Vulnerability Summary for the Week of November 22, 2021

11/29/2021 07:00 AM EST

Original release date: November 29, 2021

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
4mosan — gcb_doctor 4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files. 2021-11-19 10 CVE-2021-42338
CONFIRM
adobe — creative_cloud_desktop_application Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability on the product installer. User interaction is required before product installation to abuse this vulnerability. 2021-11-23 9.3 CVE-2021-43019
MISC
MISC
adobe — incopy Adobe InCopy version 16.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-22 9.3 CVE-2021-43015
MISC
adobe — prelude Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-22 9.3 CVE-2021-42738
MISC
asus — gt-ax11000_firmware An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. 2021-11-19 7.8 CVE-2021-41436
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
asus — gt-ax11000_firmware A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. 2021-11-19 10 CVE-2021-41435
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
beyondtrust — privilege_management_for_windows BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. 2021-11-19 7.2 CVE-2021-42254
MISC
MISC
c-ares_project — c-ares A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. 2021-11-23 7.5 CVE-2021-3672
MISC
MISC
dell — cloudlink Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system. 2021-11-23 8.5 CVE-2021-36312
CONFIRM
dell — cloudlink Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity. 2021-11-23 9 CVE-2021-36313
CONFIRM
dell — emc_cloud_link Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files on the end user system. 2021-11-23 7.5 CVE-2021-36314
CONFIRM
dell — networking_os10 Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system. 2021-11-20 8.5 CVE-2021-36307
MISC
dell — networking_os10 Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. 2021-11-20 9.3 CVE-2021-36308
MISC
dell — networking_os10 Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. 2021-11-20 9.3 CVE-2021-36306
MISC
dell — x1008p_firmware Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID. 2021-11-20 7.5 CVE-2021-36320
MISC
duplicate_post_project — duplicate_post The “Duplicate Post” WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles. 2021-11-19 9 CVE-2021-43408
MISC
MISC
gerbv_project — gerbv An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2021-11-19 7.5 CVE-2021-40391
MISC
huawei — cloudengine_5800_firmware There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. 2021-11-23 7.2 CVE-2021-39976
MISC
huawei — fusioncompute There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Affected product versions include: FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0. 2021-11-23 9 CVE-2021-37102
MISC
ibm — planning_analytics IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396. 2021-11-24 9.3 CVE-2021-38873
CONFIRM
XF
iptime — c200_firmware ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command. 2021-11-22 10 CVE-2021-26614
MISC
isync_project — isync A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution. 2021-11-22 7.5 CVE-2021-44143
MISC
MISC
MISC
moodle — moodle A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified. 2021-11-22 7.5 CVE-2021-3943
MISC
MISC
nvidia — geforce_gt_605 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to instantiate a specifically timed DMA write to corrupt code execution, which may impact confidentiality, integrity, or availability. 2021-11-20 7.2 CVE-2021-23217
CONFIRM
nvidia — geforce_gtx_950 NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller which may allow a user with elevated privileges to generate valid microcode. This could lead to information disclosure, data corruption, or denial of service of the device. 2021-11-20 7.2 CVE-2021-23201
CONFIRM
oisf — suricata Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments. 2021-11-19 7.5 CVE-2021-37592
MISC
CONFIRM
CONFIRM
pulsesecure — pulse_connect_secure A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device. 2021-11-19 7.8 CVE-2021-22965
MISC
quagga — quagga An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update. 2021-11-19 7.2 CVE-2021-44038
MISC
MISC
roundcube — webmail Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. 2021-11-19 7.5 CVE-2021-44026
MISC
MISC
MISC
FEDORA
FEDORA
DEBIAN
sharetribe — sharetribe Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple Notification Service (SNS) notification token configured via the `sns_notification_token` configuration parameter. This configuration parameter is unset by default. The vulnerability has been patched in version 10.2.1. Users who are unable to upgrade should set the`sns_notification_token` configuration parameter to a secret value. 2021-11-19 7.5 CVE-2021-41280
CONFIRM
MISC
MISC
vim — vim vim is vulnerable to Heap-based Buffer Overflow 2021-11-19 8.5 CVE-2021-3968
CONFIRM
MISC
FEDORA
vim — vim vim is vulnerable to Heap-based Buffer Overflow 2021-11-19 9.3 CVE-2021-3973
MISC
CONFIRM
FEDORA
wazuh — wazuh In the wazuh-slack active response script in Wazuh before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. 2021-11-22 7.5 CVE-2021-44079
MISC
MISC
wpwave — hide_my_wp The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function “hmwp_get_user_ip” tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as “X-Forwarded-For.” As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible. 2021-11-24 7.5 CVE-2021-36916
CONFIRM
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — audition Adobe Audition version 14.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-19 4.3 CVE-2021-36003
MISC
adobe — incopy Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-22 4.3 CVE-2021-43016
MISC
adobe — prelude Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-22 6.8 CVE-2021-40775
MISC
adobe — prelude Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-22 6.8 CVE-2021-40770
MISC
adobe — prelude Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-22 6.8 CVE-2021-42737
MISC
adobe — prelude Adobe Prelude version 10.1 (and earlier) is affected by an improper input validation vulnerability in the XDCAMSAM directory. An unauthenticated attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-22 6.8 CVE-2021-42733
MISC
adobe — prelude Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-22 6.8 CVE-2021-40772
MISC
adobe — prelude Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-22 4.3 CVE-2021-40774
MISC
adobe — prelude Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-22 4.3 CVE-2021-40773
MISC
adobe — prelude Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-22 6.8 CVE-2021-40771
MISC
adobe — robohelp_server Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected by a Path traversal vulnerability. The authenticated attacker can upload arbitrary files outside of the intended directory to cause remote code execution with privileges of user running Tomcat. Exploitation of this issue requires user interaction in that a victim must navigate to a planted file on the server. 2021-11-22 6.8 CVE-2021-42727
MISC
algolia — algoliasearch-helper The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns. 2021-11-19 6.8 CVE-2021-23433
MISC
MISC
MISC
apache — apisix The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains “^/internal/”, a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer’s custom plugin. 2021-11-22 5 CVE-2021-43557
MISC
MLIST
MLIST
MLIST
cisco — common_services_platform_collector A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC. 2021-11-19 4 CVE-2021-40130
CISCO
cisco — common_services_platform_collector A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database. 2021-11-19 4 CVE-2021-40129
CISCO
claris — filemaker_pro An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks. 2021-11-22 4.3 CVE-2021-44147
MISC
MISC
concretecms — concrete_cms A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it’s possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the ability to upload restricted file types and execute them depending on server configuration.To fix this, a check for allowed file extensions was added before downloading files to a tmp directory.Concrete CMS Security Team gave this a CVSS v3.1 score of 5.4 AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:NThis fix is also in Concrete version 9.0.0 2021-11-19 6.5 CVE-2021-22968
MISC
MISC
concretecms — concrete_cms Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations were put in place a. restricting file types for view_inline to images only b. putting a warning in the file manager to advise users.Credit for discovery: “Solar Security Research Team”Concrete CMS security team CVSS scoring is 5.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis fix is also in Concrete version 9.0.0 2021-11-19 5 CVE-2021-22951
MISC
MISC
concretecms — concrete_cms In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in “add / edit message”.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H 2021-11-19 5 CVE-2021-22967
MISC
MISC
concretecms — concrete_cms Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . Please note that Cloud IAAS provider mis-configurations are not Concrete CMS vulnerabilities. A mitigation for this vulnerability is to make sure that the IMDS configurations are according to a cloud provider’s best practices.This fix is also in Concrete version 9.0.0 2021-11-19 5 CVE-2021-22969
MISC
MISC
concretecms — concrete_cms Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SSRF Mitigation Bypass through DNS RebindingConcrete CMS security team gave this a CVSS score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:NConcrete CMS is maintaining Concrete version 8.5.x until 1 May 2022 for security fixes.This CVE is shared with HackerOne Reports hackerone.com/reports/1364797 and hackerone.com/reports/1360016Reporters: Adrian Tiron from FORTBRIDGE (www.fortbridge.co.uk/ ) and Bipul Jaiswal 2021-11-19 5 CVE-2021-22970
MISC
MISC
MISC
concretecms — concrete_cms Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted “view” permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group permissions before allowing a group to be moved. Concrete CMS Security team CVSS scoring: 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HCredit for discovery: “Adrian Tiron from FORTBRIDGE ( www.fortbridge.co.uk/ )”This fix is also in Concrete version 9.0.0 2021-11-19 6.5 CVE-2021-22966
MISC
MISC
crocontrol — asterix Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date. 2021-11-22 6.4 CVE-2021-44144
MISC
delitestudio — push_notifications_for_wordpress_lite Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page. 2021-11-24 6.8 CVE-2021-20846
MISC
MISC
MISC
dell — emc_cloud_link Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine 2021-11-23 6 CVE-2021-36334
CONFIRM
dell — emc_cloud_link Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites. 2021-11-23 4.9 CVE-2021-36332
CONFIRM
dell — emc_cloud_link Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server 2021-11-23 6.5 CVE-2021-36335
CONFIRM
dell — emc_idrac9_firmware Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application. 2021-11-23 5.5 CVE-2021-36299
CONFIRM
dell — emc_idrac9_firmware iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the webserver or cause information disclosure. 2021-11-23 6.4 CVE-2021-36300
CONFIRM
dell — emc_networker Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. 2021-11-23 4.6 CVE-2021-36311
CONFIRM
dell — networking_os10 Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service. 2021-11-20 6.8 CVE-2021-36310
MISC
dell — x1008p_firmware Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections. 2021-11-20 5.8 CVE-2021-36322
MISC
dell — x1008p_firmware Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service. 2021-11-20 5 CVE-2021-36321
MISC
easyregistrationforms — easy_registration_forms The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1. 2021-11-19 6.8 CVE-2021-39353
MISC
MISC
ec-cube — ec-cube Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page. 2021-11-24 4.3 CVE-2021-20842
MISC
MISC
ec-cube — ec-cube Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors. 2021-11-24 4 CVE-2021-20841
MISC
MISC
feataholic — maz_loader The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack 2021-11-23 4.3 CVE-2021-24668
MISC
google — chrome Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. 2021-11-23 6.8 CVE-2021-37997
MISC
MISC
google — chrome Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-11-23 4.3 CVE-2021-38004
MISC
MISC
google — chrome Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-11-23 6.8 CVE-2021-37998
MISC
MISC
google — chrome Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. 2021-11-23 4.3 CVE-2021-37999
MISC
MISC
google — chrome Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-11-23 6.8 CVE-2021-38003
MISC
MISC
google — chrome Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2021-11-23 6.8 CVE-2021-38002
MISC
MISC
google — chrome Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-11-23 6.8 CVE-2021-38001
MISC
MISC
google — chrome Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. 2021-11-23 5.8 CVE-2021-38000
MISC
MISC
greenplum — greenplum In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability. 2021-11-19 6.4 CVE-2021-22028
MISC
greenplum — greenplum In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users 2021-11-19 4 CVE-2021-22030
MISC
hancom — anysign4pc Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. ‘../../../’) 2021-11-22 6.4 CVE-2020-7882
MISC
ibm — mq IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398. 2021-11-23 4 CVE-2021-38875
XF
CONFIRM
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212786. 2021-11-23 5 CVE-2021-38980
XF
CONFIRM
imagemagick — imagemagick A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-11-19 6.8 CVE-2021-3962
MISC
MISC
MISC
imagestowebp_project — images_to_webp The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue 2021-11-23 5 CVE-2021-24644
MISC
imagestowebp_project — images_to_webp The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion 2021-11-23 5.8 CVE-2021-24641
MISC
implecode — ecommerce_product_catalog The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue 2021-11-23 4.3 CVE-2021-24875
MISC
ionic — identity_vault In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed. 2021-11-19 4.6 CVE-2021-44033
MISC
FULLDISC
MISC
kimai — kimai_2 kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-19 4.3 CVE-2021-3976
MISC
CONFIRM
kimai — kimai_2 kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-19 4.3 CVE-2021-3957
MISC
CONFIRM
kimai — kimai_2 kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-19 4.3 CVE-2021-3963
CONFIRM
MISC
librecad — libdxfrw A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. 2021-11-19 6.8 CVE-2021-21898
MISC
librecad — libdxfrw A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2021-11-19 6.8 CVE-2021-21899
MISC
librecad — libdxfrw A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. 2021-11-19 6.8 CVE-2021-21900
MISC
mainwp — mainwp_child The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed 2021-11-23 6 CVE-2021-24877
MISC
moddable — moddable OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_prototype_repeat function at /moddable/xs/sources/xsString.c. 2021-11-19 6.8 CVE-2021-29325
MISC
moddable — moddable OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c. 2021-11-19 6.8 CVE-2021-29329
MISC
moddable — moddable OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer function at /moddable/xs/sources/xsDataView.c. 2021-11-19 6.8 CVE-2021-29327
MISC
moddable — moddable OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c. 2021-11-19 6.8 CVE-2021-29326
MISC
moddable — moddable OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c. 2021-11-19 6.8 CVE-2021-29324
MISC
moddable — moddable OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c. 2021-11-19 5.8 CVE-2021-29328
MISC
moddable — moddable OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c. 2021-11-19 4.3 CVE-2021-29323
MISC
moodle — moodle A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. 2021-11-22 4.3 CVE-2021-43558
MISC
MISC
moodle — moodle A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users’ calendar action events. 2021-11-22 5 CVE-2021-43560
MISC
MISC
moodle — moodle A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The “delete related badge” functionality did not include the necessary token check to prevent a CSRF risk. 2021-11-22 6.8 CVE-2021-43559
MISC
MISC
myscada — mydesigner mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution. 2021-11-19 6.8 CVE-2021-43555
MISC
nvidia — dgx-1_p100 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data. 2021-11-20 4.9 CVE-2021-1125
CONFIRM
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message. 2021-11-22 4.3 CVE-2021-38375
MISC
MISC
MISC
open-xchange — ox_app_suite OX App Suite 7.10.5 allows XSS via an OX Chat system message. 2021-11-22 4.3 CVE-2021-33495
MISC
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file. 2021-11-22 4.3 CVE-2021-33489
MISC
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature. 2021-11-22 4.3 CVE-2021-33490
MISC
MISC
MISC
open-xchange — ox_app_suite OX App Suite 7.10.5 allows XSS via an OX Chat room name. 2021-11-22 4.3 CVE-2021-33492
MISC
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results. 2021-11-22 4.3 CVE-2021-38377
MISC
MISC
MISC
open-xchange — ox_app_suite OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering. 2021-11-22 4.3 CVE-2021-33494
MISC
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call. 2021-11-22 5 CVE-2021-38376
MISC
MISC
MISC
open-xchange — ox_app_suite OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records. 2021-11-22 4 CVE-2021-33491
MISC
MISC
MISC
open-xchange — ox_app_suite OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person’s name. 2021-11-22 4 CVE-2021-38378
MISC
MISC
MISC
open-xchange — ox_app_suite chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook. 2021-11-22 5.8 CVE-2021-33488
FULLDISC
MISC
MISC
opendesign — drawings_sdk A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-11-22 6.8 CVE-2021-43582
MISC
opendesign — prc_sdk An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK before 2022.11. The specific issue exists within the parsing of U3D files. Incorrect use of the LibJpeg source manager inside the U3D library, and crafted data in a U3D file, can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-11-22 6.8 CVE-2021-43581
MISC
oroinc — client_relationship_management OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package. 2021-11-19 5.8 CVE-2021-39198
CONFIRM
pekeupload_project — pekeupload This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed. 2021-11-22 4.3 CVE-2021-23673
CONFIRM
CONFIRM
pgbouncer — pgbouncer When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1. 2021-11-22 5.1 CVE-2021-3935
MISC
MISC
philips — mri_3t_firmware Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor. 2021-11-19 5 CVE-2021-26262
MISC
MISC
qnap — qmailagent We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later 2021-11-20 6.8 CVE-2021-34358
CONFIRM
qnap — ragic_cloud_db A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic. 2021-11-20 4.3 CVE-2021-38681
CONFIRM
rapid7 — nexpose Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user’s session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user 2021-11-22 5 CVE-2019-5640
CONFIRM
roundcube — webmail Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment’s filename extension when displaying a MIME type warning message. 2021-11-19 4.3 CVE-2021-44025
MISC
MISC
MISC
MISC
FEDORA
FEDORA
DEBIAN
rwtxt_project — rwtxt Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 allows a remote attacker to inject an arbitrary script via unspecified vectors. 2021-11-24 4.3 CVE-2021-20848
MISC
MISC
saasproject — booking_package Cross-site scripting vulnerability in Booking Package – Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified vectors. 2021-11-24 4.3 CVE-2021-20840
MISC
MISC
MISC
sas — sas/intrnet SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS. 2021-11-19 5 CVE-2021-41569
MISC
secomea — gatemanager_8250_firmware This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning. 2021-11-22 5 CVE-2021-32004
MISC
ssrf-agent_project — ssrf-agent The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private. 2021-11-22 5 CVE-2021-23718
CONFIRM
CONFIRM
teampasswordmanager — team_password_manager Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import. 2021-11-19 6.8 CVE-2021-44036
MISC
MISC
teampasswordmanager — team_password_manager Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning. 2021-11-19 5 CVE-2021-44037
MISC
MISC
themeum — tutor_lms The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue 2021-11-23 4.3 CVE-2021-24873
CONFIRM
MISC
transloadit — tusdotnet The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content. 2021-11-22 4.3 CVE-2021-44150
MISC
vim — vim vim is vulnerable to Use After Free 2021-11-19 6.8 CVE-2021-3974
MISC
CONFIRM
FEDORA
vmware — spring_cloud_netflix Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution. 2021-11-19 6.5 CVE-2021-22053
MISC
we-con — plc_editor PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. 2021-11-22 6.8 CVE-2021-42707
MISC
we-con — plc_editor PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. 2021-11-22 6.8 CVE-2021-42705
MISC
windriver — vxworks An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free. 2021-11-24 5 CVE-2021-43268
MISC
wipro — holmes The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. 2021-11-22 5 CVE-2021-38146
MISC
MISC
wireshark — wireshark NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19 5 CVE-2021-39923
CONFIRM
MISC
MISC
wireshark — wireshark NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19 5 CVE-2021-39921
MISC
MISC
CONFIRM
wireshark — wireshark Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19 5 CVE-2021-39922
CONFIRM
MISC
MISC
wireshark — wireshark Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19 5 CVE-2021-39924
MISC
CONFIRM
MISC
wireshark — wireshark Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19 5 CVE-2021-39925
CONFIRM
MISC
MISC
wireshark — wireshark Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19 5 CVE-2021-39926
MISC
CONFIRM
MISC
wireshark — wireshark Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19 5 CVE-2021-39929
MISC
MISC
CONFIRM
wpo365 — wordpress__azure_ad_/_microsoft_office_365 The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. In this case, the XSS payload can be submitted by any anonymous user, the payload then renders and executes when a WordPress administrator authenticates and accesses the WordPress Dashboard. The injected payload can carry out actions on behalf of the administrator including adding other administrative users and changing application settings. This flaw could be exploited to ultimately provide full control of the affected system to the attacker. 2021-11-19 4.3 CVE-2021-43409
MISC
MISC
wpwave — hide_my_wp WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin. 2021-11-24 5 CVE-2021-36917
MISC
CONFIRM
MISC
xen — xen certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs. These page tables are presently set up to always be 4 levels deep. However, an IOMMU may require the use of just 3 page table levels. In such a configuration the lop level table needs to be stripped before inserting the root table’s address into the hardware pagetable base register. When sharing page tables, Xen erroneously skipped this stripping. Consequently, the guest is able to write to leaf page table entries. 2021-11-21 6.9 CVE-2021-28710
MISC
xml-sitemaps — unlimited_sitemap_generator Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to v8.2 allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operation via a specially crafted web page. 2021-11-24 6.8 CVE-2021-20845
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acurax — floating_social_media_icon Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin. 2021-11-26 3.5 CVE-2021-36843
MISC
CONFIRM
advanced_access_manager_project — advanced_access_manager The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2021-11-23 3.5 CVE-2021-24830
MISC
CONFIRM
awesomesupport — awesome_support_wordpress_helpdesk_ amp;_support Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). 2021-11-26 3.5 CVE-2021-36919
MISC
CONFIRM
backupbliss — backup_migration Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions. 2021-11-19 3.5 CVE-2021-36884
CONFIRM
CONFIRM
cisco — common_services_platform_collector A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by adding malicious code to the configuration by using the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. 2021-11-19 3.5 CVE-2021-40131
CISCO
creativemindssolutions — video_lessons_manager The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks 2021-11-23 3.5 CVE-2021-24713
MISC
dell — emc_cloud_link Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash. 2021-11-23 2.1 CVE-2021-36333
CONFIRM
MISC
dell — emc_powerscale_onefs Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files. 2021-11-23 2.1 CVE-2021-21561
CONFIRM
dell — emc_secure_connect_gateway Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. 2021-11-20 2.1 CVE-2021-36340
MISC
dell — networking_os10 Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages. 2021-11-20 2.1 CVE-2021-36319
MISC
django-helpdesk_project — django-helpdesk django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-11-19 3.5 CVE-2021-3950
MISC
CONFIRM
edgexfoundry — app_service_configurable Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors. The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in the processing pipeline. No decrypt function is provided. Encryption is not enabled by default, but if used, the level of protection may be less than the user may expects due to a broken implementation. Version v2.1.0 (EdgeX Foundry Jakarta release and later) of app-functions-sdk-go/v2 deprecates the “aes” transform and provides an improved “aes256” transform in its place. The broken implementation will remain in a deprecated state until it is removed in the next EdgeX major release to avoid breakage of existing software that depends on the broken implementation. As the broken transform is a library function that is not invoked by default, users who do not use the AES transform in their processing pipelines are unaffected. Those that are affected are urged to upgrade to the Jakarta EdgeX release and modify processing pipelines to use the new “aes256” transform. 2021-11-19 2.6 CVE-2021-41278
MISC
CONFIRM
getgrav — grav-plugin-admin grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-11-19 3.5 CVE-2021-3920
MISC
CONFIRM
huawei — ecns280_td_firmware There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. 2021-11-23 2.1 CVE-2021-37036
MISC
huawei — imaster_nce-fabric_firmware There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after logging onto the client. This may compromise the normal service of the client. 2021-11-23 3.5 CVE-2021-22410
MISC
incsub — forminator The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2021-11-23 3.5 CVE-2021-24700
MISC
infornweb — logo_showcase_with_slick_slider The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase. 2021-11-23 3.5 CVE-2021-24729
MISC
metagauss — download_plugin The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed. 2021-11-23 3.5 CVE-2021-24703
MISC
microsoft — clarity There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3. The payload is stored on the configuring project Id page. 2021-11-19 3.5 CVE-2021-33850
MISC
nvidia — dgx-1_p100 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure. 2021-11-20 2.1 CVE-2021-34399
CONFIRM
nvidia — dgx-1_p100 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure. 2021-11-20 2.1 CVE-2021-34400
CONFIRM
nvidia — dgx-1_p100 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure. 2021-11-20 2.1 CVE-2021-1088
CONFIRM
nvidia — dgx-1_p100 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure. 2021-11-20 2.1 CVE-2021-1105
CONFIRM
nvidia — dgx-1_p100 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access protected information, which may lead to information disclosure. 2021-11-20 2.1 CVE-2021-23219
CONFIRM
open-xchange — ox_app_suite The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format. 2021-11-22 3.6 CVE-2021-33493
MISC
MISC
MISC
open-xchange — ox_app_suite OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL. 2021-11-22 3.5 CVE-2021-38374
MISC
MISC
MISC
philips — mri_1.5t_firmware Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access. 2021-11-19 2.1 CVE-2021-42744
MISC
MISC
philips — mri_3t_firmware Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource. 2021-11-19 2.1 CVE-2021-26248
MISC
MISC
shimo — document Shimo Document v2.0.1 contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the table content text field. 2021-11-22 3.5 CVE-2020-22719
MISC
snipeitapp — snipe-it snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-11-19 3.5 CVE-2021-3961
CONFIRM
MISC
tribulant — slideshow_gallery The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide “Title”, “Description”, and Gallery “Title” fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2021-11-23 3.5 CVE-2021-24882
MISC
wpdeveloper — betterlinks The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV. 2021-11-23 3.5 CVE-2021-24812
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
xen — xen guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound. 2021-11-24 not yet calculated CVE-2021-28706
MISC
afreecatv — afreecatv
 
The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by “FanTicket” field. It is because of stored data without validation of length. 2021-11-26 not yet calculated CVE-2020-7881
MISC
aim — aim Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)â€? sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0. 2021-11-23 not yet calculated CVE-2021-43775
MISC
CONFIRM
MISC
MISC
MISC
alfasado_inc — powercms PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series (End-of-Life, EOL) allows a remote attacker to execute an arbitrary OS command via unspecified vectors. 2021-11-24 not yet calculated CVE-2021-20850
MISC
MISC
amazon_web_service — iot_devices

 

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule versions 0.10.5 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.4.2 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on macOS. Amazon Web Services AWS-C-IO 0.10.4 on macOS. 2021-11-23 not yet calculated CVE-2021-40829
MISC
MISC
MISC
MISC
MISC
amazon_web_service — iot_devices

 

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host’s trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker’s data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user’s private keys to authenticate against the MQTT broker. The ‘aws_tls_ctx_options_override_default_trust_store_*’ function within the aws-c-io submodule has been updated to override the default trust store. This corrects this issue. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Linux/Unix. Amazon Web Services AWS-C-IO 0.10.4 on Linux/Unix. 2021-11-23 not yet calculated CVE-2021-40830
MISC
MISC
MISC
MISC
MISC
amazon_web_service — iot_devices

 

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host’s trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker’s data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user’s private keys to authenticate against the MQTT broker. The ‘aws_tls_ctx_options_override_default_trust_store_*’ function within the aws-c-io submodule has been updated to address this behavior. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.7.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.14.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.6.0 on macOS. Amazon Web Services AWS-C-IO 0.10.7 on macOS. 2021-11-23 not yet calculated CVE-2021-40831
MISC
MISC
MISC
MISC
MISC
amazon_web_service — iot_devices
 
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. This issue has been addressed in aws-c-io submodule versions 0.9.13 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.3.3 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.5.18 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Microsoft Windows. 2021-11-23 not yet calculated CVE-2021-40828
MISC
MISC
MISC
MISC
MISC
apache — jspwiki
 
Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later. 2021-11-24 not yet calculated CVE-2021-44140
MISC
MISC
apache — jspwiki
 
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later. 2021-11-24 not yet calculated CVE-2021-40369
MISC
MISC
backstage — backstage
 
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user’s browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`. 2021-11-26 not yet calculated CVE-2021-43776
CONFIRM
MISC
barcode — barcode
 
Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file. 2021-11-24 not yet calculated CVE-2021-43778
CONFIRM
MISC
MISC
MISC
basercms — basercms BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. 2021-11-26 not yet calculated CVE-2021-41279
CONFIRM
MISC
basercms — basercms
 
There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. 2021-11-26 not yet calculated CVE-2021-41243
CONFIRM
MISC
bitdefender — endpoint_security_tools
 
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1. 2021-11-24 not yet calculated CVE-2021-3552
MISC
bitdefender — endpoint_security_tools
 
Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. 2021-11-24 not yet calculated CVE-2021-3554
MISC
bitdefender — endpoint_security_tools
 
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. 2021-11-24 not yet calculated CVE-2021-3553
MISC
d-link — dwr-932c
 
Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions. 2021-11-23 not yet calculated CVE-2021-42783
MISC
d-link — dwr-932c
 
OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request. 2021-11-23 not yet calculated CVE-2021-42784
MISC
dell — idrac
 
Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system. 2021-11-23 not yet calculated CVE-2021-36301
CONFIRM
django — django-wiki
 
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript. 2021-11-23 not yet calculated CVE-2021-25986
CONFIRM
MISC
f-secure — f-secure
 
A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. 2021-11-26 not yet calculated CVE-2021-40833
MISC
MISC
gin-vue-admin — gin-vue-admin
 
Gin-Vue-Admin before 2.4.6 mishandles a SQL database. 2021-11-24 not yet calculated CVE-2021-44219
MISC
MISC
hejhome — gwk-ic052
 
HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..) 2021-11-26 not yet calculated CVE-2021-26611
MISC
hitachi — multiple_devices
 
Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions). 2021-11-26 not yet calculated CVE-2021-35533
CONFIRM
huawei — multiple_products
 
There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak.Affected product versions include: IPS Module V500R005C00SPC100, V500R005C00SPC200; NGFW Module V500R005C00SPC100, V500R005C00SPC200; Secospace USG6300 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6600 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; USG9500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200. 2021-11-23 not yet calculated CVE-2021-22356
MISC
huawei — smartphones There is an Improper permission vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. 2021-11-23 not yet calculated CVE-2021-37030
MISC
huawei — smartphones There is an Identity verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. 2021-11-23 not yet calculated CVE-2021-37029
MISC
huawei — smartphones There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37026
MISC
huawei — smartphones There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37025
MISC
huawei — smartphones There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37024
MISC
huawei — smartphones There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37018
MISC
huawei — smartphones There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the availability of users is affected. 2021-11-23 not yet calculated CVE-2021-37013
MISC
huawei — smartphones There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37007
MISC
huawei — smartphones There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. 2021-11-23 not yet calculated CVE-2021-37031
MISC
huawei — smartphones There is a Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Digital Balance to fail to work. 2021-11-23 not yet calculated CVE-2021-37032
MISC
huawei — smartphones The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. 2021-11-22 not yet calculated CVE-2021-38448
CONFIRM
huawei — smartphones There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. 2021-11-23 not yet calculated CVE-2021-37033
MISC
huawei — smartphones There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37017
MISC
huawei — smartphones
 
There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. 2021-11-23 not yet calculated CVE-2021-37035
MISC
huawei — smartphones
 
There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37012
MISC
huawei — smartphones
 
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37019
MISC
huawei — smartphones
 
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37003
MISC
huawei — smartphones
 
There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause Information Disclosure or Denial of Service. 2021-11-23 not yet calculated CVE-2021-37016
MISC
huawei — smartphones
 
There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37015
MISC
huawei — smartphones
 
There is an Unstandardized field names in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. 2021-11-23 not yet calculated CVE-2021-37034
MISC
huawei — smartphones
 
There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. 2021-11-23 not yet calculated CVE-2021-37010
MISC
huawei — smartphones
 
There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause media files which can be reads and writes in non-distributed directories on any device on the network.. 2021-11-23 not yet calculated CVE-2021-37023
MISC
huawei — smartphones
 
There is a Configuration vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. 2021-11-23 not yet calculated CVE-2021-37009
MISC
huawei — smartphones
 
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37008
MISC
huawei — smartphones
 
There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. 2021-11-23 not yet calculated CVE-2021-37006
MISC
huawei — smartphones
 
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37005
MISC
huawei — smartphones
 
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37004
MISC
huawei — smartphones
 
There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause root permission which can be escalated. 2021-11-23 not yet calculated CVE-2021-37022
MISC
ibm — sterling_connect
 
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507. 2021-11-23 not yet calculated CVE-2021-38890
CONFIRM
XF
ibm — sterling_connect
 
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508. 2021-11-23 not yet calculated CVE-2021-38891
CONFIRM
XF
janus-gateway — janus-gateway
 
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-11-27 not yet calculated CVE-2021-4020
CONFIRM
MISC
joeattardi — emoji-button
 
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code. 2021-11-26 not yet calculated CVE-2021-43785
CONFIRM
MISC
MISC
kaspersky — password_manager
 
A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. 2021-11-23 not yet calculated CVE-2021-35052
MISC
keepalived — keepalived
 
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property 2021-11-26 not yet calculated CVE-2021-44225
MISC
MISC
mcafee — policy_auditor
 
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extraction of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests. 2021-11-23 not yet calculated CVE-2021-31851
CONFIRM
mcafee — policy_auditor
 
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extract of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests. 2021-11-23 not yet calculated CVE-2021-31852
CONFIRM
microsoft — azure
 
Azure Active Directory Information Disclosure Vulnerability 2021-11-24 not yet calculated CVE-2021-42306
N/A
microsoft — edge
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 2021-11-24 not yet calculated CVE-2021-43221
N/A
microsoft — edge
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability 2021-11-24 not yet calculated CVE-2021-42308
N/A
microsoft — edge
 
Microsoft Edge for iOS Spoofing Vulnerability 2021-11-24 not yet calculated CVE-2021-43220
N/A
microsoft — windows
 
Windows 10 Update Assistant Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42297. 2021-11-24 not yet calculated CVE-2021-43211
N/A
microsoft — windows
 
Windows 10 Update Assistant Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43211. 2021-11-24 not yet calculated CVE-2021-42297
N/A
MISC
mitsubishi_electric — mercari_app
 
Improper authorization in handler for custom URL scheme vulnerability in Android App ‘Mercari (Merpay) – Marketplace and Mobile Payments App’ (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account’s access token being obtained. 2021-11-24 not yet calculated CVE-2021-20835
MISC
mitsubishi_electric — multiple_got2000_series
 
Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected, such as malfunction. 2021-11-23 not yet calculated CVE-2021-20601
MISC
MISC
MISC
mongodb — mongodb An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. 2021-11-24 not yet calculated CVE-2021-32037
MISC
octopus — tentacle
 
When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access. 2021-11-24 not yet calculated CVE-2021-31822
MISC
qnap — viostor
 
A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later 2021-11-26 not yet calculated CVE-2021-38685
CONFIRM
qnap — viostor
 
An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later 2021-11-26 not yet calculated CVE-2021-38686
CONFIRM
redash — redash
 
Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value. This issue only affects installations where the `REDASH_COOKIE_SECRET or REDASH_SECRET_KEY` environment variables have not been explicitly set. This issue does not affect users of the official Redash cloud images, Redash’s Digital Ocean marketplace droplets, or the scripts in the `getredash/setup` repository. These instances automatically generate unique secret keys during installation. One can verify whether one’s instance is affected by checking the value of the `REDASH_COOKIE_SECRET` environment variable. If it is `c292a0a3aa32397cdb050e233733900f`, should follow the steps to secure the instance, outlined in the GitHub Security Advisory. 2021-11-24 not yet calculated CVE-2021-41192
CONFIRM
MISC
redash — redash
 
Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a Cross-Site Request Forgery (CSRF) token, not a static and easily predicted value. This vulnerability does not affect users who do not use Google Login for their instance of Redash. A patch in the `master` and `release/10.x.x` branches addresses this by replacing `Flask-Oauthlib` with `Authlib` which automatically provides and validates a CSRF token for the state variable. The new implementation stores the next URL on the user session object. As a workaround, one may disable Google Login to mitigate the vulnerability. 2021-11-24 not yet calculated CVE-2021-43777
CONFIRM
MISC
redash — redash
 
Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery (SSRF). These vulnerabilities are only exploitable on installations where a URL-loading data source is enabled. As of time of publication, the `master` and `release/10.x.x` branches address this by applying the Advocate library for making http requests instead of the requests library directly. Users should upgrade to version 10.0.1 to receive this patch. There are a few workarounds for mitigating the vulnerability without upgrading. One can disable the vulnerable data sources entirely, by adding the following env variable to one’s configuration, making them unavailable inside the webapp. One can switch any data source of certain types (viewable in the GitHub Security Advisory) to be `View Only` for all groups on the Settings > Groups > Data Sources screen. For users unable to update an admin may modify Redash’s configuration through environment variables to mitigate this issue. Depending on the version of Redash, an admin may also need to run a CLI command to re-encrypt some fields in the database. The `master` and `release/10.x.x` branches as of time of publication have removed the default value for `REDASH_COOKIE_SECRET`. All future releases will also require this to be set explicitly. For existing installations, one will need to ensure that explicit values are set for the `REDASH_COOKIE_SECRET` and `REDASH_SECRET_KEY `variables. 2021-11-24 not yet calculated CVE-2021-43780
CONFIRM
MISC
sophos — hitmanpro_alert
 
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3. 2021-11-26 not yet calculated CVE-2021-25269
CONFIRM
sophos — sophos
 
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. 2021-11-26 not yet calculated CVE-2021-36807
CONFIRM
symfony — symfony
 
Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie in version 5.3.0, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a valid remember me cookie. Starting with version 5.3.12, Symfony makes the password part of the signature by default. In that way, when the password changes, then the cookie is not valid anymore. 2021-11-24 not yet calculated CVE-2021-41268
CONFIRM
MISC
MISC
MISC
symfony — symfony
 
Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the “trusted_headers” allowed list are ignored and protect users from “Cache poisoning” attacks. In Symfony 5.2, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the “trusted_headers” allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue. Versions 5.3.12 and later have a patch to ensure that the `X-Forwarded-Prefix` header is not forwarded to subrequests when it is not trusted. 2021-11-24 not yet calculated CVE-2021-41267
CONFIRM
MISC
MISC
MISC
symfony — symfony
 
Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula injection. In Symfony 4.1, maintainers added the opt-in `csv_escape_formulas` option in the `CsvEncoder`, to prefix all cells starting with `=`, `+`, `-` or `@` with a tab `t`. Since then, OWASP added 2 chars in that list: Tab (0x09) and Carriage return (0x0D). This makes the previous prefix char (Tab `t`) part of the vulnerable characters, and OWASP suggests using the single quote `’` for prefixing the value. Starting with versions 4.4.34 and 5.3.12, Symfony now follows the OWASP recommendations and uses the single quote `’` to prefix formulas and add the prefix to cells starting by `t`, `r` as well as `=`, `+`, `-` and `@`. 2021-11-24 not yet calculated CVE-2021-41270
MISC
CONFIRM
MISC
MISC
synapse — synapse
 
Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. The last 2 directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact. Homeservers with the media repository disabled are unaffected. Homeservers with a federation whitelist are also unaffected, since Synapse will check the remote hostname, including the trailing `../`s, against the whitelist. Server administrators should upgrade to 1.47.1 or later. Server administrators using a reverse proxy could, at the expense of losing media functionality, may block the certain endpoints as a workaround. Alternatively, non-containerized deployments can be adapted to use the hardened systemd config. 2021-11-23 not yet calculated CVE-2021-41281
MISC
CONFIRM
MISC
synk — synk This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system. 2021-11-22 not yet calculated CVE-2021-23732
CONFIRM
synk — synk
 
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files. 2021-11-26 not yet calculated CVE-2021-23654
CONFIRM
CONFIRM
tightvnc — viewer
 
Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server. 2021-11-23 not yet calculated CVE-2021-42785
MISC
ubuntu — ark_library
 
ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow. 2021-11-26 not yet calculated CVE-2021-26615
MISC
unifi — protect
 
A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later. 2021-11-24 not yet calculated CVE-2021-22957
MISC
vmware — vsphere_web_client
 
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. 2021-11-24 not yet calculated CVE-2021-21980
MISC
vmware — vsphere_web_client
 
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. 2021-11-24 not yet calculated CVE-2021-22049
MISC
wordpress — wordpress The ImageBoss WordPress plugin before 3.0.6 does not sanitise and escape its Source Name setting, which could allow high privilege users to perform Cross-Site Scripting attacks 2021-11-23 not yet calculated CVE-2021-24888
MISC
wordpress — wordpress
 
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory. 2021-11-25 not yet calculated CVE-2021-44223
MISC
MISC
wordpress — wordpress
 
The Elementor Website Builder WordPress plugin before 3.1.4 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue 2021-11-23 not yet calculated CVE-2021-24891
MISC
MISC
wordpress — wordpress
 
Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user’s email address and request for reset password, which could lead to take over of WordPress’s administrator account. To exploit this vulnerability, an attacker must register to obtain a valid WordPress’s user and use such user to authenticate with WordPress in order to exploit the vulnerable edit function. 2021-11-23 not yet calculated CVE-2021-24892
MISC
MISC
wordpress — wordpress
 
The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page 2021-11-23 not yet calculated CVE-2021-24894
CONFIRM
MISC
xen — xen issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected – page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.) 2021-11-24 not yet calculated CVE-2021-28705
MISC
xen — xen
 
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2). 2021-11-24 not yet calculated CVE-2021-28704
MISC
xen — xen
 
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2). 2021-11-24 not yet calculated CVE-2021-28707
MISC
xen — xen
 
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2). 2021-11-24 not yet calculated CVE-2021-28708
MISC
xen — xen
 
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected – page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.) 2021-11-24 not yet calculated CVE-2021-28709
MISC
yamaha — multiple_routers
 
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page. 2021-11-24 not yet calculated CVE-2021-20844
MISC
MISC
MISC
MISC
yamaha — multiple_routers
 
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page. 2021-11-24 not yet calculated CVE-2021-20843
MISC
MISC
MISC
MISC
zoom — client_for_meetings
 
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI before version 5.8.4, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code. 2021-11-24 not yet calculated CVE-2021-34423
MISC
zoom — client_for_meetings
 
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI before version 5.8.4, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product’s memory. 2021-11-24 not yet calculated CVE-2021-34424
MISC
zyxel — multiple_firmware
 
A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user. 2021-11-23 not yet calculated CVE-2021-35033
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Updates

11/24/2021 11:58 AM EST

Original release date: November 24, 2021

VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker can exploit this vulnerability to obtain access to sensitive information.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0027 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Capacity Enhancement Guides to Enhance Mobile Device Cybersecurity for Consumers and Organizations

11/24/2021 12:00 PM EST

Original release date: November 24, 2021

CISA has released actionable Capacity Enhancement Guides (CEGs) to help users and organizations improve mobile device cybersecurity.

CISA encourages users and administrators to review the guidance and apply the recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of November 15, 2021

11/22/2021 07:03 AM EST

Original release date: November 22, 2021

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40759
MISC
adobe — after_effects Adobe After Effects version 18.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40752
MISC
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40760
MISC
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40758
MISC
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40757
MISC
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SGI file in the DoReadContinue function, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40755
MISC
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40753
MISC
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40754
MISC
adobe — after_effects Adobe After Effects version 18.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40751
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-40733
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file. 2021-11-18 9.3 CVE-2021-42271
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file. 2021-11-18 9.3 CVE-2021-42524
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file. 2021-11-18 9.3 CVE-2021-42272
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious FLA file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-42266
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious FLA file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-11-18 9.3 CVE-2021-42267
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) are affected by a use-after-free vulnerability in the processing of a malformed FLA file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-18 9.3 CVE-2021-42269
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file. 2021-11-18 9.3 CVE-2021-42270
MISC
adobe — indesign Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-16 9.3 CVE-2021-42731
MISC
adobe — media_encoder Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. 2021-11-16 9.3 CVE-2021-42721
MISC
adobe — media_encoder Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. 2021-11-16 9.3 CVE-2021-42726
MISC
adobe — media_encoder Adobe Media Encoder version 15.4.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-16 9.3 CVE-2021-43013
MISC
adobe — prelude Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. 2021-11-16 9.3 CVE-2021-43011
MISC
adobe — prelude Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. 2021-11-16 9.3 CVE-2021-43012
MISC
adobe — premiere_pro Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. 2021-11-16 9.3 CVE-2021-42723
MISC
amd — epyc_7003_firmware Improper input and range checking in the Platform Security Processor (PSP) boot loader image header may allow for an attacker to use attack-controlled values prior to signature validation potentially resulting in arbitrary code execution. 2021-11-16 7.2 CVE-2021-26335
MISC
amd — epyc_7003_firmware AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution. 2021-11-16 7.2 CVE-2021-26331
MISC
amd — epyc_7232p_firmware Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss of memory integrity. 2021-11-16 7.2 CVE-2021-26326
MISC
amd — epyc_7f72_firmware Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources. 2021-11-16 7.8 CVE-2021-26338
MISC
amd — radeon_software An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system. 2021-11-15 7.2 CVE-2020-12963
MISC
apache — ozone In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked. 2021-11-19 7.5 CVE-2021-36372
MISC
MLIST
apache — shenyu A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0 2021-11-16 7.5 CVE-2021-37580
MISC
MLIST
broadcom — emulex_hba_manager Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated. 2021-11-12 7.5 CVE-2021-42774
MISC
CONFIRM
canonical — accountsservice Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1. 2021-11-17 7.2 CVE-2021-3939
MISC
MISC
darwin — factor In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, followed by a local account takeover. 2021-11-16 7.5 CVE-2021-25985
MISC
MISC
dell — alienware_13_r3_firmware Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2021-11-12 7.2 CVE-2021-36325
MISC
dell — emc_powerscale_nodes_a100_firmware Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity. 2021-11-12 7.2 CVE-2021-36315
MISC
extremenetworks — aerohive_netconfig The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file. 2021-11-14 10 CVE-2020-16152
MISC
MISC
facade — ignition The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a “fix variable names” feature that can lead to incorrect access control. 2021-11-17 7.5 CVE-2021-43996
MISC
MISC
MISC
fluxcd — kustomize-controller kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could execute commands inside the kustomize-controller container by embedding a shell script in a Kubernetes Secret. This can be used to run `kubectl` commands under the Service Account of kustomize-controller, thus allowing an authenticated Kubernetes user to gain cluster admin privileges. In affected versions multitenant environments where non-admin users have permissions to create Flux Kustomization objects are affected by this issue. This vulnerability was fixed in kustomize-controller v0.15.0 (included in flux2 v0.18.0) released on 2021-10-08. Starting with v0.15, the kustomize-controller no longer executes shell commands on the container OS and the `kubectl` binary has been removed from the container image. To prevent the creation of Kubernetes Service Accounts with `secrets` in namespaces owned by tenants, a Kubernetes validation webhook such as Gatekeeper OPA or Kyverno can be used. 2021-11-12 9 CVE-2021-41254
CONFIRM
google — android In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05664273; Issue ID: ALPS05664273. 2021-11-18 7.2 CVE-2021-0671
MISC
google — android In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05654663; Issue ID: ALPS05654663. 2021-11-18 7.2 CVE-2021-0670
MISC
google — android In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05681550; Issue ID: ALPS05681550. 2021-11-18 7.2 CVE-2021-0669
MISC
google — android In apusys, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670521; Issue ID: ALPS05670521. 2021-11-18 7.2 CVE-2021-0668
MISC
google — android In mdlactl driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05776625; Issue ID: ALPS05776625. 2021-11-18 7.2 CVE-2021-0629
MISC
ibm — system_x3550_m3_firmware A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session. 2021-11-12 9 CVE-2021-3723
CONFIRM
intel — nuc_hdmi_firmware_update_tool Incorrect default permissionsin the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 7.2 CVE-2021-33090
MISC
intel — nuc_m15_laptop_kit_audio_driver_pack Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit audio driver pack before version 1.3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 7.2 CVE-2021-33091
MISC
intel — nuc_m15_laptop_kit_hid_event_filter_driver_pack Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack before version 2.2.1.383 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 7.2 CVE-2021-33092
MISC
intel — nuc_m15_laptop_kit_integrated_sensor_hub_driver_pack Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 7.2 CVE-2021-33088
MISC
intel — nuc_m15_laptop_kit_keyboard_led_service_driver_pack Unquoted search path in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 7.2 CVE-2021-33095
MISC
intel — nuc_m15_laptop_kit_keyboard_led_service_driver_pack Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 7.2 CVE-2021-33094
MISC
intel — nuc_m15_laptop_kit_serial_io_driver_pack Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Serial IO driver pack before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 7.2 CVE-2021-33093
MISC
ipack — scada_automation Due to improper sanitization iPack SCADA Automation software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system. 2021-11-16 7.5 CVE-2021-3958
MISC
jamf — jamf The server in Jamf Pro before 10.32.0 has a vulnerability affecting integrity and availability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability. 2021-11-12 7.5 CVE-2021-39303
MISC
CONFIRM
json-schema_project — json-schema json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) 2021-11-13 7.5 CVE-2021-3918
MISC
CONFIRM
laravel — framework Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload. 2021-11-14 7.5 CVE-2021-43617
MISC
MISC
MISC
lenovo — thinkcentre_e93_firmware A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2021-11-12 7.2 CVE-2021-3719
CONFIRM
meddata — hbys Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system. 2021-11-16 7.5 CVE-2021-43362
CONFIRM
meddata — hbys Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system. 2021-11-16 7.5 CVE-2021-43361
CONFIRM
montala — resourcespace A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server. 2021-11-15 7.5 CVE-2021-41765
MISC
MISC
netgear — ex3700_firmware This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110. 2021-11-15 8.3 CVE-2021-34991
MISC
MISC
nim-lang — nim Nim is a systems programming language with a focus on efficiency, expressiveness, and elegance. In affected versions the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI validation. For example: parseUri(“http://localhost hello”).hostname is set to “localhost hello”. Additionally, httpclient.getContent accepts null bytes in the input URL and ignores any data after the first null byte. Example: getContent(“http://localhost hello”) makes a request to localhost:80. An attacker can use a null bytes to bypass the check and mount a SSRF attack. 2021-11-12 7.5 CVE-2021-41259
CONFIRM
npmjs — npm The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. 2021-11-13 7.5 CVE-2021-43616
MISC
MISC
MISC
online_learning_system_project — online_learning_system Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution. 2021-11-15 7.5 CVE-2021-42580
MISC
MISC
opendesign — oda_viewer An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA Viewer sample before 2022.11. ODA Viewer continues to process invalid or malicious DWF files instead of stopping upon an exception. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-11-14 7.5 CVE-2021-43272
MISC
openzeppelin — contracts OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrade; initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301). 2021-11-12 7.5 CVE-2021-41264
MISC
CONFIRM
MISC
qnap — multimedia_console A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Multimedia Console. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Multimedia Console: Multimedia Console 1.4.3 ( 2021/10/05 ) and later Multimedia Console 1.5.3 ( 2021/10/05 ) and later 2021-11-13 7.5 CVE-2021-38684
MISC
qualcomm — apq8009_firmware Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-11-12 7.2 CVE-2021-30255
CONFIRM
qualcomm — apq8009_firmware Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-11-12 7.2 CVE-2021-30254
CONFIRM
qualcomm — apq8009_firmware Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-11-12 10 CVE-2021-1975
CONFIRM
qualcomm — apq8009_firmware A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-11-12 7.2 CVE-2021-1973
CONFIRM
qualcomm — aqt1000_firmware Possible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-11-12 7.2 CVE-2021-1979
CONFIRM
qualcomm — aqt1000_firmware Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-11-12 7.2 CVE-2021-30259
CONFIRM
qualcomm — aqt1000_firmware Possible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2021-11-12 7.2 CVE-2021-1912
CONFIRM
qualcomm — aqt1000_firmware Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity 2021-11-12 10 CVE-2021-30321
CONFIRM
recruitment_management_system_project — recruitment_management_system The Company’s Recruitment Management System in id=2 of the parameter from view_vacancy app on-page appears to be vulnerable to SQL injection. The payloads 19424269′ or ‘1309’=’1309 and 39476597′ or ‘2917’=’2923 were each submitted in the id parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way. 2021-11-17 7.5 CVE-2021-41931
MISC
samsung — ddr4_sdram_firmware Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips on affected memory modules using our Blacksmith fuzzer. The patterns generated by Blacksmith were able to trigger bitflips on all 40 PC-DDR4 DRAM devices in our test pool, which cover the three major DRAM manufacturers: Samsung, SK Hynix, and Micron. This means that, even when chips advertised as Rowhammer-free are used, attackers may still be able to exploit Rowhammer. For example, this enables privilege-escalation attacks against the kernel or binaries such as the sudo binary, and also triggering bit flips in RSA-2048 keys (e.g., SSH keys) to gain cross-tenant virtual-machine access. We can confirm that DRAM devices acquired in July 2020 with DRAM chips from all three major DRAM vendors (Samsung, SK Hynix, Micron) are affected by this vulnerability. For more details, please refer to our publication. 2021-11-16 10 CVE-2021-42114
MISC
MISC
CONFIRM
smartertools — smartermail SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution. 2021-11-17 7.5 CVE-2021-32234
MISC
MISC
tibco — partnerexpress The Interior Server and Gateway Server components of TIBCO Software Inc.’s TIBCO PartnerExpress contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim’s local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO PartnerExpress: versions 6.2.1 and below. 2021-11-16 8.5 CVE-2021-43047
CONFIRM
CONFIRM
tibco — partnerexpress The Interior Server and Gateway Server components of TIBCO Software Inc.’s TIBCO PartnerExpress contain an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain session tokens for the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO PartnerExpress: versions 6.2.1 and below. 2021-11-16 9.3 CVE-2021-43046
CONFIRM
CONFIRM
tibco — partnerexpress The Interior Server and Gateway Server components of TIBCO Software Inc.’s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO PartnerExpress: versions 6.2.1 and below. 2021-11-16 10 CVE-2021-43048
CONFIRM
CONFIRM
tp-link — tl-wr840n_firmware The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. 2021-11-13 10 CVE-2021-41653
MISC
MISC
MISC
vice — webopac Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services. 2021-11-15 9 CVE-2021-42839
MISC
zohocorp — manageengine_remote_access_plus Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account. 2021-11-17 7.2 CVE-2021-42955
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-18 4.3 CVE-2021-40761
MISC
adobe — after_effects Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-18 4.3 CVE-2021-40756
MISC
adobe — animate Acrobat Animate versions 21.0.9 (and earlier)is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-18 4.3 CVE-2021-42525
MISC
adobe — animate Adobe Animate version 21.0.9 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted FLA file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-18 4.3 CVE-2021-42268
MISC
adobe — campaign Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server. 2021-11-17 5 CVE-2021-40745
MISC
adobe — experience_manager Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by an improper access control vulnerability that leads to a security feature bypass. By manipulating referer headers, an unauthenticated attacker could gain access to arbitrary pages that they are not authorized to access. 2021-11-16 5 CVE-2021-42725
MISC
advantech — webaccess_hmi_designer This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer 2021-11-15 4.6 CVE-2021-42706
MISC
advantech — webaccess_hmi_designer This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. 2021-11-15 4.3 CVE-2021-42703
MISC
aifu — cashier_accounting_management_system The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters. 2021-11-16 4 CVE-2021-42337
MISC
alquistai — alquist AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. 2021-11-15 5 CVE-2021-43495
MISC
alquistai — alquist AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access. 2021-11-12 5 CVE-2021-43492
MISC
amd — epyc_7003_firmware When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used. 2021-11-16 4.6 CVE-2021-26315
MISC
amd — epyc_7003_firmware Race condition in PSP FW could allow less privileged x86 code to perform PSP SMM operations. 2021-11-16 4.4 CVE-2020-12951
MISC
amd — epyc_7003_firmware Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components. 2021-11-16 4.9 CVE-2021-26336
MISC
amd — epyc_7003_firmware A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections. 2021-11-16 4.6 CVE-2020-12961
MISC
amd — epyc_7232p_firmware Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity. 2021-11-16 4.6 CVE-2021-26323
MISC
amd — epyc_7601_firmware Insufficient validation of BIOS image length by PSP Firmware could lead to arbitrary code execution. 2021-11-16 4.6 CVE-2020-12944
MISC
amd — epyc_7601_firmware Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. 2021-11-16 4.9 CVE-2021-26321
MISC
amd — epyc_7601_firmware Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”. 2021-11-16 5 CVE-2021-26322
MISC
amd — epyc_7f72_firmware Insufficient input validation in PSP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service. 2021-11-16 6.6 CVE-2020-12946
MISC
amd — radeon_software Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution . 2021-11-15 4.6 CVE-2020-12929
MISC
amd — radeon_software Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service. 2021-11-15 4.6 CVE-2020-12903
MISC
amd — radeon_software A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information. 2021-11-15 4.6 CVE-2020-12964
MISC
amd — radeon_software Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation. 2021-11-15 4.6 CVE-2020-12962
MISC
amd — radeon_software An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service. 2021-11-15 4.6 CVE-2020-12900
MISC
amd — radeon_software Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. 2021-11-15 4.6 CVE-2020-12898
MISC
amd — radeon_software Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. 2021-11-15 4.6 CVE-2020-12902
MISC
amd — radeon_software Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service. 2021-11-15 4.6 CVE-2020-12895
MISC
amd — radeon_software An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution. 2021-11-15 4.4 CVE-2020-12892
MISC
amd — radeon_software Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service. 2021-11-15 4.6 CVE-2020-12893
MISC
apache — ozone In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. 2021-11-19 6.5 CVE-2021-39236
MISC
MLIST
apache — ozone In Apache Ozone before 1.2.0, Ozone Datanode doesn’t check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block. 2021-11-19 4 CVE-2021-39235
MISC
MLIST
apache — ozone In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL. 2021-11-19 4.9 CVE-2021-39234
MISC
MLIST
apache — ozone In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client. 2021-11-19 6.4 CVE-2021-39233
MISC
MLIST
apache — ozone In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins. 2021-11-19 6.5 CVE-2021-39232
MISC
MLIST
apache — ozone In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints. 2021-11-19 5 CVE-2021-41532
MISC
MLIST
apache — ozone In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration. 2021-11-19 6.4 CVE-2021-39231
MISC
MLIST
apache — superset Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way. 2021-11-12 4 CVE-2021-41972
CONFIRM
CONFIRM
apache — superset Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs. 2021-11-17 4 CVE-2021-42250
CONFIRM
MLIST
arangodb — arangodb In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system. 2021-11-16 6 CVE-2021-25940
MISC
MISC
area17 — twill twill is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-13 4.3 CVE-2021-3932
CONFIRM
MISC
asus — gt-axe11000_firmware ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users’ connections by sending specially crafted SAE authentication frames. 2021-11-12 5 CVE-2021-37910
MISC
atmail — atmail ** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-11-15 4.3 CVE-2021-43574
MISC
MISC
binatoneglobal — halo_camera_firmware Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker. 2021-11-12 5 CVE-2021-3792
CONFIRM
binatoneglobal — halo_camera_firmware An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device. 2021-11-12 5.8 CVE-2021-3577
CONFIRM
binatoneglobal — halo_camera_firmware An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware. 2021-11-12 5 CVE-2021-3793
CONFIRM
binatoneglobal — halo_camera_firmware A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services. 2021-11-12 4.6 CVE-2021-3787
CONFIRM
binatoneglobal — halo_camera_firmware An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device. 2021-11-12 4.6 CVE-2021-3788
CONFIRM
broadcom — emulex_hba_manager Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated. 2021-11-12 6.4 CVE-2021-42775
MISC
CONFIRM
broadcom — emulex_hba_manager Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated. 2021-11-12 5 CVE-2021-42773
MISC
CONFIRM
busybox — busybox An attacker-controlled pointer free in Busybox’s hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. 2021-11-15 6.8 CVE-2021-42377
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function 2021-11-15 6.5 CVE-2021-42378
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function 2021-11-15 6.5 CVE-2021-42379
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function 2021-11-15 6.5 CVE-2021-42380
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function 2021-11-15 6.5 CVE-2021-42381
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function 2021-11-15 6.5 CVE-2021-42382
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function 2021-11-15 6.5 CVE-2021-42384
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function 2021-11-15 6.5 CVE-2021-42383
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function 2021-11-15 6.5 CVE-2021-42385
N/A
busybox — busybox A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function 2021-11-15 6.5 CVE-2021-42386
N/A
cacti — cacti Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. 2021-11-14 4.3 CVE-2020-14424
CONFIRM
CONFIRM
calibre-web_project — calibre-web In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application. 2021-11-16 6.8 CVE-2021-25965
MISC
MISC
clustering_project — clustering Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. 2021-11-12 5 CVE-2021-43496
MISC
codingforentrepreneurs — opencv_rest_api OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. 2021-11-12 5 CVE-2021-43494
MISC
cron-utils_project — cron-utils cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron annotation to validate untrusted Cron expressions are affected. The issue was patched and a new version was released. Please upgrade to version 9.1.6. There are no known workarounds known. 2021-11-15 6.8 CVE-2021-41269
MISC
MISC
CONFIRM
MISC
darwin — factor In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. 2021-11-16 4.3 CVE-2021-25982
MISC
MISC
darwin — factor In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. 2021-11-16 4.3 CVE-2021-25983
MISC
MISC
darwin — factor In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. 2021-11-16 4.3 CVE-2021-25984
MISC
MISC
dell — emc_powerscale_onefs Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions. 2021-11-12 5 CVE-2021-21528
MISC
dell — emc_powerscale_onefs Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB. 2021-11-12 4 CVE-2021-36305
MISC
discourse — discourse Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. 2021-11-15 5 CVE-2021-41271
CONFIRM
MISC
discourse — rails_multisite rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails’ signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different ‘sites’ within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture. 2021-11-15 6 CVE-2021-41263
MISC
CONFIRM
django-helpdesk_project — django-helpdesk django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-11-13 4.3 CVE-2021-3945
MISC
CONFIRM
dotnetfoundation — piranha_cms In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known. 2021-11-16 4 CVE-2021-25976
CONFIRM
MISC
email_log_project — email_log The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the “orderby” and “order” GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections 2021-11-17 6.5 CVE-2021-24758
MISC
firefly-iii — firefly_iii firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-13 4.3 CVE-2021-3921
CONFIRM
MISC
fruity_project — fruity An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::from_ptr on a pointer to the string buffer, the string is terminated at the first ‘ ‘ byte, which might not be the end of the string. 2021-11-15 5 CVE-2021-43620
MISC
MISC
MISC
gesundheit-bewegt — colorful_categories The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack 2021-11-17 4.3 CVE-2021-24802
MISC
gmplib — gmp GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. 2021-11-15 5 CVE-2021-43618
MISC
MISC
MISC
gnu — mailman In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. 2021-11-12 4.3 CVE-2021-43331
MISC
CONFIRM
gnu — mailman In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack. 2021-11-12 4 CVE-2021-43332
MISC
CONFIRM
google — android In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05673424; Issue ID: ALPS05673424. 2021-11-18 4.6 CVE-2021-0655
MISC
google — android In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ID: ALPS05709376. 2021-11-18 4.6 CVE-2021-0656
MISC
google — android In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672103; Issue ID: ALPS05672103. 2021-11-18 4.6 CVE-2021-0657
MISC
google — android In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107. 2021-11-18 4.6 CVE-2021-0658
MISC
google — android In ccu, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827158; Issue ID: ALPS05827158. 2021-11-18 4.6 CVE-2021-0664
MISC
google — android In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670581; Issue ID: ALPS05670581. 2021-11-18 4.6 CVE-2021-0667
MISC
grafana — grafana Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users’ roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag. 2021-11-15 6.5 CVE-2021-41244
MISC
CONFIRM
MLIST
ibm — iris_xe_max_dedicated_graphics Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 4.6 CVE-2021-0121
MISC
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 212782. 2021-11-15 4.3 CVE-2021-38977
CONFIRM
XF
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792. 2021-11-15 5 CVE-2021-38983
XF
CONFIRM
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783. 2021-11-15 4.3 CVE-2021-38978
CONFIRM
XF
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785. 2021-11-15 5 CVE-2021-38979
XF
CONFIRM
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. 2021-11-12 4 CVE-2021-38985
XF
CONFIRM
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. 2021-11-12 4 CVE-2021-38973
CONFIRM
XF
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779. 2021-11-15 4 CVE-2021-38974
CONFIRM
XF
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. 2021-11-12 4 CVE-2021-38972
XF
CONFIRM
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788. 2021-11-15 5 CVE-2021-38981
XF
CONFIRM
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793. 2021-11-15 5 CVE-2021-38984
XF
CONFIRM
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780. 2021-11-15 4 CVE-2021-38975
XF
CONFIRM
ibm — security_siteprotector_system IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing ‘HttpOnly’ flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129. 2021-11-12 5 CVE-2020-4146
CONFIRM
XF
idreamsoft — icms iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. 2021-11-12 6.8 CVE-2020-21141
MISC
insert_pages_project — insert_pages The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie private), using a shortcode. Password protected posts/pages are not affected by such issue. 2021-11-17 4 CVE-2021-24851
CONFIRM
MISC
intel — ax210_firmware Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. 2021-11-17 6.8 CVE-2021-0078
MISC
intel — ax210_firmware Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. 2021-11-17 5.8 CVE-2021-0071
MISC
intel — ax210_firmware Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2021-11-17 6.1 CVE-2021-0063
MISC
intel — ax210_firmware Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 4.6 CVE-2021-0064
MISC
intel — ax210_firmware Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 4.6 CVE-2021-0065
MISC
intel — ax210_firmware Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2021-11-17 6.1 CVE-2021-0079
MISC
intel — endpoint_management_assistant Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network access. 2021-11-17 5 CVE-2021-0013
MISC
intel — nuc7i3dn_firmware Improper authentication in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 4.6 CVE-2021-0096
MISC
intel — nuc_hdmi_firmware_update_tool Improper access control in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 4.6 CVE-2021-33089
MISC
intel — nuc_m15_laptop_kit_lapbc510_firmware Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access. 2021-11-17 4.9 CVE-2021-33086
MISC
intel — nuc_m15_laptop_kit_management_engine_driver_pack Improper authentication in the installer for the Intel(R) NUC M15 Laptop Kit Management Engine driver pack before version 15.0.10.1508 may allow an authenticated user to potentially enable denial of service via local access. 2021-11-17 4.9 CVE-2021-33087
MISC
intel — safestring_library Integer overflow in the Safestring library maintained by Intel(R) may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 4.6 CVE-2021-33106
MISC
intel — thunderbolt_non-dch_driver Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 4.6 CVE-2020-8741
MISC
jenkins — owasp_dependency-check Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2021-11-12 5.5 CVE-2021-43577
CONFIRM
MLIST
jenkins — performance Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2021-11-12 4 CVE-2021-21701
CONFIRM
MLIST
MISC
jenkins — pom2config Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. 2021-11-12 4.3 CVE-2021-43576
CONFIRM
MLIST
MISC
jenkins — squash_tm_publisher Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string. 2021-11-12 5.5 CVE-2021-43578
CONFIRM
MLIST
lenovo — antilles A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi. 2021-11-12 6.8 CVE-2021-3840
CONFIRM
lenovo — ideacentre_c5-14mb05_firmware A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the “BIOS Password At Boot Device List” BIOS setting is Yes. 2021-11-12 6.9 CVE-2021-3519
CONFIRM
linphone — belle-sip Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via ” ” in the display name of a From header. 2021-11-12 5 CVE-2021-43611
MISC
MISC
linphone — belle-sip Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056. 2021-11-12 5 CVE-2021-43610
MISC
MISC
linux — linux_kernel In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. 2021-11-17 4.6 CVE-2021-43975
MISC
MISC
llhttp — llhttp The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6. 2021-11-15 6.4 CVE-2021-22959
MISC
min — minio_console Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affected and are advised to update to 0.12.3 or newer. Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod, then disable the external identity provider authentication by unset the CONSOLE_IDP_URL, CONSOLE_IDP_CLIENT_ID, CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token. 2021-11-15 6.8 CVE-2021-41266
MISC
CONFIRM
montala — resourcespace ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim’s browser. 2021-11-15 4.3 CVE-2021-41951
MISC
montala — resourcespace A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users. 2021-11-15 6.4 CVE-2021-41950
MISC
MISC
mousewheel_smooth_scroll_project — mousewheel_smooth_scroll The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have CSRF check in place on its settings page, which could allow attackers to make a logged in admin change them via a CSRF attack 2021-11-17 4.3 CVE-2021-24852
MISC
my_tickets_project — my_tickets The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins 2021-11-17 4.3 CVE-2021-24796
MISC
nextcloud — talk Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Talk application is upgraded to patched versions 10.0.7, 10.1.4, 11.1.2, 11.2.0 or 12.0.0. As a workaround, use a browser that has support for Content-Security-Policy. 2021-11-15 4.3 CVE-2021-39222
CONFIRM
MISC
MISC
ni — ni_service_locator There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. 2021-11-12 4.6 CVE-2021-42563
MISC
ohmyz — ohmyzsh ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command 2021-11-12 5.1 CVE-2021-3934
CONFIRM
MISC
opendesign — drawings_sdk An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-11-14 4.3 CVE-2021-43273
MISC
MISC
MISC
opendesign — drawings_software_developemnt_kit An Out-of-bounds Read vulnerability exists in the OBJ file reading procedure in Open Design Alliance Drawings SDK before 2022.11. The lack of validating the input length can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-11-14 6.8 CVE-2021-43278
MISC
opendesign — drawings_software_development_kit A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-11-14 6.8 CVE-2021-43275
MISC
opendesign — drawings_software_development_kit A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. 2021-11-14 6.8 CVE-2021-43274
MISC
opendesign — drawings_software_development_kit A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-11-14 6.8 CVE-2021-43280
MISC
opendesign — drawings_software_development_kit An Out-of-Bounds Write vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-11-14 6.8 CVE-2021-43336
MISC
opendesign — drawings_software_development_kit An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-11-14 6.8 CVE-2021-43390
MISC
opendesign — drawings_software_development_kit An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-11-14 6.8 CVE-2021-43391
MISC
opendesign — oda_prc_software_development_kit An out-of-bounds read vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. 2021-11-14 6.8 CVE-2021-43277
MISC
opendesign — oda_prc_software_development_kit An out-of-bounds write vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. 2021-11-14 6.8 CVE-2021-43279
MISC
opendesign — oda_viewer An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA Viewer before 2022.8. Crafted data in a DWF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process 2021-11-14 6.8 CVE-2021-43276
MISC
optical_character_recognition_project — optical_character_recognition A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c. 2021-11-17 6.8 CVE-2021-33481
MISC
MISC
optical_character_recognition_project — optical_character_recognition A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c. 2021-11-17 6.8 CVE-2021-33479
MISC
MISC
optical_character_recognition_project — optical_character_recognition An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c. 2021-11-17 4.3 CVE-2021-33480
MISC
MISC
MISC
orckestra — c1_cms This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14740. 2021-11-15 6.5 CVE-2021-34992
MISC
MISC
osisoft — pi_vision PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property. 2021-11-17 4 CVE-2021-43553
MISC
preview_e-mails_for_woocommerce_project — preview_e-mails_for_woocommerce The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the search_order parameter found in the ~/views/form.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.6.8. 2021-11-19 4.3 CVE-2021-42363
MISC
MISC
MISC
qnap — qmailagent A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later 2021-11-13 4.3 CVE-2021-34357
MISC
qr_redirector_project — qr_redirector The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects 2021-11-17 4.3 CVE-2021-24853
MISC
qualcomm — apq8009_firmware Possible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-11-12 6.4 CVE-2021-30284
CONFIRM
qualcomm — apq8009_firmware Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-11-12 4.6 CVE-2021-30264
CONFIRM
qualcomm — apq8009_firmware Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-11-12 4.6 CVE-2021-30266
CONFIRM
qualcomm — apq8017_firmware Possible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-11-12 6.4 CVE-2021-1981
CONFIRM
qualcomm — apq8053_firmware Possible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and Route statistics in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-11-12 4.6 CVE-2021-30265
CONFIRM
qualcomm — aqt1000_firmware Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-11-12 6.9 CVE-2021-1921
CONFIRM
qualcomm — aqt1000_firmware Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-11-12 5 CVE-2021-1903
CONFIRM
qualcomm — aqt1000_firmware Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2021-11-12 4.4 CVE-2021-30263
CONFIRM
qualcomm — ar8035_firmware Possible denial of service scenario due to improper input validation of received NAS OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-11-12 5 CVE-2021-1982
CONFIRM
ruijie — rg-uac_6000-e50_firmware Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting (XSS) vulnerability via the rule_name parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2021-11-16 4.3 CVE-2020-21639
MISC
ruijie — rg-uac_firmware Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors. 2021-11-16 5 CVE-2020-21627
MISC
schedmd — slurm SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access. 2021-11-17 4 CVE-2021-43337
MISC
MISC
CONFIRM
CONFIRM
servermanagement_project — servermanagement ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code. 2021-11-12 5 CVE-2021-43493
MISC
showdoc — showdoc showdoc is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-13 5.8 CVE-2021-3775
MISC
CONFIRM
showdoc — showdoc showdoc is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-13 5.8 CVE-2021-3776
MISC
CONFIRM
showdoc — showdoc showdoc is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-13 4.3 CVE-2021-3683
CONFIRM
MISC
simple_jwt_login_project — simple_jwt_login The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site takeover. 2021-11-17 6.8 CVE-2021-24804
MISC
smartertools — smartermail SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS. 2021-11-17 4.3 CVE-2021-43977
MISC
MISC
snipeitapp — snipe-it snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-13 4.3 CVE-2021-3931
CONFIRM
MISC
talariax — sendquick_alert_plus_server_admin A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management. 2021-11-14 6.5 CVE-2021-26795
MISC
MISC
vice — webopac Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks. 2021-11-15 4.3 CVE-2021-42838
MISC
webfactoryltd — wp_reset_pro Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. 2021-11-18 5.5 CVE-2021-36909
MISC
CONFIRM
MISC
webfactoryltd — wp_reset_pro Cross-Site Request Forgery (CSRF) vulnerability leading to Database Reset in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows attackers to trick authenticated into making unintentional database reset. 2021-11-18 6.8 CVE-2021-36908
CONFIRM
CONFIRM
CONFIRM
wordpress_popular_posts_project — wordpress_popular_posts The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2. 2021-11-17 6.5 CVE-2021-42362
MISC
MISC
MISC
MISC
wp-buy — seo_redirection-301_redirect_manager The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed 2021-11-17 6.5 CVE-2021-24847
MISC
wp_performance_score_booster_project — wp_performance_score_booster The WP Performance Score Booster WordPress plugin before 2.1 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. 2021-11-17 4.3 CVE-2021-24776
MISC
xwp — stream The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue. 2021-11-17 6.5 CVE-2021-24772
MISC
CONFIRM
yop-poll — yop_poll The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll – Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of custom label parameters – vote button label , results link label and back to vote caption label. 2021-11-17 4.3 CVE-2021-24834
MISC
CONFIRM
MISC
zoho — manageengine_remote_access_plus_server Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more. 2021-11-17 6.5 CVE-2021-42956
MISC
zohocorp — manageengine_remote_access_plus Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc. 2021-11-17 4.6 CVE-2021-42954
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
amd — epyc_7003_firmware Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. 2021-11-16 2.1 CVE-2021-26337
MISC
amd — epyc_7003_firmware A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification. 2021-11-16 2.1 CVE-2020-12954
MISC
amd — epyc_7003_firmware AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. 2021-11-16 2.1 CVE-2021-26330
MISC
amd — epyc_7003_firmware Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality. 2021-11-16 2.1 CVE-2021-26327
MISC
amd — epyc_7232p_firmware Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service. 2021-11-16 2.1 CVE-2021-26325
MISC
amd — epyc_7601_firmware PSP protection against improperly configured side channels may lead to potential information disclosure. This issue affects: AMD 1st Gen AMD EPYC™ versions prior to NaplesPI-SP3_1.0.0.G. AMD 2nd Gen AMD EPYC™ versions prior to RomePI-SP3_1.0.0.C. AMD 3rd Gen AMD EPYC™ versions prior to MilanPI-SP3_1.0.0.4. 2021-11-16 2.1 CVE-2021-26312
MISC
amd — epyc_7601_firmware AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources. 2021-11-16 2.1 CVE-2021-26329
MISC
amd — epyc_7601_firmware Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP 2021-11-16 2.1 CVE-2021-26320
MISC
amd — radeon_software Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass. 2021-11-15 2.1 CVE-2020-12897
MISC
amd — radeon_software Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure. 2021-11-15 2.1 CVE-2020-12901
MISC
amd — radeon_software Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure. 2021-11-15 2.1 CVE-2020-12904
MISC
amd — radeon_software Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure. 2021-11-15 2.1 CVE-2020-12905
MISC
amd — radeon_software A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck. 2021-11-15 2.1 CVE-2020-12920
MISC
amd — radeon_software Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service. 2021-11-15 3.6 CVE-2020-12894
MISC
amd — radeon_software AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS). 2021-11-15 2.1 CVE-2020-12960
MISC
amd — radeon_software Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service. 2021-11-15 3.6 CVE-2020-12899
MISC
asus — p453uj_bios ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot. 2021-11-15 3.6 CVE-2021-41289
MISC
MISC
binatoneglobal — halo_camera_firmware An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages. 2021-11-12 2.1 CVE-2021-3789
CONFIRM
binatoneglobal — halo_camera_firmware A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device. 2021-11-12 3.3 CVE-2021-3790
CONFIRM
binatoneglobal — halo_camera_firmware An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password. 2021-11-12 3.3 CVE-2021-3791
CONFIRM
bluez — bluez BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash. 2021-11-12 3.3 CVE-2021-41229
CONFIRM
bookstackapp — bookstack bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type 2021-11-13 3.5 CVE-2021-3915
MISC
CONFIRM
brainstormforce — starter_templates On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page. 2021-11-17 3.5 CVE-2021-42360
MISC
busybox — busybox A NULL pointer dereference in Busybox’s man applet leads to denial of service when a section name is supplied but no page argument is given 2021-11-15 2.1 CVE-2021-42373
N/A
busybox — busybox An incorrect handling of a special element in Busybox’s ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. 2021-11-15 1.9 CVE-2021-42375
N/A
busybox — busybox A NULL pointer dereference in Busybox’s hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. 2021-11-15 1.9 CVE-2021-42376
N/A
busybox — busybox An out-of-bounds heap read in Busybox’s unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that 2021-11-15 3.3 CVE-2021-42374
N/A
ckeditor — ckeditor CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0. 2021-11-17 3.5 CVE-2021-41164
CONFIRM
MISC
CONFIRM
codepeople — contact_form_email The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the ~/trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.3.24. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. 2021-11-17 2.1 CVE-2021-42361
MISC
MISC
fortinet — fortios An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list. 2021-11-17 2.1 CVE-2021-32600
CONFIRM
getkirby — kirby Kirby is an open source file structured CMS. In affected versions Kirby’s blocks field stores structured data for each block. This data is then used in block snippets to convert the blocks to HTML for use in your templates. We recommend to escape HTML special characters to protect against cross-site scripting (XSS) attacks. The default snippet for the image block unfortunately did not use our escaping helper. This made it possible to include malicious HTML code in the source, alt and link fields of the image block, which would then be displayed on the site frontend and executed in the browsers of site visitors and logged in users who are browsing the site. Attackers must be in your group of authenticated Panel users in order to exploit this weakness. Users who do not make use of the blocks field are not affected. This issue has been patched in Kirby version 3.5.8 by escaping special HTML characters in the output from the default image block snippet. Please update to this or a later version to fix the vulnerability. 2021-11-16 2.1 CVE-2021-41258
MISC
CONFIRM
MISC
getkirby — kirby Kirby is an open source file structured CMS ### Impact Kirby’s writer field stores its formatted content as HTML code. Unlike with other field types, it is not possible to escape HTML special characters against cross-site scripting (XSS) attacks, otherwise the formatting would be lost. If the user is logged in to the Panel, a harmful script can for example trigger requests to Kirby’s API with the permissions of the victim. Because the writer field did not securely sanitize its contents on save, it was possible to inject malicious HTML code into the content file by sending it to Kirby’s API directly without using the Panel. This malicious HTML code would then be displayed on the site frontend and executed in the browsers of site visitors and logged in users who are browsing the site. Attackers must be in your group of authenticated Panel users in order to exploit this weakness. Users who do not make use of the writer field are not affected. This issue has been patched in Kirby 3.5.8 by sanitizing all writer field contents on the backend whenever the content is modified via Kirby’s API. Please update to this or a later version to fix the vulnerability. 2021-11-16 2.1 CVE-2021-41252
CONFIRM
MISC
MISC
google — android In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594988; Issue ID: ALPS05594988. 2021-11-18 2.1 CVE-2021-0624
MISC
google — android In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05969704; Issue ID: ALPS05969704. 2021-11-18 2.1 CVE-2021-0672
MISC
google — android In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672086; Issue ID: ALPS05672086. 2021-11-18 2.1 CVE-2021-0666
MISC
google — android In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672113; Issue ID: ALPS05672113. 2021-11-18 2.1 CVE-2021-0665
MISC
google — android In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687559; Issue ID: ALPS05687559. 2021-11-18 2.1 CVE-2021-0659
MISC
google — android In ape extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561395; Issue ID: ALPS05561395. 2021-11-18 2.1 CVE-2021-0619
MISC
google — android In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561381. 2021-11-18 2.1 CVE-2021-0620
MISC
google — android In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561383. 2021-11-18 2.1 CVE-2021-0621
MISC
google — android In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561388. 2021-11-18 2.1 CVE-2021-0622
MISC
google — android In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05585817. 2021-11-18 2.1 CVE-2021-0623
MISC
helpful_project — helpful The Helpful WordPress plugin before 4.4.59 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2021-11-17 3.5 CVE-2021-24841
MISC
MISC
hitachienergy — counterparty_settlements_and_billing Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions. 2021-11-17 3.6 CVE-2021-35528
CONFIRM
CONFIRM
ibm — mq IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403. 2021-11-16 2.1 CVE-2021-38949
CONFIRM
XF
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212791. 2021-11-15 3.5 CVE-2021-38982
XF
CONFIRM
ibm — security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781. 2021-11-15 2.1 CVE-2021-38976
XF
CONFIRM
ibm — security_siteprotector_system IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052. 2021-11-12 3.5 CVE-2020-4140
XF
CONFIRM
ibm — spectrum_scale IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164. 2021-11-16 2.1 CVE-2021-38882
CONFIRM
XF
ibm — spss_statistics IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to cause a denial of service by writing arbitrary files to admin protected directories on the system. IBM X-Force ID: 212046. 2021-11-17 2.1 CVE-2021-38959
XF
CONFIRM
ibm — vios IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084. 2021-11-17 2.1 CVE-2021-29860
CONFIRM
XF
ibm — vios IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085. 2021-11-17 2.1 CVE-2021-29861
XF
CONFIRM
insert_pages_project — insert_pages The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages’ content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post’s custom fields. 2021-11-17 3.5 CVE-2021-24850
MISC
intel — ax210_firmware Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2021-11-17 3.3 CVE-2021-0069
MISC
intel — ax210_firmware Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow a privileged user to potentially enable denial of service via local access. 2021-11-17 2.1 CVE-2021-0075
MISC
intel — ax210_firmware Improper initialization in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an authenticated user to potentially enable information disclosure via adjacent access. 2021-11-17 2.7 CVE-2021-0053
MISC
intel — thunderbolt_dch_driver Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH Drivers before version 1.41.1054.0 may allow unauthenticated user to potentially enable denial of service via local access. 2021-11-17 2.1 CVE-2021-0110
MISC
jenkins — active_choices Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. 2021-11-12 3.5 CVE-2021-21699
CONFIRM
MLIST
jenkins — scriptler Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts. 2021-11-12 3.5 CVE-2021-21700
CONFIRM
MLIST
lenovo — legion_phone_pro_(l79031)firmware An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data. 2021-11-12 2.1 CVE-2021-3720
CONFIRM
linux — linux_kernel In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). 2021-11-17 2.1 CVE-2021-43976
MISC
osisoft — pi_vision A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim’s user permissions. 2021-11-17 3.5 CVE-2021-43551
MISC
qr_redirector_project — qr_redirector The QR Redirector WordPress plugin before 1.6.1 does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site Scripting attacks. 2021-11-17 3.5 CVE-2021-24854
MISC
qualcomm — apq8009_firmware Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-11-12 2.1 CVE-2021-1924
CONFIRM
snipeitapp — snipe-it snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-11-13 3.5 CVE-2021-3938
MISC
CONFIRM
tammersoft — shared_files The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2021-11-17 3.5 CVE-2021-24856
MISC
MISC
webventures — client_invoicing_by_sprout_invoices The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2021-11-17 3.5 CVE-2021-24787
MISC
wibu — codemeter_runtime In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions. 2021-11-14 3.6 CVE-2021-41057
CONFIRM
CONFIRM
MISC
wpplugin — accept_donations_with_paypal The Accept Donations with PayPal WordPress plugin before 1.3.2 does not escape the Amount Menu Name field of created Buttons, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-11-17 3.5 CVE-2021-24815
MISC
wpshopmart — testimonial_builder The Testimonial WordPress plugin before 1.6.0 does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html capability is disallowed 2021-11-17 3.5 CVE-2021-24598
MISC
CONFIRM
yop-poll — yop_poll The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of question and answer text parameters in Create Poll module. 2021-11-17 3.5 CVE-2021-24833
MISC
MISC
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
4mosan — 4mosan
 
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files. 2021-11-19 not yet calculated CVE-2021-42338
CONFIRM
adobe — audition
 
Adobe Audition version 14.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-19 not yet calculated CVE-2021-36003
MISC
adobe — creative_cloud
 
Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker could leverage this vulnerability to achieve denial of service in the context of the user. User interaction is required before product installation to abuse this vulnerability. 2021-11-18 not yet calculated CVE-2021-43017
MISC
amazon — freertos
 
Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU platforms does not prevent non-kernel code from calling the xPortRaisePrivilege and vPortResetPrivilege internal functions. This is fixed in 10.4.6 and in 10.4.3-LTS Patch 2. 2021-11-17 not yet calculated CVE-2021-43997
MISC
MISC
asus — multiple_products
 
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. 2021-11-19 not yet calculated CVE-2021-41435
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
asus — multiple_products
 
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. 2021-11-19 not yet calculated CVE-2021-41436
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
beyondtrust — beyondtrust BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. 2021-11-19 not yet calculated CVE-2021-42254
MISC
MISC
cisco — common_services_platform_collector
 
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by adding malicious code to the configuration by using the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. 2021-11-19 not yet calculated CVE-2021-40131
CISCO
cisco — common_services_platform_collector
 
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC. 2021-11-19 not yet calculated CVE-2021-40130
CISCO
cisco — common_services_platform_collector
 
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database. 2021-11-19 not yet calculated CVE-2021-40129
CISCO
ckeditor4 — ckeditor4
 
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0. 2021-11-17 not yet calculated CVE-2021-41165
MISC
CONFIRM
CONFIRM
concrete — cms Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SSRF Mitigation Bypass through DNS RebindingConcrete CMS security team gave this a CVSS score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:NConcrete CMS is maintaining Concrete version 8.5.x until 1 May 2022 for security fixes.This CVE is shared with HackerOne Reports hackerone.com/reports/1364797 and hackerone.com/reports/1360016Reporters: Adrian Tiron from FORTBRIDGE (www.fortbridge.co.uk/ ) and Bipul Jaiswal 2021-11-19 not yet calculated CVE-2021-22970
MISC
MISC
MISC
concrete — cms Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . Please note that Cloud IAAS provider mis-configurations are not Concrete CMS vulnerabilities. A mitigation for this vulnerability is to make sure that the IMDS configurations are according to a cloud provider’s best practices.This fix is also in Concrete version 9.0.0 2021-11-19 not yet calculated CVE-2021-22969
MISC
MISC
concrete — cms
 
A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it’s possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the ability to upload restricted file types and execute them depending on server configuration.To fix this, a check for allowed file extensions was added before downloading files to a tmp directory.Concrete CMS Security Team gave this a CVSS v3.1 score of 5.4 AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:NThis fix is also in Concrete version 9.0.0 2021-11-19 not yet calculated CVE-2021-22968
MISC
MISC
concrete — cms
 
In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in “add / edit message”.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H 2021-11-19 not yet calculated CVE-2021-22967
MISC
MISC
concrete — cms
 
Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted “view” permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group permissions before allowing a group to be moved. Concrete CMS Security team CVSS scoring: 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HCredit for discovery: “Adrian Tiron from FORTBRIDGE ( www.fortbridge.co.uk/ )”This fix is also in Concrete version 9.0.0 2021-11-19 not yet calculated CVE-2021-22966
MISC
MISC
concretecms — concretecms
 
Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations were put in place a. restricting file types for view_inline to images only b. putting a warning in the file manager to advise users.Credit for discovery: “Solar Security Research Team”Concrete CMS security team CVSS scoring is 5.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis fix is also in Concrete version 9.0.0 2021-11-19 not yet calculated CVE-2021-22951
MISC
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2021-11-12 not yet calculated CVE-2021-36323
MISC
dell — bios
 
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 2021-11-12 not yet calculated CVE-2021-36324
MISC
dell — emc_scg
 
Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. 2021-11-20 not yet calculated CVE-2021-36340
MISC
dell — emc_smartfabric
 
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system. 2021-11-20 not yet calculated CVE-2021-36307
MISC
dell — emc_smartfabric
 
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. 2021-11-20 not yet calculated CVE-2021-36308
MISC
dell — emc_smartfabric
 
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. 2021-11-20 not yet calculated CVE-2021-36306
MISC
dell — networking
 
Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service. 2021-11-20 not yet calculated CVE-2021-36310
MISC
dell — networking
 
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages. 2021-11-20 not yet calculated CVE-2021-36319
MISC
dell — networking_x-series
 
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID. 2021-11-20 not yet calculated CVE-2021-36320
MISC
dell — networking_x-series
 
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service. 2021-11-20 not yet calculated CVE-2021-36321
MISC
dell — networking_x-series
 
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections. 2021-11-20 not yet calculated CVE-2021-36322
MISC
distribution_spec — distribution_spec
 
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests” and “layers” fields or “manifests” and “config” fields if they are unable to update to version 1.0.1 of the spec. 2021-11-17 not yet calculated CVE-2021-41190
CONFIRM
MISC
MLIST
django — helpdesk
 
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-11-19 not yet calculated CVE-2021-3950
MISC
CONFIRM
edgex — edgex
 
Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors. The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in the processing pipeline. No decrypt function is provided. Encryption is not enabled by default, but if used, the level of protection may be less than the user may expects due to a broken implementation. Version v2.1.0 (EdgeX Foundry Jakarta release and later) of app-functions-sdk-go/v2 deprecates the “aes” transform and provides an improved “aes256” transform in its place. The broken implementation will remain in a deprecated state until it is removed in the next EdgeX major release to avoid breakage of existing software that depends on the broken implementation. As the broken transform is a library function that is not invoked by default, users who do not use the AES transform in their processing pipelines are unaffected. Those that are affected are urged to upgrade to the Jakarta EdgeX release and modify processing pipelines to use the new “aes256” transform. 2021-11-19 not yet calculated CVE-2021-41278
MISC
CONFIRM
elastic — kibana
 
It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connectors to view limited HTTP response data on hosts accessible to the cluster. 2021-11-18 not yet calculated CVE-2021-37939
MISC
elastic — kibana
 
It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Couture for finding this vulnerability. 2021-11-18 not yet calculated CVE-2021-37938
MISC
gallagher — command_centre
 
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions. 2021-11-18 not yet calculated CVE-2021-23167
MISC
gallagher — command_centre
 
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1454 (MR3); 8.20 versions prior to 8.20.1291 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions. 2021-11-18 not yet calculated CVE-2021-23146
MISC
gallagher — command_centre_mobile_client
 
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions prior to 8.60.065; version 8.50 and prior versions. 2021-11-18 not yet calculated CVE-2021-23155
MISC
gallagher — command_centre_mobile_connect
 
Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Connect for Android 15 versions prior to 15.04.040; version 14 and prior versions. 2021-11-18 not yet calculated CVE-2021-23162
MISC
gallagher — command_centre_server
 
Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions. 2021-11-18 not yet calculated CVE-2021-23193
MISC
gallagher — command_centre_server
 
Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 2021-11-18 not yet calculated CVE-2021-23197
MISC
gcc — gcc
 
GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. 2021-11-18 not yet calculated CVE-2021-37322
MISC
gerbv — gerbv
 
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2021-11-19 not yet calculated CVE-2021-40391
MISC
getgrav — getgrav
 
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-11-19 not yet calculated CVE-2021-3920
MISC
CONFIRM
go-ethereum — go-ethereum
 
Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with “runtime error: invalid memory address or nil pointer dereference” and arise a SEGV signal. 2021-11-18 not yet calculated CVE-2021-43668
MISC
greenplum — greenplum
 
In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users 2021-11-19 not yet calculated CVE-2021-22030
MISC
greenplum — greenplum
 
In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability. 2021-11-19 not yet calculated CVE-2021-22028
MISC
hitachi — energy_relion_products
 
Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions. 2021-11-18 not yet calculated CVE-2021-35535
CONFIRM
hitachi — energy_relion_products
 
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5. Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi Energy PWC600 1.0.1 version 1.0.1.4 and prior versions; 1.1.0 version 1.1.0.1 and prior versions. 2021-11-18 not yet calculated CVE-2021-35534
CONFIRM
CONFIRM
CONFIRM
hyperledger — fabric
 
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method ‘forwardToLeader’. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash. 2021-11-18 not yet calculated CVE-2021-43667
MISC
MISC
hyperledger — fabric
 
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the developers of Fabric. 2021-11-18 not yet calculated CVE-2021-43669
MISC
MISC
imagemagick — imagemagick
 
A flaw was found in ImageMagick 7.1.0-14 where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-11-19 not yet calculated CVE-2021-3962
MISC
intel — administrative_tools_for_intel_network_adapterfor_windows
 
Improper access control in the installer Intel(R)Administrative Tools for Intel(R) Network Adaptersfor Windowsbefore version 1.4.0.21 may allow an unauthenticated user to potentially enable escalation of privilege via local access. 2021-11-17 not yet calculated CVE-2021-33058
MISC
intel — administrative_tools_for_intel_network_adapters
 
Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation of privilege via local access. 2021-11-17 not yet calculated CVE-2021-33059
MISC
intel — distribution_of_openvinoa_toolkit
 
Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINOâ„¢ Toolkit before version 2021.4 may allow an unauthenticated user to potentially enable denial of service via local access. 2021-11-17 not yet calculated CVE-2021-33073
MISC
intel — ethernet
 
Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. 2021-11-17 not yet calculated CVE-2021-33098
MISC
intel — ethernet_700_series_controllers
 
Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers before version 8.2 may allow a privileged user to potentially enable an escalation of privilege via local access. 2021-11-17 not yet calculated CVE-2021-0200
MISC
intel — ethernet_diagnostic_driver
 
Improper input validation in the Intel(R) Ethernet Diagnostic Driver for Windows before version 1.4.0.10 may allow a privileged user to potentially enable escalation of privilege via local access. 2021-11-17 not yet calculated CVE-2021-0135
MISC
intel — ethernet_network_controllers
 
Protection mechanism failure in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to enable a denial of service via local access. 2021-11-17 not yet calculated CVE-2021-0197
MISC
intel — ethernet_network_controllers
 
Improper input validation in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.6.0.6 may allow a privileged user to potentially enable a denial of service via local access. 2021-11-17 not yet calculated CVE-2021-0199
MISC
intel — ethernet_network_controllers
 
Improper access control in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to potentially enable a denial of service via local access. 2021-11-17 not yet calculated CVE-2021-0198
MISC
intel — graphics_dch_drivers Improper initialization in the installer for some Intel(R) Graphics DCH Drivers for Windows 10 before version 27.20.100.9316 may allow an authenticated user to potentially enable denial of service via local access. 2021-11-17 not yet calculated CVE-2021-0120
MISC
intel — haxm_software Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable privilege escalation via local access. 2021-11-17 not yet calculated CVE-2021-0180
MISC
intel — haxm_software
 
Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable information disclosure via local access. 2021-11-17 not yet calculated CVE-2021-0182
MISC
intel — oneapi_rendering_toolkit
 
Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 not yet calculated CVE-2021-33071
MISC
intel — processors Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2021-11-17 not yet calculated CVE-2021-0158
MISC
intel — processors
 
Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. 2021-11-17 not yet calculated CVE-2021-0157
MISC
intel — processors
 
Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 2021-11-17 not yet calculated CVE-2021-0146
MISC
intel — processors
 
Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileged user to potentially escalation of privilege via local access. 2021-11-17 not yet calculated CVE-2021-0186
MISC
intel — proset/wireless_wifi
 
Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 not yet calculated CVE-2021-0082
MISC
intel — realsense_d400_series_uwp_driver
 
Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP driver for Windows 10 before version 6.1.160.22 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 not yet calculated CVE-2021-33063
MISC
intel — serial_io_driver
 
Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R) NUC 11 Gen before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 not yet calculated CVE-2021-33118
MISC
intel — sgx
 
Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access. 2021-11-17 not yet calculated CVE-2021-33097
MISC
intel — ssd_dc
 
Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access. 2021-11-17 not yet calculated CVE-2021-0148
MISC
intel — vtune_profiler
 
Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 not yet calculated CVE-2021-33062
MISC
intel — wireless_bluetooth_and_killer_bluetooth_products Improper access control in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-11-17 not yet calculated CVE-2021-0151
MISC
intel — wireless_bluetooth_and_killer_bluetooth_products
 
Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable denial of service via local access. 2021-11-17 not yet calculated CVE-2021-0152
MISC
ionic — identity_vault
 
In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed. 2021-11-19 not yet calculated CVE-2021-44033
MISC
FULLDISC
kimai2 — kimai2
 
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-19 not yet calculated CVE-2021-3957
MISC
CONFIRM
kimai2 — kimai2
 
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-19 not yet calculated CVE-2021-3963
CONFIRM
MISC
kimai2 — kimai2
 
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-19 not yet calculated CVE-2021-3976
MISC
CONFIRM
librecad — librecad A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. 2021-11-19 not yet calculated CVE-2021-21900
MISC
librecad — librecad
 
A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2021-11-19 not yet calculated CVE-2021-21899
MISC
librecad — librecad
 
A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. 2021-11-19 not yet calculated CVE-2021-21898
MISC
metabase — metabase
 
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application. 2021-11-17 not yet calculated CVE-2021-41277
MISC
CONFIRM
microsoft — clarity
 
There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3. The payload is stored on the configuring project Id page. 2021-11-19 not yet calculated CVE-2021-33850
MISC
myscada — mydesigner
 
mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution. 2021-11-19 not yet calculated CVE-2021-43555
MISC
netflix — spring_cloud_netflix_hysterix_dashboard
 
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution. 2021-11-19 not yet calculated CVE-2021-22053
MISC
nvdia — nvdia NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure. 2021-11-20 not yet calculated CVE-2021-1105
CONFIRM
nvdia — nvdia
 
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure. 2021-11-20 not yet calculated CVE-2021-1088
CONFIRM
nvdia — nvdia
 
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data. 2021-11-20 not yet calculated CVE-2021-1125
CONFIRM
nvidia — gpu_and_tegra NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access protected information, which may lead to information disclosure. 2021-11-20 not yet calculated CVE-2021-23219
CONFIRM
nvidia — gpu_and_tegra NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to instantiate a specifically timed DMA write to corrupt code execution, which may impact confidentiality, integrity, or availability. 2021-11-20 not yet calculated CVE-2021-23217
CONFIRM
nvidia — gpu_and_tegra
 
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure. 2021-11-20 not yet calculated CVE-2021-34399
CONFIRM
nvidia — gpu_and_tegra
 
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure. 2021-11-20 not yet calculated CVE-2021-34400
CONFIRM
nvidia — gpu_and_tegra
 
NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller which may allow a user with elevated privileges to generate valid microcode. This could lead to information disclosure, data corruption, or denial of service of the device. 2021-11-20 not yet calculated CVE-2021-23201
CONFIRM
opensource — moddable OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_prototype_repeat function at /moddable/xs/sources/xsString.c. 2021-11-19 not yet calculated CVE-2021-29325
MISC
opensource — moddable OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c. 2021-11-19 not yet calculated CVE-2021-29329
MISC
opensource — moddable OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c. 2021-11-19 not yet calculated CVE-2021-29328
MISC
opensource — moddable OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer function at /moddable/xs/sources/xsDataView.c. 2021-11-19 not yet calculated CVE-2021-29327
MISC
opensource — moddable
 
OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c. 2021-11-19 not yet calculated CVE-2021-29324
MISC
opensource — moddable
 
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c. 2021-11-19 not yet calculated CVE-2021-29326
MISC
opensource — moddable
 
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c. 2021-11-19 not yet calculated CVE-2021-29323
MISC
oroinc — client_relationship_management
 
OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package. 2021-11-19 not yet calculated CVE-2021-39198
CONFIRM
phillips — mri_1.5_and_mri_3t
 
Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource. 2021-11-19 not yet calculated CVE-2021-26248
MISC
MISC
phillips — mri_1.5_and_mri_3t
 
Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor. 2021-11-19 not yet calculated CVE-2021-26262
MISC
MISC
phillips — mri_1.5t_and_mri_3t
 
Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access. 2021-11-19 not yet calculated CVE-2021-42744
MISC
MISC
pi — server
 
A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information. 2021-11-18 not yet calculated CVE-2021-43549
MISC
prototype_pollution — prototype_pollution
 
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns. 2021-11-19 not yet calculated CVE-2021-23433
MISC
MISC
MISC
pterodactyl — pterodactyl
 
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment token. At no point would any data be exposed to the malicious user, this would simply trigger email spam to an administrative user, or generate a single auto-deployment token unexpectedly. This token is not revealed to the malicious user, it is simply created unexpectedly in the system. This has been addressed in release `1.6.6`. Users may optionally manually apply the fixes released in v1.6.6 to patch their own systems. 2021-11-17 not yet calculated CVE-2021-41273
CONFIRM
MISC
pulse_connect_secure — pulse_connect_secure
 
A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device. 2021-11-19 not yet calculated CVE-2021-22965
MISC
puppet — agent
 
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first ‘pluginsync’. 2021-11-18 not yet calculated CVE-2021-27025
MISC
puppet — agent_and_puppet_server
 
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 2021-11-18 not yet calculated CVE-2021-27023
MISC
puppet — enterprise
 
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged 2021-11-18 not yet calculated CVE-2021-27026
MISC
puppet — enterprise
 
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0 2021-11-18 not yet calculated CVE-2021-27024
MISC
qmailagent — qmailagent
 
We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later 2021-11-20 not yet calculated CVE-2021-34358
CONFIRM
quagga — quagga
 
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update. 2021-11-19 not yet calculated CVE-2021-44038
MISC
MISC
roundcube — roundcube
 
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. 2021-11-19 not yet calculated CVE-2021-44026
MISC
MISC
MISC
roundcube — roundcube
 
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment’s filename extension when displaying a MIME type warning message. 2021-11-19 not yet calculated CVE-2021-44025
MISC
MISC
MISC
MISC
sas — intrnet
 
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS. 2021-11-19 not yet calculated CVE-2021-41569
MISC
sharetribe_go — sharetribe_go
 
Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple Notification Service (SNS) notification token configured via the `sns_notification_token` configuration parameter. This configuration parameter is unset by default. The vulnerability has been patched in version 10.2.1. Users who are unable to upgrade should set the`sns_notification_token` configuration parameter to a secret value. 2021-11-19 not yet calculated CVE-2021-41280
CONFIRM
MISC
MISC
snapdragon — qnap
 
A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic. 2021-11-20 not yet calculated CVE-2021-38681
CONFIRM
snipe-it — snipe-it
 
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-11-19 not yet calculated CVE-2021-3961
CONFIRM
MISC
solidus_auth_devise — solidus_auth_devise
 
solidus_auth_devise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidus_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `solidus_auth_devise` are affected if `protect_from_forgery` method is both: Executed whether as: A `before_action` callback (the default) or A `prepend_before_action` (option `prepend: true` given) before the `:load_object` hook in `Spree::UserController` (most likely order to find). Configured to use `:null_session` or `:reset_session` strategies (`:null_session` is the default in case the no strategy is given, but `rails –new` generated skeleton use `:exception`). Users should promptly update to `solidus_auth_devise` version `2.5.4`. Users unable to update should if possible, change their strategy to `:exception`. Please see the linked GHSA for more workaround details. 2021-11-17 not yet calculated CVE-2021-41274
CONFIRM
MISC
spree_auth_devise — spree_auth_devise
 
spree_auth_devise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spree_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spree_auth_devise are affected if protect_from_forgery method is both: Executed whether as: A before_action callback (the default). A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails –new generated skeleton use :exception). Users are advised to update their spree_auth_devise gem. For users unable to update it may be possible to change your strategy to :exception. Please see the linked GHSA for more workaround details. ### Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `spree_auth_devise` are affected if `protect_from_forgery` method is both: * Executed whether as: * A before_action callback (the default) * A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). * Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails –new generated skeleton use :exception). That means that applications that haven’t been configured differently from what it’s generated with Rails aren’t affected. Thanks @waiting-for-dev for reporting and providing a patch ? ### Patches Spree 4.3 users should update to spree_auth_devise 4.4.1 Spree 4.2 users should update to spree_auth_devise 4.2.1 ### Workarounds If possible, change your strategy to :exception: “`ruby class ApplicationController < ActionController::Base protect_from_forgery with: :exception end “` Add the following to`config/application.rb `to at least run the `:exception` strategy on the affected controller: “`ruby config.after_initialize do Spree::UsersController.protect_from_forgery with: :exception end “` ### References github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2 2021-11-17 not yet calculated CVE-2021-41275
MISC
CONFIRM
styra — open_policy_agent_gatekeeper
 
** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication to finish before processing a request, which might cause inconsistencies between the replicated resources in OPA/Gatekeeper and the resources actually present in the cluster. Inconsistency can later be reflected in a policy bypass. NOTE: the vendor disagrees that this is a vulnerability, because Kubernetes states are only eventually consistent. 2021-11-17 not yet calculated CVE-2021-43979
MISC
MISC
suricata — suricata
 
Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments. 2021-11-19 not yet calculated CVE-2021-37592
MISC
CONFIRM
CONFIRM
team_password_manager — team_password_manager
 
Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning. 2021-11-19 not yet calculated CVE-2021-44037
MISC
MISC
team_password_manager — team_password_manager
 
Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import. 2021-11-19 not yet calculated CVE-2021-44036
MISC
MISC
vim — vim
 
vim is vulnerable to Heap-based Buffer Overflow 2021-11-19 not yet calculated CVE-2021-3968
CONFIRM
MISC
vim — vim
 
vim is vulnerable to Use After Free 2021-11-19 not yet calculated CVE-2021-3974
MISC
CONFIRM
vim — vim
 
vim is vulnerable to Heap-based Buffer Overflow 2021-11-19 not yet calculated CVE-2021-3973
MISC
CONFIRM
wireshark — wireshark
 
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19 not yet calculated CVE-2021-39929
MISC
MISC
CONFIRM
wireshark — wireshark
 
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19 not yet calculated CVE-2021-39925
CONFIRM
MISC
MISC
wireshark — wireshark
 
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-18 not yet calculated CVE-2021-39920
MISC
MISC
CONFIRM
wireshark — wireshark
 
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19 not yet calculated CVE-2021-39921
MISC
MISC
CONFIRM
wireshark — wireshark
 
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19 not yet calculated CVE-2021-39922
CONFIRM
MISC
MISC
wireshark — wireshark
 
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19 not yet calculated CVE-2021-39923
CONFIRM
MISC
MISC
wireshark — wireshark
 
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19 not yet calculated CVE-2021-39924
MISC
CONFIRM
MISC
wireshark — wireshark
 
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19 not yet calculated CVE-2021-39926
MISC
CONFIRM
MISC
wireshark — wireshark
 
NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-18 not yet calculated CVE-2021-39928
CONFIRM
MISC
MISC
wordpress — wordpress
 
The Duplicate Post WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles. 2021-11-19 not yet calculated CVE-2021-43408
MISC
MISC
wordpress — wordpress
 
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1. 2021-11-19 not yet calculated CVE-2021-39353
MISC
MISC
wordpress — wordpress
 
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions. 2021-11-19 not yet calculated CVE-2021-36884
CONFIRM
CONFIRM
wordpress — wordpress
 
The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. In this case, the XSS payload can be submitted by any anonymous user, the payload then renders and executes when a WordPress administrator authenticates and accesses the WordPress Dashboard. The injected payload can carry out actions on behalf of the administrator including adding other administrative users and changing application settings. This flaw could be exploited to ultimately provide full control of the affected system to the attacker. 2021-11-19 not yet calculated CVE-2021-43409
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends

11/22/2021 10:00 AM EST

Original release date: November 22, 2021

As Americans prepare to hit the highways and airports this Thanksgiving holiday, CISA and the Federal Bureau of Investigation (FBI) are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you. Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure. 

There are actions that executives, leaders, and workers in any organization can take proactively to protect themselves against cyberattacks, including possible ransomware attacks, during the upcoming holiday season—a time during which offices are often closed, and employees are home with their friends and families. Although neither CISA nor the FBI currently have identified any specific threats, recent 2021 trends show malicious cyber actors launching serious and impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends.

CISA and the FBI strongly urge all entities–especially critical infrastructure partners–to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats. Specifically, CISA and the FBI urge users and organizations to take the following actions to protect themselves from becoming the next victim:

  • Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack. 
  • Implement multi-factor authentication for remote access and administrative accounts.
  • Mandate strong passwords and ensure they are not reused across multiple accounts. 
  • If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored. 
  • Remind employees not to click on suspicious links, and conduct exercises to raise awareness. 

Additionally, CISA and the FBI recommend maintaining vigilance against the multiple techniques cybercriminals use to gain access to networks, including:

Finally—to reduce the risk of severe business/functional degradation should your organization fall victim to a ransomware attack—review and, if needed, update your incident response and communication plans. These plans should list actions to take—and contacts to reach out to—should your organization be impacted by a ransomware incident. Note: for assistance, review available incident response guidance, such as the Ransomware Response Checklist in the CISA-MS-ISAC Joint Ransomware Guide, the Public Power Cyber Incident Response Playbook, and the new Federal Government Cybersecurity Incident and Vulnerability Response Playbooks.

CISA and the FBI urge users and organizations to take these actions immediately to protect themselves against this threat. For a comprehensive overview, see the joint Cybersecurity Advisory Ransomware Awareness for Holidays and Weekends. For more information and resources on protecting against and responding to ransomware, visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.

This product is provided subject to this Notification and this Privacy & Use policy.

Updated: APT Exploitation of ManageEngine ADSelfService Plus Vulnerability

11/19/2021 04:04 PM EST

Original release date: November 19, 2021

The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have updated the Joint Cybersecurity Advisory (CSA) published on September 16, 2021, which details the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution.

The update provides details on a suite of tools APT actors are using to enable this campaign: 

  • Dropper: a dropper trojan that drops Godzilla webshell on a system 
  • Godzilla: a Chinese language web shell 
  • NGLite: a backdoor trojan written in Go 
  • KdcSponge: a tool that targets undocumented APIs in Microsoft’s implementation of Kerberos for credential exfiltration  

Note: FBI, CISA, and CGCYBER cannot confirm the CVE-2021-40539 is the only vulnerability APT actors are leveraging as part of this activity, so it is key that network defenders focus on detecting the tools listed above in addition to initial access vector.

CISA encourages organizations to review the update the November 19 update and apply the recommended mitigations. CISA also recommends reviewing the relevant blog posts from Palo Alto Networks, Microsoft, and IBM Security Intelligence

This product is provided subject to this Notification and this Privacy & Use policy.

NSA and CISA Release Guidance on Securing 5G Cloud Infrastructures

11/19/2021 01:44 PM EST

Original release date: November 19, 2021

CISA has announced the joint National Security Agency (NSA) and CISA publication of the second of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part II: Securely Isolate Network Resources examines threats to 5G container-centric or hybrid container/virtual network, also known as Pods. The guidance provides several aspects of pod security including limiting permissions on deployed containers, avoiding resource contention and denial-of-service attacks, and implementing real-time threat detection.

This series is being published under the Enduring Security Framework (ESF), a public-private cross-sector working group led by NSA and CISA.

CISA encourages 5G providers, integrators, and network operators to review the guidance and consider the recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.

Drupal Releases Security Updates

11/18/2021 11:21 AM EST

Original release date: November 18, 2021

Drupal has released security updates to address vulnerabilities that could affect versions 8.9, 9.1, and 9.2. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Drupal Security Advisory SA-CORE-2021-011 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities

11/17/2021 09:00 AM EST

Original release date: November 17, 2021

CISA, the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC)  have released a joint Cybersecurity Advisory highlighting ongoing malicious cyber activity by an advanced persistent threat (APT) group that FBI, CISA, ACSC, and NCSC assess is associated with the government of Iran.  FBI and CISA have observed this Iranian government-sponsored APT exploit Fortinet and Microsoft Exchange ProxyShell vulnerabilities to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.

Joint Cybersecurity Advisory AA21-321A provides observed tactics and techniques, as well as indicators of compromise that FBI, CISA, ACSC, and NCSC assess are likely associated with this Iranian government-sponsored APT activity. FBI, CISA, ACSC, and NCSC urge critical infrastructure organizations to apply the recommendations listed in the advisory to mitigate risk of compromise from Iranian government-sponsored cyber actors. 

CISA also recommends reviewing its Iran Cyber Threat Overview and other Iran-related Advisories.

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome

11/16/2021 10:11 AM EST

Original release date: November 16, 2021

Google has released Chrome version 96.0.4664.45 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. 

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates as soon as possible.

This product is provided subject to this Notification and this Privacy & Use policy.