Vulnerability Summary for the Week of May 23, 2022

05/30/2022 01:15 PM EDT

Original release date: May 30, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
badminton_center_management_system_project — badminton_center_management_system Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. 2022-05-24 7.5 CVE-2022-30455
MISC
battleye — battleye BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-05-20 7.2 CVE-2022-27095
MISC
chatbot_application_with_a_suggestion_feature_project — chatbot_application_with_a_suggestion_feature ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php. 2022-05-20 7.5 CVE-2022-30518
MISC
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. 2022-05-26 7.5 CVE-2022-29660
MISC
covid-19_directory_on_vaccination_system_project — covid-19_directory_on_vaccination_system Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field. 2022-05-20 7.5 CVE-2022-28531
MISC
MISC
covid_19_travel_pass_management_system_project — covid_19_travel_pass_management_system Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status 2022-05-24 7.5 CVE-2022-30838
MISC
merchandise_online_store_project — merchandise_online_store Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. 2022-05-24 7.5 CVE-2022-30454
MISC
minitool — partition_wizard MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-05-20 7.2 CVE-2022-29320
MISC
multi-vendor_online_groceries_management_system_project — multi-vendor_online_groceries_management_system Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php. 2022-05-20 7.5 CVE-2022-26632
MISC
nirweb — nirweb_support The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection 2022-05-23 7.5 CVE-2022-0781
MISC
online_sports_complex_booking_system_project — online_sports_complex_booking_system Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request. 2022-05-20 7.5 CVE-2022-28106
MISC
online_sports_complex_booking_system_project — online_sports_complex_booking_system Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php. 2022-05-20 7.5 CVE-2022-28105
MISC
pharmacy_management_system_project — pharmacy_management_system Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. 2022-05-20 7.5 CVE-2022-30887
MISC
privateinternetaccess — private_internet_access Private Internet Access v3.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-05-20 7.2 CVE-2022-27092
MISC
rengine_project — rengine Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. 2022-05-20 7.5 CVE-2022-28995
MISC
rengine_project — rengine OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0. 2022-05-22 7.5 CVE-2022-1813
MISC
CONFIRM
school_dormitory_management_system_project — school_dormitory_management_system School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php. 2022-05-20 7.5 CVE-2022-30886
MISC
siemens — 7kg8500-0aa00-0aa0_firmware A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. 2022-05-20 7.5 CVE-2022-29873
CONFIRM
simple_student_quarterly_result/grade_system_project — simple_student_quarterly_result/grade_system Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php. 2022-05-20 7.5 CVE-2022-26633
MISC
sony — playmemories_home Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. 2022-05-20 7.2 CVE-2022-27094
MISC
vmware — identity_manager VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. 2022-05-20 7.5 CVE-2022-22972
MISC
vmware — identity_manager VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’. 2022-05-20 7.2 CVE-2022-22973
MISC
water_billing_system_project — water_billing_system Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id 2022-05-24 7.5 CVE-2022-30461
MISC
wp_contacts_manager_project — wp_contacts_manager The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. 2022-05-23 7.5 CVE-2022-1014
MISC

Back to top

&#xA0;

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. 2022-05-24 6.5 CVE-2022-30463
MISC
avast — premium_security Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file. 2022-05-20 4.4 CVE-2022-28965
MISC
MISC
chatbot_app_with_suggestion_in_php/oop_project — chatbot_app_with_suggestion_in_php/oop ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. 2022-05-24 6.5 CVE-2022-30459
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. 2022-05-26 6.5 CVE-2022-29676
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del. 2022-05-26 6.5 CVE-2022-29683
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan. 2022-05-26 6.5 CVE-2022-29669
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del. 2022-05-26 6.5 CVE-2022-29687
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan. 2022-05-26 6.5 CVE-2022-29686
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort. 2022-05-26 6.5 CVE-2022-29685
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del. 2022-05-26 6.5 CVE-2022-29682
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del. 2022-05-26 6.5 CVE-2022-29681
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del. 2022-05-26 6.5 CVE-2022-29680
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del. 2022-05-26 6.5 CVE-2022-29684
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save. 2022-05-26 6.5 CVE-2022-29665
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. 2022-05-26 6.5 CVE-2022-29666
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos. 2022-05-26 6.5 CVE-2022-29667
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del. 2022-05-26 6.5 CVE-2022-29689
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save. 2022-05-26 6.5 CVE-2022-29664
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy. 2022-05-26 6.5 CVE-2022-29663
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save. 2022-05-26 6.5 CVE-2022-29662
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save. 2022-05-26 6.5 CVE-2022-29661
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy. 2022-05-26 6.5 CVE-2022-29688
MISC
chshcms — cscms_music_portal_system CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del. 2022-05-26 6.5 CVE-2022-29670
MISC
disable_right_click_for_wp_wordpress — disable_right_click_for_wp Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni’s Disable Right Click For WP plugin <= 1.1.6 at WordPress. 2022-05-20 6.8 CVE-2022-29427
CONFIRM
CONFIRM
donate_extra_project — donate_extra The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting 2022-05-23 4.3 CVE-2022-1268
MISC
duogeek — domain_replace The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting 2022-05-23 4.3 CVE-2022-1218
MISC
e-diary_management_system_project — e-diary_management_system Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php. 2022-05-23 4.3 CVE-2022-29004
MISC
MISC
MISC
gnu — libredwg A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. 2022-05-23 6.8 CVE-2021-42586
MISC
gnu — libredwg A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. 2022-05-23 6.8 CVE-2021-42585
MISC
gwyns_imagemap_selector_project — gwyns_imagemap_selector The Gwyn’s Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting. 2022-05-23 4.3 CVE-2022-1221
MISC
imgurl_project — imgurl imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost. 2022-05-24 6.8 CVE-2022-29305
MISC
inoutscripts — blockchain_altexchanger Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection. 2022-05-23 5 CVE-2022-31487
MISC
MISC
inoutscripts — blockchain_altexchanger Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. 2022-05-23 5 CVE-2022-31489
MISC
inoutscripts — blockchain_altexchanger Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. 2022-05-23 5 CVE-2022-31488
MISC
jgraph — drawio Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. 2022-05-20 5 CVE-2022-1784
MISC
CONFIRM
kubiq — cpt_base Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base. 2022-05-20 5.8 CVE-2022-29431
CONFIRM
CONFIRM
online_banquet_booking_system_project — online_banquet_booking_system A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. 2022-05-20 6.8 CVE-2022-28992
MISC
online_birth_certificate_system_project — online_birth_certificate_system Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters. 2022-05-23 4.3 CVE-2022-29005
MISC
MISC
MISC
openrazer_project — openrazer A buffer overflow in the razerkbd driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. 2022-05-20 5 CVE-2022-29021
MISC
openrazer_project — openrazer A buffer overflow in the razeraccessory driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. 2022-05-20 5 CVE-2022-29022
MISC
openrazer_project — openrazer A buffer overflow in the razermouse driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. 2022-05-20 5 CVE-2022-29023
MISC
oracle — e-business_suite Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered. <br> <br>Oracle E-Business Suite 12.1 is not impacted by this vulnerability. Customers should refer to the Patch Availability Document for details. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 2022-05-20 5 CVE-2022-21500
MISC
png_to_jpg_project — png_to_jpg Cross-Site Scripting (XSS) vulnerability in KubiQ’s PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality. 2022-05-20 4.3 CVE-2022-29430
CONFIRM
CONFIRM
publify_project — publify Improper Access Control in GitHub repository publify/publify prior to 9.2.9. 2022-05-23 4 CVE-2022-1810
MISC
CONFIRM
rescue_dispatch_management_system_project — rescue_dispatch_management_system Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via localhost/rdms/admin/?page=system_info. 2022-05-23 6.5 CVE-2022-30016
MISC
MISC
room_rent_portal_site_project — room_rent_portal_site Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. 2022-05-24 6.5 CVE-2022-30843
MISC
room_rent_portal_site_project — room_rent_portal_site Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. 2022-05-24 4.3 CVE-2022-30839
MISC
rtx_project — rtx Cross-site Scripting (XSS) – Reflected in GitHub repository rtxteam/rtx prior to checkpoint_2022-05-18. 2022-05-20 4.3 CVE-2022-1806
CONFIRM
MISC
siemens — 7kg8500-0aa00-0aa0_firmware A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device. 2022-05-20 5 CVE-2022-29874
CONFIRM
siemens — 7kg8500-0aa00-0aa0_firmware A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly handle the input of a GET request parameter. The provided argument is directly reflected in the web server response. This could allow an unauthenticated attacker to perform reflected XSS attacks. 2022-05-20 4.3 CVE-2022-29876
CONFIRM
siemens — 7kg8500-0aa00-0aa0_firmware A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. 2022-05-20 6.5 CVE-2022-29872
CONFIRM
siemens — teamcenter A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. 2022-05-20 5 CVE-2022-29801
CONFIRM
siemens — teamcenter_visualization A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. 2022-05-20 6.8 CVE-2022-29032
CONFIRM
siemens — teamcenter_visualization A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2022-05-20 4.3 CVE-2022-29031
CONFIRM
siemens — teamcenter_visualization A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. 2022-05-20 6.8 CVE-2022-29033
CONFIRM
siemens — teamcenter_visualization A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2022-05-20 4.3 CVE-2022-29028
CONFIRM
siemens — teamcenter_visualization A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash. 2022-05-20 5 CVE-2022-24290
CONFIRM
siemens — teamcenter_visualization A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2022-05-20 4.3 CVE-2022-29029
CONFIRM
siemens — teamcenter_visualization A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2022-05-20 4.3 CVE-2022-29030
CONFIRM
simple_food_website_project — simple_food_website Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. 2022-05-23 6.8 CVE-2022-30014
MISC
MISC
MISC
trudesk_project — trudesk Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. 2022-05-20 4 CVE-2022-1754
MISC
CONFIRM
trudesk_project — trudesk Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. 2022-05-21 6 CVE-2022-1752
CONFIRM
MISC
trudesk_project — trudesk Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. 2022-05-20 6.5 CVE-2022-1770
CONFIRM
MISC
turn_off_all_comments_project — turn_off_all_comments The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting 2022-05-23 4.3 CVE-2022-1192
MISC
wasm3_project — wasm3 WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm. 2022-05-20 4.6 CVE-2022-28990
MISC
MISC
wow-estore — herd_effects Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company’s Herd Effects plugin <= 5.2 at WordPress. 2022-05-20 4 CVE-2022-29448
CONFIRM
CONFIRM
wpchill — check_ amp;_log_email The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting 2022-05-23 4.3 CVE-2022-1547
MISC
wpwham — checkout_files_upload_for_woocommerce Cross-Site Scripting (XSS) vulnerability in WP Wham’s Checkout Files Upload for WooCommerce plugin <= 2.1.2 at WordPress. 2022-05-20 4.3 CVE-2022-29425
CONFIRM
CONFIRM
xmlsitemapgenerator — xml_sitemap_generator The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on. 2022-05-23 4.3 CVE-2022-0346
MISC

Back to top

&#xA0;

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
10web — sliderby10web The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-05-23 3.5 CVE-2022-1320
MISC
automotive_shop_management_system_project — automotive_shop_management_system Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. 2022-05-24 3.5 CVE-2022-30458
MISC
badminton_center_management_system_project — badminton_center_management_system Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. 2022-05-24 3.5 CVE-2022-30456
MISC
chatbot_app_with_suggestion_in_php/oop_project — chatbot_app_with_suggestion_in_php/oop ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. 2022-05-24 3.5 CVE-2022-30464
MISC
collectiveaccess — providence Cross-site Scripting (XSS) – Reflected in GitHub repository collectiveaccess/providence prior to 1.8. 2022-05-23 3.5 CVE-2022-1825
CONFIRM
MISC
covid_19_travel_pass_management_system_project — covid_19_travel_pass_management_system Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. 2022-05-24 3.5 CVE-2022-30842
MISC
curtain_project — curtain The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed 2022-05-23 3.5 CVE-2022-1558
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 2.1 CVE-2022-29193
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
google — tensorflow TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate that the `filter_sizes` argument is a vector. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 2.1 CVE-2022-29196
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `index` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 2.1 CVE-2022-29195
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `dense_shape` is a vector and `indices` is a matrix (as part of requirements for sparse tensors) but there is no validation for this. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 2.1 CVE-2022-29198
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 2.1 CVE-2022-29197
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
google — tensorflow TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `initializing_values` is a vector but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. 2022-05-20 2.1 CVE-2022-29199
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
joomunited — wp_meta_seo The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed. 2022-05-23 3.5 CVE-2022-1093
MISC
mariadb — mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. 2022-05-25 2.1 CVE-2022-31622
MISC
MISC
mariadb — mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. 2022-05-25 2.1 CVE-2022-31624
MISC
MISC
mariadb — mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. 2022-05-25 2.1 CVE-2022-31623
MISC
MISC
mariadb — mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. 2022-05-25 2.1 CVE-2022-31621
MISC
MISC
mc4wp — mc4wp Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode’s MC4WP plugin <= 4.8.6 at WordPress. 2022-05-20 3.5 CVE-2021-36833
CONFIRM
CONFIRM
muneeb — wp_slider Cross-Site Scripting (XSS) vulnerability in Muneeb’s WP Slider Plugin <= 1.4.5 at WordPress. 2022-05-20 3.5 CVE-2022-29428
CONFIRM
CONFIRM
orangehrm — orangehrm A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. 2022-05-20 3.5 CVE-2022-28985
MISC
oxilab — image_hover_effects_ultimate Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari’s Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress. 2022-05-20 3.5 CVE-2022-29424
CONFIRM
CONFIRM
rescue_dispatch_management_system_project — rescue_dispatch_management_system Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing. 2022-05-23 3.5 CVE-2022-30017
MISC
MISC
simple_food_website_project — simple_food_website In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on 127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss. 2022-05-23 3.5 CVE-2022-30015
MISC
MISC
simple_social_networking_site_project — simple_social_networking_site Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. 2022-05-24 3.5 CVE-2022-30460
MISC
tms-outsource — wpdatatables Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters. 2022-05-20 3.5 CVE-2022-29432
CONFIRM
CONFIRM
toll_tax_management_system_project — toll_tax_management_system Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name. 2022-05-24 3.5 CVE-2022-30837
MISC
water_billing_system_project — water_billing_system Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. 2022-05-24 3.5 CVE-2022-30462
MISC
wpshopmart — tabs_responsive The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-05-23 3.5 CVE-2022-1298
MISC

Back to top

&#xA0;

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — macos_monterey_and_masos_big_sur An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. 2022-05-26 not yet calculated CVE-2022-26718
MISC
MISC
cisco — common_services_platform_collector_software Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20670
CISCO
phpgurukul — zoo_managment_system A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely. 2022-05-26 not yet calculated CVE-2021-4232
N/A
zyxel — cgi_program A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled. 2022-05-24 not yet calculated CVE-2022-0910
CONFIRM
74cmsse_v3.5.1–74cmsse_v3.5.1 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. 2022-05-26 not yet calculated CVE-2022-29721
MISC
74cmsse_v3.5.1–74cmsse_v3.5.1 74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component indexcontrollerDownload.php. 2022-05-26 not yet calculated CVE-2022-29720
MISC
academy-lm –academy-lms Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. 2022-05-25 not yet calculated CVE-2022-29380
MISC
action_pack — action_pack An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. 2022-05-26 not yet calculated CVE-2022-22577
MISC
action_view_tag_helpers — action_view_tag_helpers A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. 2022-05-26 not yet calculated CVE-2022-27777
MISC
aerialwei– zkeacms A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter. 2022-05-25 not yet calculated CVE-2022-29362
MISC
agg_software — web_server The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system. 2022-05-24 not yet calculated CVE-2021-32964
MISC
agg_software — web_server The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to cross-site scripting, which may allow an attacker to remotely execute arbitrary code. 2022-05-24 not yet calculated CVE-2021-32962
MISC
airfield — online A vulnerability has been found in Airfield Online and classified as problematic. This vulnerability affects the path /backups/ of the MySQL backup handler. An attacker is able to get access to sensitive data without proper authentication. It is recommended to the change the configuration settings. 2022-05-24 not yet calculated CVE-2021-4230
N/A
angular — angular A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component. 2022-05-26 not yet calculated CVE-2021-4231
MISC
MISC
MISC
MISC
apache — archiva In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8 2022-05-25 not yet calculated CVE-2022-29405
MISC
apache –maven-shared-utils In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. 2022-05-23 not yet calculated CVE-2022-29599
MISC
MISC
MLIST
apple — ios_15.5_and_ipados15.5 An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A person with physical access to an iOS device may be able to access photos from the lock screen. 2022-05-26 not yet calculated CVE-2022-26703
MISC
apple — ios_and_ipados A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26744
MISC
apple — itunes A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. 2022-05-26 not yet calculated CVE-2022-26774
MISC
apple — itunes A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission. 2022-05-26 not yet calculated CVE-2022-26773
MISC
apple — macos_big_sur A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory. 2022-05-26 not yet calculated CVE-2022-26745
MISC
apple — macos_monterey A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26750
MISC
apple — macos_monterey A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26742
MISC
apple — macos_monterey A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector. 2022-05-26 not yet calculated CVE-2022-26725
MISC
apple — macos_monterey A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26749
MISC
apple — macos_monterey This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application’s permissions and access user data. 2022-05-26 not yet calculated CVE-2022-26693
MISC
apple — macos_monterey A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26754
MISC
apple — macos_monterey A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26772
MISC
apple — macos_monterey A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26752
MISC
apple — macos_monterey This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application’s permissions and access user data. 2022-05-26 not yet calculated CVE-2022-26694
MISC
apple — macos_monterey A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26753
MISC
apple — macos_monterey Description: A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to modify protected parts of the file system. 2022-05-26 not yet calculated CVE-2022-26690
MISC
apple — macos_monterey An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.4. An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges. 2022-05-26 not yet calculated CVE-2022-26743
MISC
apple — macos_monterey This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. 2022-05-26 not yet calculated CVE-2022-26708
MISC
apple — macos_monterey A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges. 2022-05-26 not yet calculated CVE-2022-26704
MISC
apple — macos_monterey_and_masos_big_sur A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. 2022-05-26 not yet calculated CVE-2022-26723
MISC
MISC
apple — macos_monterey_and_masos_big_sur This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to modify protected parts of the file system. 2022-05-26 not yet calculated CVE-2022-26712
MISC
MISC
apple — multiple_products An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. 2022-05-26 not yet calculated CVE-2022-26775
MISC
MISC
apple — multiple_products A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. 2022-05-26 not yet calculated CVE-2022-22662
MISC
MISC
apple — multiple_products A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26701
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-22672
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26771
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26737
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user’s screen. 2022-05-26 not yet calculated CVE-2022-26726
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26756
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26770
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. 2022-05-26 not yet calculated CVE-2022-22674
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26768
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26740
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26720
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26736
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26738
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox. 2022-05-26 not yet calculated CVE-2022-26755
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system. 2022-05-26 not yet calculated CVE-2022-26727
MISC
MISC
apple — multiple_products A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation. 2022-05-26 not yet calculated CVE-2022-26766
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26741
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. 2022-05-26 not yet calculated CVE-2022-26748
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode. 2022-05-26 not yet calculated CVE-2022-26731
MISC
MISC
apple — multiple_products This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files. 2022-05-26 not yet calculated CVE-2022-26728
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. 2022-05-26 not yet calculated CVE-2022-26715
MISC
MISC
MISC
apple — multiple_products A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. 2022-05-26 not yet calculated CVE-2022-26765
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. 2022-05-26 not yet calculated CVE-2022-26764
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. 2022-05-26 not yet calculated CVE-2022-26698
MISC
MISC
MISC
apple — multiple_products A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26757
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks. 2022-05-26 not yet calculated CVE-2022-22663
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. 2022-05-26 not yet calculated CVE-2022-26746
MISC
MISC
MISC
apple — multiple_products The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. 2022-05-26 not yet calculated CVE-2022-26767
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26761
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service. 2022-05-26 not yet calculated CVE-2022-22673
MISC
apple — multiple_products A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. 2022-05-26 not yet calculated CVE-2022-26721
MISC
MISC
MISC
apple — multiple_products An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges. 2022-05-26 not yet calculated CVE-2022-26763
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks. 2022-05-26 not yet calculated CVE-2022-22616
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26739
MISC
MISC
MISC
apple — multiple_products An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. 2022-05-26 not yet calculated CVE-2022-26711
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26702
MISC
MISC
MISC
apple — multiple_products A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. 2022-05-26 not yet calculated CVE-2022-26722
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. 2022-05-26 not yet calculated CVE-2022-26691
MISC
MISC
MISC
apple — multiple_products An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. 2022-05-26 not yet calculated CVE-2022-26706
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2022-05-26 not yet calculated CVE-2022-26751
MISC
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution. 2022-05-26 not yet calculated CVE-2022-26776
MISC
MISC
apple — multiple_products An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. 2022-05-26 not yet calculated CVE-2022-26688
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26769
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. 2022-05-26 not yet calculated CVE-2022-26714
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. 2022-05-26 not yet calculated CVE-2022-26697
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. 2022-05-26 not yet calculated CVE-2022-22675
MISC
MISC
MISC
MISC
MISC
apple — tvos An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication. 2022-05-26 not yet calculated CVE-2022-26724
MISC
apple — xcode This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges. 2022-05-26 not yet calculated CVE-2022-26747
MISC
apple — xpc_services_api An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission. 2022-05-26 not yet calculated CVE-2022-22676
MISC
archer — archer_platform Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. 2022-05-26 not yet calculated CVE-2022-30584
MISC
MISC
archer — archer_platform The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. 2022-05-26 not yet calculated CVE-2022-30585
MISC
MISC
archibus — web_central In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions, such as version 26.2. 2022-05-25 not yet calculated CVE-2022-28862
MISC
MISC
arista — eos This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device. 2022-05-26 not yet calculated CVE-2021-28509
MISC
arista — eos This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device. 2022-05-26 not yet calculated CVE-2021-28508
MISC
aveva — intouch_access_anywhere_and_plant_scada_access_anywhere_applications Windows OS can be configured to overlay a &#x201C;language bar&#x201D; on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS. 2022-05-23 not yet calculated CVE-2022-1467
MISC
MISC
azure — rtos_usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function does not assure that a buffer overflow will not occur during handling of the DFU UPLOAD command. When an attacker issues the `UX_SLAVE_CLASS_DFU_COMMAND_UPLOAD` control transfer request with `wLenght` larger than the buffer size (`UX_SLAVE_REQUEST_CONTROL_MAX_LENGTH`, 256 bytes), depending on the actual implementation of `dfu -> ux_slave_class_dfu_read`, a buffer overflow may occur. In example `ux_slave_class_dfu_read` may read 4096 bytes (or more up to 65k) to a 256 byte buffer ultimately resulting in an overflow. Furthermore in case an attacker has some control over the read flash memory, this may result in execution of arbitrary code and platform compromise. A fix for this issue has been included in USBX release 6.1.11. As a workaround, align request and buffer size to assure that buffer boundaries are respected. 2022-05-24 not yet calculated CVE-2022-29246
CONFIRM
MISC
MISC
azure — rtos_usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with `bNbPorts` set to a value greater than `UX_MAX_TT` which defaults to 8. For a `bNbPorts` value of 255, the implementation of `ux_host_class_hub_descriptor_get` function will modify the contents of `hub` -> `ux_host_class_hub_device` -> `ux_device_hub_tt` array violating the end boundary by 255 – `UX_MAX_TT` items. The USB host stack needs to validate the number of ports reported by the hub, and if the value is larger than UX_MAX_TT, USB stack needs to reject the request. This fix has been included in USBX release 6.1.10. 2022-05-24 not yet calculated CVE-2022-29223
CONFIRM
MISC
badmington_center — management_system A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input </td><img src=”https://us-cert.cisa.gov” onerror=”alert(1)”><td>1 leads to an authenticated cross site scripting. Exploit details have been disclosed to the public. 2022-05-23 not yet calculated CVE-2022-1817
MISC
MISC
beego — beego The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1). 2022-05-21 not yet calculated CVE-2022-31259
MISC
MISC
MISC
bentley_nevada — 3500_rack_configuration The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access. 2022-05-25 not yet calculated CVE-2021-32997
MISC
bfabiszewski_libmobi Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. 2022-05-27 not yet calculated CVE-2022-1907
CONFIRM
MISC
bfabiszewski_libmobi Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. 2022-05-27 not yet calculated CVE-2022-1908
CONFIRM
MISC
c-data — d702xw-x-r430 C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request. 2022-05-24 not yet calculated CVE-2022-29337
MISC
camptocamp — terraboard SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0. 2022-05-25 not yet calculated CVE-2022-1883
MISC
CONFIRM
cardo_systems — scala_rider_q3 A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended. 2022-05-24 not yet calculated CVE-2014-125001
MISC
MISC
causefx_organizr Cross-site Scripting (XSS) – Stored in GitHub repository causefx/organizr prior to 2.1.2200. 2022-05-27 not yet calculated CVE-2022-1909
MISC
CONFIRM
chainsafe — lodestar Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted `AttesterSlashing` or `ProposerSlashing` being included on-chain. Because the developers represent `uint64` values as native javascript `number`s, there is an issue when those variables with large (greater than 2^53) `uint64` values are included on chain. In those cases, Lodestar may view valid_`AttesterSlashing` or `ProposerSlashing` as invalid, due to rounding errors in large `number` values. This causes a consensus split, where Lodestar nodes are forked away from the main network. Similarly, Lodestar may consider invalid `ProposerSlashing` as valid, thus including in proposed blocks that will be considered invalid by the network. Version 0.36.0 contains a fix for this issue. As a workaround, use `BigInt` to represent `Slot` and `Epoch` values in `AttesterSlashing` and `ProposerSlashing` objects. `BigInt` is too slow to be used in all `Slot` and `Epoch` cases, so one may carefully use `BigInt` just where necessary for consensus. 2022-05-24 not yet calculated CVE-2022-29219
CONFIRM
MISC
MISC
circutor — compact_dc-s_basic A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any “Address” value and it would be copied to a second variable with a “strcpy” vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address. 2022-05-24 not yet calculated CVE-2022-1669
MISC
cisco — common_services_platform_collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20668
CISCO
cisco — common_services_platform_collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20667
CISCO
cisco — common_services_platform_collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20666
CISCO
cisco — common_services_platform_collector_software Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20672
CISCO
cisco — common_services_platform_collector_software Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20673
CISCO
cisco — common_services_platform_collector_software Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20669
CISCO
cisco — common_services_platform_collector_software Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20674
CISCO
cisco — common_services_platform_collector_software Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20671
CISCO
cisco — expressway_series_and_telepresence Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-27 not yet calculated CVE-2022-20807
CISCO
cisco — expressway_series_and_telepresence Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-27 not yet calculated CVE-2022-20806
CISCO
cisco — expressway_series_and_telepresence Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-26 not yet calculated CVE-2022-20809
CISCO
cisco — ios_xr A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system. 2022-05-26 not yet calculated CVE-2022-20821
CISCO
cisco — secure_network_analytics A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly. 2022-05-27 not yet calculated CVE-2022-20797
CISCO
cisco — web_applications A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms. 2022-05-27 not yet calculated CVE-2022-20765
CISCO
cisco — enterprise_chat_and_email A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials. 2022-05-27 not yet calculated CVE-2022-20802
CISCO
citrix — gateway_plug-in An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM. 2022-05-26 not yet calculated CVE-2022-21827
MISC
claroty — secure_remote_access_site Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With access to the web UI an attacker can access assets managed by the SRA installation and could compromise the installation. 2022-05-23 not yet calculated CVE-2021-32958
MISC
cognex — in-sight_opc_server Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitrary code with the same privileges as the server user (root). 2022-05-23 not yet calculated CVE-2021-32941
MISC
cognex — in-sight_opc_server The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. 2022-05-23 not yet calculated CVE-2021-32935
MISC
cszcms — cszcms CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. 2022-05-23 not yet calculated CVE-2022-28997
MISC
MISC
MISC
MISC
MISC
curl — curl An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). 2022-05-26 not yet calculated CVE-2022-22576
MISC
cyberlink — power_director A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. 2022-05-24 not yet calculated CVE-2022-29333
MISC
MISC
MISC
MISC
d-link — dsl-g2452dg D-Link DSL-G2452DG HW:T1tFW:ME_2.00 was discovered to contain insecure permissions. 2022-05-23 not yet calculated CVE-2022-28932
MISC
MISC
MISC
MISC
dedecms — dedecms DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. 2022-05-26 not yet calculated CVE-2022-30508
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-05-26 not yet calculated CVE-2022-24418
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 2022-05-26 not yet calculated CVE-2022-24417
MISC
dell — emc_cloudlink Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks. 2022-05-26 not yet calculated CVE-2022-24414
MISC
dell — emc_networker Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates. 2022-05-26 not yet calculated CVE-2022-29082
MISC
dell — idrac9 Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console. 2022-05-26 not yet calculated CVE-2022-24422
MISC
dell — multiple_products Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user’s web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. 2022-05-26 not yet calculated CVE-2022-29091
MISC
dell — openmanage_enterprise Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions. 2022-05-26 not yet calculated CVE-2022-26857
MISC
dell — support_assist_os_recovery Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator. 2022-05-26 not yet calculated CVE-2022-26865
MISC
delta_electronics — diascreen Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. 2022-05-24 not yet calculated CVE-2021-32965
MISC
delta_electronics — diascreen Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. 2022-05-24 not yet calculated CVE-2021-32969
MISC
dev-cpp — dev-cpp Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe. 2022-05-23 not yet calculated CVE-2022-28999
MISC
divvydrives — aciklama_parameter A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive’s “aciklama” parameter could allow anyone to gain users’ session informations. 2022-05-23 not yet calculated CVE-2022-0900
CONFIRM
docker — desktop Docker Desktop 4.3.0 has Incorrect Access Control. 2022-05-25 not yet calculated CVE-2021-44719
MISC
MISC
MISC
dpkg — dpkg Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. 2022-05-26 not yet calculated CVE-2022-1664
MISC
MISC
MISC
MISC
MISC
MISC
emco — emco_software Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. &#xB6;&#xB6; Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process. 2022-05-23 not yet calculated CVE-2022-28944
MISC
MISC
MISC
epub2txt2 — epub2txt2 epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in _parse_special_tag at sxmlc.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XML file. 2022-05-25 not yet calculated CVE-2022-29358
MISC
erudika — para Business Logic Errors in GitHub repository erudika/para prior to 1.45.11. 2022-05-24 not yet calculated CVE-2022-1848
MISC
CONFIRM
f-secure– atlant A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker. 2022-05-25 not yet calculated CVE-2022-28875
MISC
MISC
f-secure– atlant Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. 2022-05-23 not yet calculated CVE-2022-28874
MISC
MISC
filegator — filegator Path Traversal in GitHub repository filegator/filegator prior to 7.8.0. 2022-05-24 not yet calculated CVE-2022-1850
CONFIRM
MISC
filegator — filegator Session Fixation in GitHub repository filegator/filegator prior to 7.8.0. 2022-05-24 not yet calculated CVE-2022-1849
MISC
CONFIRM
fortiguard — fortios An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms. 2022-05-24 not yet calculated CVE-2022-22306
CONFIRM
gibbon — v23 Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. 2022-05-25 not yet calculated CVE-2022-27305
MISC
MISC
MISC
ginadmin — ginadmin In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal. 2022-05-25 not yet calculated CVE-2022-30427
MISC
ginadmin — ginadmin In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. 2022-05-25 not yet calculated CVE-2022-30428
MISC
gitblit — gitblit Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext ‘attacker@example.comntrole = “#admin”‘ value. 2022-05-21 not yet calculated CVE-2022-31267
MISC
MISC
gitblit — gitblit A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). 2022-05-21 not yet calculated CVE-2022-31268
MISC
gjson — gjson GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON input. 2022-05-24 not yet calculated CVE-2021-42248
MISC
gost — gost_engine GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1 contains a patch for this issue. Disabling ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is a possible workaround. 2022-05-24 not yet calculated CVE-2022-29242
MISC
MISC
MISC
MISC
CONFIRM
guzzle — guzzle Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with [‘cookies’ => true] are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability. Guzzle versions 6.5.6 and 7.4.3 contain a patch for this issue. As a workaround, turn off the cookie middleware. 2022-05-25 not yet calculated CVE-2022-29248
MISC
MISC
CONFIRM
CONFIRM
h — h An issue in H v1.0 allows attackers to bypass authentication via a session replay attack. 2022-05-24 not yet calculated CVE-2022-29334
MISC
halibut — halibut A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document. 2022-05-24 not yet calculated CVE-2021-42612
MISC
halibut — halibut A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document. 2022-05-24 not yet calculated CVE-2021-42614
MISC
halibut — halibut A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document. 2022-05-24 not yet calculated CVE-2021-42613
MISC
hashicorp — go-getter HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 3 of 3). 2022-05-25 not yet calculated CVE-2022-30323
MISC
MISC
MISC
hashicorp — go-getter HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 2 of 3). 2022-05-25 not yet calculated CVE-2022-30322
MISC
MISC
MISC
hashicorp — go-getter HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 1 of 3). 2022-05-25 not yet calculated CVE-2022-30321
MISC
MISC
MISC
hashicorp — go-getter HashiCorp go-getter before 2.0.2 allows Command Injection. 2022-05-25 not yet calculated CVE-2022-26945
MISC
MISC
hcl_software — bigfix_mobile/modern_client_management_version The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. 2022-05-27 not yet calculated CVE-2021-27780
CONFIRM
hcl_software — bigfix_mobile/modern_client_management_version The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. 2022-05-27 not yet calculated CVE-2021-27781
CONFIRM
hcl_software — bigfix_mobile/modern_client_management_version User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. 2022-05-25 not yet calculated CVE-2021-27783
MISC
hcl_software –hcl_versionvault_express VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server. 2022-05-25 not yet calculated CVE-2021-27779
MISC
home_clean_services_management_system –home_clean_services_management_system A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects register.php?link=registerand. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but demands authentication. Exploit details have been disclosed to the public. 2022-05-24 not yet calculated CVE-2022-1840
MISC
MISC
home_clean_services_management_system –home_clean_services_management_system A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%’/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/’frfq%’=’frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public. 2022-05-24 not yet calculated CVE-2022-1839
MISC
MISC
home_clean_services_management_system –home_clean_services_management_system A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but demands an authentication. Exploit details have been disclosed to the public. 2022-05-24 not yet calculated CVE-2022-1837
MISC
MISC
home_clean_services_management_system –home_clean_services_management_system A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%’/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(5)))JPeh)/**/AND/**/’frfq%’=’frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public. 2022-05-24 not yet calculated CVE-2022-1838
MISC
MISC
hospital-management-system — hospital-management-system In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. 2022-05-26 not yet calculated CVE-2022-30516
MISC
ibm — aspera_faspex IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951. 2022-05-24 not yet calculated CVE-2022-22497
XF
CONFIRM
ibm — elastic_storage_system A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600. 2022-05-24 not yet calculated CVE-2020-4926
XF
CONFIRM
CONFIRM
ibm — i IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941. 2022-05-24 not yet calculated CVE-2022-22495
XF
CONFIRM
ibm — power_systems The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095. 2022-05-24 not yet calculated CVE-2022-22309
CONFIRM
XF
java — javaez JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. The vulnerability has been patched in release 1.7. Currently, there is no way to fix the issue without upgrading. 2022-05-24 not yet calculated CVE-2022-29249
CONFIRM
MISC
jfinal — jfinal_cms Jfinal cms 5.1.0 is vulnerable to SQL Injection. 2022-05-26 not yet calculated CVE-2022-30500
MISC
jfrog — artifactory JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. 2022-05-23 not yet calculated CVE-2021-41834
CONFIRM
jgraph — drawio Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2. 2022-05-25 not yet calculated CVE-2022-1815
CONFIRM
MISC
kkfileview — kkfileview kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. 2022-05-25 not yet calculated CVE-2022-29349
MISC
kuka — kr_c4 An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. 2022-05-26 not yet calculated CVE-2021-33016
MISC
kuka — kr_c4 An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. 2022-05-26 not yet calculated CVE-2021-33014
MISC
lcds– laquis_scada_application When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting. 2022-05-25 not yet calculated CVE-2021-32989
MISC
limesurvey — limesurvey A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. 2022-05-25 not yet calculated CVE-2022-29710
MISC
linglong — linglong An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie. 2022-05-26 not yet calculated CVE-2022-29633
MISC
linux — linux_kernel An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. 2022-05-25 not yet calculated CVE-2022-1678
MISC
CONFIRM
MISC
MISC
linux — linux_kernel A flaw use after free in the Linux kernel pipes functionality was found in the way user do some manipulations with pipe ex. with the post_one_notification() after free_pipe_info() already called. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. 2022-05-26 not yet calculated CVE-2022-1882
MISC
logrotate — logrotate A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. 2022-05-25 not yet calculated CVE-2022-1348
MISC
MLIST
MLIST
MLIST
luxsoft — luxcal_web_calendar In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker’s session to be authenticated as any registered LuxCal user, including the site administrator. 2022-05-24 not yet calculated CVE-2021-45914
MISC
MISC
MISC
CONFIRM
luxsoft — luxcal_web_calendar In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker’s session to be authenticated as any registered LuxCal user, including the site administrator. 2022-05-24 not yet calculated CVE-2021-45915
MISC
MISC
MISC
CONFIRM
manageengine — appmanager15 ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the ‘working’ folder through the ‘Upload Files / Binaries’ functionality. 2022-05-24 not yet calculated CVE-2022-23050
MISC
MISC
mastodon — mastodon app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions. 2022-05-24 not yet calculated CVE-2022-31263
CONFIRM
CONFIRM
matrikon — matrikon_opc_server Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges. 2022-05-26 not yet calculated CVE-2022-1261
CONFIRM
mindoc — mindoc An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. 2022-05-26 not yet calculated CVE-2022-29637
MISC
mini-xml — mini-xml A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. 2022-05-26 not yet calculated CVE-2021-42860
MISC
mini-xml — mini-xml A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. 2022-05-26 not yet calculated CVE-2021-42859
MISC
morpheus — morpheus An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to. 2022-05-24 not yet calculated CVE-2022-31261
MISC
MISC
mysiteforme — mysistefome mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. 2022-05-24 not yet calculated CVE-2022-29309
MISC
nginx — njs Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. 2022-05-25 not yet calculated CVE-2022-29379
MISC
MISC
MISC
nokia — broadcast_message_center Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data. 2022-05-25 not yet calculated CVE-2021-35487
MISC
MISC
oas — oas_platform An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-26833
MISC
oas — oas_platform An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-26303
MISC
oas — oas_platform An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-27169
MISC
oas — oas_platform An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-26043
MISC
oas — oas_platform An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-26067
MISC
oas — oas_platform A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-26077
MISC
oas — oas_platform A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-26082
MISC
oas — oas_platform A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability. 2022-05-25 not yet calculated CVE-2022-26026
MISC
online_food — ordering_system Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. 2022-05-25 not yet calculated CVE-2022-29650
MISC
online_food — ordering_system An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-05-25 not yet calculated CVE-2022-29651
MISC
opencast — opencast Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user’s own, which Opencast would then import into the current organization, bypassing organizational barriers. Attackers must have full access to Opencast’s ingest REST interface, and also know internal links to resources in another organization of the same Opencast cluster. Users who do not run a multi-tenant cluster are not affected by this issue. This issue is fixed in Opencast 10.14 and 11.7. 2022-05-24 not yet calculated CVE-2022-29237
CONFIRM
MISC
oretnom23 — automotive_shop_management_system In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation). 2022-05-26 not yet calculated CVE-2022-30493
MISC
oretnom23 — automotive_shop_management_system In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR – Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) 2022-05-26 not yet calculated CVE-2022-30495
MISC
oretnom23 — automotive_shop_management_system In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs. 2022-05-26 not yet calculated CVE-2022-30494
MISC
pallets — werkzeug Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. 2022-05-25 not yet calculated CVE-2022-29361
MISC
philips — interoperability_solution_xds Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. 2022-05-25 not yet calculated CVE-2021-32966
MISC
php — zoo_management_system A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public. 2022-05-23 not yet calculated CVE-2022-1816
MISC
MISC
pillow — pyhton_pillow libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. 2022-05-25 not yet calculated CVE-2022-30595
MISC
MISC
piwigo — piwigo Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. 2022-05-26 not yet calculated CVE-2021-40317
MISC
protobufjs — protobufjs The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files 2022-05-27 not yet calculated CVE-2022-25878
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
publify — publify Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. 2022-05-23 not yet calculated CVE-2022-1811
MISC
CONFIRM
pyjwt — python PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding. 2022-05-24 not yet calculated CVE-2022-29217
CONFIRM
MISC
MISC
qnap –qnap_nas_running_proxy_server A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later 2022-05-26 not yet calculated CVE-2021-34360
MISC
quick_heal — total_security Quick Heal Total Security before 12.1.1.27 allows DLL hijacking during installation. 2022-05-23 not yet calculated CVE-2022-31467
MISC
quick_heal — total_security Quick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation. It may follow a symlink that was created after a malware check. 2022-05-23 not yet calculated CVE-2022-31466
MISC
radareorg — radare2 Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0. 2022-05-21 not yet calculated CVE-2022-1809
CONFIRM
MISC
radereorg — radare radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser. 2022-05-25 not yet calculated CVE-2021-44974
MISC
MISC
MLIST
radereorg — radare radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser. 2022-05-24 not yet calculated CVE-2021-44975
MISC
MISC
MLIST
radereorg — radare2 Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. 2022-05-26 not yet calculated CVE-2022-1899
CONFIRM
MISC
rails — active_storage A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. 2022-05-26 not yet calculated CVE-2022-21831
MISC
roncoo — roncoo_education An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file. 2022-05-26 not yet calculated CVE-2022-29632
MISC
school_club_application_system –school_club_application_system A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. 2022-05-25 not yet calculated CVE-2022-29359
MISC
MISC
sharp — sharp sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` prior to the latest v0.30.5. If an attacker has the ability to set the value of the `PKG_CONFIG_PATH` environment variable in a build environment then they might be able to use this to inject an arbitrary command at `npm install` time. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their build environment. This problem is fixed in version 0.30.5. 2022-05-25 not yet calculated CVE-2022-29256
CONFIRM
MISC
siteserver — cms SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. 2022-05-24 not yet calculated CVE-2021-42655
MISC
MISC
MISC
siteserver — cms SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code. 2022-05-24 not yet calculated CVE-2021-42654
MISC
MISC
MISC
siteserver — cms SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability. 2022-05-24 not yet calculated CVE-2021-42656
MISC
MISC
MISC
smarty-php — smarty Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds. 2022-05-24 not yet calculated CVE-2022-29221
MISC
CONFIRM
MISC
MISC
solana — solana_rbpf Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program. 2022-05-21 not yet calculated CVE-2022-31264
MISC
MISC
sox — sox In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. 2022-05-25 not yet calculated CVE-2022-31651
MISC
sox — sox In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. 2022-05-25 not yet calculated CVE-2022-31650
MISC
student_information_system — student_information_system A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input <script>alert(1)</script> leads to authenticated cross site scripting. Exploit details have been disclosed to the public. 2022-05-24 not yet calculated CVE-2022-1819
MISC
MISC
suse — rancher A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5. 2022-05-25 not yet calculated CVE-2022-21951
CONFIRM
CONFIRM
tableau — tableau_server Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable. 2022-05-25 not yet calculated CVE-2022-22127
MISC
talend_administration_center — sso_login_endpoint Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. 2022-05-26 not yet calculated CVE-2022-31648
MISC
MISC
telecommunication_software_gmbh — software_samwin_contact_center_suite A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. 2022-05-24 not yet calculated CVE-2013-10004
MISC
MISC
telecommunication_software_gmbh — software_samwin_contact_center_suite A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. 2022-05-24 not yet calculated CVE-2013-10002
MISC
MISC
telecommunication_software_gmbh — software_samwin_contact_center_suite A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. 2022-05-24 not yet calculated CVE-2013-10003
MISC
MISC
tenda — web_server_httpd There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs. 2022-05-24 not yet calculated CVE-2021-42659
MISC
MISC
tenda — ac_series_router Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request. 2022-05-26 not yet calculated CVE-2022-30474
MISC
tenda — ac_series_router Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat 2022-05-26 not yet calculated CVE-2022-30472
MISC
tenda — ac_series_router Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set 2022-05-26 not yet calculated CVE-2022-30473
MISC
tenda — ac_series_router Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request. 2022-05-26 not yet calculated CVE-2022-30475
MISC
tenda — ac_series_router Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request. 2022-05-26 not yet calculated CVE-2022-30476
MISC
tenda — ac_series_router Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request. 2022-05-26 not yet calculated CVE-2022-30477
MISC
thorfdbg&#xA0;– libjpeg In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan. 2022-05-25 not yet calculated CVE-2022-31620
MISC
MISC
tinytoml — tinytoml There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS. 2022-05-26 not yet calculated CVE-2021-42692
MISC
tipask — tipask In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage. 2022-05-23 not yet calculated CVE-2021-41714
MISC
MISC
MISC
totolink — a3600r Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter CONTENT_LENGTH. 2022-05-24 not yet calculated CVE-2022-29377
MISC
tp-link — tl-wr840n TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication. 2022-05-25 not yet calculated CVE-2022-29402
MISC
trend_micro — maximum_security Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product’s secure erase feature to delete arbitrary files. 2022-05-27 not yet calculated CVE-2022-30687
N/A
N/A
trend_micro — apex_one  An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-05-27 not yet calculated CVE-2022-30700
N/A
N/A
trend_micro — apex_one An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-05-27 not yet calculated CVE-2022-30701
N/A
N/A
trend_micro — password_manager
 
EOL Product CVE – Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x). 2022-05-27 not yet calculated CVE-2022-28394
N/A
N/A
N/A
truestack — direct_connect TrueStack Direct Connect 1.4.7 has Incorrect Access Control. 2022-05-25 not yet calculated CVE-2022-23775
MISC
MISC
tuxera — ntfs-3g An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. 2022-05-26 not yet calculated CVE-2022-30783
MISC
MISC
tuxera — ntfs-3g A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. 2022-05-26 not yet calculated CVE-2022-30786
MISC
MISC
tuxera — ntfs-3g A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. 2022-05-26 not yet calculated CVE-2022-30784
MISC
MISC
tuxera — ntfs-3g A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. 2022-05-26 not yet calculated CVE-2022-30785
MISC
MISC
tuxera — ntfs-3g An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. 2022-05-26 not yet calculated CVE-2022-30787
MISC
MISC
tuxera — ntfs-3g A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. 2022-05-26 not yet calculated CVE-2022-30789
MISC
MISC
tuxera — ntfs-3g A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. 2022-05-26 not yet calculated CVE-2022-30788
MISC
MISC
ua-parser-js — ua-parser-js A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component. 2022-05-24 not yet calculated CVE-2021-4229
MISC
MISC
MISC
undertow — undertow A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. 2022-05-24 not yet calculated CVE-2021-3597
MISC
undertow — undertow A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. 2022-05-24 not yet calculated CVE-2021-3629
MISC
vaadin — vaadin The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side. 2022-05-24 not yet calculated CVE-2022-29567
MISC
MISC
vim — vim Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 2022-05-25 not yet calculated CVE-2022-1851
MISC
CONFIRM
vim — vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 2022-05-26 not yet calculated CVE-2022-1886
CONFIRM
MISC
vim — vim Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 2022-05-27 not yet calculated CVE-2022-1897
CONFIRM
MISC
vim — vim Use After Free in GitHub repository vim/vim prior to 8.2. 2022-05-27 not yet calculated CVE-2022-1898
MISC
CONFIRM
vmware — vmware_tools_for_windows VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure. 2022-05-24 not yet calculated CVE-2022-22977
MISC
wildfly — wildfly A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. 2022-05-24 not yet calculated CVE-2021-3717
MISC
wondercms — simple_blog_plugin The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers’ site, XSS may occur. 2022-05-23 not yet calculated CVE-2021-42233
MISC
MISC
MISC
wordpress — vsourz_digitial_advanced_contact_form Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital’s Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. 2022-05-25 not yet calculated CVE-2022-29408
CONFIRM
CONFIRM
world_of_warships — wargaming The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source. 2022-05-26 not yet calculated CVE-2022-31265
MISC
xampp_for_windows — xampp_for_windows Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. 2022-05-23 not yet calculated CVE-2022-29376
MISC
xlight — ftp Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code. 2022-05-23 not yet calculated CVE-2022-28998
MISC
MISC
MISC
MISC
xwiki — xwiki_platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with “..” in it. The issue is patched in versions 14.0 and 13.10.3. There is no easy workaround for this issue. 2022-05-25 not yet calculated CVE-2022-29253
MISC
CONFIRM
MISC
xwiki — xwiki_platform_flamingo_theme_ui XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the “requestJoin” field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `WikiManager.JoinWiki` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory. 2022-05-25 not yet calculated CVE-2022-29252
MISC
MISC
CONFIRM
xwiki — xwiki_platform_flamingo_theme_ui XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the `FlamingoThemesCode.WebHomeSheet` wiki page related to the “newThemeName” form field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `FlamingoThemesCode.WebHomeSheet` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory. 2022-05-25 not yet calculated CVE-2022-29251
MISC
MISC
CONFIRM
xxl-job — xxl-job A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add. 2022-05-23 not yet calculated CVE-2022-29002
MISC
zyxel — cgi_program A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user’s browser, such as cookies or session tokens, via a malicious script. 2022-05-24 not yet calculated CVE-2022-0734
CONFIRM
zyxel — multiple_products A argument injection vulnerability in the ‘packet-trace’ CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command. 2022-05-24 not yet calculated CVE-2022-26532
CONFIRM
zyxel — multiple_products Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. 2022-05-24 not yet calculated CVE-2022-26531
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of September 6, 2021

09/13/2021 06:54 AM EDT

Original release date: September 13, 2021

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adaptivescale — lxdui A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system. 2021-09-03 10 CVE-2021-40494
MISC
arubanetworks — arubaos A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37724
MISC
arubanetworks — arubaos A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37723
MISC
arubanetworks — sd-wan A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37718
MISC
arubanetworks — sd-wan A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 7.5 CVE-2021-37716
MISC
arubanetworks — sd-wan A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37717
MISC
arubanetworks — sd-wan A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37722
MISC
arubanetworks — sd-wan A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37721
MISC
arubanetworks — sd-wan A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37720
MISC
arubanetworks — sd-wan A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 9 CVE-2021-37719
MISC
bluecms_project — bluecms BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php. 2021-09-08 7.5 CVE-2020-19853
MISC
espressif — esp-idf The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload. 2021-09-07 8.3 CVE-2021-28139
MISC
MISC
MISC
MISC
moxa — wac-2004_firmware Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3. 2021-09-07 9 CVE-2021-39279
MISC
MISC
simple_water_refilling_station_management_system_project — simple_water_refilling_station_management_system SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter. 2021-09-07 7.5 CVE-2021-38840
MISC
MISC
MISC
MISC
sketch — sketch Sketch before 75 mishandles external library feeds. 2021-09-06 7.5 CVE-2021-40531
MISC
telegram — web_k_alpha Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension. 2021-09-06 7.5 CVE-2021-40532
MISC
ulfius_project — ulfius ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info initialization and a con_info->request NULL check for certain malformed HTTP requests. 2021-09-07 7.5 CVE-2021-40540
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alipay_project — alipay A proid GET parameter of the WordPress支付å®?Alipay|财付通Tenpay|è´?å®?PayPal集æˆ?æ?’件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection. 2021-09-06 6.5 CVE-2021-24390
MISC
MISC
arubanetworks — arubaos A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability. 2021-09-07 5.5 CVE-2021-37728
MISC
arubanetworks — arubaos A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 5.5 CVE-2021-37729
MISC
arubanetworks — sd-wan A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 5.8 CVE-2021-37725
MISC
cashtomer_project — cashtomer An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2021-09-06 6.5 CVE-2021-24391
MISC
MISC
cliniccases — cliniccases Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. 2021-09-07 4.3 CVE-2021-38704
MISC
MISC
cliniccases — cliniccases messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter. 2021-09-07 6.5 CVE-2021-38706
MISC
MISC
cliniccases — cliniccases ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to create a secondary administrator account for the attacker. 2021-09-07 6.8 CVE-2021-38705
MISC
MISC
comment_highlighter_project — comment_highlighter A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2021-09-06 6.5 CVE-2021-24393
MISC
MISC
contiki-os — contiki In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and WILL commands because of improper handling of exception condition, which leads to property violations and denial of service. Specifically, a server sometimes sends no response, because a fixed buffer space is available for all responses and that space may have been exhausted. 2021-09-05 5 CVE-2021-40523
MISC
cozyvision — sms_alert_order_notifications The SMS Alert Order Notifications WordPress plugin before 3.4.7 is affected by a cross site scripting (XSS) vulnerability in the plugin’s setting page. 2021-09-06 4.3 CVE-2021-24588
MISC
easy_testimonial_manager_project — easy_testimonial_manager An id GET parameter of the Easy Testimonial Manager WordPress plugin through 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection 2021-09-06 6.5 CVE-2021-24394
MISC
MISC
eyoucms — eyoucms EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function. 2021-09-07 5.8 CVE-2021-39501
MISC
MISC
eyoucms — eyoucms A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function. 2021-09-07 4.3 CVE-2021-39499
MISC
MISC
f-secure — atlant A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. 2021-09-07 4.3 CVE-2021-33599
MISC
MISC
file-upload-with-preview_project — file-upload-with-preview This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file). 2021-09-05 4.3 CVE-2021-23439
CONFIRM
CONFIRM
CONFIRM
fortinet — fortimanager An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL. 2021-09-06 6.5 CVE-2021-24006
CONFIRM
fortinet — fortisandbox An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL. 2021-09-06 4 CVE-2020-15939
CONFIRM
gambit — titan_framework The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues 2021-09-06 4.3 CVE-2021-24435
MISC
geekwebsolution — embed_youtube_video The editid GET parameter of the Embed Youtube Video WordPress plugin through 1.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2021-09-06 6.5 CVE-2021-24395
MISC
MISC
ghost — ghost Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability. This issue is patched in Ghost version 4.10.0. As a workaround, disable all non-Administrator accounts to prevent API access. It is highly recommended to regenerate all API keys after patching or applying the workaround. 2021-09-03 6.5 CVE-2021-39192
CONFIRM
MISC
gibbonedu — gibbon A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php). 2021-09-03 4.3 CVE-2021-40492
MISC
MISC
gifsicle_project — gifsicle The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference. 2021-09-07 5 CVE-2020-19752
MISC
gnu — inetutils The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl. 2021-09-03 4.3 CVE-2021-40491
MISC
MISC
MISC
google — chrome Heap buffer overflow in TabStrip in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30614
MISC
MISC
FEDORA
google — chrome Use after free in Permissions in Google Chrome prior to 93.0.4577.63 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30607
MISC
MISC
FEDORA
google — chrome Use after free in Autofill in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30624
MISC
MISC
FEDORA
google — chrome Use after free in Bookmarks in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30623
MISC
MISC
FEDORA
google — chrome Use after free in WebApp Installs in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30622
MISC
MISC
FEDORA
google — chrome Insufficient policy enforcement in Blink in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to bypass content security policy via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30620
MISC
MISC
FEDORA
google — chrome Inappropriate implementation in DevTools in Google Chrome prior to 93.0.4577.63 allowed a remote attacker who had convinced the user to use Chrome headless with remote debugging to execute arbitrary code via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30618
MISC
MISC
FEDORA
google — chrome Use after free in Media in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30616
MISC
MISC
FEDORA
google — chrome Use after free in WebRTC in Google Chrome on Linux, ChromeOS prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30612
MISC
MISC
FEDORA
google — chrome Use after free in Sign-In in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30609
MISC
MISC
FEDORA
google — chrome Use after free in Blink in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to drag and drop a malicous folder to a page to potentially perform a sandbox escape via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30606
MISC
MISC
FEDORA
google — chrome Use after free in Extensions API in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30610
MISC
MISC
FEDORA
google — chrome Inappropriate implementation in Autofill in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to spoof security UI via a crafted HTML page. 2021-09-03 4.3 CVE-2021-30621
MISC
MISC
FEDORA
google — chrome Inappropriate implementation in Autofill in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to spoof security UI via a crafted HTML page. 2021-09-03 4.3 CVE-2021-30619
MISC
MISC
FEDORA
google — chrome Policy bypass in Blink in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to bypass site isolation via a crafted HTML page. 2021-09-03 4.3 CVE-2021-30617
MISC
MISC
FEDORA
google — chrome Inappropriate implementation in Navigation in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-09-03 4.3 CVE-2021-30615
MISC
MISC
FEDORA
google — chrome Use after free in Base internals in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30613
MISC
MISC
FEDORA
google — chrome Use after free in WebRTC in Google Chrome on Linux, ChromeOS prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30611
MISC
MISC
FEDORA
google — chrome Use after free in Web Share in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 6.8 CVE-2021-30608
MISC
MISC
FEDORA
gpac — gpac An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read. 2021-09-07 5 CVE-2020-19750
MISC
gpac — gpac An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read. 2021-09-07 6.4 CVE-2020-19751
MISC
jbl — tune500bt_firmware The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data. 2021-09-07 6.1 CVE-2021-28155
MISC
MISC
jiangqie — official_website_mini_program The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues 2021-09-06 6.5 CVE-2021-24303
MISC
MISC
linux — linux_kernel A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. 2021-09-03 4.4 CVE-2021-40490
MISC
moxa — wac-2004_firmware Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3. 2021-09-07 4.3 CVE-2021-39278
MISC
mrdoc — mrdoc mrdoc is vulnerable to Deserialization of Untrusted Data 2021-09-06 6.8 CVE-2021-32568
MISC
CONFIRM
ntracker — ntracker_usb_enterprise A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. 2021-09-07 5 CVE-2020-7819
MISC
otrs — otrs It’s possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. 2021-09-06 5 CVE-2021-36093
CONFIRM
otrs — otrs Malicious attacker is able to find out valid user logins by using the “lost password” feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions. 2021-09-06 5 CVE-2021-36095
CONFIRM
parity — frontier Frontier is Substrate’s Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in `pallet-ethereum` can cause invalid transactions to be included in the Ethereum block state in `pallet-ethereum` due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction will appear to have be included, but is of no effect as it is rejected by the EVM engine. The impact is further limited by Substrate extrinsic size constraints. A patch is available in commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26. There are no workarounds aside from applying the patch. 2021-09-03 5 CVE-2021-39193
MISC
MISC
CONFIRM
MISC
phpwcms — phpwcms phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. 2021-09-08 4.3 CVE-2020-19855
MISC
pureftpd — pure-ftpd In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. 2021-09-05 5 CVE-2021-40524
MISC
python — pillow The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. 2021-09-03 5 CVE-2021-23437
CONFIRM
CONFIRM
CONFIRM
simplesystems — libtiff Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the “invertImage()” function in the component “tiffcrop”. 2021-09-07 5 CVE-2020-19131
MISC
MISC
swiftcrm — club-management-software An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2021-09-06 6.5 CVE-2021-24392
MISC
MISC
versa-networks — versa_director A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack. 2021-09-07 4.3 CVE-2021-39285
MISC
MISC
vim — vim vim is vulnerable to Heap-based Buffer Overflow 2021-09-06 4.6 CVE-2021-3770
MISC
CONFIRM
FEDORA
weechat — weechat WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin. 2021-09-05 5 CVE-2021-40516
MISC
MISC
wp-webhooks — email_encoder The Email Encoder – Protect Email Addresses WordPress plugin before 2.1.2 has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data. 2021-09-06 4.3 CVE-2021-24599
MISC
zmartzone — mod_auth_openidc mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version. 2021-09-03 5.8 CVE-2021-39191
MISC
MISC
MISC
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
addtoany — addtoany_share_buttons The AddToAny Share Buttons WordPress plugin before 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2021-09-06 3.5 CVE-2021-24568
MISC
bluetrum — ab5301a_firmware The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity. 2021-09-07 3.3 CVE-2021-34150
MISC
MISC
bookstackapp — bookstack bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-09-06 3.5 CVE-2021-3768
MISC
CONFIRM
bookstackapp — bookstack bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-09-06 3.5 CVE-2021-3767
CONFIRM
MISC
cliniccases — cliniccases Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content. This can result in account takeover via session token theft. 2021-09-07 3.5 CVE-2021-38707
MISC
MISC
dna88 — highlight The Highlight WordPress plugin before 0.9.3 does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2021-09-06 3.5 CVE-2021-24591
MISC
espressif — esp-idf The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet. 2021-09-07 3.3 CVE-2021-28136
MISC
MISC
MISC
MISC
eyoucms — eyoucms Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS. 2021-09-07 3.5 CVE-2021-39496
MISC
MISC
gdprinfo — cookie_notice_ amp;_consent_banner_for_gdpr_ amp;_ccpa_compliance The Cookie Notice & Consent Banner for GDPR & CCPA Compliance WordPress plugin before 1.7.2 does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin’s design customization options. 2021-09-06 3.5 CVE-2021-24590
MISC
geminilabs — site_reviews The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed 2021-09-06 3.5 CVE-2021-24603
MISC
jforum — jforum ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature. 2021-09-04 3.5 CVE-2021-40509
MISC
MISC
FULLDISC
MISC
nextcloud — circles Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Circles application is upgraded to 0.21.3, 0.20.10 or 0.19.14 to resolve this issue. As a workaround users may use a browser that has support for Content-Security-Policy. A notable exemption is Internet Explorer which does not support CSP properly. 2021-09-07 3.5 CVE-2021-32782
CONFIRM
MISC
MISC
otrs — otrs It’s possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions. 2021-09-06 3.5 CVE-2021-36094
CONFIRM
ti — cc256xcqfn-em_firmware The Bluetooth Classic implementation on the Texas Instruments CC256XCQFN-EM does not properly handle the reception of continuous LMP_AU_Rand packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after the paging procedure. 2021-09-07 3.3 CVE-2021-34149
MISC
MISC
MISC
trumani — stop_spammers The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfiltered_html capability is disallowed 2021-09-06 3.5 CVE-2021-24517
MISC
web-settler — form_builder The Form Builder | Create Responsive Contact Forms WordPress plugin before 1.9.8.4 does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed 2021-09-06 3.5 CVE-2021-24513
MISC
wpfront — wpfront_notification_bar The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-09-06 3.5 CVE-2021-24601
MISC
zh-jieli — ac6901_firmware The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP packet. 2021-09-07 3.3 CVE-2021-31613
MISC
MISC
MISC
MISC
zh-jieli — fw-ac63_bt_sdk The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity. 2021-09-07 3.3 CVE-2021-34144
MISC
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — multiple_products A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files. 2021-09-08 not yet calculated CVE-2021-1836
MISC
MISC
apple — multiple_products Multiple issues in apache were addressed by updating apache to version 2.4.46. This issue is fixed in Security Update 2021-004 Mojave. Multiple issues in apache. 2021-09-08 not yet calculated CVE-2021-30690
MISC
gdpm — gdpm qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPMinstallmodulesdatabase_config.php. 2021-09-09 not yet calculated CVE-2020-19515
MISC
accounting — accounting
 
An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack. 2021-09-07 not yet calculated CVE-2020-19765
MISC
adobe — after_effects
 
Adobe After Effects version 18.1 (and earlier) is affected by a potential Command injection vulnerability when chained with a development and debugging tool for JavaScript scripts. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-08 not yet calculated CVE-2021-28571
MISC
adobe — creative_cloud_desktop
 
Adobe Creative Cloud Desktop 3.5 (and earlier) is affected by an uncontrolled search path vulnerability that could result in elevation of privileges. Exploitation of this issue requires user interaction in that a victim must log on to the attacker’s local machine. 2021-09-08 not yet calculated CVE-2021-28581
MISC
adobe — genuine_services
 
Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. A local authenticated attacker could leverage this vulnerability to achieve privilege escalation in the context of the current user. 2021-09-08 not yet calculated CVE-2021-28568
MISC
adobe — illustrator
 
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-08 not yet calculated CVE-2021-21103
MISC
adobe — illustrator
 
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-08 not yet calculated CVE-2021-21104
MISC
adobe — illustrator
 
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-08 not yet calculated CVE-2021-21105
MISC
adobe — magento Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for successful exploitation. 2021-09-08 not yet calculated CVE-2021-28567
MISC
adobe — magento
 
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation. 2021-09-08 not yet calculated CVE-2021-28566
MISC
adobe — media_encoder
 
Adobe Media Encoder version 15.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-08 not yet calculated CVE-2021-28569
MISC
adobe — medium
 
Medium by Adobe version 2.4.5.331 (and earlier) is affected by a buffer overflow vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-08 not yet calculated CVE-2021-28580
MISC
advantech — webaccess
 
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. 2021-09-09 not yet calculated CVE-2021-38408
MISC
android — samsung NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. 2021-09-09 not yet calculated CVE-2021-25458
MISC
android — samsung An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. 2021-09-09 not yet calculated CVE-2021-25460
MISC
android — samsung An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack. 2021-09-09 not yet calculated CVE-2021-25465
MISC
android — samsung
 
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService. 2021-09-09 not yet calculated CVE-2021-25459
MISC
android — samsung
 
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information. 2021-09-09 not yet calculated CVE-2021-25453
MISC
android — samsung
 
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device. 2021-09-09 not yet calculated CVE-2021-25452
MISC
android — samsung
 
Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token. 2021-09-09 not yet calculated CVE-2021-25466
MISC
android — samsung
 
An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak. 2021-09-09 not yet calculated CVE-2021-25464
MISC
android — samsung
 
NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. 2021-09-09 not yet calculated CVE-2021-25462
MISC
android — samsung
 
An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow. 2021-09-09 not yet calculated CVE-2021-25461
MISC
android — samsung
 
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information. 2021-09-09 not yet calculated CVE-2021-25457
MISC
android — samsung
 
OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file. 2021-09-09 not yet calculated CVE-2021-25456
MISC
android — samsung
 
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file. 2021-09-09 not yet calculated CVE-2021-25455
MISC
android — samsung
 
OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file. 2021-09-09 not yet calculated CVE-2021-25454
MISC
android — samsung
 
Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview. 2021-09-09 not yet calculated CVE-2021-25463
MISC
any23 — any23
 
A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities. 2021-09-11 not yet calculated CVE-2021-40146
CONFIRM
MLIST
any23 — any23
 
An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. 2021-09-11 not yet calculated CVE-2021-38555
CONFIRM
apache — airflow
 
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3. 2021-09-09 not yet calculated CVE-2021-38540
CONFIRM
MLIST
apache — dubbo Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). These rules are loaded into the configuration center (eg: Zookeeper, Nacos, …) and retrieved by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers will use SnakeYAML library to load the rules which by default will enable calling arbitrary constructors. An attacker with access to the configuration center he will be able to poison the rule so when retrieved by the consumers, it will get RCE on all of them. This was fixed in Dubbo 2.7.13, 3.0.2 2021-09-07 not yet calculated CVE-2021-36162
MISC
apache — dubbo
 
In Apache Dubbo, users may choose to use the Hessian protocol. The Hessian protocol is implemented on top of HTTP and passes the body of a POST request directly to a HessianSkeleton: New HessianSkeleton are created without any configuration of the serialization factory and therefore without applying the dubbo properties for applying allowed or blocked type lists. In addition, the generic service is always exposed and therefore attackers do not need to figure out a valid service/method name pair. This is fixed in 2.7.13, 2.6.10.1 2021-09-07 not yet calculated CVE-2021-36163
MISC
apache — dubbo
 
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13 2021-09-09 not yet calculated CVE-2021-36161
MISC
apple — big_sur This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass certain Privacy preferences. 2021-09-08 not yet calculated CVE-2021-30751
MISC
apple — big_sur
 
A local attacker may be able to elevate their privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A memory corruption issue was addressed with improved validation. 2021-09-08 not yet calculated CVE-2021-30739
MISC
MISC
MISC
apple — big_sur
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A non-privileged user may be able to modify restricted settings. 2021-09-08 not yet calculated CVE-2021-30718
MISC
apple — big_sur
 
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3. A malicious application may be able to access the user’s recent contacts. 2021-09-08 not yet calculated CVE-2021-30750
MISC
apple — big_sur
 
Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.5. A local attacker may be able to execute code on the Apple T2 Security Chip. 2021-09-08 not yet calculated CVE-2021-30784
MISC
apple — big_sur
 
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30805
MISC
MISC
MISC
apple — big_sur
 
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information. 2021-09-08 not yet calculated CVE-2021-30722
MISC
MISC
MISC
apple — big_sur
 
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information. 2021-09-08 not yet calculated CVE-2021-30721
MISC
MISC
MISC
apple — big_sur
 
A local user may be able to cause unexpected system termination or read kernel memory. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. An out-of-bounds read issue was addressed by removing the vulnerable code. 2021-09-08 not yet calculated CVE-2021-30719
MISC
MISC
apple — big_sur
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-30772
MISC
apple — big_sur
 
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to bypass Privacy preferences. 2021-09-08 not yet calculated CVE-2021-30778
MISC
apple — big_sur
 
A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access a user’s recent Contacts. 2021-09-08 not yet calculated CVE-2021-30803
MISC
apple — big_sur
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina. An unprivileged application may be able to capture USB devices. 2021-09-08 not yet calculated CVE-2021-30731
MISC
MISC
apple — boot_camp
 
A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges. 2021-09-08 not yet calculated CVE-2021-30675
MISC
apple — imovie
 
This issue was addressed by enabling hardened runtime. This issue is fixed in iMovie 10.2.4. Entitlements and privacy permissions granted to this app may be used by a malicious app. 2021-09-08 not yet calculated CVE-2021-30757
MISC
apple — ios
 
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. 2021-09-08 not yet calculated CVE-2021-30762
MISC
apple — ios
 
This issue was addressed with improved checks. This issue is fixed in iOS 14.7. Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30800
MISC
apple — ios
 
A permissions issue was addressed with improved validation. This issue is fixed in iOS 14.7. A malicious application may be able to access Find My data. 2021-09-08 not yet calculated CVE-2021-30804
MISC
apple — ios
 
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. 2021-09-08 not yet calculated CVE-2021-30761
MISC
apple — ios_and_ipad A logic issue was addressed with improved validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to execute arbitrary code with system privileges. 2021-09-08 not yet calculated CVE-2021-1812
MISC
apple — ios_and_ipados A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-1874
MISC
apple — ios_and_ipados A certificate validation issue was addressed. This issue is fixed in iOS 14.5 and iPadOS 14.5. An attacker in a privileged network position may be able to alter network traffic. 2021-09-08 not yet calculated CVE-2021-1837
MISC
apple — ios_and_ipados The issue was addressed with improved UI handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to view sensitive information in the app switcher. 2021-09-08 not yet calculated CVE-2021-1848
MISC
apple — ios_and_ipados This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to gain elevated privileges. 2021-09-08 not yet calculated CVE-2021-1833
MISC
apple — ios_and_ipados An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory. 2021-09-08 not yet calculated CVE-2021-1852
MISC
apple — ios_and_ipados An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory. 2021-09-08 not yet calculated CVE-2021-1877
MISC
apple — ios_and_ipados An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, macOS Big Sur 11.3. A malicious application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-1867
MISC
MISC
apple — ios_and_ipados
 
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted audio file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30742
MISC
apple — ios_and_ipados
 
This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to access notes from the lock screen. 2021-09-08 not yet calculated CVE-2021-1835
MISC
apple — ios_and_ipados
 
The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files. 2021-09-08 not yet calculated CVE-2021-1831
MISC
apple — ios_and_ipados
 
Description: A person with physical access may be able to access contacts. This issue is fixed in iOS 14.5 and iPadOS 14.5. Impact: An issue with Siri search access to information was addressed with improved logic. 2021-09-08 not yet calculated CVE-2021-1862
MISC
apple — ios_and_ipados
 
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. 2021-09-08 not yet calculated CVE-2021-30741
MISC
apple — ios_and_ipados
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory. 2021-09-08 not yet calculated CVE-2021-1830
MISC
apple — ios_and_ipados
 
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results. 2021-09-08 not yet calculated CVE-2021-30729
MISC
apple — ios_and_ipados
 
A race condition was addressed with improved state handling. This issue is fixed in iOS 14.6 and iPadOS 14.6. An application may be able to cause unexpected system termination or write kernel memory. 2021-09-08 not yet calculated CVE-2021-30714
MISC
apple — ios_and_ipados
 
This issue was addressed with improved checks. This issue is fixed in iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1838
MISC
apple — ios_and_ipados
 
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code. 2021-09-08 not yet calculated CVE-2021-1864
MISC
MISC
MISC
apple — ios_and_ipados
 
This issue was addressed with improved checks. This issue is fixed in iOS 14.6 and iPadOS 14.6. A malicious application may disclose restricted memory. 2021-09-08 not yet calculated CVE-2021-30674
MISC
apple — ios_and_ipados
 
This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30662
MISC
apple — ios_and_ipados
 
A validation issue was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. A malicious application may be able to leak sensitive user information. 2021-09-08 not yet calculated CVE-2021-30659
MISC
MISC
MISC
apple — ios_and_ipados
 
A window management issue was addressed with improved state management. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be able to view restricted content from the lockscreen. 2021-09-08 not yet calculated CVE-2021-30699
MISC
apple — ios_and_ipados
 
A call termination issue with was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A legacy cellular network can automatically answer an incoming call when an ongoing call ends or drops. . 2021-09-08 not yet calculated CVE-2021-1854
MISC
apple — ios_and_ipados
 
An access issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to determine kernel memory layout. 2021-09-08 not yet calculated CVE-2021-30656
MISC
apple — ios_and_ipados
 
An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user’s password may be visible on screen. 2021-09-08 not yet calculated CVE-2021-1865
MISC
apple — ios_and_ipados
 
An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone number. 2021-09-08 not yet calculated CVE-2021-1863
MISC
apple — ios_and_ipados
 
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.6 and iPadOS 14.6. An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism. 2021-09-08 not yet calculated CVE-2021-30667
MISC
apple — macios
 
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. 2021-09-08 not yet calculated CVE-2021-30666
MISC
apple — macos_big_sur This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks. 2021-09-08 not yet calculated CVE-2021-30658
MISC
apple — macos_big_sur A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. An out-of-bounds write issue was addressed with improved bounds checking. 2021-09-08 not yet calculated CVE-2021-1841
MISC
MISC
apple — macos_big_sur A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may bypass Gatekeeper checks. 2021-09-08 not yet calculated CVE-2021-30669
MISC
MISC
MISC
apple — macos_big_sur An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to access a user’s call history. 2021-09-08 not yet calculated CVE-2021-30673
MISC
MISC
apple — macos_big_sur A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to send unauthorized Apple events to Finder. 2021-09-08 not yet calculated CVE-2021-30671
MISC
MISC
apple — macos_big_sur A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.. 2021-09-08 not yet calculated CVE-2021-30713
MISC
apple — macos_big_sur
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited.. 2021-09-08 not yet calculated CVE-2021-30657
MISC
MISC
apple — macos_big_sur
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A remote attacker may cause an unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30684
MISC
MISC
apple — macos_big_sur
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4. A local user may be able to load unsigned kernel extensions. 2021-09-08 not yet calculated CVE-2021-30680
MISC
apple — macos_big_sur
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A person with physical access to a Mac may be able to bypass Login Window during a software update. 2021-09-08 not yet calculated CVE-2021-30668
MISC
apple — macos_big_sur
 
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-30672
MISC
MISC
MISC
apple — macos_big_sur
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. 2021-09-08 not yet calculated CVE-2021-1810
MISC
MISC
apple — macos_big_sur
 
An application may be able to execute arbitrary code with system privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. The issue was addressed with improved permissions logic. 2021-09-08 not yet calculated CVE-2021-30655
MISC
MISC
apple — macos_big_sur
 
A malicious application may be able to break out of its sandbox. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A path handling issue was addressed with improved validation. 2021-09-08 not yet calculated CVE-2021-30688
MISC
MISC
apple — macos_big_sur
 
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application could execute arbitrary code leading to compromise of user information. 2021-09-08 not yet calculated CVE-2021-30683
MISC
MISC
MISC
apple — macos_big_sur
 
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-1829
MISC
apple — macos_catalina
 
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2020-27942
MISC
MISC
apple — multiple_products A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. 2021-09-08 not yet calculated CVE-2021-1820
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30678
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted ASTC file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30705
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to perform denial of service. 2021-09-08 not yet calculated CVE-2021-30716
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory. 2021-09-08 not yet calculated CVE-2021-1809
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory. 2021-09-08 not yet calculated CVE-2021-1808
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30746
MISC
MISC
MISC
MISC
apple — multiple_products A stack overflow was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30759
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30749
MISC
MISC
MISC
MISC
MISC
apple — multiple_products Processing a maliciously crafted image may lead to disclosure of user information. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. This issue was addressed with improved checks. 2021-09-08 not yet calculated CVE-2021-30706
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges. 2021-09-08 not yet calculated CVE-2021-1839
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted server messages may lead to heap corruption. 2021-09-08 not yet calculated CVE-2021-1883
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30694
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read was addressed with improved input validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1881
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30704
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. Muting a CallKit call while ringing may not result in mute being enabled. 2021-09-08 not yet calculated CVE-2021-1872
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local attacker may be able to elevate their privileges. 2021-09-08 not yet calculated CVE-2021-1868
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30692
MISC
MISC
MISC
MISC
apple — multiple_products A memory initialization issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to disclose kernel memory. 2021-09-08 not yet calculated CVE-2021-1860
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds write issue was addressed with improved bounds checking. 2021-09-08 not yet calculated CVE-2021-1858
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges. 2021-09-08 not yet calculated CVE-2021-1840
MISC
MISC
MISC
apple — multiple_products An attacker in a privileged network position may be able to misrepresent application state. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A logic issue was addressed with improved state management. 2021-09-08 not yet calculated CVE-2021-30696
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak sensitive user information. 2021-09-08 not yet calculated CVE-2021-30697
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service. 2021-09-08 not yet calculated CVE-2021-30698
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A person with physical access to a Mac may be able to bypass Login Window. 2021-09-08 not yet calculated CVE-2021-30702
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1847
MISC
MISC
MISC
apple — multiple_products A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30703
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, watchOS 7.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1814
MISC
MISC
apple — multiple_products An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30760
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system. 2021-09-08 not yet calculated CVE-2021-1822
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to access restricted files. 2021-09-08 not yet calculated CVE-2021-30782
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. A sandboxed process may be able to circumvent sandbox restrictions. 2021-09-08 not yet calculated CVE-2021-30768
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30802
MISC
MISC
apple — multiple_products An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious application may be able to bypass code signing checks. 2021-09-08 not yet calculated CVE-2021-30773
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Playing a malicious audio file may lead to an unexpected application termination. 2021-09-08 not yet calculated CVE-2021-30776
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted audio file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30775
MISC
MISC
MISC
MISC
MISC
apple — multiple_products Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30799
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30788
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6. A malicious application may be able to bypass certain Privacy preferences. 2021-09-08 not yet calculated CVE-2021-30798
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. 2021-09-08 not yet calculated CVE-2021-30770
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution. 2021-09-08 not yet calculated CVE-2021-30797
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30785
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30786
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30712
MISC
MISC
MISC
apple — multiple_products A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30795
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service. 2021-09-08 not yet calculated CVE-2021-1884
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30792
MISC
MISC
apple — multiple_products A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. 2021-09-08 not yet calculated CVE-2021-1826
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30709
MISC
MISC
MISC
MISC
apple — multiple_products A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system. 2021-09-08 not yet calculated CVE-2021-1815
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30710
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30758
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing a maliciously crafted image may lead to a denial of service. 2021-09-08 not yet calculated CVE-2021-30796
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30765
MISC
MISC
MISC
apple — multiple_products Processing a maliciously crafted file may lead to arbitrary code execution. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. This issue was addressed with improved checks. 2021-09-08 not yet calculated CVE-2021-30764
MISC
MISC
MISC
apple — multiple_products An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.7, watchOS 7.6. A shortcut may be able to bypass Internet permission requirements. 2021-09-08 not yet calculated CVE-2021-30763
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30653
MISC
MISC
MISC
MISC
apple — multiple_products

 

A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption. 2021-09-08 not yet calculated CVE-2021-1875
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products

 

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30723
MISC
MISC
MISC
MISC
apple — multiple_products

 

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted font may result in the disclosure of process memory. 2021-09-08 not yet calculated CVE-2021-30733
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30725
MISC
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges. 2021-09-08 not yet calculated CVE-2021-30724
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A logic issue was addressed with improved state management. 2021-09-08 not yet calculated CVE-2021-1770
MISC
MISC
MISC
MISC
apple — multiple_products
 
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. 2021-09-08 not yet calculated CVE-2021-1740
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system. 2021-09-08 not yet calculated CVE-2021-1784
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30793
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30748
MISC
MISC
apple — multiple_products
 
Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An out-of-bounds read was addressed with improved input validation. 2021-09-08 not yet calculated CVE-2021-30753
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-30780
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted file may disclose user information. 2021-09-08 not yet calculated CVE-2021-30791
MISC
MISC
apple — multiple_products
 
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30790
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30789
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to cause unexpected system termination or write kernel memory. 2021-09-08 not yet calculated CVE-2021-30787
MISC
MISC
MISC
apple — multiple_products
 
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A sandboxed process may be able to circumvent sandbox restrictions. 2021-09-08 not yet calculated CVE-2021-30783
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A local attacker may be able to cause unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30781
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An out-of-bounds read was addressed with improved input validation. 2021-09-08 not yet calculated CVE-2021-30752
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30728
MISC
MISC
MISC
apple — multiple_products
 
An injection issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-30777
MISC
MISC
MISC
apple — multiple_products
 
A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking. 2021-09-08 not yet calculated CVE-2021-30726
MISC
MISC
MISC
apple — multiple_products
 
A malicious application may be able to overwrite arbitrary files. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Mojave. An issue with path validation logic for hardlinks was addressed with improved path sanitization. 2021-09-08 not yet calculated CVE-2021-30738
MISC
MISC
apple — multiple_products
 
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1762
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A local user may be able to cause unexpected system termination or read kernel memory. 2021-09-08 not yet calculated CVE-2021-30676
MISC
MISC
MISC
apple — multiple_products
 
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30663
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30664
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. 2021-09-08 not yet calculated CVE-2021-30665
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. 2021-09-08 not yet calculated CVE-2021-30661
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. 2021-09-08 not yet calculated CVE-2021-30769
MISC
MISC
MISC
apple — multiple_products
 
A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-30652
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1885
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1817
MISC
MISC
MISC
MISC
apple — multiple_products
 
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. 2021-09-08 not yet calculated CVE-2021-1739
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to gain elevated privileges. 2021-09-08 not yet calculated CVE-2021-1882
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30743
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30740
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted certificate may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30737
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30736
MISC
MISC
MISC
MISC
apple — multiple_products
 
A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking. 2021-09-08 not yet calculated CVE-2021-30735
MISC
MISC
MISC
apple — multiple_products
 
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30734
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. 2021-09-08 not yet calculated CVE-2021-30744
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to disclose kernel memory. 2021-09-08 not yet calculated CVE-2021-30660
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-30774
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-30766
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An application may be able to cause unexpected system termination or write kernel memory. 2021-09-08 not yet calculated CVE-2021-1828
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30701
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code. 2021-09-08 not yet calculated CVE-2021-30717
MISC
MISC
MISC
apple — multiple_products
 
A validation issue was addressed with improved logic. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-1813
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service. 2021-09-08 not yet calculated CVE-2021-30715
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-1816
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application with root privileges may be able to access private information. 2021-09-08 not yet calculated CVE-2021-1824
MISC
MISC
apple — multiple_products
 
An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. 2021-09-08 not yet calculated CVE-2021-1825
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to disclosure of user information. 2021-09-08 not yet calculated CVE-2021-30700
MISC
MISC
MISC
MISC
apple — multiple_products
 
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files. 2021-09-08 not yet calculated CVE-2021-1807
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30708
MISC
MISC
MISC
MISC
apple — multiple_products
 
Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logic. 2021-09-08 not yet calculated CVE-2021-1832
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-1834
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1843
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
Processing a maliciously crafted audio file may disclose restricted memory. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds read was addressed with improved input validation. 2021-09-08 not yet calculated CVE-2021-1846
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions. 2021-09-08 not yet calculated CVE-2021-30756
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted audio file may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30707
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to modify protected parts of the file system. 2021-09-08 not yet calculated CVE-2021-30727
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges. 2021-09-08 not yet calculated CVE-2021-1851
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to bypass Privacy preferences. 2021-09-08 not yet calculated CVE-2021-1849
MISC
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Parsing a maliciously crafted audio file may lead to disclosure of user information. 2021-09-08 not yet calculated CVE-2021-30685
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An API issue in Accessibility TCC permissions was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to unexpectedly leak a user’s credentials from secure text fields. 2021-09-08 not yet calculated CVE-2021-1873
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An application may be able to gain elevated privileges. 2021-09-08 not yet calculated CVE-2021-30679
MISC
MISC
MISC
apple — multiple_products
 
Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5. An out-of-bounds read was addressed with improved input validation. 2021-09-08 not yet calculated CVE-2021-30755
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30779
MISC
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox. 2021-09-08 not yet calculated CVE-2021-30677
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. 2021-09-08 not yet calculated CVE-2021-30720
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory. 2021-09-08 not yet calculated CVE-2021-1811
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30695
MISC
MISC
MISC
MISC
apple — multiple_products
 
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. 2021-09-08 not yet calculated CVE-2021-30691
MISC
MISC
MISC
MISC
apple — multiple_products
 
A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-30693
MISC
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. 2021-09-08 not yet calculated CVE-2021-30689
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user information. 2021-09-08 not yet calculated CVE-2021-30687
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information. 2021-09-08 not yet calculated CVE-2021-1857
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted audio file may disclose restricted memory. 2021-09-08 not yet calculated CVE-2021-30686
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1876
MISC
MISC
MISC
apple — multiple_products
 
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An attacker in a privileged network position may be able to leak sensitive user information. 2021-09-08 not yet calculated CVE-2021-1878
MISC
MISC
MISC
apple — multiple_products
 
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. 2021-09-08 not yet calculated CVE-2021-30682
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to gain root privileges. 2021-09-08 not yet calculated CVE-2021-30681
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, watchOS 7.4. Processing a maliciously crafted image may lead to arbitrary code execution. 2021-09-08 not yet calculated CVE-2021-1880
MISC
MISC
apple — tv_app
 
This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app. 2021-09-08 not yet calculated CVE-2020-27940
MISC
arista — metamako_operating_system In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train 2021-09-09 not yet calculated CVE-2021-28499
MISC
arista — metamako_operating_system In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train 2021-09-09 not yet calculated CVE-2021-28497
MISC
arista — metamako_operating_system In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train 2021-09-09 not yet calculated CVE-2021-28495
MISC
arista — metamako_operating_system
 
In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases 2021-09-09 not yet calculated CVE-2021-28493
MISC
arista — metamako_operating_system
 
In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases 2021-09-09 not yet calculated CVE-2021-28494
MISC
arista — metamako_operating_systems In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista Metamako Operating System MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and prior releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train 2021-09-09 not yet calculated CVE-2021-28498
MISC
aruba — operating_system_software
 
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability. 2021-09-07 not yet calculated CVE-2019-5318
MISC
aruba — sd-wan_software_and_gateways
 
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 not yet calculated CVE-2021-37733
MISC
aruba — sd-wan_software_and_gateways
 
A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. 2021-09-07 not yet calculated CVE-2021-37731
MISC
atlassian — jira_server Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users’ emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. 2021-09-08 not yet calculated CVE-2021-39122
N/A
atlassian — jira_server
 
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to enumerate the keys of private Jira projects via an Information Disclosure vulnerability in the /rest/api/latest/projectvalidate/key endpoint. The affected versions are before version 8.5.18, from version 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2. 2021-09-08 not yet calculated CVE-2021-39121
MISC
atlassian — jira_server
 
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application’s availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.19.0. 2021-09-08 not yet calculated CVE-2021-39116
N/A
autumn — autumn
 
Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component “autumn-cms/user/getAllUser/?page=1&limit=10”. 2021-09-08 not yet calculated CVE-2020-19137
MISC
bab_technologie — gmbh_eibPort BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique ‘eibPort String’ which acts as the root SSH key passphrase. This is usable and part of an attack chain to gain SSH root access. 2021-09-09 not yet calculated CVE-2021-28913
MISC
bab_technologie — gmbh_eibPort BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key passphrase known as ‘eibPort string’. This is usable and the final part of an attack chain to gain SSH root access. 2021-09-09 not yet calculated CVE-2021-28912
MISC
bab_technologie — gmbh_eibPort BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is usable and part of an attack chain to gain SSH root access. 2021-09-09 not yet calculated CVE-2021-28914
MISC
bab_technologie — gmbh_eibPort
 
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as ‘admin’. This is usable and part of an attack chain to gain SSH root access. 2021-09-09 not yet calculated CVE-2021-28909
MISC
bab_technologie — gmbh_eibPort
 
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server. 2021-09-09 not yet calculated CVE-2021-28910
MISC
bab_technologie — gmbh_eibPort
 
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface. This is usable and part of an attack chain to gain SSH root access. 2021-09-09 not yet calculated CVE-2021-28911
MISC
bandisoftco.ltd — ark_library
 
A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check. 2021-09-09 not yet calculated CVE-2021-26603
MISC
barco — mirrorop_windows_server
 
Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS). 2021-09-07 not yet calculated CVE-2021-38142
MISC
MISC
better_errors — better_errors
 
better_errors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. better_errors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct “Content-Type” header for these requests, which allowed a cross-origin “simple request” to be made without CORS protection. These together left an application with better_errors enabled open to cross-origin attacks. As a developer tool, better_errors documentation strongly recommends addition only to the `development` bundle group, so this vulnerability should only affect development environments. Please ensure that your project limits better_errors to the `development` group (or the non-Rails equivalent). Starting with release 2.8.x, CSRF protection is enforced. It is recommended that you upgrade to the latest release, or minimally to “~> 2.8.3”. There are no known workarounds to mitigate the risk of using older releases of better_errors. 2021-09-07 not yet calculated CVE-2021-39197
MISC
CONFIRM
MISC
MISC
bluetrum — ab32vg1_devices
 
The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data. 2021-09-07 not yet calculated CVE-2021-31610
MISC
MISC
MISC
MISC
bluetrum — ats2815_and_ats2819_devices The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication. 2021-09-07 not yet calculated CVE-2021-31785
MISC
MISC
MISC
bluetrum — ats2815_and_ats2819_devices
 
The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host. 2021-09-07 not yet calculated CVE-2021-31786
MISC
MISC
MISC
bolt-server — bolt-server
 
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). 2021-09-07 not yet calculated CVE-2021-27022
MISC
btcpayserver — btcpayserver
 
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-09-10 not yet calculated CVE-2021-3646
CONFIRM
MISC
central_dogma — central_dogma
 
Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project. 2021-09-08 not yet calculated CVE-2021-38388
MISC
cisco — broadworks_commpilet_application_osftware
 
Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. 2021-09-09 not yet calculated CVE-2021-34785
CISCO
cisco — broadworks_commpilot_application_software
 
Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. 2021-09-09 not yet calculated CVE-2021-34786
CISCO
cisco — ios_xr_software A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process. 2021-09-09 not yet calculated CVE-2021-34720
CISCO
cisco — ios_xr_software A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by running a specific command. A successful exploit could allow the attacker to view sensitive configuration information that their privileges might not otherwise allow them to access. 2021-09-09 not yet calculated CVE-2021-34771
CISCO
cisco — ios_xr_software Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2021-09-09 not yet calculated CVE-2021-34719
CISCO
cisco — ios_xr_software
 
A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the dhcpd process. While the dhcpd process is restarting, which may take up to approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period. Note: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload. 2021-09-09 not yet calculated CVE-2021-34737
CISCO
cisco — ios_xr_software
 
A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An attacker could exploit this vulnerability by sending specific types of Ethernet frames on the segment where the affected line cards are attached. A successful exploit could allow the attacker to cause the affected line card to reboot. 2021-09-09 not yet calculated CVE-2021-34713
CISCO
cisco — ios_xr_software
 
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. 2021-09-09 not yet calculated CVE-2021-34722
CISCO
cisco — ios_xr_software
 
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. 2021-09-09 not yet calculated CVE-2021-34721
CISCO
cisco — ios_xr_software
 
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2021-09-09 not yet calculated CVE-2021-34728
CISCO
cisco — ios_xr_software
 
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to. 2021-09-09 not yet calculated CVE-2021-34718
CISCO
cisco — network_convergence_system
 
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. 2021-09-09 not yet calculated CVE-2021-34709
CISCO
cisco — network_convergence_systems
 
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. 2021-09-09 not yet calculated CVE-2021-34708
CISCO
citrix — hypervisor
 
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed. 2021-09-08 not yet calculated CVE-2021-28701
MISC
CONFIRM
MLIST
cypress — wiced_bt_stack

 

The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure. 2021-09-07 not yet calculated CVE-2021-34146
MISC
MISC
cypress — wiced_bt_stack

 

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress. 2021-09-07 not yet calculated CVE-2021-34147
MISC
MISC
cypress — wiced_bt_stack
 
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. 2021-09-07 not yet calculated CVE-2021-34145
MISC
MISC
cypress — wiced_bt_stack
 
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet. 2021-09-07 not yet calculated CVE-2021-34148
MISC
MISC
d-link — dsl-3782_devices
 
D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface “/cgi-bin/New_GUI/Igmp.asp”. Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter ‘igmpsnoopEnable’ via an HTTP request. 2021-09-09 not yet calculated CVE-2021-40284
MISC
MISC
deskpro — cloud
 
Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in social media links on a user profile due to lack of input validation. 2021-09-07 not yet calculated CVE-2021-36696
MISC
deskpro — cloud
 
Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in the download file feature on a manager profile due to lack of input validation. 2021-09-08 not yet calculated CVE-2021-36695
MISC
deskpro — cloud
 
In order to perform a directory traversal attack, all an attacker needs is a web browser and some knowledge on where to blindly find any default files and directories on the system. on the “Name” parameter the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system. 2021-09-07 not yet calculated CVE-2021-36717
CERT
dotcms — dotcms
 
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component “/src/main/java/com/dotmarketing/filters/CMSFilter.java”. 2021-09-08 not yet calculated CVE-2020-19138
MISC
dswicms — dswicms
 
A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. 2021-09-09 not yet calculated CVE-2020-19265
MISC
dswicms — dswicms
 
A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. 2021-09-09 not yet calculated CVE-2020-19266
MISC
dswicms — dswicms
 
An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. 2021-09-09 not yet calculated CVE-2020-19267
MISC
dswicms — dswicms
 
A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users. 2021-09-09 not yet calculated CVE-2020-19268
MISC
dubbo — provider
 
The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there’s an exception that the attacker can use to skip the security check (when enabled) and reaching a deserialization operation with native java serialization. Apache Dubbo 2.7.13, 3.0.2 fixed this issue by quickly fail when any unrecognized request was found. 2021-09-09 not yet calculated CVE-2021-37579
MISC
eclipse — keti

 

Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063. 2021-09-09 not yet calculated CVE-2021-32835
CONFIRM
eclipse — keti
 
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063. 2021-09-09 not yet calculated CVE-2021-32834
CONFIRM
eigen — nlp

 

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users’ profiles and much more. 2021-09-07 not yet calculated CVE-2021-38616
MISC
MISC
MISC
eigen — nlp
 
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation. 2021-09-07 not yet calculated CVE-2021-38617
MISC
MISC
MISC
eigen — nlp
 
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information. 2021-09-07 not yet calculated CVE-2021-38615
MISC
MISC
MISC
elgamal — botan
 
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver’s public key, the generator defined by the receiver’s public key, and the sender’s ephemeral exponents can lead to a cross-configuration attack against OpenPGP. 2021-09-06 not yet calculated CVE-2021-40529
MISC
MISC
MISC
MISC
elgamal — crypto++
 
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver’s public key, the generator defined by the receiver’s public key, and the sender’s ephemeral exponents can lead to a cross-configuration attack against OpenPGP. 2021-09-06 not yet calculated CVE-2021-40530
MISC
MISC
MISC
emby — server
 
Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4.0 and may not be patched in later versions. Known vulnerable routes are /Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer, /Images/Ratings/theme/name and /Images/MediaInfo/theme/name. For more details including proof of concept code, refer to the referenced GHSL-2021-051. This issue may lead to unauthorized access to the system especially when Emby Server is configured to be accessible from the Internet. 2021-09-09 not yet calculated CVE-2021-32833
CONFIRM
espressif — esp-idf
 
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data. 2021-09-07 not yet calculated CVE-2021-28135
MISC
MISC
MISC
MISC
eyoucms — eyoucms Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject “../” to escape and write file to writeable directories. 2021-09-07 not yet calculated CVE-2021-39500
MISC
MISC
eyoucms — eyoucms
 
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. 2021-09-07 not yet calculated CVE-2021-39497
MISC
MISC
MISC
factoryaircommandmanager — factoryaircommandmanager
 
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket. 2021-09-09 not yet calculated CVE-2021-25450
MISC
fish_hunt — fish_hunt
 
An insufficient session expiration vulnerability exists in the “Fish | Hunt FL” iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. 2021-09-08 not yet calculated CVE-2021-33982
MISC
fish_hunt — fish_hunt
 
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the “Fish | Hunt FL” iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people’s personal information and images of their hunting/fishing licenses. 2021-09-08 not yet calculated CVE-2021-33981
MISC
flask-appbuilder — flask-appbuilder
 
Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where the `next-site` domain is different from the application you are protecting as a workaround. 2021-09-08 not yet calculated CVE-2021-32805
CONFIRM
MISC
fortinet — fortisandbox
 
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks) 2021-09-08 not yet calculated CVE-2020-29012
CONFIRM
fortinet — fortiweb
 
A Improper neutralization of special elements used in a command (‘Command Injection’) in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests 2021-09-08 not yet calculated CVE-2021-36182
CONFIRM
fortinet — fortiweb
 
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution 2021-09-08 not yet calculated CVE-2021-36179
CONFIRM
fuel — cms FUEL CMS 1.5.0 allows SQL Injection via parameter ‘col’ in /fuel/index.php/fuel/logs/items 2021-09-09 not yet calculated CVE-2021-38727
MISC
fuel — cms
 
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php 2021-09-09 not yet calculated CVE-2021-38725
MISC
MISC
fuel — cms
 
FUEL CMS 1.5.0 allows SQL Injection via parameter ‘col’ in /fuel/index.php/fuel/pages/items 2021-09-09 not yet calculated CVE-2021-38723
MISC
fuel — cms
 
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability 2021-09-09 not yet calculated CVE-2021-38721
MISC
MISC
garageband — garageband
 
This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information. 2021-09-08 not yet calculated CVE-2021-30654
MISC
github — github
 
check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](github.com/marketplace/actions/check-spelling) enabled that triggers on `pull_request_target` (or `schedule`), an attacker can send a crafted Pull Request that causes a `GITHUB_TOKEN` to be exposed. With the `GITHUB_TOKEN`, it’s possible to push commits to the repository bypassing standard approval processes. Commits to the repository could then steal any/all secrets available to the repository. As a workaround users may can either: [Disable the workflow](docs.github.com/en/actions/managing-workflow-runs/disabling-and-enabling-a-workflow) until you’ve fixed all branches or Set repository to [Allow specific actions](docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#allowing-specific-actions-to-run). check-spelling isn’t a verified creator and it certainly won’t be anytime soon. You could then explicitly add other actions that your repository uses. Set repository [Workflow permissions](docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository) to `Read repository contents permission`. Workflows using `check-spelling/check-spelling@main` will get the fix automatically. Workflows using a pinned sha or tagged version will need to change the affected workflows for all repository branches to the latest version. Users can verify who and which Pull Requests have been running the action by looking up the spelling.yml action in the Actions tab of their repositories, e.g., github.com/check-spelling/check-spelling/actions/workflows/spelling.yml – you can filter PRs by adding ?query=event%3Apull_request_target, e.g., github.com/check-spelling/check-spelling/actions/workflows/spelling.yml?query=event%3Apull_request_target. 2021-09-09 not yet calculated CVE-2021-32724
CONFIRM
MISC
gitlab — ce/ee
 
An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. 2021-09-09 not yet calculated CVE-2021-22239
MISC
CONFIRM
glewlwyd — sso_server
 
scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration. 2021-09-08 not yet calculated CVE-2021-40818
MISC
MISC
gnu — mailman_postorius
 
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place. 2021-09-10 not yet calculated CVE-2021-40347
CONFIRM
MISC
CONFIRM
MISC
MISC
DEBIAN
google — chromeon_readiness_tool
 
Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls. 2021-09-08 not yet calculated CVE-2021-30605
MISC
MISC
handysoftco.ltd — hshell.dll
 
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash. 2021-09-09 not yet calculated CVE-2021-26608
MISC
haproxy — haproxy
 
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. 2021-09-08 not yet calculated CVE-2021-40346
MISC
DEBIAN
MISC
MISC
MISC
MISC
MLIST
MLIST
hashicorp — consul_and_consul_enterprise
 
HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2. 2021-09-07 not yet calculated CVE-2021-37219
MISC
MISC
hashicorp — consul_and_consul_enterprise
 
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2. 2021-09-07 not yet calculated CVE-2021-38698
MISC
MISC
hashicorp — nomad_and_nomad_enterprise_raft
 
HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4. 2021-09-07 not yet calculated CVE-2021-37218
MISC
MISC
hitachi — abb_power_grids_system_data_manager
 
Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257). 2021-09-08 not yet calculated CVE-2021-35526
CONFIRM
huawei — ais-bw50-00_devices
 
There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device. 2021-09-09 not yet calculated CVE-2021-37101
MISC
huawei — cx5500_and_cx5100
 
** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-09-07 not yet calculated CVE-2021-37145
MISC
CONFIRM
icovo — icovo
 
A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script. 2021-09-07 not yet calculated CVE-2020-19768
MISC
ionic_identity — vault
 
In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication. 2021-09-10 not yet calculated CVE-2021-3145
MISC
MISC
iphone — macos_big_sur A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to force unnecessary network connections to fetch its favicon. 2021-09-08 not yet calculated CVE-2021-1855
MISC
iphone — macos_big_sur
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. Locked Notes content may have been unexpectedly unlocked. 2021-09-08 not yet calculated CVE-2021-1859
MISC
iphone — macos_big_sur
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A local attacker may be able to elevate their privileges. 2021-09-08 not yet calculated CVE-2021-1853
MISC
iphone — macos_big_sur
 
An issue existed in determining cache occupancy. The issue was addressed through improved logic. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to track users by setting state in a cache. 2021-09-08 not yet calculated CVE-2021-1861
MISC
jeesns — jeesns A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo. 2021-09-09 not yet calculated CVE-2020-19291
MISC
MISC
jeesns — jeesns A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question. 2021-09-09 not yet calculated CVE-2020-19292
MISC
MISC
jeesns — jeesns A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message’s text field. 2021-09-09 not yet calculated CVE-2020-19282
MISC
MISC
jeesns — jeesns A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field. 2021-09-09 not yet calculated CVE-2020-19285
MISC
MISC
jeesns — jeesns A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field. 2021-09-09 not yet calculated CVE-2020-19281
MISC
MISC
jeesns — jeesns A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field. 2021-09-09 not yet calculated CVE-2020-19284
MISC
MISC
jeesns — jeesns
 
A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab. 2021-09-09 not yet calculated CVE-2020-19289
MISC
MISC
jeesns — jeesns
 
A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article. 2021-09-09 not yet calculated CVE-2020-19293
MISC
MISC
jeesns — jeesns
 
A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor. 2021-09-09 not yet calculated CVE-2020-19286
MISC
MISC
jeesns — jeesns
 
A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section. 2021-09-09 not yet calculated CVE-2020-19290
MISC
MISC
jeesns — jeesns
 
A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message. 2021-09-09 not yet calculated CVE-2020-19288
MISC
MISC
jeesns — jeesns
 
A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title. 2021-09-09 not yet calculated CVE-2020-19287
MISC
MISC
jeesns — jeesns
 
A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section. 2021-09-09 not yet calculated CVE-2020-19294
MISC
MISC
jeesns — jeesns
 
A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. 2021-09-09 not yet calculated CVE-2020-19295
MISC
MISC
jeesns — jeesns
 
Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. 2021-09-09 not yet calculated CVE-2020-19280
MISC
MISC
jeesns — jeesns
 
A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. 2021-09-09 not yet calculated CVE-2020-19283
MISC
MISC
kaml — kaml
 
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in resource starvation and denial of service. This only affects applications that use polymorphic serialization with the default tagged polymorphism style. Applications using the property polymorphism style are not affected. YAML input for a polymorphic type that provided a tag but no value for the object would trigger the issue. Version 0.35.3 or later contain the fix for this issue. 2021-09-07 not yet calculated CVE-2021-39194
MISC
MISC
CONFIRM
kubernetes — kubernetes
 
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs. 2021-09-06 not yet calculated CVE-2021-25737
MISC
MISC
kubernetes — webhook
 
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields. 2021-09-06 not yet calculated CVE-2021-25735
MISC
MISC
libgcrypt — libgcrypt
 
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver’s public key, the generator defined by the receiver’s public key, and the sender’s ephemeral exponents can lead to a cross-configuration attack against OpenPGP. 2021-09-06 not yet calculated CVE-2021-40528
MISC
MISC
MISC
libgd — libgd
 
The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks. 2021-09-08 not yet calculated CVE-2021-40812
MISC
MISC
librenms — librenms
 
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed. 2021-09-08 not yet calculated CVE-2021-31274
MISC
MISC
MISC
libsapeextractor — library
 
An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process. 2021-09-09 not yet calculated CVE-2021-25449
MISC
libtiff — libtiff
 
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the “TIFFVGetField” funtion in the component ‘libtiff/tif_dir.c’. 2021-09-09 not yet calculated CVE-2020-19143
MISC
MISC
MISC
libtiff — libtiff
 
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the ‘in _TIFFmemcpy’ funtion in the component ‘tif_unix.c’. 2021-09-09 not yet calculated CVE-2020-19144
MISC
MISC
line — line
 
LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling. 2021-09-08 not yet calculated CVE-2021-36215
MISC
line — line
 
LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection. 2021-09-08 not yet calculated CVE-2021-36216
MISC
mediatek — smartphone_chipsets In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964926. 2021-09-09 not yet calculated CVE-2021-32485
MISC
mediatek — smartphone_chipsets In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964928. 2021-09-09 not yet calculated CVE-2021-32486
MISC
mediatek — smartphone_chipsets
 
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500736; Issue ID: ALPS04938456. 2021-09-09 not yet calculated CVE-2021-32487
MISC
mediatek — smartphone_chipsets
 
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964917. 2021-09-09 not yet calculated CVE-2021-32484
MISC
merge — merge
 
merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) 2021-09-10 not yet calculated CVE-2021-3645
MISC
CONFIRM
micro_focus — network_automation
 
Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication. 2021-09-07 not yet calculated CVE-2021-38123
MISC
mipcms — mipcms
 
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit. 2021-09-09 not yet calculated CVE-2020-19263
MISC
mipcms — mipcms
 
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd. 2021-09-09 not yet calculated CVE-2020-19264
MISC
misskey — misskey Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in “Upload from URL” and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been fixed in 12.90.0. However, if you are using a proxy, you will need to take additional measures. As a workaround this exploit may be avoided by appropriately restricting access to private networks from the host where the application is running. 2021-09-07 not yet calculated CVE-2021-39195
CONFIRM
MISC
MISC
nessus — agent
 
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118. 2021-09-09 not yet calculated CVE-2021-20117
MISC
nessus — agent
 
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117. 2021-09-09 not yet calculated CVE-2021-20118
MISC
networkpolicymanagerservice — networkpolicymanagerservice
 
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data. 2021-09-09 not yet calculated CVE-2021-25451
MISC
nexacro14 — runtime_active
 
Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension. 2021-09-09 not yet calculated CVE-2020-7874
MISC
nextcloud — circles
 
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any “Secret Circle” without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is upgraded to 0.19.15, 0.20.11 or 0.21.4. There are no workarounds for this issue. 2021-09-07 not yet calculated CVE-2021-37630
CONFIRM
MISC
MISC
nextcloud — deck
 
Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn’t properly check membership of users in a Circle. This allowed other users in the instance to gain access to boards that have been shared with a Circle, even if the user was not a member of the circle. It is recommended that Nextcloud Deck is upgraded to 1.5.1, 1.4.4 or 1.2.9. If you are unable to update it is advised to disable the Deck plugin. 2021-09-07 not yet calculated CVE-2021-37631
CONFIRM
MISC
MISC
MISC
nextcloud — richdocuments
 
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled. 2021-09-07 not yet calculated CVE-2021-37629
MISC
CONFIRM
MISC
nextcloud — richdocuments
 
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features (“Upload Only” public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application. 2021-09-07 not yet calculated CVE-2021-37628
CONFIRM
MISC
MISC
nextcloud — server Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug. 2021-09-07 not yet calculated CVE-2021-32801
CONFIRM
MISC
MISC
nextcloud — server
 
Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn’t suited for untrusted user-supplied content. There are several security concerns with passing user-generated content to this library, such as Server-Side-Request-Forgery, file disclosure or potentially executing code on the system. The risk depends on your system configuration and the installed library version. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. These versions do not use this library anymore. As a workaround users may disable previews by setting `enable_previews` to `false` in `config.php`. 2021-09-07 not yet calculated CVE-2021-32802
CONFIRM
MISC
MISC
nextcloud — server
 
Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. There are no workaround for this vulnerability. 2021-09-07 not yet calculated CVE-2021-32800
CONFIRM
MISC
MISC
nextcloud — text
 
Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link share has been created with “Upload Only” privileges. (aka “File Drop”). A link share recipient is not expected to see which folders or files exist in a “File Drop” share. Using this vulnerability an attacker is able to enumerate folders in such a share. Exploitation requires that the attacker has access to a valid affected “File Drop” link share. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.0.1. Users who are unable to upgrade are advised to disable the Nextcloud Text application in the app settings. 2021-09-07 not yet calculated CVE-2021-32766
MISC
CONFIRM
MISC
ntfs-3g — ntfs-3g A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39257
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39252
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39254
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. 2021-09-07 not yet calculated CVE-2021-33289
MISC
MISC
MLIST
DEBIAN
ntfs-3g — ntfs-3g A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39260
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39261
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39262
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39263
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39258
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g
 
A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39253
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g
 
In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. 2021-09-07 not yet calculated CVE-2021-33286
MISC
MISC
MLIST
DEBIAN
ntfs-3g — ntfs-3g
 
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the “bytes_in_use” field should be less than the “bytes_allocated” field. When it is not, the parsing of the records proceeds into the wild. 2021-09-07 not yet calculated CVE-2021-33285
MISC
MISC
MISC
MISC
MLIST
DEBIAN
ntfs-3g — ntfs-3g
 
A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39251
MISC
MISC
MISC
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g
 
A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39255
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g
 
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39256
MISC
MISC
DEBIAN
ntfs-3g — ntfs-3g
 
In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application. 2021-09-07 not yet calculated CVE-2021-33287
MISC
MISC
MISC
MLIST
DEBIAN
ntfs-3g — ntfs-3g
 
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. 2021-09-07 not yet calculated CVE-2021-39259
MISC
MISC
DEBIAN
objections.js — objection.js
 
objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) 2021-09-06 not yet calculated CVE-2021-3766
CONFIRM
MISC
octorrki — origin_validation
 
Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP “MaxLength” value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 – Cloudflare) prior to launching a BGP hijack which during normal operations would be rejected as “RPKI invalid”. Additionally, in certain deployments RTR session flapping in and of itself also could cause BGP routing churn, causing availability issues. 2021-09-09 not yet calculated CVE-2021-3761
CONFIRM
onlyoffice — document_server
 
The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields. 2021-09-10 not yet calculated CVE-2021-40864
MISC
MISC
onyaktech — comments_pro An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment. 2021-09-07 not yet calculated CVE-2021-33483
MISC
MISC
onyaktech — comments_pro
 
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted encryption key (sent as a parameter in the comment form request) by setting this encrypted value as the username, which will appear on the comment page in its decrypted form. Using these two values (combined with the encryption functionality discovered in the decompiled installer), the attacker can encrypt another user’s ID and username. These values can be used as part of the comment posting request in order to spoof the user. 2021-09-07 not yet calculated CVE-2021-33484
MISC
MISC
openbmc — openbmc
 
In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system. 2021-09-09 not yet calculated CVE-2021-39296
MISC
MISC
openstack — neutron An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service. 2021-09-08 not yet calculated CVE-2021-40797
MISC
CONFIRM
MLIST
openwall — ntfs-3g
 
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges. 2021-09-07 not yet calculated CVE-2021-35268
MISC
MISC
MLIST
DEBIAN
openwall — ntfs-3g
 
NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root. 2021-09-07 not yet calculated CVE-2021-35267
MISC
MISC
MLIST
DEBIAN
openwall — ntfs-3g
 
NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges. 2021-09-07 not yet calculated CVE-2021-35269
MISC
MLIST
DEBIAN
openwall — ntfs-3g
 
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution. 2021-09-07 not yet calculated CVE-2021-35266
MISC
MISC
MLIST
DEBIAN
otrs_ag — community_edition
 
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. 2021-09-06 not yet calculated CVE-2021-36096
CONFIRM
owncloud — owncloud
 
Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation. 2021-09-08 not yet calculated CVE-2021-40537
MISC
owncloud — owncloud
 
The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL. 2021-09-07 not yet calculated CVE-2021-35947
MISC
MISC
owncloud — owncloud
 
The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share. 2021-09-07 not yet calculated CVE-2021-35949
MISC
MISC
owncloud — owncloud
 
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions. 2021-09-07 not yet calculated CVE-2021-35946
MISC
MISC
owncloud — owncloud
 
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie. 2021-09-07 not yet calculated CVE-2021-35948
MISC
MISC
oxracer — oxracer
 
A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script. 2021-09-07 not yet calculated CVE-2020-19767
MISC
palo_alto_networks — cortex_xsoar_server An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances. 2021-09-08 not yet calculated CVE-2021-3051
CONFIRM
palo_alto_networks — cortex_xsoar_server
 
An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions. 2021-09-08 not yet calculated CVE-2021-3049
CONFIRM
palo_alto_networks — pan-os

 

An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. This issue does not affect Prisma Access. 2021-09-08 not yet calculated CVE-2021-3053
CONFIRM
palo_alto_networks — pan-os

 

An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.6. This issue does not affect Prisma Access. 2021-09-08 not yet calculated CVE-2021-3055
CONFIRM
palo_alto_networks — pan-os

 

A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7; PAN-OS 10.1 versions earlier than PAN-OS 10.1.2. This issue does not affect Prisma Access. 2021-09-08 not yet calculated CVE-2021-3054
CONFIRM
palo_alto_networks — pan-os
 
A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.20; PAN-OS 9.0 versions earlier than 9.0.14; PAN-OS 9.1 versions earlier than 9.1.10; PAN-OS 10.0 versions earlier than 10.0.2. This issue does not affect Prisma Access. 2021-09-08 not yet calculated CVE-2021-3052
CONFIRM
parlai — parlai Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0. 2021-09-10 not yet calculated CVE-2021-24040
MISC
CONFIRM
parlai — parlai
 
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0. If upgrading is not possible then users can change the Loader used to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details. 2021-09-10 not yet calculated CVE-2021-39207
MISC
MISC
CONFIRM
pcapture — pcapture
 
pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filters can effectively limit the scope of information that a user can see in the data captures. If no filter is present, then all data on the local network segment where the program is running can be captured and downloaded. v3.12 fixes this problem. There is no workaround, you must upgrade to v3.12 or greater. 2021-09-07 not yet calculated CVE-2021-39196
CONFIRM
MISC
MISC
pepeauctionsale — pepeauctionsale
 
The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application. 2021-09-07 not yet calculated CVE-2020-19766
MISC
phpmywind — phpmywind
 
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without “<, >, ?, =, `,….” In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file. 2021-09-07 not yet calculated CVE-2021-39503
MISC
MISC
playsms — playsms
 
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI. 2021-09-10 not yet calculated CVE-2021-40373
MISC
CONFIRM
plesk — obsidian
 
The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim’s browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability. 2021-09-10 not yet calculated CVE-2021-35976
MISC
MISC
pomerium — pomerium Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched. 2021-09-09 not yet calculated CVE-2021-39204
CONFIRM
MISC
MISC
pomerium — pomerium Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect authorization or routing decisions may be made by Pomerium. Pomerium v0.14.8 and v0.15.1 contain an upgraded envoy binary with these vulnerabilities patched. This issue can only be triggered when using path prefix based policy. Removing any such policies should provide mitigation. 2021-09-09 not yet calculated CVE-2021-39206
MISC
MISC
CONFIRM
MISC
pomerium — pomerium
 
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered. 2021-09-09 not yet calculated CVE-2021-39162
MISC
MISC
CONFIRM
ppgo_jobs  — ppgo_jobs
 
Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the ‘AjaxRun()’ function. 2021-09-08 not yet calculated CVE-2020-26772
MISC
MISC
prestashop — customer_photo_gallary
 
The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection. 2021-09-08 not yet calculated CVE-2021-40814
MISC
python — python The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;x2fx7f), enabling a remote attack that consumes CPU and memory. 2021-09-10 not yet calculated CVE-2021-40839
MISC
MISC
MISC
MISC
qnap — multiple_devices
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later 2021-09-10 not yet calculated CVE-2021-34346
CONFIRM
qnap — multiple_devices
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later 2021-09-10 not yet calculated CVE-2021-34345
CONFIRM
qnap — multiple_products
 
A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later 2021-09-10 not yet calculated CVE-2018-19957
CONFIRM
qnap — multiple_products
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later 2021-09-10 not yet calculated CVE-2021-34343
CONFIRM
qnap — qunetswitch
 
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versions: QSW-M2116P-2T2S 1.0.6 build 210713 and later QGD-1600P: QuNetSwitch 1.0.6.1509 and later QGD-1602P: QuNetSwitch 1.0.6.1509 and later QGD-3014PT: QuNetSwitch 1.0.6.1519 and later 2021-09-10 not yet calculated CVE-2021-28813
CONFIRM
qnap — qusbcam2
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSBCam2: QTS 4.5.4: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 5.0: QUSBCam2 2.0.1 ( 2021/08/03 ) and later QTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 4.3.3: QUSBCam2 1.1.4 ( 2021/08/06 ) and later QuTS hero 4.5.3: QUSBCam2 1.1.4 ( 2021/07/30 ) and later 2021-09-10 not yet calculated CVE-2021-34344
CONFIRM
qnap — multiple_products
 
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QTS 4.3.3.1693 build 20210624 and later QTS 4.3.6.1750 build 20210730 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later 2021-09-10 not yet calculated CVE-2021-28816
CONFIRM
qualcomm — multiple_snapdragon_products
 
Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2021-09-09 not yet calculated CVE-2021-30295
CONFIRM
qualcomm — multiple_snapdragon_products
 
Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-09-08 not yet calculated CVE-2020-11301
CONFIRM
qualcomm — multiple_snapdragon_products
 
Possible null pointer dereference due to race condition between timeline fence signal and time line fence destroy in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2021-09-09 not yet calculated CVE-2021-30290
CONFIRM
qualcomm — multiple_snapdragon_products
 
Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2021-09-08 not yet calculated CVE-2020-11264
CONFIRM
qualcomm — multiple_snapdragon_products
 
Potential null pointer dereference in KGSL GPU auxiliary command due to improper validation of user input in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2021-09-09 not yet calculated CVE-2021-30294
CONFIRM
qualcomm — snapdragon_products Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2021-09-08 not yet calculated CVE-2021-1929
CONFIRM
qualcomm — snapdragon_products Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2021-09-09 not yet calculated CVE-2021-1957
CONFIRM
qualcomm — snapdragon_products Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-09-08 not yet calculated CVE-2021-1972
CONFIRM
qualcomm — snapdragon_products Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-09-09 not yet calculated CVE-2021-1909
CONFIRM
qualcomm — snapdragon_products Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-08 not yet calculated CVE-2021-1914
CONFIRM
qualcomm — snapdragon_products Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-09-09 not yet calculated CVE-2021-1974
CONFIRM
qualcomm — snapdragon_products Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT 2021-09-08 not yet calculated CVE-2021-1923
CONFIRM
qualcomm — snapdragon_products Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-09-08 not yet calculated CVE-2021-1930
CONFIRM
qualcomm — snapdragon_products Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-08 not yet calculated CVE-2021-1919
CONFIRM
qualcomm — snapdragon_products Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-09-09 not yet calculated CVE-2021-1946
CONFIRM
qualcomm — snapdragon_products Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-09-09 not yet calculated CVE-2021-1948
CONFIRM
qualcomm — snapdragon_products Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2021-09-09 not yet calculated CVE-2021-1956
CONFIRM
qualcomm — snapdragon_products A race condition in fastrpc kernel driver for dynamic process creation can lead to use after free scenario in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables 2021-09-09 not yet calculated CVE-2021-1958
CONFIRM
qualcomm — snapdragon_products UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables 2021-09-09 not yet calculated CVE-2021-1933
CONFIRM
qualcomm — snapdragon_products
 
Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-09-09 not yet calculated CVE-2021-1941
CONFIRM
qualcomm — snapdragon_products
 
Buffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum endpoint pair and its size in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-09-09 not yet calculated CVE-2021-1962
CONFIRM
qualcomm — snapdragon_products
 
Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2021-09-09 not yet calculated CVE-2021-1971
CONFIRM
qualcomm — snapdragon_products
 
Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-09 not yet calculated CVE-2021-1961
CONFIRM
qualcomm — snapdragon_products
 
Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-09-09 not yet calculated CVE-2021-1960
CONFIRM
qualcomm — snapdragon_products
 
Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music 2021-09-09 not yet calculated CVE-2021-1952
CONFIRM
qualcomm — snapdragon_products
 
Possible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-09 not yet calculated CVE-2021-1963
CONFIRM
qualcomm — snapdragon_products
 
Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-09 not yet calculated CVE-2021-1935
CONFIRM
qualcomm — snapdragon_products
 
Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-08 not yet calculated CVE-2021-1904
CONFIRM
qualcomm — snapdragon_products
 
Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-08 not yet calculated CVE-2021-1916
CONFIRM
qualcomm — snapdragon_products
 
Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT 2021-09-09 not yet calculated CVE-2021-1934
CONFIRM
qualcomm — snapdragon_products
 
Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-09-08 not yet calculated CVE-2021-1920
CONFIRM
qualcomm — snapdragon_products
 
Buffer over read could occur due to incorrect check of buffer size while flashing emmc devices in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2021-09-08 not yet calculated CVE-2021-1928
CONFIRM
raonwizcoltd — dext5
 
A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832) 2021-09-07 not yet calculated CVE-2020-7832
MISC
raonwizcoltd — execm_coreb2b
 
A vulnerability(improper input validation) in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via httpDownload function. A successful exploit could allow the attacker to hijack vulnerable system. 2021-09-07 not yet calculated CVE-2020-7865
MISC
remark-html — remark-html
 
remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user input was not sanitized. This means arbitrary HTML can be passed through leading to potential XSS attacks. The problem has been patched in 13.0.2 and 14.0.1: `remark-html` is now safe by default, and the implementation matches the documentation. On older affected versions, pass `sanitize: true` if you cannot update. 2021-09-07 not yet calculated CVE-2021-39199
MISC
MISC
CONFIRM
MISC
ribbonsoft — ribbonsoft
 
A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2021-09-08 not yet calculated CVE-2021-21897
MISC
rittal — cmc_pu_iii_web_management
 
Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitize user input on Network TCP/IP configuration page. This allows the attacker to inject commands as root on the device which will be executed once the data is received. 2021-09-09 not yet calculated CVE-2021-40222
MISC
rittal — cmc_pu_iii_web_management
 
Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging filter dialog). This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts). The XSS payload will be triggered when the user accesses some specific sections of the application. 2021-09-09 not yet calculated CVE-2021-40223
MISC
rob_the_bank — rob_the_bank
 
A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script. 2021-09-07 not yet calculated CVE-2020-19769
MISC
saltstack — salt An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:saltconf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software. 2021-09-08 not yet calculated CVE-2021-22004
MISC
FEDORA
FEDORA
saltstack — salt
 
An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion. 2021-09-08 not yet calculated CVE-2021-21996
MISC
FEDORA
FEDORA
showdoc — showdoc
 
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the ‘file_url’ parameter in the component AdminUpdateController.class.php’. 2021-09-08 not yet calculated CVE-2021-36440
MISC
silicon — labs_iwrap
 
The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet. 2021-09-07 not yet calculated CVE-2021-31609
MISC
MISC
simple_water_refilling_station_management_system — simple_water_refilling_station_and_management_system
 
Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action. 2021-09-07 not yet calculated CVE-2021-38841
MISC
MISC
MISC
smartertools — smartermail
 
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application. 2021-09-08 not yet calculated CVE-2021-40377
MISC
softcontrol — softcontrol
 
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: . 2021-09-08 not yet calculated CVE-2020-24672
MISC
solarwinds — patch_manager_orion_platform
 
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data. 2021-09-08 not yet calculated CVE-2021-35217
MISC
MISC
CONFIRM
sonatype — nexus_repository
 
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance. 2021-09-07 not yet calculated CVE-2021-40143
MISC
CONFIRM
sqlite-web — sqlite-web
 
This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack. 2021-09-08 not yet calculated CVE-2021-23404
MISC
MISC
systeminformation — systeminformation
 
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix. 2021-09-09 not yet calculated CVE-2020-26300
MISC
MISC
CONFIRM
MISC
toyopuc — multiple_devices
 
All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between affected devices. 2021-09-10 not yet calculated CVE-2021-33011
MISC
trend_micro_security — consumer
 
Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service. 2021-09-06 not yet calculated CVE-2021-36744
MISC
MISC
wildau — covid-19_contact_tracing
 
api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds. 2021-09-07 not yet calculated CVE-2021-33831
MISC
MISC
wordpress — wordpress The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1. 2021-09-10 not yet calculated CVE-2021-38358
MISC
MISC
wordpress — wordpress The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selected_menu parameter found in the ~/custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3. 2021-09-09 not yet calculated CVE-2021-38321
MISC
MISC
wordpress — wordpress The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0. 2021-09-10 not yet calculated CVE-2021-38360
MISC
MISC
wordpress — wordpress The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1. 2021-09-10 not yet calculated CVE-2021-38359
MISC
MISC
wordpress — wordpress The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. 2021-09-10 not yet calculated CVE-2021-38326
MISC
MISC
wordpress — wordpress The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6. 2021-09-10 not yet calculated CVE-2021-38354
MISC
MISC
wordpress — wordpress The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0. 2021-09-10 not yet calculated CVE-2021-38353
MISC
MISC
wordpress — wordpress The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. 2021-09-10 not yet calculated CVE-2021-38332
MISC
MISC
wordpress — wordpress The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3. 2021-09-10 not yet calculated CVE-2021-38351
MISC
MISC
wordpress — wordpress The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. 2021-09-10 not yet calculated CVE-2021-38328
MISC
MISC
wordpress — wordpress The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1. 2021-09-09 not yet calculated CVE-2021-38322
MISC
MISC
wordpress — wordpress The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the ~/user-activation-email.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.0. 2021-09-09 not yet calculated CVE-2021-38325
MISC
MISC
wordpress — wordpress The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the ~/analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1. 2021-09-10 not yet calculated CVE-2021-38350
MISC
MISC
wordpress — wordpress The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. 2021-09-10 not yet calculated CVE-2021-38338
MISC
MISC
wordpress — wordpress WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the custom HTML widget. This has been patched in WordPress 5.8. It was only present during the testing/beta phase of WordPress 5.8. 2021-09-09 not yet calculated CVE-2021-39202
MISC
CONFIRM
wordpress — wordpress The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/cover-carousel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. 2021-09-09 not yet calculated CVE-2021-38318
MISC
MISC
wordpress — wordpress The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site’s database, in versions up to and including 1.5.3. 2021-09-09 not yet calculated CVE-2021-38324
MISC
MISC
wordpress — wordpress The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER[“PHP_SELF”] value in the ~/simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0. 2021-09-09 not yet calculated CVE-2021-38320
MISC
MISC
wordpress — wordpress The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to