US CERT: Security Bulletins

Subscribe to US CERT: Security Bulletins hírcsatorna
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Frissítve: 29 perc 6 másodperc
2021. december 6.

Vulnerability Summary for the Week of November 29, 2021

Original release date: December 6, 2021

 

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- rtu500_firmware Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions). 2021-11-26 7.1 CVE-2021-35533
CONFIRM amd -- amd_uprof The AMDPowerProfiler.sys driver of AMD ?Prof tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user. 2021-12-01 9 CVE-2021-26334
MISC attendance_management_system_project -- attendance_management_system attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function. 2021-12-01 7.5 CVE-2021-44280
MISC barracuda -- network_access_client Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation. 2021-12-01 7.2 CVE-2021-42711
MISC basercms -- basercms BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. 2021-11-26 9 CVE-2021-41279
CONFIRM
MISC basercms -- basercms There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. 2021-11-26 9 CVE-2021-41243
CONFIRM
MISC businessdnasolutions -- topease Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges. 2021-11-30 7.5 CVE-2021-42544
CONFIRM contest_gallery -- contest_gallery The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address 2021-11-29 7.5 CVE-2021-24915
MISC
MISC dell -- emc_streaming_data_platform Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user. 2021-11-30 7.5 CVE-2021-36330
MISC dlink -- dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request. 2021-12-01 10 CVE-2021-33266
MISC
MISC dlink -- dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request. 2021-12-01 10 CVE-2021-33267
MISC
MISC dlink -- dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request. 2021-12-01 10 CVE-2021-33274
MISC
MISC dlink -- dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request. 2021-12-01 10 CVE-2021-33271
MISC
MISC dlink -- dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request. 2021-12-01 10 CVE-2021-33268
MISC
MISC dlink -- dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request. 2021-12-01 7.2 CVE-2021-33265
MISC
MISC dlink -- dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request. 2021-12-01 10 CVE-2021-33269
MISC
MISC dlink -- dir-809_firmware D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request. 2021-12-01 10 CVE-2021-33270
MISC
MISC douzone -- neors The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX. 2021-11-30 9.3 CVE-2020-7880
MISC elecom -- wrc-1167gst2_firmware Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to start the telnet service and execute an arbitrary OS command via unspecified vectors. 2021-12-01 8.3 CVE-2021-20864
MISC
MISC elecom -- wrc-1167gst2_firmware ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to execute an arbitrary OS command via unspecified vectors. 2021-12-01 7.7 CVE-2021-20859
MISC
MISC elecom -- wrc-1167gst2_firmware OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors. 2021-12-01 7.7 CVE-2021-20863
MISC
MISC employee_record_management_system_project -- employee_record_management_system SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. 2021-12-01 7.5 CVE-2021-43451
MISC govicture -- wr1200_firmware An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface). 2021-11-30 7.2 CVE-2021-43284
MISC
MISC govicture -- wr1200_firmware An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection vulnerability was found within the web interface of the device, allowing an attacker with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges. This occurs in the ping and traceroute features. An attacker would thus be able to use this vulnerability to open a reverse shell on the device with root privileges. 2021-11-30 9 CVE-2021-43283
MISC
MISC hej -- hejhome_gkw-ic052_firmware HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..) 2021-11-26 7.5 CVE-2021-26611
MISC html2csv_project -- html2csv This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files. 2021-11-26 7.5 CVE-2021-23654
CONFIRM
CONFIRM jetbrains -- teamcity In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. 2021-11-30 7.5 CVE-2021-43202
MISC libretime -- libretime_hv libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function. 2021-12-01 7.5 CVE-2021-43685
MISC mitsubishi -- melsec_iq-r_r00_cpu_firmware Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery. 2021-12-01 7.8 CVE-2021-20611
MISC
MISC
MISC mitsubishi -- melsec_iq-r_r00_cpu_firmware Improper Handling of Length Parameter Inconsistency vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery. 2021-12-01 7.8 CVE-2021-20610
MISC
MISC
MISC mitsubishi -- melsec_iq-r_r00_cpu_firmware Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery. 2021-12-01 7.8 CVE-2021-20609
MISC
MISC
MISC planetargon -- oh_my_zsh # Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function. 2021-11-30 7.5 CVE-2021-3726
MISC planetargon -- oh_my_zsh # Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: - `rand-quote` plugin (`quote` function). - `hitokoto` plugin (`hitokoto` function). 2021-11-30 7.5 CVE-2021-3727
MISC planetargon -- oh_my_zsh # Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme. 2021-11-30 10 CVE-2021-3769
MISC qnap -- qvr A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later 2021-11-26 7.5 CVE-2021-38685
CONFIRM rosariosis -- rosariosis An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter. 2021-11-29 7.5 CVE-2021-44427
MISC shopex -- ecshop ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php. 2021-12-02 7.5 CVE-2021-43679
MISC sun -- ehrd Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services. 2021-12-01 9 CVE-2021-43360
CONFIRM sun -- ehrd Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files. 2021-12-01 7.8 CVE-2021-43358
CONFIRM sun -- ehrd Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services. 2021-12-01 9 CVE-2021-43359
CONFIRM tianocore -- edk2 NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. 2021-12-01 7.5 CVE-2021-38575
MISC tobesoft -- nexacro An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code. 2021-11-30 7.5 CVE-2021-26612
MISC tripexpress_project -- tripexpress tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER["argv"] then there is a path manipulation vulnerability. 2021-11-29 7.5 CVE-2021-43691
MISC vestacp -- vesta_control_panel vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php. 2021-11-29 7.5 CVE-2021-43693
MISC zohocorp -- manageengine_network_configuration_manager Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. 2021-11-30 7.5 CVE-2021-43319
MISC
CONFIRM zohocorp -- manageengine_servicedesk_plus Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. 2021-11-29 7.5 CVE-2021-44077
MISC
MISC
MISC
MISC zrlog -- zrlog A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell 2021-11-28 7.5 CVE-2021-44093
MISC Back to top

 

Medium Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info acronis -- agent Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147 2021-11-29 5 CVE-2021-34800
MISC acronis -- cyber_protect DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035 2021-11-29 4.4 CVE-2021-44198
MISC acronis -- cyber_protect Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 2021-11-29 4.3 CVE-2021-44201
MISC actions-semi -- ats2819p_firmware The Bluetooth Classic implementation on Actions ATS2815 chipsets does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown of a device by flooding the target device with LMP_features_res packets. 2021-11-30 6.1 CVE-2021-31787
MISC
MISC
MISC afreecatv -- afreecatv The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length. 2021-11-26 6.5 CVE-2020-7881
MISC aomedia -- aomedia AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c. 2021-12-02 4.3 CVE-2020-36130
MISC aomedia -- aomedia AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c. 2021-12-02 4.3 CVE-2020-36135
MISC aomedia -- aomedia AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c. 2021-12-02 6.8 CVE-2020-36129
MISC aomedia -- aomedia AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c. 2021-12-02 6.8 CVE-2020-36131
MISC aomedia -- aomedia AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h. 2021-12-02 6.8 CVE-2020-36133
MISC aomedia -- aomedia AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c. 2021-12-02 4.3 CVE-2020-36134
MISC backstage -- backstage @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a template, meaning you do not need write access to the templates. This method will not allow the attacker to control the contents of the injected file however, unless the template is also crafted in a specific way that gives control of the file contents. This vulnerability is fixed in version `0.15.14` of the `@backstage/plugin-scaffolder-backend`. This attack is mitigated by restricting access and requiring reviews when registering or modifying scaffolder templates. 2021-11-29 5.5 CVE-2021-43783
CONFIRM
MISC bandisoft -- ark_library ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow. 2021-11-26 6.8 CVE-2021-26615
MISC bannersky -- bsk_pdf_manager The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue 2021-11-29 6.5 CVE-2021-24860
MISC bluez -- bluez A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer. 2021-11-29 5.8 CVE-2019-8922
MISC
CONFIRM bookstackapp -- bookstack bookstack is vulnerable to Improper Access Control 2021-11-30 4 CVE-2021-4026
CONFIRM
MISC bookstackapp -- bookstack bookstack is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-02 4 CVE-2021-3944
MISC
CONFIRM browser_and_operating_system_finder_project -- browser_and_operating_system_finder Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator via unspecified vectors. 2021-12-01 6.8 CVE-2021-20851
MISC
MISC bulk_datetime_change_project -- bulk_datetime_change The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts. 2021-11-29 5.5 CVE-2021-24842
MISC
CONFIRM businessdnasolutions -- topease Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users, via identifying said components in the front-end source code or other means. 2021-11-30 4 CVE-2021-42116
CONFIRM businessdnasolutions -- topease Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID. 2021-11-30 6.4 CVE-2021-42115
CONFIRM businessdnasolutions -- topease Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks. 2021-11-30 6.5 CVE-2021-42123
CONFIRM businessdnasolutions -- topease Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads to breaking the object page that the date field is present. 2021-11-30 4 CVE-2021-42121
CONFIRM businessdnasolutions -- topease Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution. 2021-11-30 4 CVE-2021-42117
CONFIRM businessdnasolutions -- topease Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on all object attributes allows an authenticated remote attacker with Object Modification privileges to insert arbitrarily long strings, eventually leading to exhaustion of the underlying resource. 2021-11-30 4 CVE-2021-42120
CONFIRM businessdnasolutions -- topease Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format, which makes the affected attribute non-editable. 2021-11-30 4 CVE-2021-42122
CONFIRM bytecodealliance -- lucet Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduced early in the development of Lucet and is present in all releases. As a result of this bug, and dependent on the memory backing for the Instance objects, it is possible to trigger a use-after-free when the Instance is dropped. Users should upgrade to the main branch of the Lucet repository. Lucet no longer provides versioned releases on crates.io. There is no way to remediate this vulnerability without upgrading. 2021-11-30 6.8 CVE-2021-43790
CONFIRM
MISC
MISC cbads -- clickbank_affiliate_ads The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues 2021-12-02 6.8 CVE-2015-20105
MISC
MISC
MISC chamilo -- chamilo chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie. 2021-12-01 4.3 CVE-2021-43687
MISC
MISC
MISC cloverdx -- cloverdx CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. 2021-12-01 6.8 CVE-2021-42776
CONFIRM
MISC codesys -- git Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack. 2021-12-01 5.8 CVE-2021-34599
CONFIRM concretecms -- concrete_cms An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be changed without a prompt for the current password. 2021-11-30 6.5 CVE-2021-40101
CONFIRM
MISC contact_form_with_captcha_project -- contact_form_with_captcha The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2. 2021-11-29 6.8 CVE-2021-42358
MISC
MISC craftercms -- crafter_cms Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary). 2021-12-02 5 CVE-2021-23263
MISC craftercms -- crafter_cms Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes. 2021-12-02 6.4 CVE-2021-23264
MISC craftercms -- crafter_cms Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. 2021-12-02 6.5 CVE-2021-23262
MISC craftercms -- crafter_cms Authenticated administrators may override the system configuration file and cause a denial of service. 2021-12-02 4 CVE-2021-23261
MISC craftercms -- crafter_cms Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE). 2021-12-02 6.5 CVE-2021-23259
MISC craftercms -- crafter_cms Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to execute arbitrary commands remotely (RCE). 2021-12-02 6.5 CVE-2021-23258
MISC cryptshare -- cryptshare_server An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' substring in the editor parameter. 2021-11-30 4.9 CVE-2021-42564
MISC dell -- emc_streaming_data_platform Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. 2021-11-30 4.3 CVE-2021-36326
MISC dell -- emc_streaming_data_platform Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information. 2021-11-30 4 CVE-2021-36329
MISC dell -- emc_streaming_data_platform Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. 2021-11-30 5 CVE-2021-36327
MISC dell -- emc_streaming_data_platform Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. 2021-11-30 6.5 CVE-2021-36328
MISC discourse -- discourse Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. 2021-12-01 5 CVE-2021-43794
CONFIRM
MISC discourse -- discourse Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse 2021-12-01 4 CVE-2021-43793
CONFIRM
MISC
MISC django-helpdesk_project -- django-helpdesk django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2021-12-01 6.8 CVE-2021-3994
MISC
CONFIRM dzzoffice -- dzzoffice dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of exit function will be print for the user exit(json_encode($return)). 2021-12-03 4.3 CVE-2021-43673
MISC eclipse -- mosquitto In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. 2021-12-01 5 CVE-2021-41039
CONFIRM elecom -- wrc-1167gst2_firmware Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. 2021-12-01 5.8 CVE-2021-20861
MISC
MISC elecom -- wrc-1167gst2_firmware Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page. 2021-12-01 6.8 CVE-2021-20860
MISC
MISC elecom -- wrh-733gbk_firmware ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. 2021-12-01 5.2 CVE-2021-20854
MISC
MISC elecom -- wrh-733gbk_firmware Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors. 2021-12-01 5.2 CVE-2021-20852
MISC
MISC elecom -- wrh-733gbk_firmware ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. 2021-12-01 5.2 CVE-2021-20853
MISC
MISC elgg -- elgg elgg is vulnerable to Authorization Bypass Through User-Controlled Key 2021-12-01 4.3 CVE-2021-3964
MISC
CONFIRM emoji_button_project -- emoji_button @joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code. 2021-11-26 4.3 CVE-2021-43785
CONFIRM
MISC
MISC f-secure -- atlant A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. 2021-11-26 4.3 CVE-2021-40833
MISC
MISC firefly-iii -- firefly_iii firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-01 4.3 CVE-2021-4015
MISC
CONFIRM fortinet -- forticlient An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path. 2021-12-01 6.9 CVE-2021-32592
CONFIRM gnu -- mailman In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. 2021-12-02 6.8 CVE-2021-44227
MISC haschek -- pictshare pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST['hash']. 2021-12-02 4.3 CVE-2021-43683
MISC hashicorp -- vault HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0. 2021-11-30 6.4 CVE-2021-43998
MISC huawei -- ecns280_td_firmware Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. 2021-11-29 6.8 CVE-2021-39995
MISC ibm -- mq_appliance IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441. 2021-11-30 4.6 CVE-2021-38967
XF
CONFIRM ibm -- qradar_security_information_and_event_manager IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281. 2021-12-01 4.3 CVE-2021-29849
CONFIRM
XF ibm -- qradar_security_information_and_event_manager IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033. 2021-12-01 4.3 CVE-2021-29779
CONFIRM
XF ibm -- qradar_security_information_and_event_manager IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074. 2021-12-01 5 CVE-2021-20400
XF
CONFIRM ibm -- qradar_security_information_and_event_manager IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087. 2021-12-01 4 CVE-2021-29863
XF
CONFIRM iptime -- c200_firmware This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command. 2021-11-30 6.8 CVE-2020-7879
MISC ipuptime -- pinkie Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1. 2021-11-29 5 CVE-2021-44428
MISC issabel -- pbx issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability. 2021-11-29 4.3 CVE-2021-43695
MISC jamf -- jamf An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows. 2021-12-01 6.5 CVE-2021-40809
MISC
CONFIRM
MISC kazencoders -- url_shortify The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack. 2021-11-29 4.3 CVE-2021-24749
MISC keepalived -- keepalived In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property 2021-11-26 5.5 CVE-2021-44225
MISC
MISC kimai -- kimai2 kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2021-12-01 6 CVE-2021-3985
MISC
CONFIRM kimai2_project -- kimai2 kimai2 is vulnerable to Improper Access Control 2021-12-01 4 CVE-2021-3992
CONFIRM
MISC kimai2_project -- kimai2 kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2021-12-01 4.3 CVE-2021-3983
MISC
CONFIRM librenms -- librenms Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. 2021-12-01 4.3 CVE-2021-44279
MISC librenms -- librenms Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php. 2021-12-01 4.3 CVE-2021-44277
MISC linuxfoundation -- auth_backend Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`. 2021-11-26 4.3 CVE-2021-43776
CONFIRM
MISC mahadiscom -- mahavitaran Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, MITM or browser history. 2021-12-02 4.3 CVE-2020-27414
MISC manage_project -- manage manage (last update Oct 24, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $_POST. 2021-12-01 4.3 CVE-2021-43689
MISC mandsconsulting -- email_before_download The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues 2021-11-29 6.5 CVE-2021-24748
MISC mycred -- mycred The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting 2021-11-29 4.3 CVE-2017-20008
MISC
CONFIRM mycred -- mycred The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user 2021-11-29 6.5 CVE-2021-24755
MISC nextcloud -- news nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android. Users should upgrade to version 0.9.9.63 or higher as soon as possible. 2021-11-30 5.8 CVE-2021-41256
MISC
MISC
CONFIRM ninjaforms -- ninja_forms The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks 2021-11-29 6.5 CVE-2021-24889
MISC nodebb -- nodebb Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. 2021-11-29 4.3 CVE-2021-43787
MISC
MISC
CONFIRM nodebb -- nodebb Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. 2021-11-29 4 CVE-2021-43788
MISC
CONFIRM
MISC nodebb -- nodebb Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible. 2021-11-29 5 CVE-2021-43786
CONFIRM
MISC
MISC nttdocomo -- wi-fi_station_sh-52a_firmware Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device. 2021-12-01 4.3 CVE-2021-20847
MISC
MISC nzedb_project -- nzedb nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET['t']. 2021-12-02 4.3 CVE-2021-43686
MISC omnipod -- insulin_management_system_firmware Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. 2021-12-01 4.8 CVE-2020-10627
MISC
MISC os4ed -- opensis A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter. 2021-11-30 6.8 CVE-2021-41678
MISC os4ed -- opensis A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter. 2021-11-30 6.8 CVE-2021-41677
MISC os4ed -- opensis A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter. 2021-11-30 6.8 CVE-2021-41679
MISC php -- php In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended. 2021-11-29 5 CVE-2021-21707
MISC phpwhois_project -- phpwhois phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is a XSS vulnerability. 2021-11-29 4.3 CVE-2021-43698
MISC planetargon -- oh_my_zsh Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin. 2021-11-30 6.8 CVE-2021-3725
MISC portswigger -- burp_suite PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. In this scenario, the compromised account may have inherited read access to sensitive configuration, database, and log files. 2021-11-30 4 CVE-2021-44230
MISC qnap -- qvr An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later 2021-11-26 6.8 CVE-2021-38686
CONFIRM roundupwp -- registrations_for_the_events_calendar The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting 2021-11-29 4.3 CVE-2021-24876
MISC s3scanner_project -- s3scanner S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a <Key>../ substring in a ListBucketResult element. 2021-11-29 5 CVE-2021-32061
MISC
MISC
MISC showdoc -- showdoc showdoc is vulnerable to URL Redirection to Untrusted Site 2021-12-01 5.8 CVE-2021-3989
MISC
CONFIRM showdoc -- showdoc showdoc is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-01 4.3 CVE-2021-3993
CONFIRM
MISC showdoc -- showdoc showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 2021-12-01 4.3 CVE-2021-3990
MISC
CONFIRM showdoc -- showdoc showdoc is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-01 6.8 CVE-2021-4017
CONFIRM
MISC sophos -- unified_threat_management_up2date An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. 2021-11-26 6.5 CVE-2021-36807
CONFIRM stetic -- stetic The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6. 2021-11-29 6.8 CVE-2021-42364
MISC
MISC taogogo -- taocms Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. 2021-12-02 6.5 CVE-2021-25783
MISC taogogo -- taocms Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. 2021-12-02 6.5 CVE-2021-25784
MISC thinkphp-bjyblog_project -- thinkphp-bjyblog thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function will terminate the script and print the message to the user which has $_SERVER['HTTP_HOST']. 2021-12-02 4.3 CVE-2021-43682
MISC trendmicro -- antivirus Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2021-11-30 4.6 CVE-2021-43771
MISC
MISC twmap_project -- twmap twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST then there is a XSS vulnerability. 2021-11-29 4.3 CVE-2021-43696
MISC udisks_project -- udisks A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. 2021-11-29 6.3 CVE-2021-3802
MISC
MISC vercot -- serva Serva 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1, a related issue to CVE-2013-0145. 2021-11-29 5 CVE-2021-44429
MISC vim -- vim vim is vulnerable to Heap-based Buffer Overflow 2021-12-01 6.8 CVE-2021-4019
MISC
CONFIRM
FEDORA vim -- vim vim is vulnerable to Heap-based Buffer Overflow 2021-12-01 6.8 CVE-2021-3984
MISC
CONFIRM vmware -- spring_advanced_message_queuing_protocol In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message 2021-11-30 4 CVE-2021-22095
MISC wipro -- holmes Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application log files containing sensitive information via a predictable /log URI. 2021-11-29 5 CVE-2021-38283
MISC
MISC wipro -- holmes Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel. 2021-11-29 5 CVE-2021-38147
MISC
MISC workerman-thinkphp-redis_project -- workerman-thinkphp-redis Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C('VAR_JSONP_HANDLER')] then there is a XSS vulnerability. 2021-11-29 4.3 CVE-2021-43697
MISC wp-events-plugin -- events_manager The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues 2021-12-01 4.3 CVE-2020-35037
CONFIRM
MISC wp-events-plugin -- events_manager The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection 2021-12-01 6.5 CVE-2020-35012
CONFIRM
MISC youtubephpmirroring_project -- youtube-php-mirroring youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php. 2021-11-29 4.3 CVE-2021-43692
MISC yurunproxy_project -- yurunproxy YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read. 2021-12-01 4.3 CVE-2021-43690
MISC zblogcn -- z-blogphp Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \app_del.php. 2021-12-02 6.4 CVE-2020-29177
MISC zerodream -- sakurapanel SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data['proxy_name']. 2021-12-02 4.3 CVE-2021-43681
MISC zohocorp -- manageengine_supportcenter_plus Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. 2021-11-30 5 CVE-2021-43296
MISC
CONFIRM zohocorp -- manageengine_supportcenter_plus Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. 2021-11-30 4.3 CVE-2021-43294
MISC
CONFIRM zohocorp -- manageengine_supportcenter_plus Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. 2021-11-30 4.3 CVE-2021-43295
MISC
MISC zrlog -- zrlog ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file 2021-11-28 6.8 CVE-2021-44094
MISC zulip -- zulip Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a user to the check_prereg_key_and_redirect endpoint, before getting redirected to POST to /accounts/register/. The problem was that validation was happening in the check_prereg_key_and_redirect part and not in /accounts/register/ - meaning that one could submit an expired confirmation key and be able to register. The issue is fixed in Zulip 4.8. There are no known workarounds and users are advised to upgrade as soon as possible. 2021-12-02 5 CVE-2021-43791
CONFIRM
MISC Back to top

 

Low Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info acronis -- agent DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612 2021-11-29 1.9 CVE-2021-44199
MISC acronis -- cyber_protect Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 2021-11-29 3.5 CVE-2021-44203
MISC acronis -- cyber_protect Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 2021-11-29 3.5 CVE-2021-44202
MISC acronis -- cyber_protect Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 2021-11-29 3.5 CVE-2021-44200
MISC asgaros -- asgaros_forum The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. 2021-11-29 2.1 CVE-2021-42365
MISC
MISC bluez -- bluez An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same. 2021-11-29 3.3 CVE-2019-8921
MISC
CONFIRM businessdnasolutions -- topease Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript code in an object attribute, which is then rendered in the Structure Component, to alter the intended functionality and steal cookies, the latter allowing for account takeover. 2021-11-30 3.5 CVE-2021-42118
CONFIRM businessdnasolutions -- topease Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then rendered in the Search Functionality, to alter the intended functionality and steal cookies, the latter allowing for account takeover. 2021-11-30 3.5 CVE-2021-42119
CONFIRM cbads -- clickbank_affiliate_ads The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. 2021-12-02 3.5 CVE-2015-20106
MISC craftercms -- crafter_cms Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site. 2021-12-02 3.5 CVE-2021-23260
MISC discourse -- discourse Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. Users are advised to upgrade as soon as possible. 2021-12-01 3.5 CVE-2021-43792
MISC
CONFIRM
MISC elecom -- wrc-1167gst2_firmware Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to obtain anti-CSRF tokens and change the product's settings via unspecified vectors. 2021-12-01 3.3 CVE-2021-20862
MISC
MISC elecom -- wrc-2533ghbk-i_firmware Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. 2021-12-01 3.5 CVE-2021-20857
MISC
MISC elecom -- wrc-2533ghbk-i_firmware Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. 2021-12-01 3.5 CVE-2021-20858
MISC
MISC elecom -- wrh-733gbk_firmware Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. 2021-12-01 3.5 CVE-2021-20855
MISC
MISC elecom -- wrh-733gbk_firmware Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. 2021-12-01 3.5 CVE-2021-20856
MISC
MISC essentialplugin -- popup_anything The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks 2021-11-29 3.5 CVE-2021-24883
MISC
CONFIRM
MISC generateblocks -- generateblocks The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. 2021-11-29 3.5 CVE-2021-24751
MISC getawesomesupport -- awesome_support Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). 2021-11-26 3.5 CVE-2021-36919
MISC
CONFIRM govicture -- wr1200_firmware An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router's MAC address. The device default Wi-Fi password corresponds to the last 4 bytes of the MAC address of its 2.4 GHz network interface controller (NIC). An attacker within scanning range of the Wi-Fi network can thus scan for Wi-Fi networks to obtain the default key. 2021-11-30 3.3 CVE-2021-43282
MISC
MISC hexo -- hexo Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code. 2021-11-30 1.9 CVE-2021-25987
MISC
MISC ibm -- mq_appliance IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215. 2021-11-30 2.1 CVE-2021-39000
CONFIRM
XF ibm -- mq_appliance IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042 2021-11-30 2.1 CVE-2021-38958
CONFIRM
XF ibm -- mq_appliance IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. 2021-11-30 2.1 CVE-2021-38999
XF
CONFIRM media-tags_project -- media-tags The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htnl capability is disallowed. 2021-11-29 3.5 CVE-2021-24899
MISC meetecho -- janus janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2021-11-27 3.5 CVE-2021-4020
CONFIRM
MISC my_calendar_project -- my_calendar The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue 2021-11-29 3.5 CVE-2021-24927
MISC nxp -- kinetis_k82_firmware NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory. 2021-12-01 2.1 CVE-2021-44479
MISC
MISC okfn -- ckan In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious profile picture 2021-12-01 3.5 CVE-2021-25967
MISC shoppagewp -- shop_page_wp The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-11-29 3.5 CVE-2021-24811
MISC smashballoon -- smash_balloon_social_post_feed The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages. 2021-11-29 3.5 CVE-2021-24918
MISC
MISC snipeitapp -- snipe-it snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2021-12-01 3.5 CVE-2021-4018
CONFIRM
MISC sophos -- exploit_prevention A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3. 2021-11-26 2.1 CVE-2021-25269
CONFIRM stylishcostcalculator -- stylish_cost_calculator The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions (available to authenticated users), which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, as well as frontend users due to the lack of sanitisation and escaping in some parameters 2021-11-29 3.5 CVE-2021-24822
MISC taogogo -- taocms Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. 2021-12-02 3.5 CVE-2021-25785
MISC wpchill -- check_\&_log_email The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting 2021-11-29 2.6 CVE-2021-24908
MISC wpkube -- about_author_box The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks. 2021-11-29 3.5 CVE-2021-24745
MISC wprssaggregator -- wp_rss_aggregator The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues. 2021-11-29 3.5 CVE-2021-24768
MISC Back to top

 

Severity Not Yet Assigned Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info armeria -- armeria
  Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Armeria's path validation logic. Armeria 1.13.4 or above contains the hardened path validation logic that handles `%2F` properly. This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path. 2021-12-02 not yet calculated CVE-2021-43795
MISC
MISC
CONFIRM broadcom -- network_flow_analysis
  CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data. 2021-12-02 not yet calculated CVE-2021-44050
MISC
FULLDISC chamilo -- lms

  Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php. 2021-12-03 not yet calculated CVE-2021-35414
MISC
MISC
MISC
MISC
MISC
MISC
MISC chamilo -- lms
  A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file. 2021-12-03 not yet calculated CVE-2021-35413
MISC
MISC
MISC
MISC chamilo -- lms
  A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields. 2021-12-03 not yet calculated CVE-2021-35415
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC circutor -- compact_dc-s_basic
  Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code. 2021-12-02 not yet calculated CVE-2021-26777
MISC egee_touch -- 3rd_generation_travel_padlock
  An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app (either Android or iOS) to add the lock and take complete control. For successful exploitation, the attacker must be able to touch the lock's power button, and must be able to capture BLE network communication. 2021-12-02 not yet calculated CVE-2021-44518
MISC elgg -- elgg
  elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor 2021-12-03 not yet calculated CVE-2021-3980
MISC
CONFIRM firefly-iii -- firefly-iii
  firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-04 not yet calculated CVE-2021-4005
CONFIRM
MISC gmbh -- topease_platform
  An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. 2021-11-30 not yet calculated CVE-2021-42545
CONFIRM hashicorp -- nomad_and_nomad_enterprise
  HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1. 2021-12-03 not yet calculated CVE-2021-43415
MISC
MISC hitachi -- energy_fox61x
  Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A. 2021-12-02 not yet calculated CVE-2021-40333
CONFIRM
CONFIRM hitachi -- energy_fox61x
  Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A. 2021-12-02 not yet calculated CVE-2021-40334
CONFIRM
CONFIRM ibm -- cognos_analytics IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167. 2021-12-03 not yet calculated CVE-2021-29756
CONFIRM
XF ibm -- cognos_analytics IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087. 2021-12-03 not yet calculated CVE-2021-29716
CONFIRM
XF ibm -- cognos_analytics
  IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339. 2021-12-03 not yet calculated CVE-2021-20470
XF
CONFIRM ibm -- cognos_analytics
  IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212. 2021-12-03 not yet calculated CVE-2021-29867
CONFIRM
XF ibm -- cognos_analytics
  IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706. 2021-12-03 not yet calculated CVE-2021-38909
CONFIRM
XF ibm -- cognos_analytics
  IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091 2021-12-03 not yet calculated CVE-2021-29719
CONFIRM
XF ibm -- cognos_analytics
  IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794. 2021-12-03 not yet calculated CVE-2021-20493
XF
CONFIRM kentico -- xperience
  The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. 2021-12-03 not yet calculated CVE-2021-43991
MISC libredwg -- libredwg
  LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. 2021-12-02 not yet calculated CVE-2021-28236
MISC libredwg -- libredwg
  LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. 2021-12-02 not yet calculated CVE-2021-28237
MISC librenms -- librenms
  Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. 2021-12-03 not yet calculated CVE-2021-44278
MISC matyhft -- matyhtf
  matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. 2021-12-03 not yet calculated CVE-2021-43676
MISC nxp -- lpc55s69_devices
  NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory. 2021-12-01 not yet calculated CVE-2021-40154
MISC
MISC phpgrunkul -- hostel_management_system
  Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover. 2021-12-01 not yet calculated CVE-2021-43137
MISC plupload -- plupload
  This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file. 2021-12-03 not yet calculated CVE-2021-23562
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM plupload -- plupload
  All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution. 2021-12-03 not yet calculated CVE-2021-23758
CONFIRM
CONFIRM renesas -- rx65_and_rx65n_devices An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted. 2021-12-02 not yet calculated CVE-2021-43327
MISC showdoc -- showdoc
  showdoc is vulnerable to URL Redirection to Untrusted Site 2021-12-03 not yet calculated CVE-2021-4000
CONFIRM
MISC tenda -- ac15_devices
  A Stack-based Buffer Overflow vlnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind. 2021-12-03 not yet calculated CVE-2021-44352
MISC thinkup -- thinkup
  ** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php. 2021-12-03 not yet calculated CVE-2021-43674
MISC trend_micro -- apex_one
  A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2021-12-03 not yet calculated CVE-2021-44022
MISC trend_micro -- security_2021
  Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection. 2021-12-03 not yet calculated CVE-2021-43772
MISC trend_micro -- worry-free_business_security An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020. 2021-12-03 not yet calculated CVE-2021-44021
MISC
MISC trend_micro -- worry-free_business_security
  An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021. 2021-12-03 not yet calculated CVE-2021-44019
MISC
MISC trend_micro -- worry-free_business_security
  An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021. 2021-12-03 not yet calculated CVE-2021-44020
MISC
MISC tsmuxer -- tsmuxer
  tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp. 2021-12-03 not yet calculated CVE-2021-35346
MISC
MISC tsmuxer -- tsmuxer
  tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h. 2021-12-03 not yet calculated CVE-2021-35344
MISC
MISC tuzicms -- tuzicms
  SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php. 2021-12-03 not yet calculated CVE-2021-44347
MISC tuzicms -- tuzicms
  SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php. 2021-12-03 not yet calculated CVE-2021-44348
MISC tuzicms -- tuzicms
  SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php. 2021-12-03 not yet calculated CVE-2021-44349
MISC wokka_lokka -- q50_devices
  Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords. 2021-12-01 not yet calculated CVE-2021-44480
MISC z-blogphp -- z-blogphp
  An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file. 2021-12-02 not yet calculated CVE-2020-29176
MISC zoho -- manageengine_m365_manager_plus
  Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. 2021-11-30 not yet calculated CVE-2021-42099
CONFIRM
MISC Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

2021. november 29.

Vulnerability Summary for the Week of November 22, 2021

Original release date: November 29, 2021

 

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info 4mosan -- gcb_doctor 4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files. 2021-11-19 10 CVE-2021-42338
CONFIRM adobe -- creative_cloud_desktop_application Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability on the product installer. User interaction is required before product installation to abuse this vulnerability. 2021-11-23 9.3 CVE-2021-43019
MISC
MISC adobe -- incopy Adobe InCopy version 16.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-22 9.3 CVE-2021-43015
MISC adobe -- prelude Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-22 9.3 CVE-2021-42738
MISC asus -- gt-ax11000_firmware An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. 2021-11-19 7.8 CVE-2021-41436
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC asus -- gt-ax11000_firmware A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. 2021-11-19 10 CVE-2021-41435
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC beyondtrust -- privilege_management_for_windows BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. 2021-11-19 7.2 CVE-2021-42254
MISC
MISC c-ares_project -- c-ares A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. 2021-11-23 7.5 CVE-2021-3672
MISC
MISC dell -- cloudlink Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system. 2021-11-23 8.5 CVE-2021-36312
CONFIRM dell -- cloudlink Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity. 2021-11-23 9 CVE-2021-36313
CONFIRM dell -- emc_cloud_link Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files on the end user system. 2021-11-23 7.5 CVE-2021-36314
CONFIRM dell -- networking_os10 Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system. 2021-11-20 8.5 CVE-2021-36307
MISC dell -- networking_os10 Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. 2021-11-20 9.3 CVE-2021-36308
MISC dell -- networking_os10 Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. 2021-11-20 9.3 CVE-2021-36306
MISC dell -- x1008p_firmware Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID. 2021-11-20 7.5 CVE-2021-36320
MISC duplicate_post_project -- duplicate_post The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles. 2021-11-19 9 CVE-2021-43408
MISC
MISC gerbv_project -- gerbv An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2021-11-19 7.5 CVE-2021-40391
MISC huawei -- cloudengine_5800_firmware There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. 2021-11-23 7.2 CVE-2021-39976
MISC huawei -- fusioncompute There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Affected product versions include: FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0. 2021-11-23 9 CVE-2021-37102
MISC ibm -- planning_analytics IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396. 2021-11-24 9.3 CVE-2021-38873
CONFIRM
XF iptime -- c200_firmware ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command. 2021-11-22 10 CVE-2021-26614
MISC isync_project -- isync A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution. 2021-11-22 7.5 CVE-2021-44143
MISC
MISC
MISC moodle -- moodle A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified. 2021-11-22 7.5 CVE-2021-3943
MISC
MISC nvidia -- geforce_gt_605 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to instantiate a specifically timed DMA write to corrupt code execution, which may impact confidentiality, integrity, or availability. 2021-11-20 7.2 CVE-2021-23217
CONFIRM nvidia -- geforce_gtx_950 NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller which may allow a user with elevated privileges to generate valid microcode. This could lead to information disclosure, data corruption, or denial of service of the device. 2021-11-20 7.2 CVE-2021-23201
CONFIRM oisf -- suricata Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments. 2021-11-19 7.5 CVE-2021-37592
MISC
CONFIRM
CONFIRM pulsesecure -- pulse_connect_secure A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device. 2021-11-19 7.8 CVE-2021-22965
MISC quagga -- quagga An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update. 2021-11-19 7.2 CVE-2021-44038
MISC
MISC roundcube -- webmail Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. 2021-11-19 7.5 CVE-2021-44026
MISC
MISC
MISC
FEDORA
FEDORA
DEBIAN sharetribe -- sharetribe Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple Notification Service (SNS) notification token configured via the `sns_notification_token` configuration parameter. This configuration parameter is unset by default. The vulnerability has been patched in version 10.2.1. Users who are unable to upgrade should set the`sns_notification_token` configuration parameter to a secret value. 2021-11-19 7.5 CVE-2021-41280
CONFIRM
MISC
MISC vim -- vim vim is vulnerable to Heap-based Buffer Overflow 2021-11-19 8.5 CVE-2021-3968
CONFIRM
MISC
FEDORA vim -- vim vim is vulnerable to Heap-based Buffer Overflow 2021-11-19 9.3 CVE-2021-3973
MISC
CONFIRM
FEDORA wazuh -- wazuh In the wazuh-slack active response script in Wazuh before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. 2021-11-22 7.5 CVE-2021-44079
MISC
MISC wpwave -- hide_my_wp The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwp_get_user_ip" tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as "X-Forwarded-For." As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible. 2021-11-24 7.5 CVE-2021-36916
CONFIRM
MISC
MISC Back to top

 

Medium Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- audition Adobe Audition version 14.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-19 4.3 CVE-2021-36003
MISC adobe -- incopy Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-22 4.3 CVE-2021-43016
MISC adobe -- prelude Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-22 6.8 CVE-2021-40775
MISC adobe -- prelude Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-22 6.8 CVE-2021-40770
MISC adobe -- prelude Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-22 6.8 CVE-2021-42737
MISC adobe -- prelude Adobe Prelude version 10.1 (and earlier) is affected by an improper input validation vulnerability in the XDCAMSAM directory. An unauthenticated attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-22 6.8 CVE-2021-42733
MISC adobe -- prelude Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-22 6.8 CVE-2021-40772
MISC adobe -- prelude Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-22 4.3 CVE-2021-40774
MISC adobe -- prelude Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-11-22 4.3 CVE-2021-40773
MISC adobe -- prelude Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 2021-11-22 6.8 CVE-2021-40771
MISC adobe -- robohelp_server Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected by a Path traversal vulnerability. The authenticated attacker can upload arbitrary files outside of the intended directory to cause remote code execution with privileges of user running Tomcat. Exploitation of this issue requires user interaction in that a victim must navigate to a planted file on the server. 2021-11-22 6.8 CVE-2021-42727
MISC algolia -- algoliasearch-helper The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns. 2021-11-19 6.8 CVE-2021-23433
MISC
MISC
MISC apache -- apisix The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains "^/internal/", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer's custom plugin. 2021-11-22 5 CVE-2021-43557
MISC
MLIST
MLIST
MLIST cisco -- common_services_platform_collector A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC. 2021-11-19 4 CVE-2021-40130
CISCO cisco -- common_services_platform_collector A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database. 2021-11-19 4 CVE-2021-40129
CISCO claris -- filemaker_pro An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks. 2021-11-22 4.3 CVE-2021-44147
MISC
MISC concretecms -- concrete_cms A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it's possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the ability to upload restricted file types and execute them depending on server configuration.To fix this, a check for allowed file extensions was added before downloading files to a tmp directory.Concrete CMS Security Team gave this a CVSS v3.1 score of 5.4 AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:NThis fix is also in Concrete version 9.0.0 2021-11-19 6.5 CVE-2021-22968
MISC
MISC concretecms -- concrete_cms Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations were put in place a. restricting file types for view_inline to images only b. putting a warning in the file manager to advise users.Credit for discovery: "Solar Security Research Team"Concrete CMS security team CVSS scoring is 5.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis fix is also in Concrete version 9.0.0 2021-11-19 5 CVE-2021-22951
MISC
MISC concretecms -- concrete_cms In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit message”.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H 2021-11-19 5 CVE-2021-22967
MISC
MISC concretecms -- concrete_cms Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . Please note that Cloud IAAS provider mis-configurations are not Concrete CMS vulnerabilities. A mitigation for this vulnerability is to make sure that the IMDS configurations are according to a cloud provider's best practices.This fix is also in Concrete version 9.0.0 2021-11-19 5 CVE-2021-22969
MISC
MISC concretecms -- concrete_cms Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SSRF Mitigation Bypass through DNS RebindingConcrete CMS security team gave this a CVSS score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:NConcrete CMS is maintaining Concrete version 8.5.x until 1 May 2022 for security fixes.This CVE is shared with HackerOne Reports https://hackerone.com/reports/1364797 and https://hackerone.com/reports/1360016Reporters: Adrian Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) and Bipul Jaiswal 2021-11-19 5 CVE-2021-22970
MISC
MISC
MISC concretecms -- concrete_cms Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group permissions before allowing a group to be moved. Concrete CMS Security team CVSS scoring: 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HCredit for discovery: "Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )"This fix is also in Concrete version 9.0.0 2021-11-19 6.5 CVE-2021-22966
MISC
MISC crocontrol -- asterix Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date. 2021-11-22 6.4 CVE-2021-44144
MISC delitestudio -- push_notifications_for_wordpress_lite Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page. 2021-11-24 6.8 CVE-2021-20846
MISC
MISC
MISC dell -- emc_cloud_link Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine 2021-11-23 6 CVE-2021-36334
CONFIRM dell -- emc_cloud_link Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites. 2021-11-23 4.9 CVE-2021-36332
CONFIRM dell -- emc_cloud_link Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server 2021-11-23 6.5 CVE-2021-36335
CONFIRM dell -- emc_idrac9_firmware Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application. 2021-11-23 5.5 CVE-2021-36299
CONFIRM dell -- emc_idrac9_firmware iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the webserver or cause information disclosure. 2021-11-23 6.4 CVE-2021-36300
CONFIRM dell -- emc_networker Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. 2021-11-23 4.6 CVE-2021-36311
CONFIRM dell -- networking_os10 Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service. 2021-11-20 6.8 CVE-2021-36310
MISC dell -- x1008p_firmware Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections. 2021-11-20 5.8 CVE-2021-36322
MISC dell -- x1008p_firmware Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service. 2021-11-20 5 CVE-2021-36321
MISC easyregistrationforms -- easy_registration_forms The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1. 2021-11-19 6.8 CVE-2021-39353
MISC
MISC ec-cube -- ec-cube Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page. 2021-11-24 4.3 CVE-2021-20842
MISC
MISC ec-cube -- ec-cube Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors. 2021-11-24 4 CVE-2021-20841
MISC
MISC feataholic -- maz_loader The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack 2021-11-23 4.3 CVE-2021-24668
MISC google -- chrome Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. 2021-11-23 6.8 CVE-2021-37997
MISC
MISC google -- chrome Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-11-23 4.3 CVE-2021-38004
MISC
MISC google -- chrome Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-11-23 6.8 CVE-2021-37998
MISC
MISC google -- chrome Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. 2021-11-23 4.3 CVE-2021-37999
MISC
MISC google -- chrome Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-11-23 6.8 CVE-2021-38003
MISC
MISC google -- chrome Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2021-11-23 6.8 CVE-2021-38002
MISC
MISC google -- chrome Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-11-23 6.8 CVE-2021-38001
MISC
MISC google -- chrome Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. 2021-11-23 5.8 CVE-2021-38000
MISC
MISC greenplum -- greenplum In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability. 2021-11-19 6.4 CVE-2021-22028
MISC greenplum -- greenplum In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users 2021-11-19 4 CVE-2021-22030
MISC hancom -- anysign4pc Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../') 2021-11-22 6.4 CVE-2020-7882
MISC ibm -- mq IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398. 2021-11-23 4 CVE-2021-38875
XF
CONFIRM ibm -- security_guardium_key_lifecycle_manager IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212786. 2021-11-23 5 CVE-2021-38980
XF
CONFIRM imagemagick -- imagemagick A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-11-19 6.8 CVE-2021-3962
MISC
MISC
MISC imagestowebp_project -- images_to_webp The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue 2021-11-23 5 CVE-2021-24644
MISC imagestowebp_project -- images_to_webp The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion 2021-11-23 5.8 CVE-2021-24641
MISC implecode -- ecommerce_product_catalog The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue 2021-11-23 4.3 CVE-2021-24875
MISC ionic -- identity_vault In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed. 2021-11-19 4.6 CVE-2021-44033
MISC
FULLDISC
MISC kimai -- kimai_2 kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-19 4.3 CVE-2021-3976
MISC
CONFIRM kimai -- kimai_2 kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-19 4.3 CVE-2021-3957
MISC
CONFIRM kimai -- kimai_2 kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-19 4.3 CVE-2021-3963
CONFIRM
MISC librecad -- libdxfrw A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. 2021-11-19 6.8 CVE-2021-21898
MISC librecad -- libdxfrw A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2021-11-19 6.8 CVE-2021-21899
MISC librecad -- libdxfrw A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. 2021-11-19 6.8 CVE-2021-21900
MISC mainwp -- mainwp_child The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed 2021-11-23 6 CVE-2021-24877
MISC moddable -- moddable OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_prototype_repeat function at /moddable/xs/sources/xsString.c. 2021-11-19 6.8 CVE-2021-29325
MISC moddable -- moddable OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c. 2021-11-19 6.8 CVE-2021-29329
MISC moddable -- moddable OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer function at /moddable/xs/sources/xsDataView.c. 2021-11-19 6.8 CVE-2021-29327
MISC moddable -- moddable OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c. 2021-11-19 6.8 CVE-2021-29326
MISC moddable -- moddable OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c. 2021-11-19 6.8 CVE-2021-29324
MISC moddable -- moddable OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c. 2021-11-19 5.8 CVE-2021-29328
MISC moddable -- moddable OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c. 2021-11-19 4.3 CVE-2021-29323
MISC moodle -- moodle A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. 2021-11-22 4.3 CVE-2021-43558
MISC
MISC moodle -- moodle A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events. 2021-11-22 5 CVE-2021-43560
MISC
MISC moodle -- moodle A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk. 2021-11-22 6.8 CVE-2021-43559
MISC
MISC myscada -- mydesigner mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution. 2021-11-19 6.8 CVE-2021-43555
MISC nvidia -- dgx-1_p100 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data. 2021-11-20 4.9 CVE-2021-1125
CONFIRM open-xchange -- ox_app_suite OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message. 2021-11-22 4.3 CVE-2021-38375
MISC
MISC
MISC open-xchange -- ox_app_suite OX App Suite 7.10.5 allows XSS via an OX Chat system message. 2021-11-22 4.3 CVE-2021-33495
MISC
MISC
MISC open-xchange -- ox_app_suite OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file. 2021-11-22 4.3 CVE-2021-33489
MISC
MISC
MISC open-xchange -- ox_app_suite OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature. 2021-11-22 4.3 CVE-2021-33490
MISC
MISC
MISC open-xchange -- ox_app_suite OX App Suite 7.10.5 allows XSS via an OX Chat room name. 2021-11-22 4.3 CVE-2021-33492
MISC
MISC
MISC open-xchange -- ox_app_suite OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results. 2021-11-22 4.3 CVE-2021-38377
MISC
MISC
MISC open-xchange -- ox_app_suite OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering. 2021-11-22 4.3 CVE-2021-33494
MISC
MISC
MISC open-xchange -- ox_app_suite OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call. 2021-11-22 5 CVE-2021-38376
MISC
MISC
MISC open-xchange -- ox_app_suite OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records. 2021-11-22 4 CVE-2021-33491
MISC
MISC
MISC open-xchange -- ox_app_suite OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name. 2021-11-22 4 CVE-2021-38378
MISC
MISC
MISC open-xchange -- ox_app_suite chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook. 2021-11-22 5.8 CVE-2021-33488
FULLDISC
MISC
MISC opendesign -- drawings_sdk A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-11-22 6.8 CVE-2021-43582
MISC opendesign -- prc_sdk An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK before 2022.11. The specific issue exists within the parsing of U3D files. Incorrect use of the LibJpeg source manager inside the U3D library, and crafted data in a U3D file, can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-11-22 6.8 CVE-2021-43581
MISC oroinc -- client_relationship_management OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package. 2021-11-19 5.8 CVE-2021-39198
CONFIRM pekeupload_project -- pekeupload This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed. 2021-11-22 4.3 CVE-2021-23673
CONFIRM
CONFIRM pgbouncer -- pgbouncer When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1. 2021-11-22 5.1 CVE-2021-3935
MISC
MISC philips -- mri_3t_firmware Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor. 2021-11-19 5 CVE-2021-26262
MISC
MISC qnap -- qmailagent We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later 2021-11-20 6.8 CVE-2021-34358
CONFIRM qnap -- ragic_cloud_db A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic. 2021-11-20 4.3 CVE-2021-38681
CONFIRM rapid7 -- nexpose Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user 2021-11-22 5 CVE-2019-5640
CONFIRM roundcube -- webmail Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message. 2021-11-19 4.3 CVE-2021-44025
MISC
MISC
MISC
MISC
FEDORA
FEDORA
DEBIAN rwtxt_project -- rwtxt Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 allows a remote attacker to inject an arbitrary script via unspecified vectors. 2021-11-24 4.3 CVE-2021-20848
MISC
MISC saasproject -- booking_package Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified vectors. 2021-11-24 4.3 CVE-2021-20840
MISC
MISC
MISC sas -- sas\/intrnet SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS. 2021-11-19 5 CVE-2021-41569
MISC secomea -- gatemanager_8250_firmware This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning. 2021-11-22 5 CVE-2021-32004
MISC ssrf-agent_project -- ssrf-agent The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private. 2021-11-22 5 CVE-2021-23718
CONFIRM
CONFIRM teampasswordmanager -- team_password_manager Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import. 2021-11-19 6.8 CVE-2021-44036
MISC
MISC teampasswordmanager -- team_password_manager Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning. 2021-11-19 5 CVE-2021-44037
MISC
MISC themeum -- tutor_lms The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue 2021-11-23 4.3 CVE-2021-24873
CONFIRM
MISC transloadit -- tusdotnet The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content. 2021-11-22 4.3 CVE-2021-44150
MISC vim -- vim vim is vulnerable to Use After Free 2021-11-19 6.8 CVE-2021-3974
MISC
CONFIRM
FEDORA vmware -- spring_cloud_netflix Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution. 2021-11-19 6.5 CVE-2021-22053
MISC we-con -- plc_editor PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. 2021-11-22 6.8 CVE-2021-42707
MISC we-con -- plc_editor PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. 2021-11-22 6.8 CVE-2021-42705
MISC windriver -- vxworks An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free. 2021-11-24 5 CVE-2021-43268
MISC wipro -- holmes The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. 2021-11-22 5 CVE-2021-38146
MISC
MISC wireshark -- wireshark NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19 5 CVE-2021-39923
CONFIRM
MISC
MISC wireshark -- wireshark NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19 5 CVE-2021-39921
MISC
MISC
CONFIRM wireshark -- wireshark Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19 5 CVE-2021-39922
CONFIRM
MISC
MISC wireshark -- wireshark Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19 5 CVE-2021-39924
MISC
CONFIRM
MISC wireshark -- wireshark Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19 5 CVE-2021-39925
CONFIRM
MISC
MISC wireshark -- wireshark Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19 5 CVE-2021-39926
MISC
CONFIRM
MISC wireshark -- wireshark Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19 5 CVE-2021-39929
MISC
MISC
CONFIRM wpo365 -- wordpress_\+_azure_ad_\/_microsoft_office_365 The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. In this case, the XSS payload can be submitted by any anonymous user, the payload then renders and executes when a WordPress administrator authenticates and accesses the WordPress Dashboard. The injected payload can carry out actions on behalf of the administrator including adding other administrative users and changing application settings. This flaw could be exploited to ultimately provide full control of the affected system to the attacker. 2021-11-19 4.3 CVE-2021-43409
MISC
MISC wpwave -- hide_my_wp WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin. 2021-11-24 5 CVE-2021-36917
MISC
CONFIRM
MISC xen -- xen certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs. These page tables are presently set up to always be 4 levels deep. However, an IOMMU may require the use of just 3 page table levels. In such a configuration the lop level table needs to be stripped before inserting the root table's address into the hardware pagetable base register. When sharing page tables, Xen erroneously skipped this stripping. Consequently, the guest is able to write to leaf page table entries. 2021-11-21 6.9 CVE-2021-28710
MISC xml-sitemaps -- unlimited_sitemap_generator Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to v8.2 allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operation via a specially crafted web page. 2021-11-24 6.8 CVE-2021-20845
MISC
MISC
MISC Back to top

 

Low Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info acurax -- floating_social_media_icon Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin. 2021-11-26 3.5 CVE-2021-36843
MISC
CONFIRM advanced_access_manager_project -- advanced_access_manager The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2021-11-23 3.5 CVE-2021-24830
MISC
CONFIRM awesomesupport -- awesome_support_wordpress_helpdesk_\&_support Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). 2021-11-26 3.5 CVE-2021-36919
MISC
CONFIRM backupbliss -- backup_migration Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions. 2021-11-19 3.5 CVE-2021-36884
CONFIRM
CONFIRM cisco -- common_services_platform_collector A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by adding malicious code to the configuration by using the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. 2021-11-19 3.5 CVE-2021-40131
CISCO creativemindssolutions -- video_lessons_manager The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks 2021-11-23 3.5 CVE-2021-24713
MISC dell -- emc_cloud_link Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash. 2021-11-23 2.1 CVE-2021-36333
CONFIRM
MISC dell -- emc_powerscale_onefs Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files. 2021-11-23 2.1 CVE-2021-21561
CONFIRM dell -- emc_secure_connect_gateway Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. 2021-11-20 2.1 CVE-2021-36340
MISC dell -- networking_os10 Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages. 2021-11-20 2.1 CVE-2021-36319
MISC django-helpdesk_project -- django-helpdesk django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2021-11-19 3.5 CVE-2021-3950
MISC
CONFIRM edgexfoundry -- app_service_configurable Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors. The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in the processing pipeline. No decrypt function is provided. Encryption is not enabled by default, but if used, the level of protection may be less than the user may expects due to a broken implementation. Version v2.1.0 (EdgeX Foundry Jakarta release and later) of app-functions-sdk-go/v2 deprecates the “aes” transform and provides an improved “aes256” transform in its place. The broken implementation will remain in a deprecated state until it is removed in the next EdgeX major release to avoid breakage of existing software that depends on the broken implementation. As the broken transform is a library function that is not invoked by default, users who do not use the AES transform in their processing pipelines are unaffected. Those that are affected are urged to upgrade to the Jakarta EdgeX release and modify processing pipelines to use the new "aes256" transform. 2021-11-19 2.6 CVE-2021-41278
MISC
CONFIRM getgrav -- grav-plugin-admin grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2021-11-19 3.5 CVE-2021-3920
MISC
CONFIRM huawei -- ecns280_td_firmware There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. 2021-11-23 2.1 CVE-2021-37036
MISC huawei -- imaster_nce-fabric_firmware There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after logging onto the client. This may compromise the normal service of the client. 2021-11-23 3.5 CVE-2021-22410
MISC incsub -- forminator The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2021-11-23 3.5 CVE-2021-24700
MISC infornweb -- logo_showcase_with_slick_slider The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase. 2021-11-23 3.5 CVE-2021-24729
MISC metagauss -- download_plugin The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed. 2021-11-23 3.5 CVE-2021-24703
MISC microsoft -- clarity There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3. The payload is stored on the configuring project Id page. 2021-11-19 3.5 CVE-2021-33850
MISC nvidia -- dgx-1_p100 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure. 2021-11-20 2.1 CVE-2021-34399
CONFIRM nvidia -- dgx-1_p100 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure. 2021-11-20 2.1 CVE-2021-34400
CONFIRM nvidia -- dgx-1_p100 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure. 2021-11-20 2.1 CVE-2021-1088
CONFIRM nvidia -- dgx-1_p100 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure. 2021-11-20 2.1 CVE-2021-1105
CONFIRM nvidia -- dgx-1_p100 NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access protected information, which may lead to information disclosure. 2021-11-20 2.1 CVE-2021-23219
CONFIRM open-xchange -- ox_app_suite The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format. 2021-11-22 3.6 CVE-2021-33493
MISC
MISC
MISC open-xchange -- ox_app_suite OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL. 2021-11-22 3.5 CVE-2021-38374
MISC
MISC
MISC philips -- mri_1.5t_firmware Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access. 2021-11-19 2.1 CVE-2021-42744
MISC
MISC philips -- mri_3t_firmware Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource. 2021-11-19 2.1 CVE-2021-26248
MISC
MISC shimo -- document Shimo Document v2.0.1 contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the table content text field. 2021-11-22 3.5 CVE-2020-22719
MISC snipeitapp -- snipe-it snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2021-11-19 3.5 CVE-2021-3961
CONFIRM
MISC tribulant -- slideshow_gallery The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2021-11-23 3.5 CVE-2021-24882
MISC wpdeveloper -- betterlinks The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV. 2021-11-23 3.5 CVE-2021-24812
MISC Back to top

 

Severity Not Yet Assigned Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
xen -- xen guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound. 2021-11-24 not yet calculated CVE-2021-28706
MISC afreecatv -- afreecatv
  The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length. 2021-11-26 not yet calculated CVE-2020-7881
MISC aim -- aim Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)� sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0. 2021-11-23 not yet calculated CVE-2021-43775
MISC
CONFIRM
MISC
MISC
MISC alfasado_inc -- powercms PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series (End-of-Life, EOL) allows a remote attacker to execute an arbitrary OS command via unspecified vectors. 2021-11-24 not yet calculated CVE-2021-20850
MISC
MISC amazon_web_service -- iot_devices

  Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule versions 0.10.5 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.4.2 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on macOS. Amazon Web Services AWS-C-IO 0.10.4 on macOS. 2021-11-23 not yet calculated CVE-2021-40829
MISC
MISC
MISC
MISC
MISC amazon_web_service -- iot_devices

  The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust store. This corrects this issue. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Linux/Unix. Amazon Web Services AWS-C-IO 0.10.4 on Linux/Unix. 2021-11-23 not yet calculated CVE-2021-40830
MISC
MISC
MISC
MISC
MISC amazon_web_service -- iot_devices

  The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to address this behavior. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.7.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.14.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.6.0 on macOS. Amazon Web Services AWS-C-IO 0.10.7 on macOS. 2021-11-23 not yet calculated CVE-2021-40831
MISC
MISC
MISC
MISC
MISC amazon_web_service -- iot_devices
  Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. This issue has been addressed in aws-c-io submodule versions 0.9.13 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.3.3 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.5.18 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Microsoft Windows. 2021-11-23 not yet calculated CVE-2021-40828
MISC
MISC
MISC
MISC
MISC apache -- jspwiki
  Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later. 2021-11-24 not yet calculated CVE-2021-44140
MISC
MISC apache -- jspwiki
  A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later. 2021-11-24 not yet calculated CVE-2021-40369
MISC
MISC backstage -- backstage
  Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`. 2021-11-26 not yet calculated CVE-2021-43776
CONFIRM
MISC barcode -- barcode
  Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file. 2021-11-24 not yet calculated CVE-2021-43778
CONFIRM
MISC
MISC
MISC basercms -- basercms BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. 2021-11-26 not yet calculated CVE-2021-41279
CONFIRM
MISC basercms -- basercms
  There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. 2021-11-26 not yet calculated CVE-2021-41243
CONFIRM
MISC bitdefender -- endpoint_security_tools
  A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1. 2021-11-24 not yet calculated CVE-2021-3552
MISC bitdefender -- endpoint_security_tools
  Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. 2021-11-24 not yet calculated CVE-2021-3554
MISC bitdefender -- endpoint_security_tools
  A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. 2021-11-24 not yet calculated CVE-2021-3553
MISC d-link -- dwr-932c
  Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions. 2021-11-23 not yet calculated CVE-2021-42783
MISC d-link -- dwr-932c
  OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request. 2021-11-23 not yet calculated CVE-2021-42784
MISC dell -- idrac
  Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system. 2021-11-23 not yet calculated CVE-2021-36301
CONFIRM django -- django-wiki
  In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript. 2021-11-23 not yet calculated CVE-2021-25986
CONFIRM
MISC f-secure -- f-secure
  A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. 2021-11-26 not yet calculated CVE-2021-40833
MISC
MISC gin-vue-admin -- gin-vue-admin
  Gin-Vue-Admin before 2.4.6 mishandles a SQL database. 2021-11-24 not yet calculated CVE-2021-44219
MISC
MISC hejhome -- gwk-ic052
  HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..) 2021-11-26 not yet calculated CVE-2021-26611
MISC hitachi -- multiple_devices
  Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions). 2021-11-26 not yet calculated CVE-2021-35533
CONFIRM huawei -- multiple_products
  There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak.Affected product versions include: IPS Module V500R005C00SPC100, V500R005C00SPC200; NGFW Module V500R005C00SPC100, V500R005C00SPC200; Secospace USG6300 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6600 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; USG9500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200. 2021-11-23 not yet calculated CVE-2021-22356
MISC huawei -- smartphones There is an Improper permission vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. 2021-11-23 not yet calculated CVE-2021-37030
MISC huawei -- smartphones There is an Identity verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. 2021-11-23 not yet calculated CVE-2021-37029
MISC huawei -- smartphones There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37026
MISC huawei -- smartphones There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37025
MISC huawei -- smartphones There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37024
MISC huawei -- smartphones There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37018
MISC huawei -- smartphones There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the availability of users is affected. 2021-11-23 not yet calculated CVE-2021-37013
MISC huawei -- smartphones There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37007
MISC huawei -- smartphones There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. 2021-11-23 not yet calculated CVE-2021-37031
MISC huawei -- smartphones There is a Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Digital Balance to fail to work. 2021-11-23 not yet calculated CVE-2021-37032
MISC huawei -- smartphones The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. 2021-11-22 not yet calculated CVE-2021-38448
CONFIRM huawei -- smartphones There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. 2021-11-23 not yet calculated CVE-2021-37033
MISC huawei -- smartphones There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37017
MISC huawei -- smartphones
  There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. 2021-11-23 not yet calculated CVE-2021-37035
MISC huawei -- smartphones
  There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37012
MISC huawei -- smartphones
  There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37019
MISC huawei -- smartphones
  There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37003
MISC huawei -- smartphones
  There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause Information Disclosure or Denial of Service. 2021-11-23 not yet calculated CVE-2021-37016
MISC huawei -- smartphones
  There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37015
MISC huawei -- smartphones
  There is an Unstandardized field names in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. 2021-11-23 not yet calculated CVE-2021-37034
MISC huawei -- smartphones
  There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. 2021-11-23 not yet calculated CVE-2021-37010
MISC huawei -- smartphones
  There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause media files which can be reads and writes in non-distributed directories on any device on the network.. 2021-11-23 not yet calculated CVE-2021-37023
MISC huawei -- smartphones
  There is a Configuration vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. 2021-11-23 not yet calculated CVE-2021-37009
MISC huawei -- smartphones
  There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37008
MISC huawei -- smartphones
  There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. 2021-11-23 not yet calculated CVE-2021-37006
MISC huawei -- smartphones
  There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37005
MISC huawei -- smartphones
  There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. 2021-11-23 not yet calculated CVE-2021-37004
MISC huawei -- smartphones
  There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause root permission which can be escalated. 2021-11-23 not yet calculated CVE-2021-37022
MISC ibm -- sterling_connect
  IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507. 2021-11-23 not yet calculated CVE-2021-38890
CONFIRM
XF ibm -- sterling_connect
  IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508. 2021-11-23 not yet calculated CVE-2021-38891
CONFIRM
XF janus-gateway -- janus-gateway
  janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2021-11-27 not yet calculated CVE-2021-4020
CONFIRM
MISC joeattardi -- emoji-button
  @joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code. 2021-11-26 not yet calculated CVE-2021-43785
CONFIRM
MISC
MISC kaspersky -- password_manager
  A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. 2021-11-23 not yet calculated CVE-2021-35052
MISC keepalived -- keepalived
  In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property 2021-11-26 not yet calculated CVE-2021-44225
MISC
MISC mcafee -- policy_auditor
  A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extraction of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests. 2021-11-23 not yet calculated CVE-2021-31851
CONFIRM mcafee -- policy_auditor
  A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extract of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests. 2021-11-23 not yet calculated CVE-2021-31852
CONFIRM microsoft -- azure
  Azure Active Directory Information Disclosure Vulnerability 2021-11-24 not yet calculated CVE-2021-42306
N/A microsoft -- edge
  Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 2021-11-24 not yet calculated CVE-2021-43221
N/A microsoft -- edge
  Microsoft Edge (Chromium-based) Spoofing Vulnerability 2021-11-24 not yet calculated CVE-2021-42308
N/A microsoft -- edge
  Microsoft Edge for iOS Spoofing Vulnerability 2021-11-24 not yet calculated CVE-2021-43220
N/A microsoft -- windows
  Windows 10 Update Assistant Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42297. 2021-11-24 not yet calculated CVE-2021-43211
N/A microsoft -- windows
  Windows 10 Update Assistant Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43211. 2021-11-24 not yet calculated CVE-2021-42297
N/A
MISC mitsubishi_electric -- mercari_app
  Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account's access token being obtained. 2021-11-24 not yet calculated CVE-2021-20835
MISC mitsubishi_electric -- multiple_got2000_series
  Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected, such as malfunction. 2021-11-23 not yet calculated CVE-2021-20601
MISC
MISC
MISC mongodb -- mongodb An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. 2021-11-24 not yet calculated CVE-2021-32037
MISC octopus -- tentacle
  When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access. 2021-11-24 not yet calculated CVE-2021-31822
MISC qnap -- viostor
  A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later 2021-11-26 not yet calculated CVE-2021-38685
CONFIRM qnap -- viostor
  An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later 2021-11-26 not yet calculated CVE-2021-38686
CONFIRM redash -- redash
  Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value. This issue only affects installations where the `REDASH_COOKIE_SECRET or REDASH_SECRET_KEY` environment variables have not been explicitly set. This issue does not affect users of the official Redash cloud images, Redash's Digital Ocean marketplace droplets, or the scripts in the `getredash/setup` repository. These instances automatically generate unique secret keys during installation. One can verify whether one's instance is affected by checking the value of the `REDASH_COOKIE_SECRET` environment variable. If it is `c292a0a3aa32397cdb050e233733900f`, should follow the steps to secure the instance, outlined in the GitHub Security Advisory. 2021-11-24 not yet calculated CVE-2021-41192
CONFIRM
MISC redash -- redash
  Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a Cross-Site Request Forgery (CSRF) token, not a static and easily predicted value. This vulnerability does not affect users who do not use Google Login for their instance of Redash. A patch in the `master` and `release/10.x.x` branches addresses this by replacing `Flask-Oauthlib` with `Authlib` which automatically provides and validates a CSRF token for the state variable. The new implementation stores the next URL on the user session object. As a workaround, one may disable Google Login to mitigate the vulnerability. 2021-11-24 not yet calculated CVE-2021-43777
CONFIRM
MISC redash -- redash
  Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery (SSRF). These vulnerabilities are only exploitable on installations where a URL-loading data source is enabled. As of time of publication, the `master` and `release/10.x.x` branches address this by applying the Advocate library for making http requests instead of the requests library directly. Users should upgrade to version 10.0.1 to receive this patch. There are a few workarounds for mitigating the vulnerability without upgrading. One can disable the vulnerable data sources entirely, by adding the following env variable to one's configuration, making them unavailable inside the webapp. One can switch any data source of certain types (viewable in the GitHub Security Advisory) to be `View Only` for all groups on the Settings > Groups > Data Sources screen. For users unable to update an admin may modify Redash's configuration through environment variables to mitigate this issue. Depending on the version of Redash, an admin may also need to run a CLI command to re-encrypt some fields in the database. The `master` and `release/10.x.x` branches as of time of publication have removed the default value for `REDASH_COOKIE_SECRET`. All future releases will also require this to be set explicitly. For existing installations, one will need to ensure that explicit values are set for the `REDASH_COOKIE_SECRET` and `REDASH_SECRET_KEY `variables. 2021-11-24 not yet calculated CVE-2021-43780
CONFIRM
MISC sophos -- hitmanpro_alert
  A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3. 2021-11-26 not yet calculated CVE-2021-25269
CONFIRM sophos -- sophos
  An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. 2021-11-26 not yet calculated CVE-2021-36807
CONFIRM symfony -- symfony
  Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie in version 5.3.0, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a valid remember me cookie. Starting with version 5.3.12, Symfony makes the password part of the signature by default. In that way, when the password changes, then the cookie is not valid anymore. 2021-11-24 not yet calculated CVE-2021-41268
CONFIRM
MISC
MISC
MISC symfony -- symfony
  Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the "trusted_headers" allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue. Versions 5.3.12 and later have a patch to ensure that the `X-Forwarded-Prefix` header is not forwarded to subrequests when it is not trusted. 2021-11-24 not yet calculated CVE-2021-41267
CONFIRM
MISC
MISC
MISC symfony -- symfony
  Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula injection. In Symfony 4.1, maintainers added the opt-in `csv_escape_formulas` option in the `CsvEncoder`, to prefix all cells starting with `=`, `+`, `-` or `@` with a tab `\t`. Since then, OWASP added 2 chars in that list: Tab (0x09) and Carriage return (0x0D). This makes the previous prefix char (Tab `\t`) part of the vulnerable characters, and OWASP suggests using the single quote `'` for prefixing the value. Starting with versions 4.4.34 and 5.3.12, Symfony now follows the OWASP recommendations and uses the single quote `'` to prefix formulas and add the prefix to cells starting by `\t`, `\r` as well as `=`, `+`, `-` and `@`. 2021-11-24 not yet calculated CVE-2021-41270
MISC
CONFIRM
MISC
MISC synapse -- synapse
  Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. The last 2 directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact. Homeservers with the media repository disabled are unaffected. Homeservers with a federation whitelist are also unaffected, since Synapse will check the remote hostname, including the trailing `../`s, against the whitelist. Server administrators should upgrade to 1.47.1 or later. Server administrators using a reverse proxy could, at the expense of losing media functionality, may block the certain endpoints as a workaround. Alternatively, non-containerized deployments can be adapted to use the hardened systemd config. 2021-11-23 not yet calculated CVE-2021-41281
MISC
CONFIRM
MISC synk -- synk This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system. 2021-11-22 not yet calculated CVE-2021-23732
CONFIRM synk -- synk
  This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files. 2021-11-26 not yet calculated CVE-2021-23654
CONFIRM
CONFIRM tightvnc -- viewer
  Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server. 2021-11-23 not yet calculated CVE-2021-42785
MISC ubuntu -- ark_library
  ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow. 2021-11-26 not yet calculated CVE-2021-26615
MISC unifi -- protect
  A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later. 2021-11-24 not yet calculated CVE-2021-22957
MISC vmware -- vsphere_web_client
  The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. 2021-11-24 not yet calculated CVE-2021-21980
MISC vmware -- vsphere_web_client
  The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. 2021-11-24 not yet calculated CVE-2021-22049
MISC wordpress -- wordpress The ImageBoss WordPress plugin before 3.0.6 does not sanitise and escape its Source Name setting, which could allow high privilege users to perform Cross-Site Scripting attacks 2021-11-23 not yet calculated CVE-2021-24888
MISC wordpress -- wordpress
  WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory. 2021-11-25 not yet calculated CVE-2021-44223
MISC
MISC wordpress -- wordpress
  The Elementor Website Builder WordPress plugin before 3.1.4 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue 2021-11-23 not yet calculated CVE-2021-24891
MISC
MISC wordpress -- wordpress
  Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this vulnerability, an attacker must register to obtain a valid WordPress's user and use such user to authenticate with WordPress in order to exploit the vulnerable edit function. 2021-11-23 not yet calculated CVE-2021-24892
MISC
MISC wordpress -- wordpress
  The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page 2021-11-23 not yet calculated CVE-2021-24894
CONFIRM
MISC xen -- xen issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.) 2021-11-24 not yet calculated CVE-2021-28705
MISC xen -- xen
  PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2). 2021-11-24 not yet calculated CVE-2021-28704
MISC xen -- xen
  PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2). 2021-11-24 not yet calculated CVE-2021-28707
MISC xen -- xen
  PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2). 2021-11-24 not yet calculated CVE-2021-28708
MISC xen -- xen
  issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.) 2021-11-24 not yet calculated CVE-2021-28709
MISC yamaha -- multiple_routers
  Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page. 2021-11-24 not yet calculated CVE-2021-20844
MISC
MISC
MISC
MISC yamaha -- multiple_routers
  Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page. 2021-11-24 not yet calculated CVE-2021-20843
MISC
MISC
MISC
MISC zoom -- client_for_meetings
  A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI before version 5.8.4, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code. 2021-11-24 not yet calculated CVE-2021-34423
MISC zoom -- client_for_meetings
  A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI before version 5.8.4, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product's memory. 2021-11-24 not yet calculated CVE-2021-34424
MISC zyxel -- multiple_firmware
  A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user. 2021-11-23 not yet calculated CVE-2021-35033
CONFIRM Back to top

This product is provided subject to this Notification and this Privacy & Use policy.