08 not yet calculated CVE-2021-30751
MISC
apple — big_sur
 
A local attacker may be able to elevate their privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A memory corruption issue was addressed with improved validation. 2021-09-08 not yet calculated CVE-2021-30739
MISC
MISC
MISC
apple — big_sur
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A non-privileged user may be able to modify restricted settings. 2021-09-08 not yet calculated CVE-2021-30718
MISC
apple — big_sur
 
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3. A malicious application may be able to access the user’s recent contacts. 2021-09-08 not yet calculated CVE-2021-30750
MISC
apple — big_sur
 
Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.5. A local attacker may be able to execute code on the Apple T2 Security Chip. 2021-09-08 not yet calculated CVE-2021-30784
MISC
apple — big_sur
 
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30805
MISC
MISC
MISC
apple — big_sur
 
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information. 2021-09-08 not yet calculated CVE-2021-30722
MISC
MISC
MISC
apple — big_sur
 
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information. 2021-09-08 not yet calculated CVE-2021-30721
MISC
MISC
MISC
apple — big_sur
 
A local user may be able to cause unexpected system termination or read kernel memory. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. An out-of-bounds read issue was addressed by removing the vulnerable code. 2021-09-08 not yet calculated CVE-2021-30719
MISC
MISC
apple — big_sur
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-30772
MISC
apple — big_sur
 
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to bypass Privacy preferences. 2021-09-08 not yet calculated CVE-2021-30778
MISC
apple — big_sur
 
A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access a user’s recent Contacts. 2021-09-08 not yet calculated CVE-2021-30803
MISC
apple — big_sur
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina. An unprivileged application may be able to capture USB devices. 2021-09-08 not yet calculated CVE-2021-30731
MISC
MISC
apple — boot_camp
 
A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges. 2021-09-08 not yet calculated CVE-2021-30675
MISC
apple — imovie
 
This issue was addressed by enabling hardened runtime. This issue is fixed in iMovie 10.2.4. Entitlements and privacy permissions granted to this app may be used by a malicious app. 2021-09-08 not yet calculated CVE-2021-30757
MISC
apple — ios
 
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. 2021-09-08 not yet calculated CVE-2021-30762
MISC
apple — ios
 
This issue was addressed with improved checks. This issue is fixed in iOS 14.7. Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30800
MISC
apple — ios
 
A permissions issue was addressed with improved validation. This issue is fixed in iOS 14.7. A malicious application may be able to access Find My data. 2021-09-08 not yet calculated CVE-2021-30804
MISC
apple — ios
 
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. 2021-09-08 not yet calculated CVE-2021-30761
MISC
apple — ios_and_ipad A logic issue was addressed with improved validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to execute arbitrary code with system privileges. 2021-09-08 not yet calculated CVE-2021-1812
MISC
apple — ios_and_ipados A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-1874
MISC
apple — ios_and_ipados A certificate validation issue was addressed. This issue is fixed in iOS 14.5 and iPadOS 14.5. An attacker in a privileged network position may be able to alter network traffic. 2021-09-08 not yet calculated CVE-2021-1837
MISC
apple — ios_and_ipados The issue was addressed with improved UI handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to view sensitive information in the app switcher. 2021-09-08 not yet calculated CVE-2021-1848
MISC
apple — ios_and_ipados This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to gain elevated privileges. 2021-09-08 not yet calculated CVE-2021-1833
MISC
apple — ios_and_ipados An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory. 2021-09-08 not yet calculated CVE-2021-1852
MISC
apple — ios_and_ipados An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory. 2021-09-08 not yet calculated CVE-2021-1877
MISC
apple — ios_and_ipados An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, macOS Big Sur 11.3. A malicious application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-1867
MISC
MISC
apple — ios_and_ipados
 
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted audio file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30742
MISC
apple — ios_and_ipados
 
This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to access notes from the lock screen. 2021-09-08 not yet calculated CVE-2021-1835
MISC
apple — ios_and_ipados
 
The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files. 2021-09-08 not yet calculated CVE-2021-1831
MISC
apple — ios_and_ipados
 
Description: A person with physical access may be able to access contacts. This issue is fixed in iOS 14.5 and iPadOS 14.5. Impact: An issue with Siri search access to information was addressed with improved logic. 2021-09-08 not yet calculated CVE-2021-1862
MISC
apple — ios_and_ipados
 
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. 2021-09-08 not yet calculated CVE-2021-30741
MISC
apple — ios_and_ipados
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory. 2021-09-08 not yet calculated CVE-2021-1830
MISC
apple — ios_and_ipados
 
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results. 2021-09-08 not yet calculated CVE-2021-30729
MISC
apple — ios_and_ipados
 
A race condition was addressed with improved state handling. This issue is fixed in iOS 14.6 and iPadOS 14.6. An application may be able to cause unexpected system termination or write kernel memory. 2021-09-08 not yet calculated CVE-2021-30714
MISC
apple — ios_and_ipados
 
This issue was addressed with improved checks. This issue is fixed in iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1838
MISC
apple — ios_and_ipados
 
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code. 2021-09-08 not yet calculated CVE-2021-1864
MISC
MISC
MISC
apple — ios_and_ipados
 
This issue was addressed with improved checks. This issue is fixed in iOS 14.6 and iPadOS 14.6. A malicious application may disclose restricted memory. 2021-09-08 not yet calculated CVE-2021-30674
MISC
apple — ios_and_ipados
 
This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30662
MISC
apple — ios_and_ipados
 
A validation issue was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. A malicious application may be able to leak sensitive user information. 2021-09-08 not yet calculated CVE-2021-30659
MISC
MISC
MISC
apple — ios_and_ipados
 
A window management issue was addressed with improved state management. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be able to view restricted content from the lockscreen. 2021-09-08 not yet calculated CVE-2021-30699
MISC
apple — ios_and_ipados
 
A call termination issue with was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A legacy cellular network can automatically answer an incoming call when an ongoing call ends or drops. . 2021-09-08 not yet calculated CVE-2021-1854
MISC
apple — ios_and_ipados
 
An access issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to determine kernel memory layout. 2021-09-08 not yet calculated CVE-2021-30656
MISC
apple — ios_and_ipados
 
An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user’s password may be visible on screen. 2021-09-08 not yet calculated CVE-2021-1865
MISC
apple — ios_and_ipados
 
An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone number. 2021-09-08 not yet calculated CVE-2021-1863
MISC
apple — ios_and_ipados
 
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.6 and iPadOS 14.6. An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism. 2021-09-08 not yet calculated CVE-2021-30667
MISC
apple — macios
 
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. 2021-09-08 not yet calculated CVE-2021-30666
MISC
apple — macos_big_sur This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks. 2021-09-08 not yet calculated CVE-2021-30658
MISC
apple — macos_big_sur A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. An out-of-bounds write issue was addressed with improved bounds checking. 2021-09-08 not yet calculated CVE-2021-1841
MISC
MISC
apple — macos_big_sur A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may bypass Gatekeeper checks. 2021-09-08 not yet calculated CVE-2021-30669
MISC
MISC
MISC
apple — macos_big_sur An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to access a user’s call history. 2021-09-08 not yet calculated CVE-2021-30673
MISC
MISC
apple — macos_big_sur A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to send unauthorized Apple events to Finder. 2021-09-08 not yet calculated CVE-2021-30671
MISC
MISC
apple — macos_big_sur A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.. 2021-09-08 not yet calculated CVE-2021-30713
MISC
apple — macos_big_sur
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited.. 2021-09-08 not yet calculated CVE-2021-30657
MISC
MISC
apple — macos_big_sur
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A remote attacker may cause an unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30684
MISC
MISC
apple — macos_big_sur
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4. A local user may be able to load unsigned kernel extensions. 2021-09-08 not yet calculated CVE-2021-30680
MISC
apple — macos_big_sur
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A person with physical access to a Mac may be able to bypass Login Window during a software update. 2021-09-08 not yet calculated CVE-2021-30668
MISC
apple — macos_big_sur
 
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-30672
MISC
MISC
MISC
apple — macos_big_sur
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. 2021-09-08 not yet calculated CVE-2021-1810
MISC
MISC
apple — macos_big_sur
 
An application may be able to execute arbitrary code with system privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. The issue was addressed with improved permissions logic. 2021-09-08 not yet calculated CVE-2021-30655
MISC
MISC
apple — macos_big_sur
 
A malicious application may be able to break out of its sandbox. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A path handling issue was addressed with improved validation. 2021-09-08 not yet calculated CVE-2021-30688
MISC
MISC
apple — macos_big_sur
 
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application could execute arbitrary code leading to compromise of user information. 2021-09-08 not yet calculated CVE-2021-30683
MISC
MISC
MISC
apple — macos_big_sur
 
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-1829
MISC
apple — macos_catalina
 
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2020-27942
MISC
MISC
apple — multiple_products A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. 2021-09-08 not yet calculated CVE-2021-1820
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30678
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted ASTC file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30705
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to perform denial of service. 2021-09-08 not yet calculated CVE-2021-30716
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory. 2021-09-08 not yet calculated CVE-2021-1809
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory. 2021-09-08 not yet calculated CVE-2021-1808
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30746
MISC
MISC
MISC
MISC
apple — multiple_products A stack overflow was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30759
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30749
MISC
MISC
MISC
MISC
MISC
apple — multiple_products Processing a maliciously crafted image may lead to disclosure of user information. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. This issue was addressed with improved checks. 2021-09-08 not yet calculated CVE-2021-30706
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges. 2021-09-08 not yet calculated CVE-2021-1839
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted server messages may lead to heap corruption. 2021-09-08 not yet calculated CVE-2021-1883
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30694
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read was addressed with improved input validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1881
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30704
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. Muting a CallKit call while ringing may not result in mute being enabled. 2021-09-08 not yet calculated CVE-2021-1872
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local attacker may be able to elevate their privileges. 2021-09-08 not yet calculated CVE-2021-1868
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30692
MISC
MISC
MISC
MISC
apple — multiple_products A memory initialization issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to disclose kernel memory. 2021-09-08 not yet calculated CVE-2021-1860
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds write issue was addressed with improved bounds checking. 2021-09-08 not yet calculated CVE-2021-1858
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges. 2021-09-08 not yet calculated CVE-2021-1840
MISC
MISC
MISC
apple — multiple_products An attacker in a privileged network position may be able to misrepresent application state. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A logic issue was addressed with improved state management. 2021-09-08 not yet calculated CVE-2021-30696
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak sensitive user information. 2021-09-08 not yet calculated CVE-2021-30697
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service. 2021-09-08 not yet calculated CVE-2021-30698
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A person with physical access to a Mac may be able to bypass Login Window. 2021-09-08 not yet calculated CVE-2021-30702
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1847
MISC
MISC
MISC
apple — multiple_products A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30703
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, watchOS 7.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1814
MISC
MISC
apple — multiple_products An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30760
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system. 2021-09-08 not yet calculated CVE-2021-1822
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to access restricted files. 2021-09-08 not yet calculated CVE-2021-30782
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. A sandboxed process may be able to circumvent sandbox restrictions. 2021-09-08 not yet calculated CVE-2021-30768
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30802
MISC
MISC
apple — multiple_products An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious application may be able to bypass code signing checks. 2021-09-08 not yet calculated CVE-2021-30773
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Playing a malicious audio file may lead to an unexpected application termination. 2021-09-08 not yet calculated CVE-2021-30776
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted audio file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30775
MISC
MISC
MISC
MISC
MISC
apple — multiple_products Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30799
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30788
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6. A malicious application may be able to bypass certain Privacy preferences. 2021-09-08 not yet calculated CVE-2021-30798
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. 2021-09-08 not yet calculated CVE-2021-30770
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution. 2021-09-08 not yet calculated CVE-2021-30797
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30785
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30786
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30712
MISC
MISC
MISC
apple — multiple_products A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30795
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service. 2021-09-08 not yet calculated CVE-2021-1884
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30792
MISC
MISC
apple — multiple_products A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. 2021-09-08 not yet calculated CVE-2021-1826
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30709
MISC
MISC
MISC
MISC
apple — multiple_products A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system. 2021-09-08 not yet calculated CVE-2021-1815
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30710
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30758
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing a maliciously crafted image may lead to a denial of service. 2021-09-08 not yet calculated CVE-2021-30796
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30765
MISC
MISC
MISC
apple — multiple_products Processing a maliciously crafted file may lead to arbitrary code execution. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. This issue was addressed with improved checks. 2021-09-08 not yet calculated CVE-2021-30764
MISC
MISC
MISC
apple — multiple_products An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.7, watchOS 7.6. A shortcut may be able to bypass Internet permission requirements. 2021-09-08 not yet calculated CVE-2021-30763
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30653
MISC
MISC
MISC
MISC
apple — multiple_products

 

A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption. 2021-09-08 not yet calculated CVE-2021-1875
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products

 

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30723
MISC
MISC
MISC
MISC
apple — multiple_products

 

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted font may result in the disclosure of process memory. 2021-09-08 not yet calculated CVE-2021-30733
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30725
MISC
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges. 2021-09-08 not yet calculated CVE-2021-30724
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A logic issue was addressed with improved state management. 2021-09-08 not yet calculated CVE-2021-1770
MISC
MISC
MISC
MISC
apple — multiple_products
 
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. 2021-09-08 not yet calculated CVE-2021-1740
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system. 2021-09-08 not yet calculated CVE-2021-1784
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30793
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30748
MISC
MISC
apple — multiple_products
 
Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An out-of-bounds read was addressed with improved input validation. 2021-09-08 not yet calculated CVE-2021-30753
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-30780
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted file may disclose user information. 2021-09-08 not yet calculated CVE-2021-30791
MISC
MISC
apple — multiple_products
 
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30790
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30789
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to cause unexpected system termination or write kernel memory. 2021-09-08 not yet calculated CVE-2021-30787
MISC
MISC
MISC
apple — multiple_products
 
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A sandboxed process may be able to circumvent sandbox restrictions. 2021-09-08 not yet calculated CVE-2021-30783
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A local attacker may be able to cause unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30781
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An out-of-bounds read was addressed with improved input validation. 2021-09-08 not yet calculated CVE-2021-30752
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30728
MISC
MISC
MISC
apple — multiple_products
 
An injection issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-30777
MISC
MISC
MISC
apple — multiple_products
 
A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking. 2021-09-08 not yet calculated CVE-2021-30726
MISC
MISC
MISC
apple — multiple_products
 
A malicious application may be able to overwrite arbitrary files. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Mojave. An issue with path validation logic for hardlinks was addressed with improved path sanitization. 2021-09-08 not yet calculated CVE-2021-30738
MISC
MISC
apple — multiple_products
 
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1762
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A local user may be able to cause unexpected system termination or read kernel memory. 2021-09-08 not yet calculated CVE-2021-30676
MISC
MISC
MISC
apple — multiple_products
 
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30663
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30664
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. 2021-09-08 not yet calculated CVE-2021-30665
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. 2021-09-08 not yet calculated CVE-2021-30661
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. 2021-09-08 not yet calculated CVE-2021-30769
MISC
MISC
MISC
apple — multiple_products
 
A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-30652
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1885
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1817
MISC
MISC
MISC
MISC
apple — multiple_products
 
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. 2021-09-08 not yet calculated CVE-2021-1739
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to gain elevated privileges. 2021-09-08 not yet calculated CVE-2021-1882
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30743
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30740
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted certificate may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30737
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30736
MISC
MISC
MISC
MISC
apple — multiple_products
 
A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking. 2021-09-08 not yet calculated CVE-2021-30735
MISC
MISC
MISC
apple — multiple_products
 
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30734
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. 2021-09-08 not yet calculated CVE-2021-30744
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to disclose kernel memory. 2021-09-08 not yet calculated CVE-2021-30660
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-30774
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30766
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An application may be able to cause unexpected system termination or write kernel memory. 2021-09-08 not yet calculated CVE-2021-1828
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30701
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code. 2021-09-08 not yet calculated CVE-2021-30717
MISC
MISC
MISC
apple — multiple_products
 
A validation issue was addressed with improved logic. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-1813
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service. 2021-09-08 not yet calculated CVE-2021-30715
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-1816
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application with root privileges may be able to access private information. 2021-09-08 not yet calculated CVE-2021-1824
MISC
MISC
apple — multiple_products
 
An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. 2021-09-08 not yet calculated CVE-2021-1825
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to disclosure of user information. 2021-09-08 not yet calculated CVE-2021-30700
MISC
MISC
MISC
MISC
apple — multiple_products
 
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files. 2021-09-08 not yet calculated CVE-2021-1807
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30708
MISC
MISC
MISC
MISC
apple — multiple_products
 
Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logic. 2021-09-08 not yet calculated CVE-2021-1832
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-1834
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1843
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
Processing a maliciously crafted audio file may disclose restricted memory. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds read was addressed with improved input validation. 2021-09-08 not yet calculated CVE-2021-1846
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions. 2021-09-08 not yet calculated CVE-2021-30756
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted audio file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30707
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to modify protected parts of the file system. 2021-09-08 not yet calculated CVE-2021-30727
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-1851
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to bypass Privacy preferences. 2021-09-08 not yet calculated CVE-2021-1849
MISC
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Parsing a maliciously crafted audio file may lead to disclosure of user information. 2021-09-08 not yet calculated CVE-2021-30685
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An API issue in Accessibility TCC permissions was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to unexpectedly leak a user’s credentials from secure text fields. 2021-09-08 not yet calculated CVE-2021-1873
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An application may be able to gain elevated privileges. 2021-09-08 not yet calculated CVE-2021-30679
MISC
MISC
MISC
apple — multiple_products
 
Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5. An out-of-bounds read was addressed with improved input validation. 2021-09-08 not yet calculated CVE-2021-30755
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30779
MISC
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox. 2021-09-08 not yet calculated CVE-2021-30677
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. 2021-09-08 not yet calculated CVE-2021-30720
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory. 2021-09-08 not yet calculated CVE-2021-1811
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30695
MISC
MISC
MISC
MISC
apple — multiple_products
 
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30691
MISC
MISC
MISC
MISC
apple — multiple_products
 
A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30693
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. 2021-09-08 not yet calculated CVE-2021-30689
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user information. 2021-09-08 not yet calculated CVE-2021-30687
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information. 2021-09-08 not yet calculated CVE-2021-1857
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted audio file may disclose restricted memory. 2021-09-08 not yet calculated CVE-2021-30686
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1876
MISC
MISC
MISC
apple — multiple_products
 
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An attacker in a privileged network position may be able to leak sensitive user information. 2021-09-08 not yet calculated CVE-2021-1878
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. 2021-09-08 not yet calculated CVE-2021-30682
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-30681
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, watchOS 7.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1880
MISC
MISC
apple — tv_app
 
This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app. 2021-09-08 not yet calculated CVE-2020-27940
MISC
arista — metamako_operating_system In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train 2021-09-09 not yet calculated CVE-2021-28499
MISC
arista — metamako_operating_system In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train 2021-09-09 not yet calculated CVE-2021-28497
MISC
arista — metamako_operating_system In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train 2021-09-09 not yet calculated CVE-2021-28495
MISC
arista — metamako_operating_system
 
In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases 2021-09-09 not yet calculated CVE-2021-28493
MISC
arista — metamako_operating_system
 
In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases 2021-09-09 not yet calculated CVE-2021-28494
MISC
arista — metamako_operating_systems In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista Metamako Operating System MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and prior releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train 2021-09-09 not yet calculated CVE-2021-28498
MISC
aruba — operating_system_software
 
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability. 2021-09-07 not yet calculated CVE-2019-5318
MISC
aruba — sd-wan_software_and_gateways
 
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 not yet calculated CVE-2021-37733
MISC
aruba — sd-wan_software_and_gateways
 
A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 not yet calculated CVE-2021-37731
MISC
atlassian — jira_server Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users’ emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. 2021-09-08 not yet calculated CVE-2021-39122
N/A
atlassian — jira_server
 
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2. 2021-09-08 not yet calculated CVE-2021-39121
MISC
atlassian — jira_server
 
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application’s availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.19.0. 2021-09-08 not yet calculated CVE-2021-39116
N/A
autumn — autumn
 
Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component “autumn-cms/user/getAllUser/?page=1&limit=10”. 2021-09-08 not yet calculated CVE-2020-19137
MISC
bab_technologie — gmbh_eibPort BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique ‘eibPort String’ which acts as the root SSH key passphrase. This is usable and part of an attack chain to gain SSH root access. 2021-09-09 not yet calculated CVE-2021-28913
MISC
bab_technologie — gmbh_eibPort BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key passphrase known as ‘eibPort string’. This is usable and the final part of an attack chain to gain SSH root access. 2021-09-09 not yet calculated CVE-2021-28912
MISC
bab_technologie — gmbh_eibPort BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is usable and part of an attack chain to gain SSH root access. 2021-09-09 not yet calculated CVE-2021-28914
MISC
bab_technologie — gmbh_eibPort
 
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as ‘admin’. This is usable and part of an attack chain to gain SSH root access. 2021-09-09 not yet calculated CVE-2021-28909
MISC
bab_technologie — gmbh_eibPort
 
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server. 2021-09-09 not yet calculated CVE-2021-28910
MISC
bab_technologie — gmbh_eibPort
 
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface. This is usable and part of an attack chain to gain SSH root access. 2021-09-09 not yet calculated CVE-2021-28911
MISC
bandisoftco.ltd — ark_library
 
A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check. 2021-09-09 not yet calculated CVE-2021-26603
MISC
barco — mirrorop_windows_server
 
Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS). 2021-09-07 not yet calculated CVE-2021-38142
MISC
MISC
better_errors — better_errors
 
better_errors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. better_errors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct “Content-Type” header for these requests, which allowed a cross-origin “simple request” to be made without CORS protection. These together left an application with better_errors enabled open to cross-origin attacks. As a developer tool, better_errors documentation strongly recommends addition only to the `development` bundle group, so this vulnerability should only affect development environments. Please ensure that your project limits better_errors to the `development` group (or the non-Rails equivalent). Starting with release 2.8.x, CSRF protection is enforced. It is recommended that you upgrade to the latest release, or minimally to “~> 2.8.3”. There are no known workarounds to mitigate the risk of using older releases of better_errors. 2021-09-07 not yet calculated CVE-2021-39197
MISC
CONFIRM
MISC
MISC
bluetrum — ab32vg1_devices
 
The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data. 2021-09-07 not yet calculated CVE-2021-31610
MISC
MISC
MISC
MISC
bluetrum — ats2815_and_ats2819_devices The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication. 2021-09-07 not yet calculated CVE-2021-31785
MISC
MISC
MISC
bluetrum — ats2815_and_ats2819_devices
 
The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host. 2021-09-07 not yet calculated CVE-2021-31786
MISC
MISC
MISC
bolt-server — bolt-server
 
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). 2021-09-07 not yet calculated CVE-2021-27022
MISC
btcpayserver — btcpayserver
 
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-09-10 not yet calculated CVE-2021-3646
CONFIRM
MISC
central_dogma — central_dogma
 
Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project. 2021-09-08 not yet calculated CVE-2021-38388
MISC
cisco — broadworks_commpilet_application_osftware
 
Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. 2021-09-09 not yet calculated CVE-2021-34785
CISCO
cisco — broadworks_commpilot_application_software
 
Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. 2021-09-09 not yet calculated CVE-2021-34786
CISCO
cisco — ios_xr_software A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process. 2021-09-09 not yet calculated CVE-2021-34720
CISCO
cisco — ios_xr_software A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by running a specific command. A successful exploit could allow the attacker to view sensitive configuration information that their privileges might not otherwise allow them to access. 2021-09-09 not yet calculated CVE-2021-34771
CISCO
cisco — ios_xr_software Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2021-09-09 not yet calculated CVE-2021-34719
CISCO
cisco — ios_xr_software
 
A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the dhcpd process. While the dhcpd process is restarting, which may take up to approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period. Note: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload. 2021-09-09 not yet calculated CVE-2021-34737
CISCO
cisco — ios_xr_software
 
A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An attacker could exploit this vulnerability by sending specific types of Ethernet frames on the segment where the affected line cards are attached. A successful exploit could allow the attacker to cause the affected line card to reboot. 2021-09-09 not yet calculated CVE-2021-34713
CISCO
cisco — ios_xr_software
 
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. 2021-09-09 not yet calculated CVE-2021-34722
CISCO
cisco — ios_xr_software
 
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. 2021-09-09 not yet calculated CVE-2021-34721
CISCO
cisco — ios_xr_software
 
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2021-09-09 not yet calculated CVE-2021-34728
CISCO
cisco — ios_xr_software
 
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to. 2021-09-09 not yet calculated CVE-2021-34718
CISCO
cisco — network_convergence_system
 
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. 2021-09-09 not yet calculated CVE-2021-34709
CISCO
cisco — network_convergence_systems
 
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. 2021-09-09 not yet calculated CVE-2021-34708
CISCO
citrix — hypervisor
 
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed. 2021-09-08 not yet calculated CVE-2021-28701
MISC
CONFIRM
MLIST
cypress — wiced_bt_stack

 

The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure. 2021-09-07 not yet calculated CVE-2021-34146
MISC
MISC
cypress — wiced_bt_stack

 

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress. 2021-09-07 not yet calculated CVE-2021-34147
MISC
MISC
cypress — wiced_bt_stack
 
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. 2021-09-07 not yet calculated CVE-2021-34145
MISC
MISC
cypress — wiced_bt_stack
 
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. 2021-09-07 not yet calculated CVE-2021-34148
MISC
MISC
d-link — dsl-3782_devices
 
D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface “/cgi-bin/New_GUI/Igmp.asp”. Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter ‘igmpsnoopEnable’ via an HTTP request. 2021-09-09 not yet calculated CVE-2021-40284
MISC
MISC
deskpro — cloud
 
Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in social media links on a user profile due to lack of input validation. 2021-09-07 not yet calculated CVE-2021-36696
MISC
deskpro — cloud
 
Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in the download file feature on a manager profile due to lack of input validation. 2021-09-08 not yet calculated CVE-2021-36695
MISC
deskpro — cloud
 
In order to perform a directory traversal attack, all an attacker needs is a web browser and some knowledge on where to blindly find any default files and directories on the system. on the “Name” parameter the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system. 2021-09-07 not yet calculated CVE-2021-36717
CERT
dotcms — dotcms
 
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component “/src/main/java/com/dotmarketing/filters/CMSFilter.java”. 2021-09-08 not yet calculated CVE-2020-19138
MISC
dswicms — dswicms
 
A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. 2021-09-09 not yet calculated CVE-2020-19265
MISC
dswicms — dswicms
 
A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. 2021-09-09 not yet calculated CVE-2020-19266
MISC
dswicms — dswicms
 
An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. 2021-09-09 not yet calculated CVE-2020-19267
MISC
dswicms — dswicms
 
A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users. 2021-09-09 not yet calculated CVE-2020-19268
MISC
dubbo — provider
 
The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there’s an exception that the attacker can use to skip the security check (when enabled) and reaching a deserialization operation with native java serialization. Apache Dubbo 2.7.13, 3.0.2 fixed this issue by quickly fail when any unrecognized request was found. 2021-09-09 not yet calculated CVE-2021-37579
MISC
eclipse — keti

 

Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063. 2021-09-09 not yet calculated CVE-2021-32835
CONFIRM
eclipse — keti
 
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063. 2021-09-09 not yet calculated CVE-2021-32834
CONFIRM
eigen — nlp

 

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users’ profiles and much more. 2021-09-07 not yet calculated CVE-2021-38616
MISC
MISC
MISC
eigen — nlp
 
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation. 2021-09-07 not yet calculated CVE-2021-38617
MISC
MISC
MISC
eigen — nlp
 
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information. 2021-09-07 not yet calculated CVE-2021-38615
MISC
MISC
MISC
elgamal — botan
 
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver’s public key, the generator defined by the receiver’s public key, and the sender’s ephemeral exponents can lead to a cross-configuration attack against OpenPGP. 2021-09-06 not yet calculated CVE-2021-40529
MISC
MISC
MISC
MISC
elgamal — crypto++
 
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver’s public key, the generator defined by the receiver’s public key, and the sender’s ephemeral exponents can lead to a cross-configuration attack against OpenPGP. 2021-09-06 not yet calculated CVE-2021-40530
MISC
MISC
MISC
emby — server
 
Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4.0 and may not be patched in later versions. Known vulnerable routes are /Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer, /Images/Ratings/theme/name and /Images/MediaInfo/theme/name. For more details including proof of concept code, refer to the referenced GHSL-2021-051. This issue may lead to unauthorized access to the system especially when Emby Server is configured to be accessible from the Internet. 2021-09-09 not yet calculated CVE-2021-32833
CONFIRM
espressif — esp-idf
 
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data. 2021-09-07 not yet calculated CVE-2021-28135
MISC
MISC
MISC
MISC
eyoucms — eyoucms Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject “../” to escape and write file to writeable directories. 2021-09-07 not yet calculated CVE-2021-39500
MISC
MISC
eyoucms — eyoucms
 
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. 2021-09-07 not yet calculated CVE-2021-39497
MISC
MISC
MISC
factoryaircommandmanager — factoryaircommandmanager
 
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket. 2021-09-09 not yet calculated CVE-2021-25450
MISC
fish_hunt — fish_hunt
 
An insufficient session expiration vulnerability exists in the “Fish | Hunt FL” iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. 2021-09-08 not yet calculated CVE-2021-33982
MISC
fish_hunt — fish_hunt
 
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the “Fish | Hunt FL” iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people’s personal information and images of their hunting/fishing licenses. 2021-09-08 not yet calculated CVE-2021-33981
MISC
flask-appbuilder — flask-appbuilder
 
Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where the `next-site` domain is different from the application you are protecting as a workaround. 2021-09-08 not yet calculated CVE-2021-32805
CONFIRM
MISC
fortinet — fortisandbox
 
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks) 2021-09-08 not yet calculated CVE-2020-29012
CONFIRM
fortinet — fortiweb
 
A Improper neutralization of special elements used in a command (‘Command Injection’) in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests 2021-09-08 not yet calculated CVE-2021-36182
CONFIRM
fortinet — fortiweb
 
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution 2021-09-08 not yet calculated CVE-2021-36179
CONFIRM
fuel — cms FUEL CMS 1.5.0 allows SQL Injection via parameter ‘col’ in /fuel/index.php/fuel/logs/items 2021-09-09 not yet calculated CVE-2021-38727
MISC
fuel — cms
 
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php 2021-09-09 not yet calculated CVE-2021-38725
MISC
MISC
fuel — cms
 
FUEL CMS 1.5.0 allows SQL Injection via parameter ‘col’ in /fuel/index.php/fuel/pages/items 2021-09-09 not yet calculated CVE-2021-38723
MISC
fuel — cms
 
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability 2021-09-09 not yet calculated CVE-2021-38721
MISC
MISC
garageband — garageband
 
This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information. 2021-09-08 not yet calculated CVE-2021-30654
MISC
github — github
 
check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) enabled that triggers on `pull_request_target` (or `schedule`), an attacker can send a crafted Pull Request that causes a `GITHUB_TOKEN` to be exposed. With the `GITHUB_TOKEN`, it’s possible to push commits to the repository bypassing standard approval processes. Commits to the repository could then steal any/all secrets available to the repository. As a workaround users may can either: [Disable the workflow](https://docs.github.com/en/actions/managing-workflow-runs/disabling-and-enabling-a-workflow) until you’ve fixed all branches or Set repository to [Allow specific actions](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#allowing-specific-actions-to-run). check-spelling isn’t a verified creator and it certainly won’t be anytime soon. You could then explicitly add other actions that your repository uses. Set repository [Workflow permissions](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository) to `Read repository contents permission`. Workflows using `check-spelling/check-spelling@main` will get the fix automatically. Workflows using a pinned sha or tagged version will need to change the affected workflows for all repository branches to the latest version. Users can verify who and which Pull Requests have been running the action by looking up the spelling.yml action in the Actions tab of their repositories, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml – you can filter PRs by adding ?query=event%3Apull_request_target, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml?query=event%3Apull_request_target. 2021-09-09 not yet calculated CVE-2021-32724
CONFIRM
MISC
gitlab — ce/ee
 
An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. 2021-09-09 not yet calculated CVE-2021-22239
MISC
CONFIRM
glewlwyd — sso_server
 
scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration. 2021-09-08 not yet calculated CVE-2021-40818
MISC
MISC
gnu — mailman_postorius
 
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place. 2021-09-10 not yet calculated CVE-2021-40347
CONFIRM
MISC
CONFIRM
MISC
MISC
DEBIAN
google — chromeon_readiness_tool
 
Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls. 2021-09-08 not yet calculated CVE-2021-30605
MISC
MISC
handysoftco.ltd — hshell.dll
 
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash. 2021-09-09 not yet calculated CVE-2021-26608
MISC
haproxy — haproxy
 
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. 2021-09-08 not yet calculated CVE-2021-40346
MISC
DEBIAN
MISC
MISC
MISC
MISC
MLIST
MLIST
hashicorp — consul_and_consul_enterprise
 
HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2. 2021-09-07 not yet calculated CVE-2021-37219
MISC
MISC
hashicorp — consul_and_consul_enterprise
 
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2. 2021-09-07 not yet calculated CVE-2021-38698
MISC
MISC
hashicorp — nomad_and_nomad_enterprise_raft
 
HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4. 2021-09-07 not yet calculated CVE-2021-37218
MISC
MISC
hitachi — abb_power_grids_system_data_manager
 
Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257). 2021-09-08 not yet calculated CVE-2021-35526
CONFIRM
huawei — ais-bw50-00_devices
 
There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device. 2021-09-09 not yet calculated CVE-2021-37101
MISC
huawei — cx5500_and_cx5100
 
** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-09-07 not yet calculated CVE-2021-37145
MISC
CONFIRM
icovo — icovo
 
A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script. 2021-09-07 not yet calculated CVE-2020-19768
MISC
ionic_identity — vault
 
In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication. 2021-09-10 not yet calculated CVE-2021-3145
MISC
MISC
iphone — macos_big_sur A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to force unnecessary network connections to fetch its favicon. 2021-09-08 not yet calculated CVE-2021-1855
MISC
iphone — macos_big_sur
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. Locked Notes content may have been unexpectedly unlocked. 2021-09-08 not yet calculated CVE-2021-1859
MISC
iphone — macos_big_sur
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A local attacker may be able to elevate their privileges. 2021-09-08 not yet calculated CVE-2021-1853
MISC
iphone — macos_big_sur
 
An issue existed in determining cache occupancy. The issue was addressed through improved logic. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to track users by setting state in a cache. 2021-09-08 not yet calculated CVE-2021-1861
MISC
jeesns — jeesns A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo. 2021-09-09 not yet calculated CVE-2020-19291
MISC
MISC
jeesns — jeesns A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question. 2021-09-09 not yet calculated CVE-2020-19292
MISC
MISC
jeesns — jeesns A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message’s text field. 2021-09-09 not yet calculated CVE-2020-19282
MISC
MISC
jeesns — jeesns A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field. 2021-09-09 not yet calculated CVE-2020-19285
MISC
MISC
jeesns — jeesns A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field. 2021-09-09 not yet calculated CVE-2020-19281
MISC
MISC
jeesns — jeesns A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field. 2021-09-09 not yet calculated CVE-2020-19284
MISC
MISC
jeesns — jeesns
 
A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab. 2021-09-09 not yet calculated CVE-2020-19289
MISC
MISC
jeesns — jeesns
 
A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article. 2021-09-09 not yet calculated CVE-2020-19293
MISC
MISC
jeesns — jeesns
 
A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor. 2021-09-09 not yet calculated CVE-2020-19286
MISC
MISC
jeesns — jeesns
 
A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section. 2021-09-09 not yet calculated CVE-2020-19290
MISC
MISC
jeesns — jeesns
 
A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message. 2021-09-09 not yet calculated CVE-2020-19288
MISC
MISC
jeesns — jeesns
 
A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title. 2021-09-09 not yet calculated CVE-2020-19287
MISC
MISC
jeesns — jeesns
 
A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section. 2021-09-09 not yet calculated CVE-2020-19294
MISC
MISC
jeesns — jeesns
 
A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. 2021-09-09 not yet calculated CVE-2020-19295
MISC
MISC
jeesns — jeesns
 
Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. 2021-09-09 not yet calculated CVE-2020-19280
MISC
MISC
jeesns — jeesns
 
A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. 2021-09-09 not yet calculated CVE-2020-19283
MISC
MISC
kaml — kaml
 
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in resource starvation and denial of service. This only affects applications that use polymorphic serialization with the default tagged polymorphism style. Applications using the property polymorphism style are not affected. YAML input for a polymorphic type that provided a tag but no value for the object would trigger the issue. Version 0.35.3 or later contain the fix for this issue. 2021-09-07 not yet calculated CVE-2021-39194
MISC
MISC
CONFIRM
kubernetes — kubernetes
 
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs. 2021-09-06 not yet calculated CVE-2021-25737
MISC
MISC
kubernetes — webhook
 
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields. 2021-09-06 not yet calculated CVE-2021-25735
MISC
MISC
libgcrypt — libgcrypt
 
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver’s public key, the generator defined by the receiver’s public key, and the sender’s ephemeral exponents can lead to a cross-configuration attack against OpenPGP. 2021-09-06 not yet calculated CVE-2021-40528
MISC
MISC
MISC
libgd — libgd
 
The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks. 2021-09-08 not yet calculated CVE-2021-40812
MISC
MISC
librenms — librenms
 
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed. 2021-09-08 not yet calculated CVE-2021-31274
MISC
MISC
MISC
libsapeextractor — library
 
An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process. 2021-09-09 not yet calculated CVE-2021-25449
MISC
libtiff — libtiff
 
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the “TIFFVGetField” funtion in the component ‘libtiff/tif_dir.c’. 2021-09-09 not yet calculated CVE-2020-19143
MISC
MISC
MISC
libtiff — libtiff
 
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the ‘in _TIFFmemcpy’ funtion in the component ‘tif_unix.c’. 2021-09-09 not yet calculated CVE-2020-19144
MISC
MISC
line — line
 
LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling. 2021-09-08 not yet calculated CVE-2021-36215
MISC
line — line
 
LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection. 2021-09-08 not yet calculated CVE-2021-36216
MISC
mediatek — smartphone_chipsets In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964926. 2021-09-09 not yet calculated CVE-2021-32485
MISC
mediatek — smartphone_chipsets In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964928. 2021-09-09 not yet calculated CVE-2021-32486
MISC
mediatek — smartphone_chipsets
 
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500736; Issue ID: ALPS04938456. 2021-09-09 not yet calculated CVE-2021-32487
MISC
mediatek — smartphone_chipsets
 
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964917. 2021-09-09 not yet calculated CVE-2021-32484
MISC
merge — merge
 
merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) 2021-09-10 not yet calculated CVE-2021-3645
MISC
CONFIRM
micro_focus — network_automation
 
Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication. 2021-09-07 not yet calculated CVE-2021-38123
MISC
mipcms — mipcms
 
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit. 2021-09-09 not yet calculated CVE-2020-19263
MISC
mipcms — mipcms
 
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd. 2021-09-09 not yet calculated CVE-2020-19264
MISC
misskey — misskey Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in “Upload from URL” and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been fixed in 12.90.0. However, if you are using a proxy, you will need to take additional measures. As a workaround this exploit may be avoided by appropriately restricting access to private networks from the host where the application is running. 2021-09-07 not yet calculated CVE-2021-39195
CONFIRM
MISC
MISC
nessus — agent
 
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118. 2021-09-09 not yet calculated CVE-2021-20117
MISC
nessus — agent
 
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117. 2021-09-09 not yet calculated CVE-2021-20118
MISC
networkpolicymanagerservice — networkpolicymanagerservice
 
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data. 2021-09-09 not yet calculated CVE-2021-25451
MISC
nexacro14 — runtime_active
 
Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension. 2021-09-09 not yet calculated CVE-2020-7874
MISC
nextcloud — circles
 
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any “Secret Circle” without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is upgraded to 0.19.15, 0.20.11 or 0.21.4. There are no workarounds for this issue. 2021-09-07 not yet calculated CVE-2021-37630
CONFIRM
MISC
MISC
nextcloud — deck
 
Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn’t properly check membership of users in a Circle. This allowed other users in the instance to gain access to boards that have been shared with a Circle, even if the user was not a member of the circle. It is recommended that Nextcloud Deck is upgraded to 1.5.1, 1.4.4 or 1.2.9. If you are unable to update it is advised to disable the Deck plugin. 2021-09-07 not yet calculated CVE-2021-37631
CONFIRM
MISC
MISC
MISC
nextcloud — richdocuments
 
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled. 2021-09-07 not yet calculated CVE-2021-37629
MISC
CONFIRM
MISC
nextcloud — richdocuments
 
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features (“Upload Only” public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application. 2021-09-07 not yet calculated CVE-2021-37628
CONFIRM
MISC
MISC
nextcloud — server Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug. 2021-09-07 not yet calculated CVE-2021-32801
CONFIRM
MISC
MISC
nextcloud — server
 
Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn’t suited for untrusted user-supplied content. There are several security concerns with passing user-generated content to this library, such as Server-Side-Request-Forgery, file disclosure or potentially executing code on the system. The risk depends on your system configuration and the installed library version. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. These versions do not use this library anymore. As a workaround users may disable previews by setting `enable_previews` to `false` in `config.php`. 2021-09-07 not yet calculated CVE-2021-32802
CONFIRM
MISC
MISC
nextcloud — server
 
Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. There are no workaround for this vulnerability. 2021-09-07 not yet calculated CVE-2021-32800
CONFIRM
MISC
MISC
nextcloud — text
 
Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link share has been created with “Upload Only” privileges. (aka “File Drop”). A link share recipient is not expected to see which folders or files exist in a “File Drop” share. Using this vulnerability an attacker is able to enumerate folders in such a share. Exploitation requires that the attacker has access to a valid affected “File Drop” link share. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.0.1. Users who are unable to upgrade are advised to disable the Nextcloud Text application in the app settings. 2021-09-07 not yet calculated CVE-2021-32766
MISC
CONFIRM
MISC
ntfs-3g — ntfs-3g A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39257
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39252
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39254
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. 2021-09-07 not yet calculated CVE-2021-33289
MISC
MISC
MLIST
DEBIAN
ntfs-3g — ntfs-3g A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39260
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39261
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39262
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39263
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39258
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g
 
A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39253
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g
 
In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. 2021-09-07 not yet calculated CVE-2021-33286
MISC
MISC
MLIST
DEBIAN
ntfs-3g — ntfs-3g
 
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the “bytes_in_use” field should be less than the “bytes_allocated” field. When it is not, the parsing of the records proceeds into the wild. 2021-09-07 not yet calculated CVE-2021-33285
MISC
MISC
MISC
MISC
MLIST
DEBIAN
ntfs-3g — ntfs-3g
 
A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39251
MISC
MISC
MISC
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g
 
A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39255
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g
 
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39256
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g
 
In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application. 2021-09-07 not yet calculated CVE-2021-33287
MISC
MISC
MISC
MLIST
DEBIAN
ntfs-3g — ntfs-3g
 
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39259
MISC
MISC
DEBIAN
objections.js — objection.js
 
objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) 2021-09-06 not yet calculated CVE-2021-3766
CONFIRM
MISC
octorrki — origin_validation
 
Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP “MaxLength” value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 – Cloudflare) prior to launching a BGP hijack which during normal operations would be rejected as “RPKI invalid”. Additionally, in certain deployments RTR session flapping in and of itself also could cause BGP routing churn, causing availability issues. 2021-09-09 not yet calculated CVE-2021-3761
CONFIRM
onlyoffice — document_server
 
The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields. 2021-09-10 not yet calculated CVE-2021-40864
MISC
MISC
onyaktech — comments_pro An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment. 2021-09-07 not yet calculated CVE-2021-33483
MISC
MISC
onyaktech — comments_pro
 
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted encryption key (sent as a parameter in the comment form request) by setting this encrypted value as the username, which will appear on the comment page in its decrypted form. Using these two values (combined with the encryption functionality discovered in the decompiled installer), the attacker can encrypt another user’s ID and username. These values can be used as part of the comment posting request in order to spoof the user. 2021-09-07 not yet calculated CVE-2021-33484
MISC
MISC
openbmc — openbmc
 
In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system. 2021-09-09 not yet calculated CVE-2021-39296
MISC
MISC
openstack — neutron An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service. 2021-09-08 not yet calculated CVE-2021-40797
MISC
CONFIRM
MLIST
openwall — ntfs-3g
 
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges. 2021-09-07 not yet calculated CVE-2021-35268
MISC
MISC
MLIST
DEBIAN
openwall — ntfs-3g
 
NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root. 2021-09-07 not yet calculated CVE-2021-35267
MISC
MISC
MLIST
DEBIAN
openwall — ntfs-3g
 
NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges. 2021-09-07 not yet calculated CVE-2021-35269
MISC
MLIST
DEBIAN
openwall — ntfs-3g
 
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution. 2021-09-07 not yet calculated CVE-2021-35266
MISC
MISC
MLIST
DEBIAN
otrs_ag — community_edition
 
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. 2021-09-06 not yet calculated CVE-2021-36096
CONFIRM
owncloud — owncloud
 
Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation. 2021-09-08 not yet calculated CVE-2021-40537
MISC
owncloud — owncloud
 
The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL. 2021-09-07 not yet calculated CVE-2021-35947
MISC
MISC
owncloud — owncloud
 
The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share. 2021-09-07 not yet calculated CVE-2021-35949
MISC
MISC
owncloud — owncloud
 
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions. 2021-09-07 not yet calculated CVE-2021-35946
MISC
MISC
owncloud — owncloud
 
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie. 2021-09-07 not yet calculated CVE-2021-35948
MISC
MISC
oxracer — oxracer
 
A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script. 2021-09-07 not yet calculated CVE-2020-19767
MISC
palo_alto_networks — cortex_xsoar_server An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances. 2021-09-08 not yet calculated CVE-2021-3051
CONFIRM
palo_alto_networks — cortex_xsoar_server
 
An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions. 2021-09-08 not yet calculated CVE-2021-3049
CONFIRM
palo_alto_networks — pan-os

 

An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. This issue does not affect Prisma Access. 2021-09-08 not yet calculated CVE-2021-3053
CONFIRM
palo_alto_networks — pan-os

 

An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.6. This issue does not affect Prisma Access. 2021-09-08 not yet calculated CVE-2021-3055
CONFIRM
palo_alto_networks — pan-os

 

A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7; PAN-OS 10.1 versions earlier than PAN-OS 10.1.2. This issue does not affect Prisma Access. 2021-09-08 not yet calculated CVE-2021-3054
CONFIRM
palo_alto_networks — pan-os
 
A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.20; PAN-OS 9.0 versions earlier than 9.0.14; PAN-OS 9.1 versions earlier than 9.1.10; PAN-OS 10.0 versions earlier than 10.0.2. This issue does not affect Prisma Access. 2021-09-08 not yet calculated CVE-2021-3052
CONFIRM
parlai — parlai Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0. 2021-09-10 not yet calculated CVE-2021-24040
MISC
CONFIRM
parlai — parlai
 
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0. If upgrading is not possible then users can change the Loader used to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details. 2021-09-10 not yet calculated CVE-2021-39207
MISC
MISC
CONFIRM
pcapture — pcapture
 
pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filters can effectively limit the scope of information that a user can see in the data captures. If no filter is present, then all data on the local network segment where the program is running can be captured and downloaded. v3.12 fixes this problem. There is no workaround, you must upgrade to v3.12 or greater. 2021-09-07 not yet calculated CVE-2021-39196
CONFIRM
MISC
MISC
pepeauctionsale — pepeauctionsale
 
The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application. 2021-09-07 not yet calculated CVE-2020-19766
MISC
phpmywind — phpmywind
 
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without “<, >, ?, =, `,….” In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file. 2021-09-07 not yet calculated CVE-2021-39503
MISC
MISC
playsms — playsms
 
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI. 2021-09-10 not yet calculated CVE-2021-40373
MISC
CONFIRM
plesk — obsidian
 
The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim’s browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability. 2021-09-10 not yet calculated CVE-2021-35976
MISC
MISC
pomerium — pomerium Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched. 2021-09-09 not yet calculated CVE-2021-39204
CONFIRM
MISC
MISC
pomerium — pomerium Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect authorization or routing decisions may be made by Pomerium. Pomerium v0.14.8 and v0.15.1 contain an upgraded envoy binary with these vulnerabilities patched. This issue can only be triggered when using path prefix based policy. Removing any such policies should provide mitigation. 2021-09-09 not yet calculated CVE-2021-39206
MISC
MISC
CONFIRM
MISC
pomerium — pomerium
 
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered. 2021-09-09 not yet calculated CVE-2021-39162
MISC
MISC
CONFIRM
ppgo_jobs  — ppgo_jobs
 
Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the ‘AjaxRun()’ function. 2021-09-08 not yet calculated CVE-2020-26772
MISC
MISC
prestashop — customer_photo_gallary
 
The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection. 2021-09-08 not yet calculated CVE-2021-40814
MISC
python — python The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory. 2021-09-10 not yet calculated CVE-2021-40839
MISC
MISC
MISC
MISC
qnap — multiple_devices
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later 2021-09-10 not yet calculated CVE-2021-34346
CONFIRM
qnap — multiple_devices
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later 2021-09-10 not yet calculated CVE-2021-34345
CONFIRM
qnap — multiple_products
 
A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later 2021-09-10 not yet calculated CVE-2018-19957
CONFIRM
qnap — multiple_products
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later 2021-09-10 not yet calculated CVE-2021-34343
CONFIRM
qnap — qunetswitch
 
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later 2021-09-10 not yet calculated CVE-2021-28813
CONFIRM
qnap — qusbcam2
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSBCam2: QTS 4.5.4: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 5.0: QUSBCam2 2.0.1 ( 2021/08/03 ) and later QTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 4.3.3: QUSBCam2 1.1.4 ( 2021/08/06 ) and later QuTS hero 4.5.3: QUSBCam2 1.1.4 ( 2021/07/30 ) and later 2021-09-10 not yet calculated CVE-2021-34344
CONFIRM
qnap — multiple_products
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QTS 4.3.3.1693 build 20210624 and later QTS 4.3.6.1750 build 20210730 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later 2021-09-10 not yet calculated CVE-2021-28816
CONFIRM
qualcomm — multiple_snapdragon_products
 
Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2021-09-09 not yet calculated CVE-2021-30295
CONFIRM
qualcomm — multiple_snapdragon_products
 
Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-09-08 not yet calculated CVE-2020-11301
CONFIRM
qualcomm — multiple_snapdragon_products
 
Possible null pointer dereference due to race condition between timeline fence signal and time line fence destroy in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2021-09-09 not yet calculated CVE-2021-30290
CONFIRM
qualcomm — multiple_snapdragon_products
 
Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2021-09-08 not yet calculated CVE-2020-11264
CONFIRM
qualcomm — multiple_snapdragon_products
 
Potential null pointer dereference in KGSL GPU auxiliary command due to improper validation of user input in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2021-09-09 not yet calculated CVE-2021-30294
CONFIRM
qualcomm — snapdragon_products Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2021-09-08 not yet calculated CVE-2021-1929
CONFIRM
qualcomm — snapdragon_products Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2021-09-09 not yet calculated CVE-2021-1957
CONFIRM
qualcomm — snapdragon_products Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-09-08 not yet calculated CVE-2021-1972
CONFIRM
qualcomm — snapdragon_products Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-09-09 not yet calculated CVE-2021-1909
CONFIRM
qualcomm — snapdragon_products Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-08 not yet calculated CVE-2021-1914
CONFIRM
qualcomm — snapdragon_products Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-09-09 not yet calculated CVE-2021-1974
CONFIRM
qualcomm — snapdragon_products Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT 2021-09-08 not yet calculated CVE-2021-1923
CONFIRM
qualcomm — snapdragon_products Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-09-08 not yet calculated CVE-2021-1930
CONFIRM
qualcomm — snapdragon_products Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-08 not yet calculated CVE-2021-1919
CONFIRM
qualcomm — snapdragon_products Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-09-09 not yet calculated CVE-2021-1946
CONFIRM
qualcomm — snapdragon_products Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-09-09 not yet calculated CVE-2021-1948
CONFIRM
qualcomm — snapdragon_products Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2021-09-09 not yet calculated CVE-2021-1956
CONFIRM
qualcomm — snapdragon_products A race condition in fastrpc kernel driver for dynamic process creation can lead to use after free scenario in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables 2021-09-09 not yet calculated CVE-2021-1958
CONFIRM
qualcomm — snapdragon_products UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables 2021-09-09 not yet calculated CVE-2021-1933
CONFIRM
qualcomm — snapdragon_products
 
Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-09-09 not yet calculated CVE-2021-1941
CONFIRM
qualcomm — snapdragon_products
 
Buffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum endpoint pair and its size in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-09-09 not yet calculated CVE-2021-1962
CONFIRM
qualcomm — snapdragon_products
 
Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2021-09-09 not yet calculated CVE-2021-1971
CONFIRM
qualcomm — snapdragon_products
 
Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-09 not yet calculated CVE-2021-1961
CONFIRM
qualcomm — snapdragon_products
 
Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-09-09 not yet calculated CVE-2021-1960
CONFIRM
qualcomm — snapdragon_products
 
Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music 2021-09-09 not yet calculated CVE-2021-1952
CONFIRM
qualcomm — snapdragon_products
 
Possible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-09 not yet calculated CVE-2021-1963
CONFIRM
qualcomm — snapdragon_products
 
Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-09 not yet calculated CVE-2021-1935
CONFIRM
qualcomm — snapdragon_products
 
Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-08 not yet calculated CVE-2021-1904
CONFIRM
qualcomm — snapdragon_products
 
Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-08 not yet calculated CVE-2021-1916
CONFIRM
qualcomm — snapdragon_products
 
Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT 2021-09-09 not yet calculated CVE-2021-1934
CONFIRM
qualcomm — snapdragon_products
 
Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-08 not yet calculated CVE-2021-1920
CONFIRM
qualcomm — snapdragon_products
 
Buffer over read could occur due to incorrect check of buffer size while flashing emmc devices in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-09-08 not yet calculated CVE-2021-1928
CONFIRM
raonwizcoltd — dext5
 
A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832) 2021-09-07 not yet calculated CVE-2020-7832
MISC
raonwizcoltd — execm_coreb2b
 
A vulnerability(improper input validation) in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via httpDownload function. A successful exploit could allow the attacker to hijack vulnerable system. 2021-09-07 not yet calculated CVE-2020-7865
MISC
remark-html — remark-html
 
remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user input was not sanitized. This means arbitrary HTML can be passed through leading to potential XSS attacks. The problem has been patched in 13.0.2 and 14.0.1: `remark-html` is now safe by default, and the implementation matches the documentation. On older affected versions, pass `sanitize: true` if you cannot update. 2021-09-07 not yet calculated CVE-2021-39199
MISC
MISC
CONFIRM
MISC
ribbonsoft — ribbonsoft
 
A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2021-09-08 not yet calculated CVE-2021-21897
MISC
rittal — cmc_pu_iii_web_management
 
Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitize user input on Network TCP/IP configuration page. This allows the attacker to inject commands as root on the device which will be executed once the data is received. 2021-09-09 not yet calculated CVE-2021-40222
MISC
rittal — cmc_pu_iii_web_management
 
Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging filter dialog). This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts). The XSS payload will be triggered when the user accesses some specific sections of the application. 2021-09-09 not yet calculated CVE-2021-40223
MISC
rob_the_bank — rob_the_bank
 
A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script. 2021-09-07 not yet calculated CVE-2020-19769
MISC
saltstack — salt An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software. 2021-09-08 not yet calculated CVE-2021-22004
MISC
FEDORA
FEDORA
saltstack — salt
 
An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion. 2021-09-08 not yet calculated CVE-2021-21996
MISC
FEDORA
FEDORA
showdoc — showdoc
 
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the ‘file_url’ parameter in the component AdminUpdateController.class.php’. 2021-09-08 not yet calculated CVE-2021-36440
MISC
silicon — labs_iwrap
 
The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet. 2021-09-07 not yet calculated CVE-2021-31609
MISC
MISC
simple_water_refilling_station_management_system — simple_water_refilling_station_and_management_system
 
Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action. 2021-09-07 not yet calculated CVE-2021-38841
MISC
MISC
MISC
smartertools — smartermail
 
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application. 2021-09-08 not yet calculated CVE-2021-40377
MISC
softcontrol — softcontrol
 
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: . 2021-09-08 not yet calculated CVE-2020-24672
MISC
solarwinds — patch_manager_orion_platform
 
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data. 2021-09-08 not yet calculated CVE-2021-35217
MISC
MISC
CONFIRM
sonatype — nexus_repository
 
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance. 2021-09-07 not yet calculated CVE-2021-40143
MISC
CONFIRM
sqlite-web — sqlite-web
 
This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack. 2021-09-08 not yet calculated CVE-2021-23404
MISC
MISC
systeminformation — systeminformation
 
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix. 2021-09-09 not yet calculated CVE-2020-26300
MISC
MISC
CONFIRM
MISC
toyopuc — multiple_devices
 
All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between affected devices. 2021-09-10 not yet calculated CVE-2021-33011
MISC
trend_micro_security — consumer
 
Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service. 2021-09-06 not yet calculated CVE-2021-36744
MISC
MISC
wildau — covid-19_contact_tracing
 
api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds. 2021-09-07 not yet calculated CVE-2021-33831
MISC
MISC
wordpress — wordpress The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1. 2021-09-10 not yet calculated CVE-2021-38358
MISC
MISC
wordpress — wordpress The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selected_menu parameter found in the ~/custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3. 2021-09-09 not yet calculated CVE-2021-38321
MISC
MISC
wordpress — wordpress The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0. 2021-09-10 not yet calculated CVE-2021-38360
MISC
MISC
wordpress — wordpress The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1. 2021-09-10 not yet calculated CVE-2021-38359
MISC
MISC
wordpress — wordpress The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. 2021-09-10 not yet calculated CVE-2021-38326
MISC
MISC
wordpress — wordpress The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6. 2021-09-10 not yet calculated CVE-2021-38354
MISC
MISC
wordpress — wordpress The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0. 2021-09-10 not yet calculated CVE-2021-38353
MISC
MISC
wordpress — wordpress The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. 2021-09-10 not yet calculated CVE-2021-38332
MISC
MISC
wordpress — wordpress The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3. 2021-09-10 not yet calculated CVE-2021-38351
MISC
MISC
wordpress — wordpress The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. 2021-09-10 not yet calculated CVE-2021-38328
MISC
MISC
wordpress — wordpress The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1. 2021-09-09 not yet calculated CVE-2021-38322
MISC
MISC
wordpress — wordpress The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the ~/user-activation-email.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.0. 2021-09-09 not yet calculated CVE-2021-38325
MISC
MISC
wordpress — wordpress The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the ~/analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1. 2021-09-10 not yet calculated CVE-2021-38350
MISC
MISC
wordpress — wordpress The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. 2021-09-10 not yet calculated CVE-2021-38338
MISC
MISC
wordpress — wordpress WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the custom HTML widget. This has been patched in WordPress 5.8. It was only present during the testing/beta phase of WordPress 5.8. 2021-09-09 not yet calculated CVE-2021-39202
MISC
CONFIRM
wordpress — wordpress The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/cover-carousel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. 2021-09-09 not yet calculated CVE-2021-38318
MISC
MISC
wordpress — wordpress The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site’s database, in versions up to and including 1.5.3. 2021-09-09 not yet calculated CVE-2021-38324
MISC
MISC
wordpress — wordpress The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0. 2021-09-09 not yet calculated CVE-2021-38320
MISC
MISC
wordpress — wordpress The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. 2021-09-10 not yet calculated CVE-2021-38336
MISC
MISC
wordpress — wordpress
 
The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the ~/bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3. 2021-09-10 not yet calculated CVE-2021-38355
MISC
MISC
wordpress — wordpress
 
The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0. 2021-09-10 not yet calculated CVE-2021-38327
MISC
MISC
wordpress — wordpress
 
The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the ~/sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1. 2021-09-10 not yet calculated CVE-2021-38357
MISC
MISC
wordpress — wordpress
 
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &polyname #2, &polyname, &address. 2021-09-09 not yet calculated CVE-2021-36870
MISC
CONFIRM
wordpress — wordpress
 
The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2. 2021-09-10 not yet calculated CVE-2021-38331
MISC
MISC
wordpress — wordpress
 
The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2. 2021-09-10 not yet calculated CVE-2021-38329
MISC
MISC
wordpress — wordpress
 
The Keyword Meta WordPress plugin through 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing attacker to make a logged in high privilege user save arbitrary setting via a CSRF attack. 2021-09-06 not yet calculated CVE-2021-24611
MISC
wordpress — wordpress
 
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title. 2021-09-09 not yet calculated CVE-2021-36871
MISC
CONFIRM
wordpress — wordpress
 
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don’t have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It’s fixed in the final 5.8 release. 2021-09-09 not yet calculated CVE-2021-39203
MISC
CONFIRM
wordpress — wordpress
 
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who do not have the permission to post `unfiltered_html`. ### Patches This has been patched in WordPress 5.8, and will be pushed to older versions via minor releases (automatic updates). It’s strongly recommended that you keep auto-updates enabled to receive the fix. ### References https://wordpress.org/news/category/releases/ https://hackerone.com/reports/1142140 ### For more information If you have any questions or comments about this advisory: * Open an issue in [HackerOne](https://hackerone.com/wordpress) 2021-09-09 not yet calculated CVE-2021-39201
MISC
CONFIRM
wordpress — wordpress
 
The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1. 2021-09-10 not yet calculated CVE-2021-38333
MISC
MISC
wordpress — wordpress
 
The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8. 2021-09-10 not yet calculated CVE-2021-38352
MISC
MISC
wordpress — wordpress
 
The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpas_id parameter found in the ~/inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2. 2021-09-10 not yet calculated CVE-2021-38348
MISC
MISC
wordpress — wordpress
 
The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. 2021-09-10 not yet calculated CVE-2021-38349
MISC
MISC
wordpress — wordpress
 
The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3. 2021-09-09 not yet calculated CVE-2021-38317
MISC
MISC
wordpress — wordpress
 
The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2. 2021-09-10 not yet calculated CVE-2021-38347
MISC
MISC
wordpress — wordpress
 
The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4. 2021-09-10 not yet calculated CVE-2021-38330
MISC
MISC
wordpress — wordpress
 
The WP Academic People List WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category_name parameter in the ~/admin-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.4.1. 2021-09-09 not yet calculated CVE-2021-38316
MISC
MISC
wordpress — wordpress
 
The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10. 2021-09-10 not yet calculated CVE-2021-38341
MISC
MISC
wordpress — wordpress
 
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It’s strongly recommended that you keep auto-updates enabled to receive the fix. 2021-09-09 not yet calculated CVE-2021-39200
MISC
CONFIRM
wordpress — wordpress
 
The RentPress WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the ~/src/rentPress/AjaxRequests.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.6.4. 2021-09-09 not yet calculated CVE-2021-38323
MISC
MISC
wordpress — wordpress
 
The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/morefromgoogle.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2. 2021-09-09 not yet calculated CVE-2021-38319
MISC
MISC
wordpress — wordpress
 
The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. 2021-09-10 not yet calculated CVE-2021-38334
MISC
MISC
wordpress — wordpress
 
The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. 2021-09-10 not yet calculated CVE-2021-38335
MISC
MISC
wordpress — wordpress
 
The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. 2021-09-10 not yet calculated CVE-2021-38337
MISC
MISC
wordpress — wordpress
 
The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01. 2021-09-10 not yet calculated CVE-2021-38339
MISC
MISC
wordpress — wordpress
 
The WordPress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. 2021-09-10 not yet calculated CVE-2021-38340
MISC
MISC
yakamara — media_redaxo
 
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code. 2021-09-09 not yet calculated CVE-2021-39459
MISC
yakamara — media_redaxo
 
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables. 2021-09-09 not yet calculated CVE-2021-39458
MISC
younglimwonco.ltd — activex
 
Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution. 2021-09-09 not yet calculated CVE-2020-7873
MISC
zhuhai — jieli The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_V1.0 does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after paging procedure. User intervention is required to restart the device. 2021-09-07 not yet calculated CVE-2021-34143
MISC
MISC
MISC
zhuhai — jieli_ac690x_and_ac692x_devices
 
The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure, allowing attackers in radio range to trigger a deadlock via a crafted LMP packet. 2021-09-07 not yet calculated CVE-2021-31612
MISC
MISC
MISC
zhuhai — jieli_ac690x_and_ac692x_devices
 
The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot the device to restore communication. 2021-09-07 not yet calculated CVE-2021-31611
MISC
MISC
MISC
MISC
zoho — manageengine_adselfservice
 
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. 2021-09-10 not yet calculated CVE-2021-37423
MISC
zoho — manageengine_adselfservice_plus
 
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. 2021-09-10 not yet calculated CVE-2021-37422
MISC
zoho — manageengine_adselfservice_plus
 
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. 2021-09-07 not yet calculated CVE-2021-40539
MISC
MISC
zoho — manageengine_desktopcentral
 
Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows anyone to get a valid user’s APIKEY without authentication. 2021-09-10 not yet calculated CVE-2021-37414
MISC
zook — solution
 
A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing ‘ConnectMe’ command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command. 2021-09-07 not yet calculated CVE-2020-7877
MISC
zstack — zstack ZStack is open source IaaS(infrastructure as a service) software. In ZStack before versions 3.10.12 and 4.1.6 there is a pre-auth unsafe deserialization vulnerability in the REST API. An attacker in control of the request body will be able to provide both the class name and the data to be deserialized and therefore will be able to instantiate an arbitrary type and assign arbitrary values to its fields. This issue may lead to a Denial Of Service. If a suitable gadget is available, then an attacker may also be able to exploit this vulnerability to gain pre-auth remote code execution. For additional details see the referenced GHSL-2021-087. 2021-09-09 not yet calculated CVE-2021-32836
CONFIRM
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: September 6, 2021

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
atlassian — confluence In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if ‘Allow people to sign up to create their account’ is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. 2021-08-30 7.5 CVE-2021-26084
MISC
MISC
dedecms — dedecms An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format. 2021-08-27 7.5 CVE-2020-18114
MISC
deltaww — diaenergie Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. 2021-08-30 10 CVE-2021-32967
MISC
deltaww — diaenergie A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. 2021-08-30 7.5 CVE-2021-32983
MISC
deltaww — diaenergie Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. 2021-08-30 7.5 CVE-2021-32955
MISC
easycorp — zentao The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System. 2021-08-31 9 CVE-2021-27556
MISC
govicture — pc420_firmware Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versions. 2021-08-30 10 CVE-2020-15744
MISC
hexagongeospatial — geomedia_webmap MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Injection via the Id (within sourceItems) parameter to the GetMap method. 2021-08-30 10 CVE-2021-37749
MISC
MISC
MISC
object-path_project — object-path This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === ‘__proto__’ returns false if currentPath is [‘__proto__’]. This is because the === operator returns always false when the type of the operands is different. 2021-08-27 7.5 CVE-2021-23434
MISC
MISC
MISC
MISC
openzeppelin — contracts OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team’s control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining. 2021-08-27 7.5 CVE-2021-39167
MISC
CONFIRM
MISC
openzeppelin — contracts OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team’s control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining. 2021-08-27 7.5 CVE-2021-39168
MISC
CONFIRM
MISC
simiki_project — simiki Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component ‘simiki/blob/master/simiki/config.py’. 2021-08-27 10 CVE-2020-19001
MISC
squashfs-tools_project — squashfs-tools squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. 2021-08-27 7.5 CVE-2021-40153
MISC
MISC
MISC
FEDORA
MLIST
DEBIAN
wms_project — wms The GET parameter “id” in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection. 2021-08-27 7.5 CVE-2020-18106
MISC
zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions. 2021-08-30 10 CVE-2021-33055
CONFIRM
MISC
zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass. 2021-08-30 7.5 CVE-2021-37421
MISC
zohocorp — manageengine_log360 Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. 2021-08-29 7.5 CVE-2021-40175
MISC
zohocorp — manageengine_log360 Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. 2021-08-29 7.5 CVE-2021-40177
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — ofbiz In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs. 2021-08-30 5 CVE-2021-25958
CONFIRM
MISC
atlassian — data_center Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14.0 before 8.18.0. 2021-08-30 5 CVE-2021-39113
MISC
atlassian — data_center The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field. 2021-08-30 4.3 CVE-2021-39111
MISC
blog_mini_project — blog_mini Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component ‘/admin/custom/blog-plugin/add’. 2021-08-27 4.3 CVE-2020-18998
MISC
blog_mini_project — blog_mini Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component ‘/admin/submit-articles’. 2021-08-27 4.3 CVE-2020-18999
MISC
bold-themes — bold_page_builder The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog could allow such issue to be exploited and lead to RCE in some cases. 2021-08-30 6.5 CVE-2021-24579
MISC
bscw — bscw_classic OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3. 2021-08-30 6.5 CVE-2021-39271
MISC
MISC
MISC
bscw — bscw_classic OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3. 2021-08-30 6.5 CVE-2021-36359
MISC
FULLDISC
MISC
cxuu — cxuucms SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. 2021-08-27 6.5 CVE-2021-3264
MISC
deltaww — diaenergie Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. 2021-08-30 4.3 CVE-2021-32991
MISC
deltaww — dopsoft A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. 2021-08-30 6.8 CVE-2021-33019
MISC
deltaww — tpeditor A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code. 2021-08-30 6.8 CVE-2021-33007
MISC
fetchmail — fetchmail Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. 2021-08-30 4.3 CVE-2021-39272
MISC
MISC
MISC
ibm — sterling_external_authentication_server IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160. 2021-08-30 4 CVE-2021-29728
CONFIRM
CONFIRM
XF
ibm — sterling_external_authentication_server IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095. 2021-08-30 5 CVE-2021-29722
CONFIRM
CONFIRM
XF
ibm — sterling_external_authentication_server IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. 2021-08-30 5 CVE-2021-29723
CONFIRM
CONFIRM
XF
indexhibit — indexhibit A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell. 2021-08-30 6.5 CVE-2020-18121
MISC
indexhibit — indexhibit A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords. 2021-08-30 4 CVE-2020-18124
MISC
indexhibit — indexhibit A reflected cross-site scripting (XSS) vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML. 2021-08-30 4.3 CVE-2020-18125
MISC
indexhibit — indexhibit An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files. 2021-08-30 4 CVE-2020-18127
MISC
indexhibit — indexhibit A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts. 2021-08-30 4.3 CVE-2020-18123
MISC
jupo — mezzanine Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the ‘Description’ field of the component ‘admin/blog/blogpost/add/’. This issue is different than CVE-2018-16632. 2021-08-27 4.3 CVE-2020-19002
MISC
nested_pages_project — nested_pages The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata. 2021-08-30 4.3 CVE-2021-38342
MISC
MISC
nested_pages_project — nested_pages The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions. 2021-08-30 5.8 CVE-2021-38343
MISC
MISC
northern.tech — useradm The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled). 2021-08-27 4.3 CVE-2021-35342
MISC
MISC
opcfoundation — local_discover_server In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. 2021-08-27 5 CVE-2021-40142
MISC
MISC
openmage — magento OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for this Issue. 2021-08-27 6.5 CVE-2021-32759
MISC
CONFIRM
MISC
realfavicongenerator — favicon_by_realfavicongenerator The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting (XSS) which is executed in the context of a logged administrator. 2021-08-30 4.3 CVE-2021-24437
MISC
simiki_project — simiki Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary code via line 54 of the component ‘simiki/blob/master/simiki/generators.py’. 2021-08-27 4.3 CVE-2020-19000
MISC
torproject — tor Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007. 2021-08-30 5 CVE-2021-38385
CONFIRM
MISC
CONFIRM
vmare — vrealize_operations_manager The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure. 2021-08-30 4 CVE-2021-22022
MISC
vmare — vrealize_operations_manager The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover. 2021-08-30 6.5 CVE-2021-22023
MISC
vmare — vrealize_operations_manager The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. 2021-08-30 5 CVE-2021-22027
MISC
vmare — vrealize_operations_manager The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. 2021-08-30 5 CVE-2021-22026
MISC
vmare — vrealize_operations_manager The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster. 2021-08-30 5 CVE-2021-22025
MISC
vmare — vrealize_operations_manager The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure. 2021-08-30 5 CVE-2021-22024
MISC
wow-estore — side_menu The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue 2021-08-30 6.5 CVE-2021-24580
MISC
xen — xen IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn’t have access to anymore (CVE-2021-28696). 2021-08-27 4.6 CVE-2021-28694
MISC
MLIST
MLIST
MLIST
FEDORA
FEDORA
xen — xen xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured. 2021-08-27 6.8 CVE-2021-28700
MISC
FEDORA
FEDORA
xen — xen grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. 2021-08-27 4.6 CVE-2021-28697
MISC
FEDORA
FEDORA
xen — xen IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn’t have access to anymore (CVE-2021-28696). 2021-08-27 4.6 CVE-2021-28695
MISC
MLIST
MLIST
MLIST
FEDORA
FEDORA
xen — xen long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren’t in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starving other domains or causing issues in the hypervisor itself. Note that a domain may map its own grants, i.e. there is no need for multiple domains to be involved here. A pair of “cooperating” guests may, however, cause the effects to be more severe. 2021-08-27 4.9 CVE-2021-28698
MISC
MLIST
FEDORA
FEDORA
xen — xen IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn’t have access to anymore (CVE-2021-28696). 2021-08-27 4.6 CVE-2021-28696
MISC
MLIST
MLIST
MLIST
FEDORA
FEDORA
xen — xen inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of requests has to occur because the interface structure layouts commonly differ between 32- and 64-bit. The translation of the request to obtain the frame numbers of the grant status table involves translating the resulting array of frame numbers. Since the space used to carry out the translation is limited, the translation layer tells the core function the capacity of the array within translation space. Unfortunately the core function then only enforces array bounds to be below 8 times the specified value, and would write past the available space if enough frame numbers needed storing. 2021-08-27 4.9 CVE-2021-28699
MISC
FEDORA
FEDORA
youdiancms — youdiancms A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection. 2021-08-27 6.5 CVE-2020-18116
MISC
zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page. 2021-08-30 4.3 CVE-2021-37416
MISC
zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation. 2021-08-30 5 CVE-2021-37417
MISC
zohocorp — manageengine_cloud_security_plus Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. 2021-08-29 6.8 CVE-2021-40173
MISC
zohocorp — manageengine_log360 Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. 2021-08-29 6.8 CVE-2021-40174
MISC
zohocorp — manageengine_log360 Zoho ManageEngine Log360 before Build 5225 allows stored XSS. 2021-08-29 4.3 CVE-2021-40176
MISC
zohocorp — manageengine_log360 Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. 2021-08-29 4.3 CVE-2021-40178
MISC
zohocorp — manageengine_log360 Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings. 2021-08-29 6.8 CVE-2021-40172
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acquia — mautic The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0. 2021-08-30 3.5 CVE-2021-27913
CONFIRM
acquia — mautic Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets. 2021-08-30 3.5 CVE-2021-27912
CONFIRM
atlassian — data_center The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability via the name of a custom field. 2021-08-30 3.5 CVE-2021-39117
MISC
business_hours_indicator_project — business_hours_indicator The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its ‘Now closed message” setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue 2021-08-30 3.5 CVE-2021-24593
MISC
deltaww — diaenergie Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. 2021-08-30 2.1 CVE-2021-33003
MISC
devowl — wordpress_real_media_library The WordPress Real Media Library WordPress plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the ~/inc/overrides/lite/rest/Folder.php file which allows author-level attackers to inject arbitrary web scripts in folder names, in versions up to and including 4.14.1. 2021-08-30 3.5 CVE-2021-34668
MISC
ibm — maximo_application_suite IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201693. 2021-08-30 3.5 CVE-2021-29743
XF
CONFIRM
ibm — maximo_application_suite IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694. 2021-08-27 3.5 CVE-2021-29744
XF
CONFIRM
indexhibit — indexhibit Multiple stored cross-site scripting (XSS) vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML. 2021-08-30 3.5 CVE-2020-18126
MISC
openkm — openkm OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter. 2021-08-30 3.5 CVE-2021-3628
CONFIRM
CONFIRM
CONFIRM
simplygallery — simply_gallery_blocks_with_lightbox A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox (Version – 2.2.0 & below). The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of image parameters in meta data. 2021-08-30 3.5 CVE-2021-24667
MISC
MISC
tipsandtricks-hq — wp_video_lightbox The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks 2021-08-30 3.5 CVE-2021-24665
MISC
MISC
vmware — cloud_foundation VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link. 2021-08-30 3.5 CVE-2021-22021
MISC
wpmanageninja — fluentsmtp The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting (XSS) vulnerability. Only users with roles capable of managing plugins can modify the plugin’s settings. 2021-08-30 3.5 CVE-2021-24528
MISC
yoohooplugins — sitewide_notice The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2021-08-30 3.5 CVE-2021-24592
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acccusine — pcs+/pfv+
 
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ (Versions prior to V1.6.7) and AccuSine PCSn (Versions prior to V2.2.4) that could allow an authenticated attacker to access the device via FTP protocol. 2021-09-02 not yet calculated CVE-2021-22793
MISC
adaptivescale — adaptivescale
 
A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system. 2021-09-03 not yet calculated CVE-2021-40494
MISC
adobe — acrobat_reader_dc Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-28565