Original release date: October 4, 2021
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — digital_editions | Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file. | 2021-09-27 | 9.3 | CVE-2021-39826 MISC |
| adobe — photoshop_2020 | Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted SVG file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-27 | 9.3 | CVE-2021-40709 MISC |
| adobe — premiere_elements | Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious png file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2021-09-27 | 9.3 | CVE-2021-39824 MISC |
| atlassian — floodlight | Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. | 2021-09-30 | 7.5 | CVE-2020-18683 MISC |
| atlassian — floodlight | Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. | 2021-09-30 | 7.5 | CVE-2020-18685 MISC |
| concretecms — concrete_cms | An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression. | 2021-09-27 | 7.5 | CVE-2021-40098 MISC MISC |
| github — enterprise_server | An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases. | 2021-09-24 | 7.5 | CVE-2021-22869 MISC MISC |
| lodash — lodash | ** DISPUTED ** A command injection vulnerability in Lodash 4.17.21 allows attackers to achieve arbitrary code execution via the template function. This is a different parameter, method, and version than CVE-2021-23337. NOTE: the vendor’s position is that it’s the developer’s responsibility to ensure that a template does not evaluate code that originates from untrusted input. | 2021-09-30 | 7.5 | CVE-2021-41720 MISC |
| microfocus — arcsight_enterprise_security_manager | Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution. | 2021-09-28 | 7.5 | CVE-2021-38124 MISC |
| nagios — nagios_xi | Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. | 2021-09-28 | 7.5 | CVE-2021-36365 CONFIRM CONFIRM |
| nagios — nagios_xi | Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. | 2021-09-28 | 7.5 | CVE-2021-36363 CONFIRM CONFIRM |
| openvpn-monitor_project — openvpn-monitor | furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM. | 2021-09-27 | 7.8 | CVE-2021-31605 MISC MISC |
| oracle — linux | Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | 2021-09-24 | 7.2 | CVE-2021-2464 MISC |
| phoenixcontact — plcnext_technology_starterkit_firmware | Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests. | 2021-09-27 | 7.8 | CVE-2021-34570 CONFIRM |
| set_user_project — set_user | The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config. | 2021-09-27 | 7.5 | CVE-2021-41558 CONFIRM |
| skale — sgxwallet | An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a branch in trustedEcdsaSign that frees a non-initialized pointer from the stack. An attacker can chain multiple enclave calls to prepare a stack that contains a valid address. This address is then freed, resulting in compromised integrity of the enclave. This was resolved after v1.58.3 and not reproducible in sgxwallet v1.77.0. | 2021-09-27 | 7.5 | CVE-2021-36219 MISC MISC |
| stylemixthemes — ulisting | Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. | 2021-09-27 | 7.5 | CVE-2021-36879 MISC CONFIRM |
| stylemixthemes — ulisting | Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom. | 2021-09-27 | 7.5 | CVE-2021-36880 MISC CONFIRM |
| surelinesystems — sureedge_migrator | A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0.7.29360. | 2021-09-28 | 7.5 | CVE-2021-38303 MISC MISC |
| trendmicro — serverprotect | A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations. | 2021-09-29 | 10 | CVE-2021-36745 MISC MISC MISC |
| zohocorp — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution. | 2021-09-27 | 7.5 | CVE-2021-37761 MISC MISC |
| zohocorp — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. | 2021-09-27 | 7.5 | CVE-2021-37539 MISC MISC |
| zyxel — zywall_vpn2s_firmware | A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands. | 2021-09-29 | 7.2 | CVE-2021-35028 MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — creative_cloud_desktop_application | Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get permissions of any directory under the administrator authority. | 2021-09-29 | 4.6 | CVE-2021-28547 MISC |
| adobe — digital_editions | Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability. | 2021-09-27 | 6.8 | CVE-2021-39828 MISC |
| adobe — digital_editions | Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability. | 2021-09-27 | 6.8 | CVE-2021-39827 MISC |
| adobe — experience_manager | Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve server-side denial of service. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2021-09-27 | 4.3 | CVE-2021-40711 MISC |
| adobe — experience_manager | Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service. | 2021-09-27 | 4 | CVE-2021-40712 MISC |
| adobe — experience_manager | Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information. | 2021-09-27 | 4.3 | CVE-2021-40713 MISC |
| adobe — experience_manager | Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser | 2021-09-27 | 4.3 | CVE-2021-40714 MISC |
| adobe — incopy | Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2021-09-27 | 6.8 | CVE-2021-39818 MISC |
| adobe — incopy | Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2021-09-27 | 6.8 | CVE-2021-39819 MISC |
| adobe — indesign | Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. | 2021-09-29 | 6.8 | CVE-2021-39821 MISC |
| apache — druid | In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1. | 2021-09-24 | 4 | CVE-2021-36749 MISC MLIST |
| asus — armoury_crate_lite_service | ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%ASUSGamingCenterLib directory. | 2021-09-27 | 4.4 | CVE-2021-40981 MISC |
| concretecms — concrete_cms | An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. | 2021-09-27 | 6.5 | CVE-2021-40097 MISC MISC |
| concretecms — concrete_cms | An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field. | 2021-09-27 | 4.3 | CVE-2021-40106 MISC MISC |
| concretecms — concrete_cms | An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. | 2021-09-27 | 4.3 | CVE-2021-40105 MISC MISC |
| concretecms — concrete_cms | An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. | 2021-09-27 | 5 | CVE-2021-40104 MISC MISC |
| concretecms — concrete_cms | A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed and loads the contents of the file from the redirected-to server. Files of disallowed types can be uploaded. | 2021-09-27 | 5.5 | CVE-2021-40109 MISC MISC |
| concretecms — concrete_cms | An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method). | 2021-09-24 | 6.4 | CVE-2021-40102 MISC MISC |
| concretecms — concrete_cms | An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. | 2021-09-24 | 6.5 | CVE-2021-40099 MISC MISC |
| concretecms — concrete_cms | An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. | 2021-09-27 | 5 | CVE-2021-40103 MISC MISC |
| concretecms — concrete_cms | An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. | 2021-09-27 | 6.8 | CVE-2021-40108 MISC MISC |
| couchbase — couchbase_server | Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. | 2021-09-29 | 5 | CVE-2021-35944 MISC MISC |
| couchbase — couchbase_server | Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. | 2021-09-29 | 5 | CVE-2021-35945 MISC MISC |
| d-link — dcs-932l_firmware | ** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2021-09-24 | 5.2 | CVE-2021-41503 MISC MISC |
| d-link — dcs-932l_firmware | ** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2021-09-24 | 5.2 | CVE-2021-41504 MISC MISC |
| dell — emc_networker | Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. | 2021-09-28 | 4 | CVE-2021-21569 MISC |
| dell — emc_networker | Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. | 2021-09-28 | 4 | CVE-2021-21570 MISC |
| dlink — dir-605l_firmware | An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page | 2021-09-24 | 5 | CVE-2021-40655 MISC MISC |
| dlink — dir-615_firmware | An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page | 2021-09-24 | 4 | CVE-2021-40654 MISC MISC |
| firefly-iii — firefly_iii | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-09-27 | 6.8 | CVE-2021-3819 CONFIRM MISC |
| getgrav — grav | grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking | 2021-09-27 | 5 | CVE-2021-3818 MISC CONFIRM |
| getgrav — grav-plugin-admin | grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames | 2021-09-27 | 5.8 | CVE-2021-3799 CONFIRM MISC |
| gilacms — gila_cms | A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts. | 2021-09-27 | 6.8 | CVE-2020-20693 MISC |
| gilacms — gila_cms | GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php. | 2021-09-27 | 6.5 | CVE-2020-20692 MISC MISC |
| github — enterprise_server | A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This vulnerability was reported via the GitHub Bug Bounty program. This is the result of an incomplete fix for CVE-2021-22867. | 2021-09-24 | 4 | CVE-2021-22868 MISC MISC MISC |
| google — android | In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425810. | 2021-09-27 | 4.6 | CVE-2021-0611 MISC |
| google — android | In memory management driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05411456. | 2021-09-27 | 4.6 | CVE-2021-0610 MISC |
| google — android | In ccu, there is a possible out of bounds read due to incorrect error handling. This could lead to information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827145; Issue ID: ALPS05827145. | 2021-09-27 | 4 | CVE-2021-0660 MISC |
| google — android | In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425834. | 2021-09-27 | 4.6 | CVE-2021-0612 MISC |
| gradle — gradle | In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password. | 2021-09-24 | 5 | CVE-2021-41586 MISC |
| gradle — gradle | Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header. | 2021-09-24 | 5 | CVE-2021-41584 MISC |
| gradle — gradle | In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources. | 2021-09-24 | 5 | CVE-2021-41587 MISC |
| gradle — gradle | In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys. | 2021-09-24 | 6.8 | CVE-2021-41588 MISC |
| ibm — sterling_order_management | IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179. | 2021-09-30 | 4.3 | CVE-2021-20554 XF CONFIRM |
| inflect_project — inflect | inflect is vulnerable to Inefficient Regular Expression Complexity | 2021-09-27 | 5 | CVE-2021-3820 MISC CONFIRM |
| jsoneditoronline — jsoneditor | jsoneditor is vulnerable to Inefficient Regular Expression Complexity | 2021-09-27 | 5 | CVE-2021-3822 MISC CONFIRM |
| kindsoft — kindeditor | Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information. | 2021-09-28 | 4.3 | CVE-2021-37267 MISC |
| kindsoft — kindeditor | Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. | 2021-09-28 | 4.3 | CVE-2021-30086 MISC MISC |
| laracms_project — laracms | LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers. | 2021-09-29 | 5 | CVE-2020-20128 MISC |
| maccms — maccms | A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. | 2021-09-24 | 4.9 | CVE-2020-20514 MISC |
| nltk — nltk | nltk is vulnerable to Inefficient Regular Expression Complexity | 2021-09-27 | 5 | CVE-2021-3828 CONFIRM MISC |
| openbsd — libressl | x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks ‘�’ termination. | 2021-09-24 | 4.3 | CVE-2021-41581 MISC |
| openbsd — openssh | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. | 2021-09-26 | 6 | CVE-2021-41617 MISC MISC MISC CONFIRM FEDORA FEDORA |
| opennms — opennms | OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP ‘sysName’ or ‘sysContact’ response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016. | 2021-09-24 | 4.3 | CVE-2016-6556 MISC MISC |
| opennms — opennms | OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016. | 2021-09-24 | 4.3 | CVE-2016-6555 MISC MISC |
| openvpn-monitor_project — openvpn-monitor | furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients. | 2021-09-27 | 5 | CVE-2021-31606 MISC MISC |
| openvpn-monitor_project — openvpn-monitor | furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client. | 2021-09-27 | 4.3 | CVE-2021-31604 MISC MISC |
| os4ed — opensis | A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed’s OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to “Take Attendance” functionality to trigger this vulnerability. | 2021-09-24 | 6.5 | CVE-2021-40309 MISC MISC MISC |
| pingidentity — pingaccess | Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. | 2021-09-24 | 5 | CVE-2021-31923 CONFIRM |
| shopkit_project — shopkit | Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field. | 2021-09-24 | 4.3 | CVE-2020-20508 MISC |
| siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13789). | 2021-09-28 | 6.8 | CVE-2021-41537 MISC MISC |
| siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770). | 2021-09-28 | 4.3 | CVE-2021-41538 MISC MISC |
| siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703). | 2021-09-28 | 4.3 | CVE-2021-41534 MISC MISC |
| siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565). | 2021-09-28 | 4.3 | CVE-2021-41533 MISC MISC |
| siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13778). | 2021-09-28 | 6.8 | CVE-2021-41536 MISC MISC |
| siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13771). | 2021-09-28 | 6.8 | CVE-2021-41535 MISC MISC |
| siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13776). | 2021-09-28 | 6.8 | CVE-2021-41540 MISC MISC |
| siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13773). | 2021-09-28 | 6.8 | CVE-2021-41539 MISC MISC |
| skale — sgxwallet | An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GCMEncrypt allows an out-of-bounds write, resulting in a segfault and compromised enclave. This issue describes a buffer overflow, which was resolved prior to v1.77.0 and not reproducible in latest sgxwallet v1.77.0 | 2021-09-27 | 5 | CVE-2021-36218 MISC MISC |
| speed_test_project — speed_test | e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack that results in information disclosure via the “GET /..” substring. | 2021-09-27 | 5 | CVE-2021-40349 MISC MISC |
| spotweb_project — spotweb | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. | 2021-10-01 | 4.3 | CVE-2021-40969 MISC MISC |
| streama_project — streama | A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a CSRF attack and send them to the attacker. | 2021-09-29 | 6.8 | CVE-2021-41764 MISC MISC MISC |
| stylemixthemes — ulisting | Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). | 2021-09-27 | 6.5 | CVE-2021-36874 MISC CONFIRM |
| stylemixthemes — ulisting | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages. | 2021-09-27 | 6.8 | CVE-2021-36876 MISC CONFIRM |
| stylemixthemes — ulisting | Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. | 2021-09-27 | 4.3 | CVE-2021-36877 MISC CONFIRM |
| trendmicro — housecall_for_home_networks | An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | 2021-09-29 | 6.9 | CVE-2021-32466 MISC MISC MISC |
| wpdevart — countdown_and_countup,_woocommerce_sales_timer | The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.7. | 2021-09-28 | 6.8 | CVE-2021-34636 MISC MISC |
| wpxpo — postx_-_gutenberg_blocks_for_post_grid | The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values. | 2021-09-27 | 4 | CVE-2021-24652 MISC |
| zte — axon_30_pro_message_service | There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages. | 2021-09-25 | 4.3 | CVE-2021-21742 MISC |
| zyxel — zywall_vpn2s_firmware | A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information. | 2021-09-29 | 5 | CVE-2021-35027 MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| baidu — ueditor | Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. | 2021-09-28 | 3.5 | CVE-2021-37271 MISC MISC |
| btcpayserver — btcpay_server | btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 2021-09-26 | 3.5 | CVE-2021-3830 CONFIRM MISC |
| concretecms — concrete_cms | An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text. | 2021-09-24 | 3.5 | CVE-2021-40100 MISC MISC |
| dell — supportassist_client_consumer | Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin. | 2021-09-28 | 3.6 | CVE-2021-36286 MISC |
| gilacms — gila_cms | A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. | 2021-09-27 | 3.5 | CVE-2020-20695 MISC |
| gilacms — gila_cms | A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field. | 2021-09-27 | 3.5 | CVE-2020-20696 MISC |
| google — android | In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05393787. | 2021-09-27 | 2.1 | CVE-2021-0424 MISC |
| google — android | In memory management driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05385714. | 2021-09-27 | 2.1 | CVE-2021-0423 MISC |
| google — android | In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381071. | 2021-09-27 | 2.1 | CVE-2021-0422 MISC |
| google — android | In memory management driver, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05400059. | 2021-09-27 | 2.1 | CVE-2021-0425 MISC |
| ibm — business_automation_workflow | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204832. | 2021-09-29 | 3.5 | CVE-2021-29834 CONFIRM XF |
| laracms_project — laracms | LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor. | 2021-09-29 | 3.5 | CVE-2020-20129 MISC |
| laracms_project — laracms | LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module. | 2021-09-29 | 3.5 | CVE-2020-20131 MISC |
| os4ed — opensis | OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter. | 2021-09-24 | 3.5 | CVE-2021-40310 MISC MISC MISC |
| status301 — coolclock | The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks | 2021-09-27 | 3.5 | CVE-2021-24670 MISC |
| stylemixthemes — ulisting | Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Vulnerable parameters: &filter[id], &filter[user], &filter[expired_date], &filter[created_date], &filter[updated_date]. | 2021-09-27 | 3.5 | CVE-2021-36875 MISC CONFIRM |
| torproject — tor_browser | Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network). | 2021-09-24 | 3.6 | CVE-2021-39246 MISC MISC MISC MISC MISC |
| ucms_project — ucms | A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields. | 2021-09-29 | 3.5 | CVE-2020-20781 MISC |
| wpxpo — postx_-_gutenberg_blocks_for_post_grid | The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID. | 2021-09-27 | 3.5 | CVE-2021-24661 MISC |
| wpxpo — postx_-_gutenberg_blocks_for_post_grid | The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin’s shortcode. | 2021-09-27 | 3.5 | CVE-2021-24660 MISC |
| wpxpo — postx_-_gutenberg_blocks_for_post_grid | The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin’s block. | 2021-09-27 | 3.5 | CVE-2021-24659 MISC |
| yithemes — yith_maintenance_mode | Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration. | 2021-09-27 | 3.5 | CVE-2021-36841 MISC CONFIRM |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 3xlogic — infinias_access_control |
An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credentials. Also, an authorized user of one zone can send API requests to unlock electronic locks associated with zones they are unauthorized to have access to. They can also create new user logins for zones they were not authorized to access, including the root zone of the software. | 2021-10-01 | not yet calculated | CVE-2021-41847 MISC MISC MISC |
| abb — busch-controltouch |
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch | 2021-09-27 | not yet calculated | CVE-2021-22272 MISC |
| adobe — acrobat_pro_dc | Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to disclose sensitive user memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39860 MISC |
| adobe — acrobat_pro_dc |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39861 MISC |
| adobe — acrobat_reader_dc | Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader. | 2021-09-29 | not yet calculated | CVE-2021-39846 MISC |
| adobe — acrobat_reader_dc | Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39853 MISC |
| adobe — acrobat_reader_dc | Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39851 MISC |
| adobe — acrobat_reader_dc | Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39850 MISC |
| adobe — acrobat_reader_dc | Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39849 MISC |
| adobe — acrobat_reader_dc | Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39854 MISC |
| adobe — acrobat_reader_dc | Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader. | 2021-09-29 | not yet calculated | CVE-2021-39845 MISC |
| adobe — acrobat_reader_dc | Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetCaption action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39838 MISC |
| adobe — acrobat_reader_dc | Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm deleteItemAt action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39837 MISC |
| adobe — acrobat_reader_dc | Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page. | 2021-09-29 | not yet calculated | CVE-2021-39855 MISC |
| adobe — acrobat_reader_dc | Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39858 MISC |
| adobe — acrobat_reader_dc | Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39852 MISC |
| adobe — acrobat_reader_dc | Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to check for existence of local files. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. | 2021-09-29 | not yet calculated | CVE-2021-39857 MISC |
| adobe — acrobat_reader_dc | Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. | 2021-09-29 | not yet calculated | CVE-2021-39856 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm getItem action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39839 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForms that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39840 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39841 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39842 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39843 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetIcon action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39836 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39863 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-30 | not yet calculated | CVE-2021-21089 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user via DLL hijacking. Exploitation of this issue requires user interaction. | 2021-09-29 | not yet calculated | CVE-2021-35982 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39844 MISC |
| adobe — creative_cloud_desktop_application |
Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Exploitation of this issue requires local access, administrator privileges and user interaction. | 2021-09-27 | not yet calculated | CVE-2021-28613 MISC |
| adobe — framemaker |
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39865 MISC |
| adobe — framemaker |
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-40697 MISC |
| adobe — framemaker |
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-39862 MISC |
| adobe — framework | Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | 2021-09-29 | not yet calculated | CVE-2021-39831 MISC |
| adobe — framework |
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | 2021-09-29 | not yet calculated | CVE-2021-39829 MISC |
| adobe — framework |
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. | 2021-09-29 | not yet calculated | CVE-2021-39834 MISC |
| adobe — framework |
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. | 2021-09-29 | not yet calculated | CVE-2021-39833 MISC |
| adobe — framework |
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2021-09-29 | not yet calculated | CVE-2021-39832 MISC |
| adobe — framework |
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2021-09-29 | not yet calculated | CVE-2021-39830 MISC |
| adobe — framework |
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a use-after-free vulnerability in the processing of a malformed PDF file that could result in disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | 2021-09-29 | not yet calculated | CVE-2021-39835 MISC |
| adobe — genuine_service |
Adobe Genuine Service versions 7.3 (and earlier) are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code. User interaction is required to abuse this vulnerability. | 2021-09-29 | not yet calculated | CVE-2021-40708 MISC |
| adobe — photoshop_elements |
Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TTF file. | 2021-09-27 | not yet calculated | CVE-2021-39825 MISC |
| adobe — premiere_elements
|
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2021-09-27 | not yet calculated | CVE-2021-40701 MISC |
| adobe — premiere_elements |
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2021-09-27 | not yet calculated | CVE-2021-40700 MISC |
| adobe — premiere_elements |
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2021-09-27 | not yet calculated | CVE-2021-40703 MISC |
| adobe — premiere_elements |
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2021-09-27 | not yet calculated | CVE-2021-40702 MISC |
| adobe — premiere_pro |
Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .exr file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. | 2021-09-29 | not yet calculated | CVE-2021-40715 MISC |
| adobe — premiere_pro |
Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. | 2021-09-29 | not yet calculated | CVE-2021-40710 MISC |
| adobe — svg-native-viewer |
Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2021-09-27 | not yet calculated | CVE-2021-39823 MISC |
| apache — db_ddiutils |
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used ObjectInputStream.readObject without validating that the input data was safe to deserialize. Please note that DdlUtils is no longer being actively developed. To address the insecurity of the BinaryObjectHelper class, the following changes to DdlUtils have been made: (1) BinaryObjectsHelper.java has been deleted from the DdlUtils source repository and the DdlUtils feature of propagating data of SQL binary types is therefore no longer present in DdlUtils; (2) The ddlutils-1.0 release has been removed from the Apache Release Distribution Infrastructure; (3) The DdlUtils web site has been updated to indicate that DdlUtils is now available only as source code, not as a packaged release. | 2021-09-30 | not yet calculated | CVE-2021-41616 MISC |
| apple — macos |
The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner. | 2021-10-01 | not yet calculated | CVE-2021-3747 MISC |
| apple — safari |
The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web page could read a subset of 1Password vault items that would normally be fillable by the user on that web page. These items are usernames and passwords for vault items associated with its domain, usernames and passwords without a domain association, credit cards, and contact items. (1Password must be unlocked for these items to be accessible, but no further user interaction is required.) | 2021-09-29 | not yet calculated | CVE-2021-41795 MISC |
| aurelia — aurelia |
aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses `aurelia-path` package to parse a string. The majority of this will be Aurelia applications that employ the `aurelia-router` package. An example is this could allow an attacker to change the prototype of base object class `Object` by tricking an application to parse the following URL: `https://aurelia.io/blog/?__proto__[asdf]=asdf`. The problem is patched in version `1.1.7`. | 2021-09-27 | not yet calculated | CVE-2021-41097 MISC MISC CONFIRM MISC MISC |
| aviatorscript — aviatorscript |
AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL). | 2021-10-02 | not yet calculated | CVE-2021-41862 MISC |
| baicloud — baicloud |
BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on the server through /user/ppsave.php. | 2021-09-30 | not yet calculated | CVE-2021-41729 MISC |
| bugs — bugs |
Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter. | 2021-10-01 | not yet calculated | CVE-2021-40923 MISC MISC |
| bugs — bugs |
Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter. | 2021-10-01 | not yet calculated | CVE-2021-40924 MISC MISC |
| bugs — bugs |
Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter. | 2021-10-01 | not yet calculated | CVE-2021-40922 MISC MISC |
| china_telecom_corporation — epon_tianyi_gateway |
A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is a hardware terminal of “Optical Modem Smart Router.” Attackers can use this vulnerability to restart the device multiple times. | 2021-09-28 | not yet calculated | CVE-2021-37273 MISC |
| confluent — ansible | Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information. | 2021-09-29 | not yet calculated | CVE-2021-33924 MISC MISC |
| confluent — ansible |
Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database). | 2021-09-29 | not yet calculated | CVE-2021-33923 MISC MISC |
| conrete5 — legacy | Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. | 2021-10-01 | not yet calculated | CVE-2021-41465 MISC MISC |
| conrete5 — legacy |
Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter. | 2021-10-01 | not yet calculated | CVE-2021-41463 MISC MISC |
| conrete5 — legacy |
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. | 2021-10-01 | not yet calculated | CVE-2021-41464 MISC MISC |
| conrete5 — legacy |
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | 2021-10-01 | not yet calculated | CVE-2021-41461 MISC MISC |
| conrete5 — legacy |
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID parameter. | 2021-10-01 | not yet calculated | CVE-2021-41462 MISC MISC |
| corel — drawstandard_2020 | CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file. | 2021-10-02 | not yet calculated | CVE-2021-38107 MISC MISC |
| corel — drawstandard_2020 |
Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file. | 2021-10-02 | not yet calculated | CVE-2021-38109 MISC MISC |
| corel — pdf_fusion |
Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | 2021-10-01 | not yet calculated | CVE-2021-38098 MISC MISC |
| corel — pdf_fusion |
Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | 2021-10-01 | not yet calculated | CVE-2021-38097 MISC MISC |
| corel — pdf_fusion |
Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | 2021-10-01 | not yet calculated | CVE-2021-38096 MISC MISC |
| corel — photopaint
|
Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. | 2021-10-01 | not yet calculated | CVE-2021-38100 MISC MISC |
| corel — photopaint |
CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. This is different from CVE-2021-38099. | 2021-10-01 | not yet calculated | CVE-2021-38101 MISC MISC |
| corel — photopaint |
CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. This is different from CVE-2021-38101. | 2021-10-01 | not yet calculated | CVE-2021-38099 MISC MISC |
| corel — presentations_2020 | UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. | 2021-10-01 | not yet calculated | CVE-2021-38106 MISC MISC |
| corel — presentations_2020 | IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is different from CVE-2021-38102. | 2021-10-01 | not yet calculated | CVE-2021-38105 MISC MISC |
| corel — presentations_2020 | IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is different from CVE-2021-38105. | 2021-10-01 | not yet calculated | CVE-2021-38102 MISC MISC |
| corel — presentations_2020 |
IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. | 2021-10-01 | not yet calculated | CVE-2021-38103 MISC MISC |
| corel — presentations_2020 |
IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. | 2021-10-01 | not yet calculated | CVE-2021-38104 MISC MISC |
| corel — wordperfect_2020 | Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file. | 2021-10-01 | not yet calculated | CVE-2021-38110 MISC MISC |
| corel — wordperfect_2020 |
Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file. | 2021-10-02 | not yet calculated | CVE-2021-38108 MISC MISC |
| couchbase — server |
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513. | 2021-09-29 | not yet calculated | CVE-2021-35943 MISC MISC |
| craft — craft |
Craft CMS before 3.7.14 allows CSV injection. | 2021-09-30 | not yet calculated | CVE-2021-41824 MISC MISC |
| cwlviewer — cwlviewer |
cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de (dated 2021-09-30) contains a patch. There are no available workarounds aside from installing the patch. The SnakeYaml constructor, by default, allows any data to be parsed. To fix the issue the object needs to be created with a `SafeConstructor` object, as seen in the patch. | 2021-10-01 | not yet calculated | CVE-2021-41110 MISC MISC CONFIRM |
| d-link — multiple_devices |
A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames. | 2021-09-27 | not yet calculated | CVE-2021-41753 MISC |
| data_tables — data_tables |
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped. | 2021-09-27 | not yet calculated | CVE-2021-23445 MISC MISC MISC MISC MISC |
| datalust — seq |
Datalust Seq before 2021.2.6259 allows users (with view filters applied to their accounts) to see query results not constrained by their view filter. This information exposure, caused by an internal cache key collision, occurs when the user’s view filter includes an array or IN clause, and when another user has recently executed an identical query differing only by the array elements. | 2021-09-27 | not yet calculated | CVE-2021-41329 MISC CONFIRM |
| debian — curl |
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`–ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. | 2021-09-29 | not yet calculated | CVE-2021-22946 MISC MLIST FEDORA |
| debian — curl |
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker’s injected data comes from the TLS-protected server. | 2021-09-29 | not yet calculated | CVE-2021-22947 MISC MLIST FEDORA |
| dell — bios
|
Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack. | 2021-09-28 | not yet calculated | CVE-2021-36284 MISC |
| dell — bios |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | 2021-09-28 | not yet calculated | CVE-2021-36283 MISC |
| dell — bios |
Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface. | 2021-09-28 | not yet calculated | CVE-2021-21522 MISC |
| dell — bios |
Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack. | 2021-09-28 | not yet calculated | CVE-2021-36285 MISC |
| dell — emc_insightiq |
Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity. | 2021-10-01 | not yet calculated | CVE-2021-36298 MISC |
| dell — enterprise_sonic_os |
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACSRadius credentials stored to read sensitive information and use it in further attacks. | 2021-10-01 | not yet calculated | CVE-2021-36309 MISC |
| detector — detector |
Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter. | 2021-10-01 | not yet calculated | CVE-2021-40921 MISC |
| discourse — discourse |
Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and earlier of the `stable` branch, versions 2.8.0.beta6 and earlier of the `beta` branch, and versions 2.8.0.beta6 and earlier of the `tests-passed` branch. Rendering of some error messages that contain user input can be susceptible to XSS attacks. This vulnerability only affects sites which have blocked watched words that contain HTML tags, modified or disabled Discourse’s default Content Security Policy. This issue is patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. As a workaround, avoid modifying or disabling Discourse’s default Content Security Policy, and blocking watched words containing HTML tags. | 2021-09-27 | not yet calculated | CVE-2021-41095 CONFIRM MISC |
| dr.web — firewall |
Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters. | 2021-09-24 | not yet calculated | CVE-2021-28130 MISC MISC |
| earclink — espcms-p8 |
EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_webespcms_load.php. | 2021-09-28 | not yet calculated | CVE-2020-20125 MISC |
| eclipse — che |
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che. | 2021-09-29 | not yet calculated | CVE-2021-41034 CONFIRM |
| ecoa — bas | ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC. | 2021-09-30 | not yet calculated | CVE-2021-41292 MISC |
| ecoa — bas | ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | 2021-09-30 | not yet calculated | CVE-2021-41296 MISC |
| ecoa — bas | ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Using the specific GET parameter, unauthenticated attackers can remotely delete arbitrary files on the affected device and cause denial of service scenario. | 2021-09-30 | not yet calculated | CVE-2021-41294 MISC |
| ecoa — bas | ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in. | 2021-09-30 | not yet calculated | CVE-2021-41299 MISC |
| ecoa — bas |
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device. | 2021-09-30 | not yet calculated | CVE-2021-41290 MISC |
| ecoa — bas |
ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the system. | 2021-09-30 | not yet calculated | CVE-2021-41295 MISC |
| ecoa — bas |
ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device. | 2021-09-30 | not yet calculated | CVE-2021-41291 MISC |
| ecoa — bas |
ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text. | 2021-09-30 | not yet calculated | CVE-2021-41297 MISC |
| ecoa — bas |
ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user’s privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities. | 2021-09-30 | not yet calculated | CVE-2021-41298 MISC |
| ecoa — bas |
ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information. | 2021-09-30 | not yet calculated | CVE-2021-41293 MISC |
| ecoa — bas |
ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege. | 2021-09-30 | not yet calculated | CVE-2021-41302 MISC |
| ecoa — bas |
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access. | 2021-09-30 | not yet calculated | CVE-2021-41301 MISC |
| ecoa — bas |
ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality. | 2021-09-30 | not yet calculated | CVE-2021-41300 MISC |
| ecommerce-codeigniter_bootstrap — ecommerce-codeigniter_bootstrap |
Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title parameter. | 2021-10-01 | not yet calculated | CVE-2021-40975 MISC |
| emerson — wirelesshart_gateway |
There is a flaw in the code used to configure the internal gateway firewall when the gateway’s VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. | 2021-09-29 | not yet calculated | CVE-2020-12030 MISC |
| emlog — emlog |
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php. | 2021-10-01 | not yet calculated | CVE-2020-21014 MISC |
| emlog — emlog |
emlog v6.0.0 contains a SQL injection via /admin/comment.php. | 2021-10-01 | not yet calculated | CVE-2020-21013 MISC |
| enterprise_website_construction_system — enterprise_website_construction_system |
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority. | 2021-09-27 | not yet calculated | CVE-2021-37270 MISC MISC |
| esphome — esphome |
ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which `web_server` allows over-the-air (OTA) updates without checking user defined basic auth username & password. This issue is patched in version 2021.9.2. As a workaround, one may disable or remove `web_server`. | 2021-09-28 | not yet calculated | CVE-2021-41104 MISC MISC CONFIRM |
| esri — portal |
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker to impersonate another account. | 2021-10-01 | not yet calculated | CVE-2021-29108 CONFIRM |
| esri — portal |
A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. | 2021-10-01 | not yet calculated | CVE-2021-29109 CONFIRM |
| esri — portal |
Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. | 2021-10-01 | not yet calculated | CVE-2021-29110 CONFIRM |
| f-secure — internet_gatekeeper |
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product. | 2021-09-28 | not yet calculated | CVE-2021-33600 MISC MISC |
| f-secure — internet_gatekeeper |
A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper server. | 2021-09-28 | not yet calculated | CVE-2021-33601 MISC MISC |
| f5 — big-ip |
On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2021-09-27 | not yet calculated | CVE-2021-23054 MISC |
| flamecms — flamecms |
FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the “Id” parameter. | 2021-09-30 | not yet calculated | CVE-2020-20796 MISC |
| flamecms — flamecms |
FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php. | 2021-09-30 | not yet calculated | CVE-2020-20797 MISC |
| flextv — flext | Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter. | 2021-10-01 | not yet calculated | CVE-2021-40928 MISC MISC |
| floodlight — floodlight |
Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. | 2021-09-30 | not yet calculated | CVE-2020-18684 MISC |
| foitt — multiple_products |
Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certificate Check App IOS 2.2.0 and below affected, patch in progress. A denial of service (physically proximate) could be caused by scanning a crafted QR code. | 2021-09-27 | not yet calculated | CVE-2021-37786 MISC |
| fortinet — fortimanager |
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host. | 2021-09-30 | not yet calculated | CVE-2021-24016 CONFIRM |
| fortinet — fortimanager |
An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler. | 2021-09-30 | not yet calculated | CVE-2021-24017 CONFIRM |
| fusioncompute — fusioncompute |
There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. | 2021-09-28 | not yet calculated | CVE-2021-37106 MISC |
| fusioncompute — fusioncompute |
There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal. | 2021-09-28 | not yet calculated | CVE-2021-37105 MISC |
| galera — web_tempalte |
Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow. | 2021-10-01 | not yet calculated | CVE-2021-40960 MISC MISC |
| getid3 — getid3 |
Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter. | 2021-10-01 | not yet calculated | CVE-2021-40926 MISC MISC |
| handsontable — handsontable |
The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function. | 2021-09-29 | not yet calculated | CVE-2021-23446 MISC MISC MISC MISC MISC MISC MISC MISC |
| hewlett_packard_enterprises — storeonce |
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update – HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce. | 2021-09-27 | not yet calculated | CVE-2021-26587 MISC |
| hitachi — content_platform_anywhere |
Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and before the link expires. If the system has been upgraded to version 4.4.5 or 4.5.0 a malicious user with the link could browse and download all files of the authenticated user that created the link . | 2021-09-29 | not yet calculated | CVE-2021-41573 MISC MISC |
| huawei — huawei |
There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do. | 2021-09-28 | not yet calculated | CVE-2021-37104 MISC |
| ibm — cloud_pak_for_security |
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282. | 2021-09-30 | not yet calculated | CVE-2021-20578 CONFIRM XF |
| ibm — cloud_pak_for_security |
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320. | 2021-09-30 | not yet calculated | CVE-2021-29894 XF CONFIRM |
| image2pdf — image2pdf |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later | 2021-10-01 | not yet calculated | CVE-2021-38675 MISC |
| infaveohelpdesk — infaveohelpdesk | Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER[“PHP_SELF”] parameter. | 2021-10-01 | not yet calculated | CVE-2021-40925 MISC MISC |
| insyde — insydeh2o |
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the PnpSmm, SmmResourceCheckDxe, and BeepStatusCode drivers are 05.08.23, 05.16.23, 05.26.23, 05.35.23, 05.43.23, and 05.51.23 (for Kernel 5.0 through 5.5). | 2021-10-01 | not yet calculated | CVE-2021-33626 MISC |
| irfanview — irfanview | A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | 2021-09-28 | not yet calculated | CVE-2021-29361 MISC |
| irfanview — irfanview | A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to cause a denial of service (DOS) via a crafted PVR file. | 2021-09-28 | not yet calculated | CVE-2021-29358 MISC |
| irfanview — irfanview | A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | 2021-09-28 | not yet calculated | CVE-2021-29366 MISC |
| irfanview — irfanview | A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74 | 2021-09-28 | not yet calculated | CVE-2021-29363 MISC |
| irfanview — irfanview |
A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file. | 2021-09-28 | not yet calculated | CVE-2021-29367 MISC |
| irfanview — irfanview |
Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This can cause a denial of service (DOS). | 2021-09-28 | not yet calculated | CVE-2021-29365 MISC |
| irfanview — irfanview |
A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | 2021-09-28 | not yet calculated | CVE-2021-29364 MISC |
| irfanview — irfanview |
A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | 2021-09-28 | not yet calculated | CVE-2021-29362 MISC |
| irfanview — irfanview |
A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | 2021-09-28 | not yet calculated | CVE-2021-29360 MISC |
| jeecms — jeecms |
JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter. | 2021-09-30 | not yet calculated | CVE-2020-20799 MISC |
| jizhicms — jizhicms |
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. | 2021-10-01 | not yet calculated | CVE-2020-21228 MISC MISC MISC |
| json — web_token |
JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms (HS256, HS384, and HS512) combined with `LcobucciJWTSignerKeyLocalFileReference` as key are having their tokens issued/validated using the file path as hashing key – instead of the contents. The HMAC hashing functions take any string as input and, since users can issue and validate tokens, users are lead to believe that everything works properly. Versions 3.4.6, 4.0.4, and 4.1.5 have been patched to always load the file contents, deprecated the `LcobucciJWTSignerKeyLocalFileReference`, and suggest `LcobucciJWTSignerKeyInMemory` as the alternative. As a workaround, use `LcobucciJWTSignerKeyInMemory` instead of `LcobucciJWTSignerKeyLocalFileReference` to create the instances of one’s keys. | 2021-09-28 | not yet calculated | CVE-2021-41106 CONFIRM MISC MISC |
| justwriting — justwriting |
Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. | 2021-10-01 | not yet calculated | CVE-2021-41467 MISC MISC |
| kaushik — jadav_online_food_ordering_web_app |
An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable “username” parameter in login.php and retrieve sensitive database information, as well as add an administrative user. | 2021-10-01 | not yet calculated | CVE-2021-41647 MISC MISC |
| kingdee — kis_professional_edition |
Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes. | 2021-09-27 | not yet calculated | CVE-2021-37274 MISC MISC |
| libiec_iccp_mod — libiec_iccp_mod |
libiec_iccp_mod v1.5 contains a segmentation violation in the component server_example1.c. | 2021-09-30 | not yet calculated | CVE-2020-20664 MISC |
| libiec_iccp_mod — libiec_iccp_mod |
libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_connection.c. | 2021-09-30 | not yet calculated | CVE-2020-20663 MISC |
| libiec_iccp_mod — libiec_iccp_mod |
libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_example1.c. | 2021-09-30 | not yet calculated | CVE-2020-20662 MISC |
| lider — liderahenk |
On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it’s configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials. | 2021-10-01 | not yet calculated | CVE-2021-3825 CONFIRM CONFIRM |
| linux — linux_kernel |
A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP. | 2021-09-27 | not yet calculated | CVE-2021-20317 MISC MISC |
| linux_kernel — linux_kernel |
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. | 2021-10-02 | not yet calculated | CVE-2021-41864 MISC MISC |
| mcafee — drive_encryption |
Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer. | 2021-10-01 | not yet calculated | CVE-2021-23893 CONFIRM |
| mediatek — mediatek |
In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381235. | 2021-09-27 | not yet calculated | CVE-2021-0421 MISC |
| micro_focus — directory_resource_administrator |
Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure. | 2021-09-28 | not yet calculated | CVE-2021-22535 MISC |
| monstra — monstra | An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files. | 2021-09-27 | not yet calculated | CVE-2020-20691 MISC |
| mp4box — mp4box | There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability. | 2021-10-01 | not yet calculated | CVE-2021-41459 MISC |
| mp4box — mp4box | There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability. | 2021-10-01 | not yet calculated | CVE-2021-41457 MISC |
| mp4box — mp4box |
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability. | 2021-10-01 | not yet calculated | CVE-2021-41456 MISC |
| multipass — multipass |
The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation. | 2021-10-01 | not yet calculated | CVE-2021-3626 MISC |
| nagios — xi |
Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. | 2021-09-28 | not yet calculated | CVE-2021-36364 CONFIRM CONFIRM |
| nagios — xi |
Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. | 2021-09-28 | not yet calculated | CVE-2021-36366 CONFIRM CONFIRM |
| netop — vision_pro |
Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent unauthenticated attacker to write to arbitrary memory potentially leading to a Denial of Service (DoS). | 2021-09-27 | not yet calculated | CVE-2021-36134 MISC |
| netscout — ngeniusone | NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService. | 2021-09-30 | not yet calculated | CVE-2021-35200 MISC |
| netscout — ngeniusone | NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint. | 2021-09-30 | not yet calculated | CVE-2021-35204 MISC |
| netscout — ngeniusone |
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector. | 2021-09-30 | not yet calculated | CVE-2021-35205 MISC |
| netscout — ngeniusone |
NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module. | 2021-09-30 | not yet calculated | CVE-2021-35198 MISC |
| netscout — ngeniusone |
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint. | 2021-09-30 | not yet calculated | CVE-2021-35203 MISC |
| netscout — ngeniusone |
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService. | 2021-09-30 | not yet calculated | CVE-2021-35202 MISC |
| netscout — ngeniusone |
NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks. | 2021-09-30 | not yet calculated | CVE-2021-35201 MISC |
| netscout — ngeniusone |
NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile. | 2021-09-30 | not yet calculated | CVE-2021-35199 MISC |
| nokogiri — nokogiri |
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected. | 2021-09-27 | not yet calculated | CVE-2021-41098 MISC CONFIRM |
| open_robotics — ros_melodic | An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLRPC call. | 2021-09-28 | not yet calculated | CVE-2021-37146 MISC MISC MISC |
| opencrx — opencrx |
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance. | 2021-09-29 | not yet calculated | CVE-2021-25959 MISC MISC |
| oppo — oppo |
In Oppo’s battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. | 2021-09-27 | not yet calculated | CVE-2021-23243 MISC |
| os4ed — opensis_community |
OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server’s filesystem as long as the application has access to the file. | 2021-09-29 | not yet calculated | CVE-2021-40651 MISC MISC MISC |
| parse_server — parse_server |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular (non-LiveQuery) queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscription on the `Parse.User` class, all session tokens created during user sign-ups will be broadcast as part of the LiveQuery payload. A patch in version 4.10.4 removes session tokens from the LiveQuery payload. As a workaround, set `user.acl(new Parse.ACL())` in a beforeSave trigger to make the user private already on sign-up. | 2021-09-30 | not yet calculated | CVE-2021-41109 MISC MISC CONFIRM |
| passport-oauth2 — passport-oauth2 |
** DISPUTED ** The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider uses an HTTP 200 status code for authentication-failure error reports, and an application grants authorization upon simply receiving the access token (i.e., does not try to use the token). NOTE: the passport-oauth2 vendor does not consider this a passport-oauth2 vulnerability. | 2021-09-27 | not yet calculated | CVE-2021-41580 MISC MISC MISC |
| pingidentity — pingfederate |
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management. | 2021-09-27 | not yet calculated | CVE-2021-40329 CONFIRM |
| placeos — authentication_service |
PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect. | 2021-09-30 | not yet calculated | CVE-2021-41826 MISC MISC |
| progress — whatsup_gold |
In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim’s browser. | 2021-09-28 | not yet calculated | CVE-2021-41318 MISC MISC |
| puneethreddyhc — onlineshoppingsystemadvanced |
An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input. | 2021-10-01 | not yet calculated | CVE-2021-41648 MISC MISC |
| puneethreddyhc — onlineshoppingsystemadvanced |
An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input. | 2021-10-01 | not yet calculated | CVE-2021-41649 MISC |
| pydio — cells
|
Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.) | 2021-09-30 | not yet calculated | CVE-2021-41325 MISC MISC MISC |
| pydio — cells |
Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter. | 2021-09-30 | not yet calculated | CVE-2021-41323 MISC MISC MISC |
| pydio — cells |
Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete). | 2021-09-30 | not yet calculated | CVE-2021-41324 MISC MISC MISC |
| qnap — multiple_devices | A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later | 2021-10-01 | not yet calculated | CVE-2021-34356 MISC |
| qnap — multiple_devices | A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later | 2021-10-01 | not yet calculated | CVE-2021-34354 MISC |
| qnap — multiple_devices |
A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later | 2021-10-01 | not yet calculated | CVE-2021-34352 MISC |
| qnap — multiple_devices |
A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later | 2021-09-27 | not yet calculated | CVE-2021-34349 MISC |
| qnap — multiple_devices |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later | 2021-10-01 | not yet calculated | CVE-2021-34355 MISC |
| qnap — multiple_devices |
A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later | 2021-09-27 | not yet calculated | CVE-2021-34348 MISC |
| qnap — multiple_devices |
A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later | 2021-09-27 | not yet calculated | CVE-2021-34351 MISC |
| red_hat — errata |
A flaw was found in the KVM’s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the “int_ctl” field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7. | 2021-09-29 | not yet calculated | CVE-2021-3653 MISC MISC |
| reiner — timecard |
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file. | 2021-09-30 | not yet calculated | CVE-2021-33583 MISC |
| ricon — indusrial_cellular_router |
RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64. | 2021-09-28 | not yet calculated | CVE-2021-36165 MISC |
| rucky — rucky |
Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm (RSA/ECB/PKCS1Padding). The issue will be patched in v2.3 for release builds and 426 onwards for nightly builds. As a workaround, one may disable an advance security feature if not required. | 2021-09-27 | not yet calculated | CVE-2021-41096 CONFIRM MISC |
| rudp — rudp |
rudp v0.6 was discovered to contain a memory leak in the component main.c. | 2021-09-30 | not yet calculated | CVE-2020-20665 MISC |
| scalabium — dbase_viewer |
Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SEH) records and redirect execution to attacker-controlled code. | 2021-10-01 | not yet calculated | CVE-2021-35297 MISC |
| securonix — securonix |
The third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenticated user to obtain access to server configuration details via SSRF. | 2021-09-27 | not yet calculated | CVE-2021-41385 MISC |
| shuup — shuup |
In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped. | 2021-09-30 | not yet calculated | CVE-2021-25963 MISC MISC |
| shuup — shuup |
“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed. | 2021-09-29 | not yet calculated | CVE-2021-25962 MISC MISC |
| sonicwall — sma100 | Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user which potentially leads to DoS. | 2021-09-27 | not yet calculated | CVE-2021-20035 CONFIRM |
| sonicwall — sma100 |
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. | 2021-09-27 | not yet calculated | CVE-2021-20034 CONFIRM |
| sourcecodester — hotel_and_lodge_management_system |
Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. | 2021-10-01 | not yet calculated | CVE-2020-21012 MISC |
| spotify — for_alfred |
Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter. | 2021-10-01 | not yet calculated | CVE-2021-40927 MISC MISC |
| spotweb — spotweb |
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter. | 2021-10-01 | not yet calculated | CVE-2021-40968 MISC MISC |
| spotweb — spotweb |
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. | 2021-10-01 | not yet calculated | CVE-2021-40973 MISC MISC |
| spotweb — spotweb |
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. | 2021-10-01 | not yet calculated | CVE-2021-40972 MISC MISC |
| spotweb — spotweb |
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter. | 2021-10-01 | not yet calculated | CVE-2021-40971 MISC MISC |
| spotweb — spotweb |
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. | 2021-10-01 | not yet calculated | CVE-2021-40970 MISC MISC |
| suitecrm — suitecrm |
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the data as a CSV file and opens it, the payload gets executed. This was not fixed properly as part of CVE-2020-15301, allowing the attacker to bypass the security measure. | 2021-09-29 | not yet calculated | CVE-2021-25960 MISC MISC MISC |
| suitecrm — suitecrm |
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id. | 2021-09-29 | not yet calculated | CVE-2021-25961 MISC MISC MISC |
| supportassist — client |
SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll’s, | 2021-09-28 | not yet calculated | CVE-2021-36297 MISC |
| tenda — ac9 |
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg. | 2021-09-30 | not yet calculated | CVE-2020-20746 MISC |
| thinkphp — thinkphp |
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the “where” and “query” methods. | 2021-09-28 | not yet calculated | CVE-2020-20120 MISC |
| thycoticcentrify — secret_server |
A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. | 2021-10-01 | not yet calculated | CVE-2021-41845 MISC MISC |
| ubuntu — ubuntu |
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; | 2021-10-01 | not yet calculated | CVE-2021-3709 MISC MISC MISC MISC |
| ubuntu — ubuntu |
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; | 2021-10-01 | not yet calculated | CVE-2021-3710 MISC MISC MISC MISC |
| wazuh — manager |
Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager. | 2021-09-29 | not yet calculated | CVE-2021-41821 MISC MISC |
| webauthn — framework |
Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An attacker that controls a user’s system is able to login to a vulnerable service using an attached FIDO2 authenticator without passing a check of the user presence. | 2021-09-27 | not yet calculated | CVE-2021-38299 MISC MISC |
| wire-server — wire-server |
wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `.wire.com` (including `wire.com`). This means that if somebody were to find an XSS vector in any of the subdomains, they could use it to talk to the Wire API using the user’s Cookie. A patch does not exist, but a workaround does. To make sure that a compromise of one subdomain does not yield access to the cookie of another, one may limit the `Access-Control-Allow-Origin` header to apps that actually require the cookie (account-pages, team-settings and the webapp). | 2021-09-30 | not yet calculated | CVE-2021-41101 CONFIRM |
| wordpress — wordpress | The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a ‘Social & Donations’ module (not activated by default), which adds the rest route ‘/services/contributor/(?P<id>[d]+), takes an ‘id’ and ‘category’ parameters as arguments. Both parameters can be used for the SQLi. | 2021-09-27 | not yet calculated | CVE-2021-24666 MISC MISC |
| wordpress — wordpress | The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings), which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. | 2021-09-27 | not yet calculated | CVE-2021-24634 MISC |
| wordpress — wordpress |
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings. | 2021-09-27 | not yet calculated | CVE-2021-36878 MISC CONFIRM |
| wordpress — wordpress |
The Credova_Financial WordPress plugin discloses a site’s associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8. | 2021-09-29 | not yet calculated | CVE-2021-39342 MISC MISC |
| wordpress — wordpress |
The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfiltered_html capability is disallowed. | 2021-09-27 | not yet calculated | CVE-2021-24569 MISC |
| wordpress — wordpress |
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The ‘trp_sanitize_string’ function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. | 2021-09-27 | not yet calculated | CVE-2021-24610 MISC MISC |
| wordpress — wordpress |
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | 2021-09-27 | not yet calculated | CVE-2021-24632 MISC |
| wordpress — wordpress |
The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users. | 2021-09-27 | not yet calculated | CVE-2021-24633 MISC |
| wordpress — wordpress |
The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | 2021-09-27 | not yet calculated | CVE-2021-24643 MISC |
| wordpress — wordpress |
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 – “Newsletter” tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (‘) symbol to break the context, i.e.: NOTIFY ME’ autofocus onfocus=alert(/Visse/);// v=’ – this payload will be auto triggered while admin visits this page/tab. 2 – “General” tab issues, vulnerable parameters: &yith_maintenance_message, &yith_maintenance_custom_style, &yith_maintenance_mascotte, &yith_maintenance_title_font[size], &yith_maintenance_title_font[family], &yith_maintenance_title_font[color], &yith_maintenance_paragraph_font[size], &yith_maintenance_paragraph_font[family], &yith_maintenance_paragraph_font[color], &yith_maintenance_border_top. 3 – “Background” tab issues, vulnerable parameters: &yith_maintenance_background_image, &yith_maintenance_background_color. 4 – “Logo” tab issues, vulnerable parameters: &yith_maintenance_logo_image, &yith_maintenance_logo_tagline, &yith_maintenance_logo_tagline_font[size], &yith_maintenance_logo_tagline_font[family], &yith_maintenance_logo_tagline_font[color]. 5 – “Newsletter” tab issues, vulnerable parameters: &yith_maintenance_newsletter_email_font[size], &yith_maintenance_newsletter_email_font[family], &yith_maintenance_newsletter_email_font[color], &yith_maintenance_newsletter_submit_font[size], &yith_maintenance_newsletter_submit_font[family], &yith_maintenance_newsletter_submit_font[color], &yith_maintenance_newsletter_submit_background, &yith_maintenance_newsletter_submit_background_hover, &yith_maintenance_newsletter_title, &yith_maintenance_newsletter_action, &yith_maintenance_newsletter_email_label, &yith_maintenance_newsletter_email_name, &yith_maintenance_newsletter_submit_label, &yith_maintenance_newsletter_hidden_fields. 6 – “Socials” tab issues, vulnerable parameters: &yith_maintenance_socials_facebook, &yith_maintenance_socials_twitter, &yith_maintenance_socials_gplus, &yith_maintenance_socials_youtube, &yith_maintenance_socials_rss, &yith_maintenance_socials_skype, &yith_maintenance_socials_email, &yith_maintenance_socials_behance, &yith_maintenance_socials_dribble, &yith_maintenance_socials_flickr, &yith_maintenance_socials_instagram, &yith_maintenance_socials_pinterest, &yith_maintenance_socials_tumblr, &yith_maintenance_socials_linkedin. | 2021-09-27 | not yet calculated | CVE-2021-36845 MISC CONFIRM |
| wordpress — wordpress |
The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the time_zone attribute of the mxmtzc_time_zone_clocks shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | 2021-09-27 | not yet calculated | CVE-2021-24671 MISC |
| wuzhi — wuhzi |
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files. | 2021-09-27 | not yet calculated | CVE-2020-24930 MISC MISC |
| wuzhi — wuzhi |
Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in attachmentadminindex.php. | 2021-09-28 | not yet calculated | CVE-2020-20124 MISC |
| wuzhi — wuzhi |
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. | 2021-09-28 | not yet calculated | CVE-2020-20122 MISC |
| xmp — toolkit_sdk |
XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-09-29 | not yet calculated | CVE-2021-40716 MISC |
| zeek — zeek |
An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that will invalidate any ZEEK HTTP based security analysis. | 2021-09-29 | not yet calculated | CVE-2021-41732 MISC |
| zoho_manageengine — opmanage |
Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. | 2021-09-30 | not yet calculated | CVE-2021-41288 MISC |
| zoho_manageengine — remote_access_plus |
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive. | 2021-09-30 | not yet calculated | CVE-2021-41827 MISC MISC |
| zoho_manageengine — remote_access_plus |
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application’s build number to calculate a certain encryption key. | 2021-09-30 | not yet calculated | CVE-2021-41829 MISC MISC |
| zoho_manageengine — remote_access_plus |
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml. | 2021-09-30 | not yet calculated | CVE-2021-41828 MISC MISC |
| zoom — client_for_meetings | The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege escalation if a link was created between the user writable directory used and a non-user writable directory. | 2021-09-27 | not yet calculated | CVE-2021-34408 CONFIRM |
| zoom — client_for_meetings |
User-writable pre and post-install scripts unpacked during the Zoom Client for Meetings for MacOS installation before version 5.2.0 allow for privilege escalation to root. | 2021-09-27 | not yet calculated | CVE-2021-34409 CONFIRM |
| zoom — client_for_meetings |
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context. | 2021-09-27 | not yet calculated | CVE-2021-33907 MISC |
| zoom — client_for_meetings |
During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation. | 2021-09-27 | not yet calculated | CVE-2021-34412 CONFIRM |
| zoom — meeting_connector |
The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators. | 2021-09-27 | not yet calculated | CVE-2021-34416 CONFIRM |
| zoom — meeting_connector_controller |
The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room Connector before version 4.4.6620.20201110, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network proxy configuration, which could lead to remote command injection on the on-premise image by a web portal administrator. | 2021-09-27 | not yet calculated | CVE-2021-34414 CONFIRM |
| zoom — plugin_for_microsoft_outlook |
A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root. | 2021-09-27 | not yet calculated | CVE-2021-34410 CONFIRM |
| zoom — plugin_fpr_microsoft_outlook |
All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the malicious application to execute in a privileged context. | 2021-09-27 | not yet calculated | CVE-2021-34413 CONFIRM |
| zoom — rooms_for_conference_room |
During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation. | 2021-09-27 | not yet calculated | CVE-2021-34411 CONFIRM |
| zoom — zone_controller |
The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash. | 2021-09-27 | not yet calculated | CVE-2021-34415 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.