US CERT: Security Bulletins

Subscribe to US CERT: Security Bulletins hírcsatorna
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Frissítve: 57 perc 37 másodperc
2021. szeptember 27.

Vulnerability Summary for the Week of September 20, 2021

Original release date: September 27, 2021

 

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info There were no high vulnerabilities recorded this week. Back to top

 

Medium Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info ffmpeg -- ffmpeg Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. 2021-09-20 6.8 CVE-2020-20891
MISC
MISC ffmpeg -- ffmpeg Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. 2021-09-20 6.8 CVE-2020-20898
MISC
MISC ffmpeg -- ffmpeg Buffer Overflow vulnerability in function gaussian_blur in libavfilter/vf_edgedetect.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. 2021-09-20 6.8 CVE-2020-20900
MISC
MISC ffmpeg -- ffmpeg Buffer Overflow vulnerability in function filter_slice in libavfilter/vf_bm3d.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. 2021-09-20 6.8 CVE-2020-20897
MISC
MISC ffmpeg -- ffmpeg An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference. 2021-09-20 6.8 CVE-2020-20896
MISC
MISC ffmpeg -- ffmpeg Buffer Overflow vulnerability in function filter_vertically_##name in libavfilter/vf_avgblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. 2021-09-20 6.8 CVE-2020-20895
MISC
MISC ffmpeg -- ffmpeg An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero. 2021-09-20 6.8 CVE-2020-20892
MISC
MISC ffmpeg -- ffmpeg Buffer Overflow vulnerability in function activate in libavfilter/af_afade.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. 2021-09-20 6.8 CVE-2020-20893
MISC
MISC ffmpeg -- ffmpeg Buffer Overflow vulnerability in function gaussian_blur in libavfilter/vf_edgedetect.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. 2021-09-20 6.8 CVE-2020-20894
MISC
MISC ffmpeg -- ffmpeg Buffer Overflow vulnerability in function config_props in libavfilter/vf_bwdif.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. 2021-09-20 6.8 CVE-2020-20899
MISC
MISC ffmpeg -- ffmpeg Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. 2021-09-20 6.8 CVE-2021-38092
MISC
MISC ffmpeg -- ffmpeg Buffer Overflow vulnerability in function filter_frame in libavfilter/vf_fieldorder.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. 2021-09-20 6.8 CVE-2020-20901
MISC
MISC ffmpeg -- ffmpeg Buffer Overflow vulnerability in function config_input in libavfilter/vf_bm3d.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. 2021-09-20 6.8 CVE-2021-38089
MISC
MISC ffmpeg -- ffmpeg Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. 2021-09-20 6.8 CVE-2021-38090
MISC
MISC ffmpeg -- ffmpeg Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. 2021-09-20 6.8 CVE-2021-38091
MISC
MISC ffmpeg -- ffmpeg Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. 2021-09-20 6.8 CVE-2021-38093
MISC
MISC ffmpeg -- ffmpeg Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. 2021-09-20 6.8 CVE-2021-38094
MISC
MISC gnu -- libredwg An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39523
MISC gnu -- libredwg An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow. 2021-09-20 6.8 CVE-2021-39527
MISC gnu -- libredwg An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39521
MISC gnu -- libredwg An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow. 2021-09-20 6.8 CVE-2021-39530
MISC gnu -- libredwg An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow. 2021-09-20 6.8 CVE-2021-39522
MISC gnu -- libredwg An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow. 2021-09-20 6.8 CVE-2021-39525
MISC gnu -- libredwg An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free. 2021-09-20 6.8 CVE-2021-39528
MISC jpeg -- libjpeg An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function SampleInterleavedLSScan::ParseMCU() located in sampleinterleavedlsscan.cpp. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39515
MISC jpeg -- libjpeg An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39520
MISC jpeg -- libjpeg An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PullQData() located in blockbitmaprequester.cpp It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39519
MISC jpeg -- libjpeg An issue was discovered in libjpeg through 2020021. LineBuffer::FetchRegion() in linebuffer.cpp has a heap-based buffer overflow. 2021-09-20 4.3 CVE-2021-39518
MISC jpeg -- libjpeg An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::ReconstructUnsampled() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39517
MISC jpeg -- libjpeg An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function HuffmanDecoder::Get() located in huffmandecoder.hpp. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39516
MISC pdftools_project -- pdftools An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the function node::ObjNode::Value() located in objnode.cpp. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39538
MISC pdftools_project -- pdftools An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the function Analyze::AnalyzeRoot() located in analyze.cpp. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39543
MISC pdftools_project -- pdftools An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the function Font::Size() located in font.cpp. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39542
MISC pdftools_project -- pdftools An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the function Analyze::AnalyzeXref() located in analyze.cpp. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39541
MISC pdftools_project -- pdftools An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the function node::BDCNode::~BDCNode() located in bdcnode.cpp. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39539
MISC pdftools_project -- pdftools An issue was discovered in pdftools through 20200714. A stack-buffer-overflow exists in the function Analyze::AnalyzePages() located in analyze.cpp. It allows an attacker to cause code Execution. 2021-09-20 6.8 CVE-2021-39540
MISC sela_project -- sela An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function file::WavFile::WavFile() located in wav_file.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39549
MISC sela_project -- sela An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.c has a heap-based buffer overflow. 2021-09-20 6.8 CVE-2021-39551
MISC sela_project -- sela An issue was discovered in sela through 20200412. file::WavFile::readFromFile() in wav_file.c has a heap-based buffer overflow. 2021-09-20 6.8 CVE-2021-39552
MISC sela_project -- sela An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.cpp has a heap-based buffer overflow. 2021-09-20 6.8 CVE-2021-39550
MISC sela_project -- sela An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function lpc::SampleGenerator::process() located in sample_generator.cpp. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39547
MISC sela_project -- sela An issue was discovered in sela through 20200412. file::WavFile::writeToFile() in wav_file.c has a heap-based buffer overflow. 2021-09-20 6.8 CVE-2021-39544
MISC sela_project -- sela An issue was discovered in sela through 20200412. rice::RiceDecoder::process() in rice_decoder.cpp has a heap-based buffer overflow. 2021-09-20 6.8 CVE-2021-39546
MISC sela_project -- sela An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function rice::RiceDecoder::process() located in rice_decoder.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39545
MISC sela_project -- sela An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function frame::FrameDecoder::process() located in frame_decoder.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39548
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function pool_read() located in pool.c. It allows an attacker to cause code Execution. 2021-09-20 6.8 CVE-2021-39574
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function main() located in swfdump.c. It allows an attacker to cause code Execution. 2021-09-20 6.8 CVE-2021-39577
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function string_hash() located in q.c. It allows an attacker to cause code Execution. 2021-09-20 6.8 CVE-2021-39579
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_GetPlaceObject() located in swfobject.c. It allows an attacker to cause code Execution. 2021-09-20 6.8 CVE-2021-39582
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function rfx_alloc() located in mem.c. It allows an attacker to cause code Execution. 2021-09-20 6.8 CVE-2021-39595
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function FileStream::makeSubStream() located in Stream.cc. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39562
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function VectorGraphicOutputDev::drawGeneralImage() located in VectorGraphicOutputDev.cc. It allows an attacker to cause code Execution. 2021-09-20 6.8 CVE-2021-39558
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function OpAdvance() located in swfaction.c. It allows an attacker to cause code Execution. 2021-09-20 6.8 CVE-2021-39569
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function grealloc() located in gmem.cc. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39553
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function Lexer::Lexer() located in Lexer.cc. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39554
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D0() located in InfoOutputDev.cc. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39555
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D1() located in InfoOutputDev.cc. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39556
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function copyString() located in gmem.cc. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39557
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function GString::~GString() located in GString.cc. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39559
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function Gfx::opSetFillColorN() located in Gfx.cc. It allows an attacker to cause code Execution. 2021-09-20 6.8 CVE-2021-39561
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function dump_method() located in abc.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39575
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_DumpActions() located in swfaction.c. It allows an attacker to cause code Execution. 2021-09-20 6.8 CVE-2021-39564
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_DumpActions() located in swfaction.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39563
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function params_dump() located in abc.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39590
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_GetShapeBoundingBox() located in swfshape.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39591
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_uint() located in pool.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39592
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_FontExtract_DefineFontInfo() located in swftext.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39593
MISC swftools -- swftools Other An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function updateusage() located in swftext.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39594
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_dump2() located in code.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39597
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_parse() located in code.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39596
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function parse_metadata() located in abc.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39589
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_ReadABC() located in abc.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39588
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_DumpABC() located in abc.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39587
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function traits_dump() located in abc.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39585
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function namespace_set_hash() located in pool.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39584
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_string2() located in pool.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39583
MISC swftools -- swftools An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function callcode() located in code.c. It allows an attacker to cause Denial of Service. 2021-09-20 4.3 CVE-2021-39598
MISC Back to top

 

Low Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info There were no low vulnerabilities recorded this week. Back to top

 

Severity Not Yet Assigned Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- system_access_point
  The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point. 2021-09-23 not yet calculated CVE-2021-22276
MISC amazon -- aws_workspaces_client
  In the Amazon AWS WorkSpaces client before 3.1.9 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. 2021-09-22 not yet calculated CVE-2021-38112
MISC
MISC amd_platform -- security_processor
  An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages. 2021-09-21 not yet calculated CVE-2021-26333
MISC
MISC
FULLDISC ansible -- ansible A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. 2021-09-22 not yet calculated CVE-2021-3583
MISC apache -- kafka
  Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0. 2021-09-22 not yet calculated CVE-2021-38153
CONFIRM apache -- openoffice
  Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10 2021-09-23 not yet calculated CVE-2021-33035
CONFIRM apache -- santuario
  All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. 2021-09-19 not yet calculated CVE-2021-40690
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST apprise -- apprise Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack on an inefficient regular expression. The vulnerable regular expression is [here](https://github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py#L356-L359). The problem has been patched in release version 0.9.5.1. Users who are unable to upgrade are advised to remove `apprise/plugins/NotifyIFTTT.py` to eliminate the service. 2021-09-20 not yet calculated CVE-2021-39229
CONFIRM
MISC
MISC bento4 -- bento4
  An issue was discovered in Bento4 through v1.6.0-637. A global-buffer-overflow exists in the function AP4_MemoryByteStream::WritePartial() located in Ap4ByteStream.cpp. It allows an attacker to cause code execution or information disclosure. 2021-09-20 not yet calculated CVE-2021-32265
MISC boost -- note
  static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API. 2021-09-17 not yet calculated CVE-2021-41392
MISC butter -- butter
  Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds. 2021-09-21 not yet calculated CVE-2021-39230
MISC
CONFIRM cisco -- access_points
  A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user. 2021-09-23 not yet calculated CVE-2021-1419
CISCO cisco -- aironet_access_point
  A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device. 2021-09-23 not yet calculated CVE-2021-34740
CISCO cisco -- asr_900_routers
  A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. 2021-09-23 not yet calculated CVE-2021-34696
CISCO cisco -- catalyst_9000_family_wireless_controllers
  A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, and Embedded Wireless on Catalyst 9000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper processing of malformed EoGRE packets. An attacker could exploit this vulnerability by sending malicious packets to the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2021-09-23 not yet calculated CVE-2021-1611
CISCO cisco -- catalyst_9000_family_wireless_controllers
  Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. 2021-09-23 not yet calculated CVE-2021-1565
CISCO cisco -- catalyst_access_points
  A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP. 2021-09-23 not yet calculated CVE-2021-1615
CISCO cisco -- cbr-8_converged_broadband_routers
  A vulnerability in the Simple Network Management Protocol (SNMP) punt handling function of Cisco cBR-8 Converged Broadband Routers could allow an authenticated, remote attacker to overload a device punt path, resulting in a denial of service (DoS) condition. This vulnerability is due to the punt path being overwhelmed by large quantities of SNMP requests. An attacker could exploit this vulnerability by sending a large number of SNMP requests to an affected device. A successful exploit could allow the attacker to overload the device punt path, resulting in a DoS condition. 2021-09-23 not yet calculated CVE-2021-1623
CISCO cisco -- ios_xe A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of certain Layer 2 frames. An attacker could exploit this vulnerability by sending specific Layer 2 frames on the segment the router is connected to. A successful exploit could allow the attacker to cause a queue wedge on the interface, resulting in a DoS condition. 2021-09-23 not yet calculated CVE-2021-1621
CISCO cisco -- ios_xe A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input in the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system. An attacker would need valid user credentials to exploit this vulnerability. 2021-09-23 not yet calculated CVE-2021-34729
CISCO cisco -- ios_xe Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. 2021-09-23 not yet calculated CVE-2021-34769
CISCO cisco -- ios_xe A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges. 2021-09-23 not yet calculated CVE-2021-34726
CISCO cisco -- ios_xe A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. A successful exploit could allow the attacker to cause a buffer overflow and possibly execute arbitrary commands with root-level privileges, or cause the device to reload, which could result in a denial of service condition. 2021-09-23 not yet calculated CVE-2021-34727
CISCO cisco -- ios_xe A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges. 2021-09-23 not yet calculated CVE-2021-34725
CISCO cisco -- ios_xe A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A successful exploit could allow the attacker to conduct toll fraud, resulting in unexpected financial impact to affected customers. 2021-09-23 not yet calculated CVE-2021-34705
CISCO cisco -- ios_xe
  Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. 2021-09-23 not yet calculated CVE-2021-34768
CISCO cisco -- ios_xe
  A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. This vulnerability is due to insufficient data validation of traffic that is traversing the ALG. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device. A successful exploit could allow the attacker to bypass the ALG and open connections that should not be allowed to a remote device located behind the ALG. Note: This vulnerability has been publicly discussed as NAT Slipstreaming. 2021-09-23 not yet calculated CVE-2021-1616
CISCO cisco -- ios_xe
  A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device. 2021-09-23 not yet calculated CVE-2021-34723
CISCO cisco -- ios_xe
  A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on an affected device as a PRIV15 user. This vulnerability is due to insufficient file system protection and the presence of a sensitive file in the bootflash directory on an affected device. An attacker could exploit this vulnerability by overwriting an installer file stored in the bootflash directory with arbitrary commands that can be executed with root-level privileges. A successful exploit could allow the attacker to read and write changes to the configuration database on the affected device. 2021-09-23 not yet calculated CVE-2021-34724
CISCO cisco -- ios_xe
  A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition. 2021-09-23 not yet calculated CVE-2021-34770
CISCO cisco -- ios_xe
  A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit could allow the attacker to exhaust the IP addresses from the assigned local pool, which prevents users from logging in and leads to a denial of service (DoS) condition. 2021-09-23 not yet calculated CVE-2021-1620
CISCO cisco -- ios_xe
  A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by sending a series of NETCONF or RESTCONF requests to an affected device. A successful exploit could allow the attacker to use NETCONF or RESTCONF to install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS. 2021-09-23 not yet calculated CVE-2021-1619
CISCO cisco -- ios_xe
  A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service (DoS) attacks to or through the affected device. This vulnerability is due to incorrect programming of the half-opened connections limit, TCP SYN flood limit, or TCP SYN cookie features when the features are configured in vulnerable releases of Cisco IOS XE Software. An attacker could exploit this vulnerability by attempting to flood traffic to or through the affected device. A successful exploit could allow the attacker to initiate a DoS attack to or through an affected device. 2021-09-23 not yet calculated CVE-2021-34697
CISCO cisco -- ios_xe
  A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service (DoS) condition. This vulnerability is due to a deadlock condition in the code when processing COPS packets under certain conditions. An attacker could exploit this vulnerability by sending COPS packets with high burst rates to an affected device. A successful exploit could allow the attacker to cause the CPU to consume excessive resources, which prevents other control plane processes from obtaining resources and results in a DoS. 2021-09-23 not yet calculated CVE-2021-1622
CISCO cisco -- ios_xe
  A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to mishandling of the rate limiting feature within the QuantumFlow Processor. An attacker could exploit this vulnerability by sending large amounts of traffic that would be subject to NAT and rate limiting through an affected device. A successful exploit could allow the attacker to cause the QuantumFlow Processor utilization to reach 100 percent on the affected device, resulting in a DoS condition. 2021-09-23 not yet calculated CVE-2021-1624
CISCO cisco -- ios_xe
  A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying traffic. This vulnerability exists because ICMP and UDP responder-to-initiator flows are not inspected when the Zone-Based Policy Firewall has either Unified Threat Defense (UTD) or Application Quality of Experience (AppQoE) configured. An attacker could exploit this vulnerability by attempting to send UDP or ICMP flows through the network. A successful exploit could allow the attacker to inject traffic through the Zone-Based Policy Firewall, resulting in traffic being dropped because it is incorrectly classified or in incorrect reporting figures being produced by high-speed logging (HSL). 2021-09-23 not yet calculated CVE-2021-1625
CISCO cisco -- ios_xe
  A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper initialization of a buffer. An attacker could exploit this vulnerability via any of the following methods: An authenticated, remote attacker could access the LLDP neighbor table via either the CLI or SNMP while the device is in a specific state. An unauthenticated, adjacent attacker could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then waiting for an administrator of the device or a network management system (NMS) managing the device to retrieve the LLDP neighbor table of the device via either the CLI or SNMP. An authenticated, adjacent attacker with SNMP read-only credentials or low privileges on the device CLI could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then accessing the LLDP neighbor table via either the CLI or SNMP. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a reload of the device. 2021-09-23 not yet calculated CVE-2021-34703
CISCO cisco -- ios_xe
  A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. 2021-09-23 not yet calculated CVE-2021-34699
CISCO cisco -- ios_xe
  A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that VLAN. The vulnerability is due to a logic error when processing specific link-local IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that would flow inbound through the wired interface of an affected device. A successful exploit could allow the attacker to cause traffic drops in the affected VLAN, thus triggering the DoS condition. 2021-09-23 not yet calculated CVE-2021-34767
CISCO cisco -- multiple_product
  A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process. 2021-09-23 not yet calculated CVE-2021-34714
CISCO cisco -- sd-wan
  A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information. 2021-09-23 not yet calculated CVE-2021-34712
CISCO cisco -- sd-wan
  A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device. 2021-09-23 not yet calculated CVE-2021-1612
CISCO cisco -- sd-wan
  A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A successful exploit could allow the attacker to gain unauthorized access to administrative credentials that could be used in further attacks. 2021-09-23 not yet calculated CVE-2021-1589
CISCO cisco -- sd-wan
  A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information. 2021-09-23 not yet calculated CVE-2021-1546
CISCO citrix -- sharefile
  Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller. 2021-09-23 not yet calculated CVE-2021-22941
MISC cloudron -- cloudron
  In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS. 2021-09-21 not yet calculated CVE-2021-40868
MISC
MISC
MISC cms_made_simple -- cms_made_simple CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field. 2021-09-22 not yet calculated CVE-2020-23481
MISC cms_made_simple -- cms_made_simple
  An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1). 2021-09-17 not yet calculated CVE-2019-9060
CONFIRM
CONFIRM
CONFIRM
CONFIRM concrete -- cms
  An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text. 2021-09-24 not yet calculated CVE-2021-40100
MISC
MISC concrete -- cms
  A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team" 2021-09-23 not yet calculated CVE-2021-22949
MISC
MISC concrete -- cms
  An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method). 2021-09-24 not yet calculated CVE-2021-40102
MISC
MISC concrete -- cms
  A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team" 2021-09-23 not yet calculated CVE-2021-22953
MISC
MISC concrete -- cms
  An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. 2021-09-24 not yet calculated CVE-2021-40099
MISC
MISC concrete -- cms
  Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team" 2021-09-23 not yet calculated CVE-2021-22950
MISC
MISC d-link -- dcs-5000l
  ** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-09-24 not yet calculated CVE-2021-41503
MISC
MISC d-link -- dcs-5000l
  ** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-09-24 not yet calculated CVE-2021-41504
MISC
MISC d-link -- dir-3040
  An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability. 2021-09-23 not yet calculated CVE-2021-21913
MISC d-link -- dir-605
  An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page 2021-09-24 not yet calculated CVE-2021-40655
MISC
MISC d-link -- dir-615 An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page 2021-09-24 not yet calculated CVE-2021-40654
MISC
MISC dada -- mail
  Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any mailing list password, as well as the Dada Mail Root Password - which could effectively shut out actual list owners of the mailing list and allow the bad actor complete and unfettered control of your mailing list. This vulnerability also affects profile logins. For this vulnerability to work, the target of the bad actor would need to be logged into the list control panel themselves. This CSRF vulnerability in Dada Mail affects all versions of Dada Mail v11.15.1 and below. Although we know of no known CSRF exploits that have happened in the wild, this vulnerability has been confirmed by our testing, and by a third party. Users are advised to update to version 11.16.0. 2021-09-20 not yet calculated CVE-2021-41083
MISC
CONFIRM datev -- datev
  Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= 12.5.1001.5 in DATEV programs v14.1 allows attacker to escalate privileges via insufficient configuration of service components. 2021-09-23 not yet calculated CVE-2021-41428
MISC
MISC debian -- debian
  vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VPN access. 2021-09-24 not yet calculated CVE-2021-41583
MISC delta_electronic -- dopsoft2 Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. 2021-09-17 not yet calculated CVE-2021-38404
MISC delta_electronic -- dopsoft2
  Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. 2021-09-17 not yet calculated CVE-2021-38402
MISC delta_electronic -- dopsoft2
  Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process. 2021-09-17 not yet calculated CVE-2021-38406
MISC digi -- portserver
  Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in. 2021-09-17 not yet calculated CVE-2021-38412
MISC discourse -- discourse
  Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were not able to view the posts in the leaked private message despite seeing it in their inbox. The problematic commit was reverted around 32 minutes after it was made. Users are encouraged to upgrade to the latest commit if they are running Discourse against the `tests-passed` branch. 2021-09-20 not yet calculated CVE-2021-41082
CONFIRM
MISC
MISC discourse -- discourse
  Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites. 2021-09-23 not yet calculated CVE-2020-24327
MISC
MISC dr.web -- firewall
  Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters. 2021-09-24 not yet calculated CVE-2021-28130
MISC
MISC druid -- druid
  In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1. 2021-09-24 not yet calculated CVE-2021-36749
MISC
MLIST dumpstatedevice -- gettimestampandpkt
  In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-179620905 References: N/A 2021-09-21 not yet calculated CVE-2021-0869
MISC edge -- edge.js
  This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used. 2021-09-21 not yet calculated CVE-2021-23443
MISC
MISC edgecore -- ecs2020
  Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI. 2021-09-22 not yet calculated CVE-2019-6288
MISC
MISC elvish -- elvish
  Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a result, if the user has the web UI backend open and visits a compromised or malicious website, the website can send arbitrary code to the endpoint in localhost. All Elvish releases from 0.14.0 onward no longer include the the web UI, although it is still possible for the user to build a version from source that includes the web UI. The issue can be patched for previous versions by removing the web UI (found in web, pkg/web or pkg/prog/web, depending on the exact version). 2021-09-23 not yet calculated CVE-2021-41088
CONFIRM
MISC ericsson -- emc
  In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover. 2021-09-17 not yet calculated CVE-2021-41391
MISC ericsson -- emc
  In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. 2021-09-17 not yet calculated CVE-2021-41390
MISC faad2 -- faad2 An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service. 2021-09-20 not yet calculated CVE-2021-32276
MISC faad2 -- faad2 An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution. 2021-09-20 not yet calculated CVE-2021-32277
MISC faad2 -- faad2
  An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution. 2021-09-20 not yet calculated CVE-2021-32272
MISC
MISC faad2 -- faad2
  An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution. 2021-09-20 not yet calculated CVE-2021-32278
MISC faad2 -- faad2
  An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution. 2021-09-20 not yet calculated CVE-2021-32273
MISC faad2 -- faad2
  An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution. 2021-09-20 not yet calculated CVE-2021-32274
MISC faust -- faust
  An issue was discovered in faust through v2.30.5. A NULL pointer dereference exists in the function CosPrim::computeSigOutput() located in cosprim.hh. It allows an attacker to cause Denial of Service. 2021-09-20 not yet calculated CVE-2021-32275
MISC ffmpeg -- ffmpeg
  A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information. 2021-09-20 not yet calculated CVE-2020-20902
MISC
MISC fig2dev -- fig2dev An issue was discovered in fig2dev through 20200520. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. 2021-09-20 not yet calculated CVE-2021-32280
MISC flask-restx -- flask-restx
  Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1. 2021-09-20 not yet calculated CVE-2021-32838
MISC
MISC
MISC
CONFIRM
MISC flexnet -- inventory_agent
  An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior. 2021-09-21 not yet calculated CVE-2021-41525
CONFIRM flexnet -- publisher A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash. 2021-09-17 not yet calculated CVE-2020-12080
MISC frogcms -- frogcms
  Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file. 2021-09-23 not yet calculated CVE-2021-26794
MISC github -- enterprise_server
  A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This vulnerability was reported via the GitHub Bug Bounty program. This is the result of an incomplete fix for CVE-2021-22867. 2021-09-24 not yet calculated CVE-2021-22868
MISC
MISC
MISC github -- enterprise_server
  An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases. 2021-09-24 not yet calculated CVE-2021-22869
MISC
MISC gmate -- gmate
  gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin. 2021-09-22 not yet calculated CVE-2020-23469
MISC gpac -- gpac An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file. 2021-09-22 not yet calculated CVE-2020-23269
MISC gpac -- gpac

  An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service. 2021-09-20 not yet calculated CVE-2021-32269
MISC gpac -- gpac
  An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service. 2021-09-20 not yet calculated CVE-2021-32270
MISC gpac -- gpac
  Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac through 20200801, allows attackers to execute arbitrary code. 2021-09-20 not yet calculated CVE-2021-32268
MISC gpac -- gpac
  An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file. 2021-09-22 not yet calculated CVE-2020-23266
MISC gpac -- gpac
  An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file 2021-09-22 not yet calculated CVE-2020-23267
MISC gpac -- gpac
  An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odf_dump.c. It allows an attacker to cause code Execution. 2021-09-20 not yet calculated CVE-2021-32271
MISC gradle -- enterprise
  In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password. 2021-09-24 not yet calculated CVE-2021-41586
MISC gradle -- enterprise
  Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header. 2021-09-24 not yet calculated CVE-2021-41584
MISC gradle -- enterprise
  In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources. 2021-09-24 not yet calculated CVE-2021-41587
MISC gradle -- enterprise
  In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys. 2021-09-24 not yet calculated CVE-2021-41588
MISC gravity -- gravity An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ircode_register_pop_context_protect() located in gravity_ircode.c. It allows an attacker to cause Denial of Service. 2021-09-20 not yet calculated CVE-2021-32284
MISC gravity -- gravity An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ircode_add_check() located in gravity_ircode.c. It allows an attacker to cause Denial of Service. 2021-09-20 not yet calculated CVE-2021-32282
MISC gravity -- gravity An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function list_iterator_next() located in gravity_core.c. It allows an attacker to cause Denial of Service. 2021-09-20 not yet calculated CVE-2021-32285
MISC gravity -- gravity An issue was discovered in gravity through 0.8.1. A heap-buffer-overflow exists in the function gnode_function_add_upvalue located in gravity_ast.c. It allows an attacker to cause code Execution. 2021-09-20 not yet calculated CVE-2021-32281
MISC gravity -- gravity
  An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function gravity_string_to_value() located in gravity_value.c. It allows an attacker to cause Denial of Service. 2021-09-20 not yet calculated CVE-2021-32283
MISC growi -- growi
  Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page. 2021-09-21 not yet calculated CVE-2021-20829
MISC
MISC gurock -- testrail
  Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data. 2021-09-22 not yet calculated CVE-2021-40875
MISC
MISC
MISC
MISC halibut -- halibut
  In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification. 2021-09-22 not yet calculated CVE-2021-31819
MISC hcxtools -- hcxtools
  An issue was discovered in hcxtools through 6.1.6. A global-buffer-overflow exists in the function pcapngoptionwalk located in hcxpcapngtool.c. It allows an attacker to cause code Execution. 2021-09-20 not yet calculated CVE-2021-32286
MISC heif -- heif

  An issue was discovered in heif through through v3.6.2. A NULL pointer dereference exists in the function convertByteStreamToRBSP() located in nalutil.cpp. It allows an attacker to cause Denial of Service. 2021-09-20 not yet calculated CVE-2021-32289
MISC heif -- heif
  An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicHeight() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution. 2021-09-20 not yet calculated CVE-2021-32288
MISC heif -- heif
  An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicWidth() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution. 2021-09-20 not yet calculated CVE-2021-32287
MISC hikvision -- hikvision
  A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. 2021-09-22 not yet calculated CVE-2021-36260
MISC http4s -- http4s
  http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values (`Header.value`), Status reason phrases (`Status.reason`), URI paths (`Uri.Path`), URI authority registered names (`URI.RegName`) (through 0.21). This issue has been resolved in versions 0.21.30, 0.22.5, 0.23.4, and 1.0.0-M27 perform the following. As a matter of practice http4s services and client applications should sanitize any user input in the aforementioned fields before returning a request or response to the backend. The carriage return, newline, and null characters are the most threatening. 2021-09-21 not yet calculated CVE-2021-41084
MISC
MISC
CONFIRM
MISC ibm -- aspera_cloud
  IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208343. 2021-09-23 not yet calculated CVE-2021-38870
CONFIRM
XF ibm -- cloud_pak
  IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575. 2021-09-20 not yet calculated CVE-2021-38899
CONFIRM
XF ibm -- edge
  IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539. 2021-09-23 not yet calculated CVE-2020-4805
XF
CONFIRM ibm -- edge
  IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535. 2021-09-23 not yet calculated CVE-2020-4803
CONFIRM
XF ibm -- edge
  IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633. 2021-09-23 not yet calculated CVE-2020-4809
XF
CONFIRM ibm -- edge
  IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941. 2021-09-23 not yet calculated CVE-2020-4941
XF
CONFIRM ibm -- jazz_for_service_management
  IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208405. 2021-09-23 not yet calculated CVE-2021-38877
XF
CONFIRM ibm -- powervm_hypervisor
  IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557. 2021-09-21 not yet calculated CVE-2021-29795
XF
CONFIRM ibm -- security_guardium
  IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697. 2021-09-23 not yet calculated CVE-2020-4690
CONFIRM
XF ibm -- security_guardium
  IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569. 2021-09-23 not yet calculated CVE-2021-20377
CONFIRM
XF ibm -- security_verify_bridge
  IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346. 2021-09-23 not yet calculated CVE-2021-20434
XF
CONFIRM ibm -- security_verify_bridge
  IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155. 2021-09-23 not yet calculated CVE-2021-38864
XF
CONFIRM ibm -- security_verify_bridge
  IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355. 2021-09-23 not yet calculated CVE-2021-20435
CONFIRM
XF ibm -- security_verify_bridge
  IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154. 2021-09-23 not yet calculated CVE-2021-38863
XF
CONFIRM ibm -- sterling_file_gateway
  IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197666. 2021-09-23 not yet calculated CVE-2021-20484
CONFIRM
XF ibm -- sterling_file_gateway
  IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667. 2021-09-23 not yet calculated CVE-2021-20485
CONFIRM
XF ibm -- sterling_file_gateway
  IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 199234. 2021-09-23 not yet calculated CVE-2021-20563
XF
CONFIRM ibm -- tivoli_netcol_and_jazz_for_serice_management
  IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2021-09-23 not yet calculated CVE-2021-29800
CONFIRM
XF ibm -- tivoli_netcol_and_jazz_for_service_management IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. IBM X-Force ID: 205685. 2021-09-20 not yet calculated CVE-2021-29856
XF
CONFIRM ibm -- tivoli_netcol_and_jazz_for_service_management IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204270. 2021-09-20 not yet calculated CVE-2021-29809
XF
CONFIRM ibm -- tivoli_netcol_and_jazz_for_service_management IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204825. 2021-09-23 not yet calculated CVE-2021-29833
XF
CONFIRM ibm -- tivoli_netcol_and_jazz_for_service_management IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204334. 2021-09-23 not yet calculated CVE-2021-29814
CONFIRM
XF ibm -- tivoli_netcol_and_jazz_for_service_management IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610. 2021-09-23 not yet calculated CVE-2021-29904
CONFIRM
XF ibm -- tivoli_netcol_and_jazz_for_service_management IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204346. 2021-09-20 not yet calculated CVE-2021-29819
XF
CONFIRM ibm -- tivoli_netcol_and_jazz_for_service_management IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204347. 2021-09-20 not yet calculated CVE-2021-29820
XF
CONFIRM ibm -- tivoli_netcol_and_jazz_for_service_management IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204345. 2021-09-20 not yet calculated CVE-2021-29818
XF
CONFIRM ibm -- tivoli_netcol_and_jazz_for_service_management IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204341. 2021-09-23 not yet calculated CVE-2021-29816
XF
CONFIRM ibm -- tivoli_netcol_and_jazz_for_service_management IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204340. 2021-09-23 not yet calculated CVE-2021-29815
CONFIRM
XF ibm -- tivoli_netcol_and_jazz_for_service_management IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204330. 2021-09-23 not yet calculated CVE-2021-29812
XF
CONFIRM ibm -- tivoli_netcol_and_jazz_for_service_management
  IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204264. 2021-09-20 not yet calculated CVE-2021-29806
XF
CONFIRM ibm -- tivoli_netcol_and_jazz_for_service_management
  IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204824. 2021-09-23 not yet calculated CVE-2021-29832
CONFIRM
XF ibm -- tivoli_netcol_and_jazz_for_service_management
  IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775. 2021-09-21 not yet calculated CVE-2021-29831
CONFIRM
XF ibm -- tivoli_netcol_and_jazz_for_service_management
  IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204348. 2021-09-20 not yet calculated CVE-2021-29821
CONFIRM
XF ibm -- tivoli_netcol_and_jazz_for_service_management
  IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204279. 2021-09-23 not yet calculated CVE-2021-29810
CONFIRM
XF ibm -- tivoli_netcol_and_jazz_for_service_management
  IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204269. 2021-09-20 not yet calculated CVE-2021-29808
XF
CONFIRM ibm -- tivoli_netcol_and_jazz_for_service_management
  IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204343. 2021-09-20 not yet calculated CVE-2021-29817
XF
CONFIRM ibm -- tivoli_netcol_and_jazz_for_service_management
  IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204265. 2021-09-20 not yet calculated CVE-2021-29807
XF
CONFIRM ibm -- tivoli_netcol_and_jazz_for_service_management
  IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204331. 2021-09-23 not yet calculated CVE-2021-29813
XF
CONFIRM ibm -- tivoli_netcol_and_jazz_for_service_management
  IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207616. 2021-09-23 not yet calculated CVE-2021-29905
CONFIRM
XF ibm -- tivoli_netcol_and_jazz_for_service_management
  IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user. IBM X-Force ID: 204329. 2021-09-20 not yet calculated CVE-2021-29811
CONFIRM
XF in-toto-golang -- in-toto-golang
  in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versions authenticated attackers posing as functionaries (i.e., within a trusted set of users for a layout) are able to create attestations that may bypass DISALLOW rules in the same layout. An attacker with access to trusted private keys, may issue an attestation that contains a disallowed artifact by including path traversal semantics (e.g., foo vs dir/../foo). Exploiting this vulnerability is dependent on the specific policy applied. The problem has been fixed in version 0.3.0. 2021-09-21 not yet calculated CVE-2021-41087
MISC
CONFIRM joint -- jointjs
  This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function. 2021-09-21 not yet calculated CVE-2021-23444
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM jolokia -- jolokia
  Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container. 2021-09-22 not yet calculated CVE-2021-40684
MISC
MISC json -- json
  All versions of package com.jsoniter:jsoniter are vulnerable to Deserialization of Untrusted Data via malicious JSON strings. This may lead to a Denial of Service, and in certain cases, code execution. 2021-09-19 not yet calculated CVE-2021-23441
MISC jsuites -- jsuites
  jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying _anything_ from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to `innerHTML` allowing for javascript injection and thus XSS. Users are advised to update to version 4.9.11 to resolve. 2021-09-21 not yet calculated CVE-2021-41086
MISC
CONFIRM
MISC kubernetes -- kubernetes A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. 2021-09-20 not yet calculated CVE-2021-25741
MLIST
CONFIRM kubernetes -- kubernetes
  A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. 2021-09-20 not yet calculated CVE-2021-25740
MLIST
CONFIRM kubernetes -- kubernetes
  A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs. 2021-09-20 not yet calculated CVE-2020-8561
MLIST
CONFIRM leo_editor -- leo_editor
  Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. 2021-09-22 not yet calculated CVE-2020-23478
MISC libcurl -- libcurl
  When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. 2021-09-23 not yet calculated CVE-2021-22945
MISC libiff -- libiff
  An issue was discovered in libiff through 20190123. A global-buffer-overflow exists in the function IFF_errorId located in error.c. It allows an attacker to cause code Execution. 2021-09-20 not yet calculated CVE-2021-32298
MISC libjpeg -- libjpeg
  An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the function ACLosslessScan::ParseMCU() located in aclosslessscan.cpp. It allows an attacker to cause Denial of Service. 2021-09-20 not yet calculated CVE-2021-39514
MISC libressl -- libressl
  x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination. 2021-09-24 not yet calculated CVE-2021-41581
MISC libsixel -- libsixel
  Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. 2021-09-17 not yet calculated CVE-2020-21547
MISC libsixel -- libsixel
  Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. 2021-09-17 not yet calculated CVE-2020-21548
MISC libslak -- libslak An issue was discovered in libslax through v0.22.1. slaxIsCommentStart() in slaxlexer.c has a heap-based buffer overflow. 2021-09-20 not yet calculated CVE-2021-39534
MISC libslak -- libslak An issue was discovered in libslax through v0.22.1. slaxLexer() in slaxlexer.c has a heap-based buffer overflow. 2021-09-20 not yet calculated CVE-2021-39533
MISC libslak -- libslak
  An issue was discovered in libslax through v0.22.1. slaxLexer() in slaxlexer.c has a stack-based buffer overflow. 2021-09-20 not yet calculated CVE-2021-39531
MISC libslak -- libslak
  An issue was discovered in libslax through v0.22.1. A NULL pointer dereference exists in the function slaxLexer() located in slaxlexer.c. It allows an attacker to cause Denial of Service. 2021-09-20 not yet calculated CVE-2021-39532
MISC libxsmm -- libxsmm
  An issue was discovered in libxsmm through v1.16.1-93. The JIT code has a heap-based buffer overflow. 2021-09-20 not yet calculated CVE-2021-39536
MISC libxsmm -- libxsmm
  An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer dereference exists in JIT code. It allows an attacker to cause Denial of Service. 2021-09-20 not yet calculated CVE-2021-39535
MISC lief -- lief
  An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution. 2021-09-20 not yet calculated CVE-2021-32297
MISC line -- client
  LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information. 2021-09-22 not yet calculated CVE-2021-41011
MISC lingig -- libgig An issue was discovered in libgig through 20200507. A heap-buffer-overflow exists in the function RIFF::List::GetSubList located in RIFF.cpp. It allows an attacker to cause code Execution. 2021-09-20 not yet calculated CVE-2021-32294
MISC linux -- linux_kernel
  arch/mips/net/bpf_jit.c in the Linux kernel through 5.14.6 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture. 2021-09-20 not yet calculated CVE-2021-38300
MISC linux -- linux_kernel
  loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. 2021-09-19 not yet calculated CVE-2021-41073
MISC
MISC
DEBIAN maccms -- maccms
  A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. 2021-09-24 not yet calculated CVE-2020-20514
MISC maianaffiliate -- maianaffiliate MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database. 2021-09-22 not yet calculated CVE-2021-39404
MISC maianaffiliate -- maianaffiliate
  MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors. 2021-09-20 not yet calculated CVE-2021-39402
MISC
MISC manageengine -- desktop_central
  ManageEngine Desktop Central before build 10.0.683 allows Unauthenticated Remote Code Execution during communication with Notification Server. 2021-09-21 not yet calculated CVE-2021-28960
MISC
MISC mattermost -- mattermost
  Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP. 2021-09-22 not yet calculated CVE-2021-37860
MISC mcafee -- agent
  Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user. 2021-09-22 not yet calculated CVE-2021-31836
CONFIRM mcafee -- agent
  Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature. 2021-09-22 not yet calculated CVE-2021-31847
CONFIRM
MISC mcafee -- agent
  A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature. 2021-09-22 not yet calculated CVE-2021-31841
CONFIRM misp -- misp
  In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. 2021-09-17 not yet calculated CVE-2021-41326
MISC
MISC national_instruments -- ni-pal_driver
  Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access. 2021-09-17 not yet calculated CVE-2021-38304
MISC ncurses -- ncurses
  An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. 2021-09-20 not yet calculated CVE-2021-39537
MISC netgear -- r6020
  setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field. 2021-09-17 not yet calculated CVE-2021-41383
MISC netgear -- routers
  The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled by default. This daemon connects to Circle and NETGEAR to obtain version information and updates to the circled daemon and its filtering database. However, database updates from NETGEAR are unsigned and downloaded via cleartext HTTP. As such, an attacker with the ability to perform a MitM attack on the device can respond to circled update requests with a crafted, compressed database file, the extraction of which gives the attacker the ability to overwrite executable files with attacker-controlled code. This affects R6400v2 1.0.4.106, R6700 1.0.2.16, R6700v3 1.0.4.106, R6900 1.0.2.16, R6900P 1.3.2.134, R7000 1.0.11.123, R7000P 1.3.2.134, R7850 1.0.5.68, R7900 1.0.4.38, R8000 1.0.4.68, and RS400 1.5.0.68. 2021-09-21 not yet calculated CVE-2021-40847
MISC
MISC nlight -- eclypse
  nLight ECLYPSE (nECY) system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of an affected device. nECY system controllers utilize an encrypted channel to secure SensorViewTM configuration and monitoring software and nECY to nECY communications. Impacted devices are at risk of exploitation. A remote attacker with IP access to an impacted device could submit lighting control commands to the nECY by leveraging the default key. A successful attack may result in the attacker gaining the ability to modify lighting conditions or gain the ability to update the software on lighting devices. The impacted key is referred to as the SensorView Password in the nECY nLight Explorer Interface and the Gateway Password in the SensorView application. An attacker cannot authenticate to or modify the configuration or software of the nECY system controller. 2021-09-17 not yet calculated CVE-2021-40825
MISC
MISC nlnet_labs -- routinator
  NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation. 2021-09-21 not yet calculated CVE-2021-41531
MISC opennms -- opennms
  OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016. 2021-09-24 not yet calculated CVE-2016-6555
MISC
MISC opennms -- opennms
  OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016. 2021-09-24 not yet calculated CVE-2016-6556
MISC
MISC opensis -- community_edition
  OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter. 2021-09-24 not yet calculated CVE-2021-40310
MISC
MISC
MISC opensis -- os4ed
  A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability. 2021-09-24 not yet calculated CVE-2021-40309
MISC
MISC
MISC openvpn -- access_server
  OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL. 2021-09-23 not yet calculated CVE-2021-3824
MISC oracle -- linux
  Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 2021-09-24 not yet calculated CVE-2021-2464
MISC panda -- adaptive_defense_360
  DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file. 2021-09-23 not yet calculated CVE-2021-26750
MISC pardus -- software_center
  A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system. 2021-09-18 not yet calculated CVE-2021-3806
CONFIRM
CONFIRM payara -- micro_community
  Payara Micro Community 5.2021.6 and below allows Directory Traversal. 2021-09-23 not yet calculated CVE-2021-41381
MISC
MISC pbrt -- pbrt
  An issue was discovered in pbrt through 20200627. A stack-buffer-overflow exists in the function pbrt::ParamSet::ParamSet() located in paramset.h. It allows an attacker to cause code Execution. 2021-09-20 not yet calculated CVE-2021-32299
MISC ping -- pingaccess
  Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. 2021-09-24 not yet calculated CVE-2021-31923
CONFIRM plastic -- scm
  Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface. 2021-09-22 not yet calculated CVE-2021-41382
MISC realvnc -- viewer
  ** DISPUTED ** RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data. NOTE: It is asserted that this issue requires social engineering a user into connecting to a fake VNC Server. The VNC Viewer application they are using will then hang, until terminated, but no memory leak occurs - the resources are freed once the hung process is terminated and the resource usage is constant during the hang. Only the process that is connected to the fake Server is affected. This is an application bug, not a security issue. 2021-09-17 not yet calculated CVE-2021-41380
MISC red_hat -- red_hat
  A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-09-21 not yet calculated CVE-2021-31917
MISC redis -- redis
  A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). 2021-09-20 not yet calculated CVE-2020-21468
MISC
MISC revenera -- code_insight A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). 2021-09-17 not yet calculated CVE-2020-12082
CONFIRM revenera -- code_insight
  An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). 2021-09-17 not yet calculated CVE-2020-12083
CONFIRM revive-adserver -- revive-adserver
  Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account. 2021-09-23 not yet calculated CVE-2021-22948
MISC
MISC seated-launch -- seatd
  seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. 2021-09-17 not yet calculated CVE-2021-41387
MISC shopkit -- shopkit
  Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field. 2021-09-24 not yet calculated CVE-2020-20508
MISC sonicwall -- global_vpn_client
  SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier. 2021-09-21 not yet calculated CVE-2021-20037
CONFIRM sqlparse -- sqlparse sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround don't use the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. The issues has been fixed in sqlparse 0.4.2. 2021-09-20 not yet calculated CVE-2021-32839
MISC
CONFIRM ssh2 -- ssh2
  ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0. 2021-09-20 not yet calculated CVE-2020-26301
CONFIRM
MISC
MISC suitelink -- server Null pointer dereference in SuiteLink server while processing command 0x0b 2021-09-23 not yet calculated CVE-2021-32987
CONFIRM suitelink -- server
  Improper handling of exceptional conditions in SuiteLink server while processing command 0x01 2021-09-23 not yet calculated CVE-2021-32999
CONFIRM suitelink -- server
  Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a 2021-09-23 not yet calculated CVE-2021-32979
CONFIRM suitelink -- server
  Null pointer dereference in SuiteLink server while processing command 0x07 2021-09-23 not yet calculated CVE-2021-32971
CONFIRM suitelink -- server
  Null pointer dereference in SuiteLink server while processing commands 0x03/0x10 2021-09-23 not yet calculated CVE-2021-32963
CONFIRM suitelink -- server
  Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06 2021-09-23 not yet calculated CVE-2021-32959
CONFIRM tcpreplay -- tcpreplay
  Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap. 2021-09-22 not yet calculated CVE-2020-23273
MISC teleport -- teleport
  Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations. 2021-09-18 not yet calculated CVE-2021-41393
MISC
MISC
MISC
MISC teleport -- teleport
  Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations. 2021-09-18 not yet calculated CVE-2021-41394
MISC
MISC
MISC
MISC teleport -- teleport
  Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username. 2021-09-18 not yet calculated CVE-2021-41395
MISC
MISC tor -- browser
  Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. If --log or --verbose is used, exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network). 2021-09-24 not yet calculated CVE-2021-39246
MISC
MISC
MISC
MISC
MISC unicode -- unicode
  International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp. 2021-09-20 not yet calculated CVE-2020-21913
MISC
MISC unifi_talk -- multiple_devices
  A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later. 2021-09-23 not yet calculated CVE-2021-22952
MISC usenix -- usenix
  TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairing to pair with a victim BLE device based on TI chips and generate an authenticated-and-MITM-protection LTK. If a fake mobile with the victim mobile’s MAC address uses Just Works and pairs with the victim device, the generated LTK still has the property of authenticated-and-MITM-protection. Therefore, the fake mobile can access attributes with the authenticated read/write permission. 2021-09-20 not yet calculated CVE-2020-16630
MISC
MISC vcenter -- server The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints. 2021-09-23 not yet calculated CVE-2021-22006
MISC vcenter -- server vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation. 2021-09-23 not yet calculated CVE-2021-22011
MISC vcenter -- server The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure. 2021-09-23 not yet calculated CVE-2021-21993
MISC vcenter -- server
  The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file. 2021-09-23 not yet calculated CVE-2021-22005
MISC vcenter -- server
  The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. 2021-09-23 not yet calculated CVE-2021-22012
MISC vcenter -- server
  The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service. 2021-09-23 not yet calculated CVE-2021-22010
MISC vcenter -- server
  The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. 2021-09-23 not yet calculated CVE-2021-22013
MISC vcenter -- server
  The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service. 2021-09-23 not yet calculated CVE-2021-22009
MISC vcenter -- server
  The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information. 2021-09-23 not yet calculated CVE-2021-22008
MISC vcenter -- server
  Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed. 2021-09-23 not yet calculated CVE-2021-22017
MISC vcenter -- server
  The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server. 2021-09-23 not yet calculated CVE-2021-22014
MISC vcenter -- server
  The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host. 2021-09-22 not yet calculated CVE-2021-21992
MISC vcenter -- server
  The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash). 2021-09-22 not yet calculated CVE-2021-21991
MISC vcenter -- server
  The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. 2021-09-23 not yet calculated CVE-2021-22015
MISC vcenter -- server
  The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link. 2021-09-23 not yet calculated CVE-2021-22016
MISC vcenter -- server
  The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information. 2021-09-23 not yet calculated CVE-2021-22007
MISC vcenter -- server
  The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files. 2021-09-23 not yet calculated CVE-2021-22018
MISC vcenter -- server
  The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition. 2021-09-23 not yet calculated CVE-2021-22019
MISC vcenter -- server
  The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server. 2021-09-23 not yet calculated CVE-2021-22020
MISC virgin_media -- super_hub_3
  An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and DNS rebinding to leak the WAN IP address of a user (if they are using certain VPN implementations, this would decloak them). 2021-09-20 not yet calculated CVE-2019-16651
MISC
MISC wasmtime -- wasmtime Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never use `unsafe` then it should not be possible to have memory unsafety issues in their embeddings of Wasmtime. An issue was discovered in the safe API of `Linker::func_*` APIs. These APIs were previously not sound when one `Engine` was used to create the `Linker` and then a different `Engine` was used to create a `Store` and then the `Linker` was used to instantiate a module into that `Store`. Cross-`Engine` usage of functions is not supported in Wasmtime and this can result in type confusion of function pointers, resulting in being able to safely call a function with the wrong type. Triggering this bug requires using at least two `Engine` values in an embedding and then additionally using two different values with a `Linker` (one at the creation time of the `Linker` and another when instantiating a module with the `Linker`). It's expected that usage of more-than-one `Engine` in an embedding is relatively rare since an `Engine` is intended to be a globally shared resource, so the expectation is that the impact of this issue is relatively small. The fix implemented is to change this behavior to `panic!()` in Rust instead of silently allowing it. Using different `Engine` instances with a `Linker` is a programmer bug that `wasmtime` catches at runtime. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime and are using more than one `Engine` in your embedding it's recommended to instead use only one `Engine` for the entire program if possible. An `Engine` is designed to be a globally shared resource that is suitable to have only one for the lifetime of an entire process. If using multiple `Engine`s is required then code should be audited to ensure that `Linker` is only used with one `Engine`. 2021-09-17 not yet calculated CVE-2021-39219
MISC
MISC
CONFIRM wasmtime -- wasmtime
  Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple `externref`s from the host to a Wasm instance at the same time, either by passing multiple `externref`s as arguments from host code to a Wasm function, or returning multiple `externref`s to Wasm from a multi-value return function defined in the host. If you do not have host code that matches one of these shapes, then you are not impacted. If Wasmtime's `VMExternRefActivationsTable` became filled to capacity after passing the first `externref` in, then passing in the second `externref` could trigger a garbage collection. However the first `externref` is not rooted until we pass control to Wasm, and therefore could be reclaimed by the collector if nothing else was holding a reference to it or otherwise keeping it alive. Then, when control was passed to Wasm after the garbage collection, Wasm could use the first `externref`, which at this point has already been freed. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. The bug has been fixed, and users should upgrade to Wasmtime 0.30.0. If you cannot upgrade Wasmtime yet, you can avoid the bug by disabling reference types support in Wasmtime by passing `false` to `wasmtime::Config::wasm_reference_types`. 2021-09-17 not yet calculated CVE-2021-39216
MISC
MISC
CONFIRM wasmtime -- wasmtime
  Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses `externref`s, the host creates non-null `externrefs`, Wasmtime performs a garbage collection (GC), and there has to be a Wasm frame on the stack that is at a GC safepoint where there are no live references at this safepoint, and there is a safepoint with live references earlier in this frame's function. Under this scenario, Wasmtime would incorrectly use the GC stack map for the safepoint from earlier in the function instead of the empty safepoint. This would result in Wasmtime treating arbitrary stack slots as `externref`s that needed to be rooted for GC. At the *next* GC, it would be determined that nothing was referencing these bogus `externref`s (because nothing could ever reference them, because they are not really `externref`s) and then Wasmtime would deallocate them and run `<ExternRef as Drop>::drop` on them. This results in a free of memory that is not necessarily on the heap (and shouldn't be freed at this moment even if it was), as well as potential out-of-bounds reads and writes. Even though support for `externref`s (via the reference types proposal) is enabled by default, unless you are creating non-null `externref`s in your host code or explicitly triggering GCs, you cannot be affected by this bug. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime at this time, you can avoid this bug by disabling the reference types proposal by passing `false` to `wasmtime::Config::wasm_reference_types`. 2021-09-17 not yet calculated CVE-2021-39218
MISC
CONFIRM
MISC wordpress -- wordpress The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query ran twice. 2021-09-20 not yet calculated CVE-2021-24404
MISC
MISC wordpress -- wordpress The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2021-09-20 not yet calculated CVE-2021-24609
MISC wordpress -- wordpress The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be performed via CSRF against a logged in with such capability 2021-09-20 not yet calculated CVE-2021-24583
MISC wordpress -- wordpress The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0. 2021-09-22 not yet calculated CVE-2021-39339
MISC
MISC wordpress -- wordpress The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2021-09-20 not yet calculated CVE-2021-24604
MISC wordpress -- wordpress The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL 2021-09-20 not yet calculated CVE-2021-24635
MISC wordpress -- wordpress The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2021-09-20 not yet calculated CVE-2021-24400
MISC
MISC wordpress -- wordpress The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2021-09-20 not yet calculated CVE-2021-24397
MISC
MISC wordpress -- wordpress The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors 2021-09-20 not yet calculated CVE-2021-24403
MISC
MISC wordpress -- wordpress The WordPress Slider Block Gutenslider plugin before 5.2.0 does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks 2021-09-20 not yet calculated CVE-2021-24640
MISC wordpress -- wordpress The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users. 2021-09-20 not yet calculated CVE-2021-24741
MISC
MISC
MISC wordpress -- wordpress The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute). 2021-09-20 not yet calculated CVE-2021-24525
MISC wordpress -- wordpress The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2021-09-20 not yet calculated CVE-2021-24530
MISC wordpress -- wordpress The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue. 2021-09-20 not yet calculated CVE-2021-24657
MISC wordpress -- wordpress The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice. 2021-09-20 not yet calculated CVE-2021-24398
MISC
MISC wordpress -- wordpress Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage. 2021-09-23 not yet calculated CVE-2021-36873
CONFIRM
MISC wordpress -- wordpress
  The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website. 2021-09-20 not yet calculated CVE-2021-24638
MISC wordpress -- wordpress
  The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue. 2021-09-20 not yet calculated CVE-2021-24582
MISC wordpress -- wordpress
  The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed 2021-09-20 not yet calculated CVE-2021-24613
MISC wordpress -- wordpress
  The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+ 2021-09-20 not yet calculated CVE-2021-24606
MISC wordpress -- wordpress
  The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims. 2021-09-22 not yet calculated CVE-2021-34648
MISC
MISC wordpress -- wordpress
  The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user (as low as subscriber), or unauthenticated user via a CSRF vector to update them and perform such attack. 2021-09-20 not yet calculated CVE-2021-24618
MISC wordpress -- wordpress
  The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6. 2021-09-20 not yet calculated CVE-2021-34650
MISC
MISC wordpress -- wordpress
  The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-09-20 not yet calculated CVE-2021-24600
MISC wordpress -- wordpress
  The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information. 2021-09-22 not yet calculated CVE-2021-34647
MISC
MISC wordpress -- wordpress
  The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link 2021-09-20 not yet calculated CVE-2021-24636
MISC wordpress -- wordpress
  The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gutenberg block. 2021-09-20 not yet calculated CVE-2021-24637
MISC wordpress -- wordpress
  The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used 2021-09-20 not yet calculated CVE-2021-24597
MISC wordpress -- wordpress
  The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2021-09-20 not yet calculated CVE-2021-24511
MISC
MISC wordpress -- wordpress
  The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server. 2021-09-20 not yet calculated CVE-2021-24639
MISC wordpress -- wordpress
  Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type]. 2021-09-23 not yet calculated CVE-2021-36872
CONFIRM
MISC wordpress -- wordpress
  The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2021-09-20 not yet calculated CVE-2021-24596
MISC wordpress -- wordpress
  The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address (along other less sensitive data) of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the edit_posts capability. Combined with the other Unauthorised Event Timeslot Modification issue (https://wpscan.com/reports/submissions/4699/) where an arbitrary user ID can be set, this could allow low privilege users with the edit_posts capability (such as author) to retrieve sensitive User data by iterating over the user_id 2021-09-20 not yet calculated CVE-2021-24585
MISC wordpress -- wordpress
  The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the edit_posts capability (contributor+) to update arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be perform via CSRF against a logged in with such capability. In versions before 2.3.19, the lack of sanitisation and escaping in some of the fields, like the descritption could also lead to Stored XSS issues 2021-09-20 not yet calculated CVE-2021-24584
MISC wordpress -- wordpress
  A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin through 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2021-09-20 not yet calculated CVE-2021-24396
MISC
MISC wordpress -- wordpress
  The check_order function of The Sorter WordPress plugin through 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2021-09-20 not yet calculated CVE-2021-24399
MISC
MISC wordpress -- wordpress
  The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0. 2021-09-20 not yet calculated CVE-2021-39325
MISC
MISC wordpress -- wordpress
  The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 2021-09-20 not yet calculated CVE-2021-24401
MISC
MISC wordpress -- wordpress
  Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin (versions <= 6.8). Stored XSS possible via unsanitized input fields of the plugin settings, some of the payloads could make the frontend and the backend inaccessible. 2021-09-23 not yet calculated CVE-2021-36823
MISC
CONFIRM
MISC wordpress -- wordpress
  The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors 2021-09-20 not yet calculated CVE-2021-24402
MISC
MISC wordpress -- wordpress
  The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue. 2021-09-20 not yet calculated CVE-2021-24587
MISC wordpress -- wordpress
  The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE 2021-09-20 not yet calculated CVE-2021-24663
MISC wuzhi -- cms
  Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. 2021-09-21 not yet calculated CVE-2020-19553
MISC wuzhi -- cms
  Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. 2021-09-21 not yet calculated CVE-2020-19551
MISC wuzhi -- cms
  Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. 2021-09-20 not yet calculated CVE-2020-19915
MISC
MISC wuzhi -- wuzhi
  An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php. 2021-09-20 not yet calculated CVE-2021-40674
MISC xss -- hunter_express
  XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths. 2021-09-17 not yet calculated CVE-2021-41317
MISC
MISC
MISC yzmcms -- yzmcms A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. 2021-09-23 not yet calculated CVE-2020-19951
MISC yzmcms -- yzmcms
  A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. 2021-09-23 not yet calculated CVE-2020-19949
MISC yzmcms -- yzmcms
  A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. 2021-09-23 not yet calculated CVE-2020-19950
MISC zoho -- manageengine ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. 2021-09-21 not yet calculated CVE-2021-37424
MISC
MISC zoho -- manageengine ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. 2021-09-21 not yet calculated CVE-2021-37741
MISC
MISC zoho -- manageengine
  Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. 2021-09-21 not yet calculated CVE-2020-19554
MISC zoho -- manageengine
  ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. 2021-09-21 not yet calculated CVE-2021-37420
MISC
MISC zoho -- manageengine
  Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO. 2021-09-22 not yet calculated CVE-2021-37927
MISC
MISC zoho -- manageengine
  Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability. 2021-09-22 not yet calculated CVE-2021-37925
MISC
MISC zoho -- manageengine
  ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. 2021-09-21 not yet calculated CVE-2021-37419
MISC
  zte -- mobile_phone
  There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages. 2021-09-25 not yet calculated CVE-2021-21742
MISC Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 20.

Vulnerability Summary for the Week of September 13, 2021

Original release date: September 20, 2021

 

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info zohocorp -- manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. 2021-09-10 7.5 CVE-2021-37422
MISC zohocorp -- manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. 2021-09-10 7.5 CVE-2021-37423
MISC Back to top

 

Medium Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info amazingweb -- wp-design-maps-places The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. 2021-09-10 4.3 CVE-2021-38334
MISC
MISC carrcommunications -- rsvpmaker_excel The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. 2021-09-10 4.3 CVE-2021-38337
MISC
MISC devondev -- simple_matted_thumbnails The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01. 2021-09-10 4.3 CVE-2021-38339
MISC
MISC dj_emailpublish_project -- dj_emailpublish The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2. 2021-09-10 4.3 CVE-2021-38329
MISC
MISC dreamfoxmedia -- woocommerce_payment_gateway_per_category The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10. 2021-09-10 4.3 CVE-2021-38341
MISC
MISC elyazalee -- sms-ovh The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the ~/sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1. 2021-09-10 4.3 CVE-2021-38357
MISC
MISC feedify -- web_push_notifications The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8. 2021-09-10 4.3 CVE-2021-38352
MISC
MISC notices_project -- notices The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. 2021-09-10 4.3 CVE-2021-38328
MISC
MISC ops-robots-txt_project -- ops-robots-txt The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. 2021-09-10 4.3 CVE-2021-38332
MISC
MISC outsidesource -- osd_subscribe The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3. 2021-09-10 4.3 CVE-2021-38351
MISC
MISC spideranalyse_project -- spideranalyse The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the ~/analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1. 2021-09-10 4.3 CVE-2021-38350
MISC
MISC sw-guide -- edit_comments_xt The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. 2021-09-10 4.3 CVE-2021-38336
MISC
MISC tromit -- yabp The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4. 2021-09-10 4.3 CVE-2021-38330
MISC
MISC ueberhamm-design -- youtube_video_inserter The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0. 2021-09-10 4.3 CVE-2021-38327
MISC
MISC webodid -- dropdown_and_scrollable_text The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0. 2021-09-10 4.3 CVE-2021-38353
MISC
MISC wiseagent -- wise_agent_capture_forms The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. 2021-09-10 4.3 CVE-2021-38335
MISC
MISC wp_scrippets_project -- wp_scrippets The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1. 2021-09-10 4.3 CVE-2021-38333
MISC
MISC wpleet -- post_title_counter The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. 2021-09-10 4.3 CVE-2021-38326
MISC
MISC zohocorp -- manageengine_desktop_central Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows anyone to get a valid user's APIKEY without authentication. 2021-09-10 5 CVE-2021-37414
MISC Back to top

 

Low Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info There were no low vulnerabilities recorded this week. Back to top

 

Severity Not Yet Assigned Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
elastic -- enterprise_search_app Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines. 2021-09-15 not yet calculated CVE-2021-22148
MISC
MISC
elastic -- enterprise_search_app
  Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users. 2021-09-15 not yet calculated CVE-2021-22149
MISC
MISC adminlte -- adminlte
  adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2021-09-17 not yet calculated CVE-2021-3812
CONFIRM
MISC adminlte -- adminlte
  adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2021-09-17 not yet calculated CVE-2021-3811
CONFIRM
MISC ansi-regex -- ansi-regex
  ansi-regex is vulnerable to Inefficient Regular Expression Complexity 2021-09-17 not yet calculated CVE-2021-3807
MISC
CONFIRM any23 -- any23
  A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities. 2021-09-11 not yet calculated CVE-2021-40146
CONFIRM
MLIST any23 -- streamutils.java
  An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. 2021-09-11 not yet calculated CVE-2021-38555
CONFIRM apache -- http_server
  ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. 2021-09-16 not yet calculated CVE-2021-39275
MISC apache -- http_server
  A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). 2021-09-16 not yet calculated CVE-2021-36160
MISC
MLIST
MLIST apache -- http_server
  Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. 2021-09-16 not yet calculated CVE-2021-34798
MISC apache -- http_server
  A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. 2021-09-16 not yet calculated CVE-2021-40438
MISC apache -- jena
  A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server. 2021-09-16 not yet calculated CVE-2021-39239
MISC
MLIST apache -- shiro
  Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0. 2021-09-17 not yet calculated CVE-2021-41303
MISC apache -- tomcat
  Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. 2021-09-16 not yet calculated CVE-2021-41079
MISC apogee -- mbc
  A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges. 2021-09-14 not yet calculated CVE-2021-27391
MISC ari -- adminer
  Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called. 2021-09-15 not yet calculated CVE-2020-19156
MISC assyst -- assyst
  Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points. 2021-09-15 not yet calculated CVE-2021-30137
MISC atftp -- atftp
  tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options. 2021-09-13 not yet calculated CVE-2021-41054
MISC atlassian -- jira_server_and_data_center Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1. 2021-09-16 not yet calculated CVE-2021-39128
MISC atlassian -- jira_server_and_data_center
  Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0. 2021-09-14 not yet calculated CVE-2021-39118
MISC atlassian -- jira_server_and_data_center
  Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/<version>/check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1. 2021-09-14 not yet calculated CVE-2019-20101
N/A
N/A atlassian -- jira_server_and_data_center
  Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. 2021-09-14 not yet calculated CVE-2021-39125
MISC atlassian -- jira_server_and_data_center
  The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request. 2021-09-14 not yet calculated CVE-2021-39124
MISC atlassian -- jira_server_and_data_center
  Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the /rest/gadget/1.0/createdVsResolved/generate endpoint. The affected versions are before version 8.16.0. 2021-09-14 not yet calculated CVE-2021-39123
MISC autodesk -- fbx_review
  A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure. 2021-09-15 not yet calculated CVE-2021-27044
MISC autodesk -- navisworks
  A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code. 2021-09-15 not yet calculated CVE-2021-40156
MISC autodesk -- navisworks
  A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code. 2021-09-15 not yet calculated CVE-2021-27045
MISC autodesk -- navisworks
  A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code. 2021-09-15 not yet calculated CVE-2021-40155
MISC autodesk -- navisworks
  A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files. 2021-09-15 not yet calculated CVE-2021-27046
MISC autodesk -- navisworks
  A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system. 2021-09-15 not yet calculated CVE-2021-40157
MISC aviatrix -- controller An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. 2021-09-13 not yet calculated CVE-2021-40870
MISC
MISC beego -- beego
  Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page. 2021-09-14 not yet calculated CVE-2021-39391
MISC
MISC big-ip -- big-ip On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23038
MISC big-ip -- big-ip On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23042
MISC big-ip -- big-ip On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23041
MISC big-ip -- big-ip On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23040
MISC big-ip -- big-ip On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote (IPSec) peer, which already has a negotiated Security Association, can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23039
MISC big-ip -- big-ip On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a BIG-IP DNS system is configured with non-default Wide IP and pool settings, undisclosed DNS responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23032
MISC big-ip -- big-ip On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23030
MISC big-ip -- big-ip On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23031
MISC big-ip -- big-ip On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23036
MISC big-ip -- big-ip On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23035
MISC big-ip -- big-ip On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23034
MISC big-ip -- big-ip On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23046
MISC big-ip -- big-ip On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when the Intel QuickAssist Technology (QAT) compression driver is used on affected BIG-IP hardware and BIG-IP Virtual Edition (VE) platforms, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23044
MISC big-ip -- big-ip On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23033
MISC big-ip -- big-ip On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel (TMM) memory utilization resulting in an out-of-memory condition and a denial-of-service (DoS). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23049
MISC big-ip -- big-ip On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23050
MISC big-ip -- big-ip
  On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23047
MISC big-ip -- big-ip
  On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP messages can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23048
MISC big-ip -- big-ip
  On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23028
MISC big-ip -- big-ip
  BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23026
MISC big-ip -- big-ip
  On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23029
MISC big-ip -- big-ip
  On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23025
MISC big-ip -- big-ip
  On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23037
MISC big-ip -- big-ip
  On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23053
MISC big-ip -- big-ip
  On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23052
MISC big-ip -- big-ip
  On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This is due to an incomplete fix for CVE-2020-5862. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23051
MISC big-ip -- big-ip
  On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to access arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23043
MISC big-ip -- big-ip
  On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when an SCTP profile with multiple paths is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23045
MISC big-ip -- big-ip
  On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2021-09-14 not yet calculated CVE-2021-23027
MISC body-parser-xml -- body-parser-xml
  body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 2021-09-13 not yet calculated CVE-2021-3666
CONFIRM
MISC boost -- note
  static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API. 2021-09-17 not yet calculated CVE-2021-41392
MISC btcpayserver -- btcpayserver
  btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2021-09-10 not yet calculated CVE-2021-3646
CONFIRM
MISC cerberus -- dms
  A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability. 2021-09-14 not yet calculated CVE-2021-37181
MISC clearance -- clearance
  This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com). 2021-09-12 not yet calculated CVE-2021-23435
CONFIRM
CONFIRM cms -- made_simple
  An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1). 2021-09-17 not yet calculated CVE-2019-9060
CONFIRM
CONFIRM
CONFIRM
CONFIRM code-server -- code-server
  code-server is vulnerable to Inefficient Regular Expression Complexity 2021-09-17 not yet calculated CVE-2021-3810
CONFIRM
MISC cookie/deep -- cookie/deep
  This affects all versions of package @cookiex/deep. The global proto object can be polluted using the __proto__ object. 2021-09-17 not yet calculated CVE-2021-23442
MISC
MISC
MISC cs-cart -- cs-cart
  In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page. 2021-09-14 not yet calculated CVE-2021-32202
MISC dahua -- dahua
  The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. 2021-09-15 not yet calculated CVE-2021-33044
MISC dahua -- dahua
  The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. 2021-09-15 not yet calculated CVE-2021-33045
MISC delta -- electronic_dopsoft2 Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process. 2021-09-17 not yet calculated CVE-2021-38406
MISC delta -- electronic_dopsoft2
  Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. 2021-09-17 not yet calculated CVE-2021-38402
MISC delta -- electronic_dopsoft2
  Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. 2021-09-17 not yet calculated CVE-2021-38404
MISC desigo -- cc
  A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. 2021-09-14 not yet calculated CVE-2021-31891
MISC device42 -- main_appliance
  The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector. 2021-09-17 not yet calculated CVE-2021-41316
MISC
MISC
MISC device42 -- remote_collector
  The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges. 2021-09-17 not yet calculated CVE-2021-41315
MISC
MISC digi -- portserver
  Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in. 2021-09-17 not yet calculated CVE-2021-38412
MISC ec-cube -- ec-cube Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote attacker to inject an arbitrary script via unspecified vectors. 2021-09-17 not yet calculated CVE-2021-20828
MISC
MISC ec-cube -- ec-cube
  Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. 2021-09-17 not yet calculated CVE-2021-20825
MISC
MISC eclipse -- equinox
  In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code. 2021-09-13 not yet calculated CVE-2021-41033
CONFIRM elastic -- elasticsearch
  Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view. 2021-09-15 not yet calculated CVE-2021-22147
MISC
MISC emlog -- emlog
  emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles. 2021-09-15 not yet calculated CVE-2020-21321
MISC enbra -- ewm
  Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data. 2021-09-16 not yet calculated CVE-2021-34572
CONFIRM enbra -- ewm
  In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events. 2021-09-16 not yet calculated CVE-2021-34573
CONFIRM enbra -- m-bus_devices
  Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM. 2021-09-16 not yet calculated CVE-2021-34571
CONFIRM ericsson -- ecm
  In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. 2021-09-17 not yet calculated CVE-2021-41390
MISC ericsson -- ecm
  In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover. 2021-09-17 not yet calculated CVE-2021-41391
MISC expertpdf -- expertpdf
  A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read. 2021-09-15 not yet calculated CVE-2020-35340
MISC feehi -- feehi
  An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file. 2021-09-15 not yet calculated CVE-2020-21322
MISC fig2dev -- fig2dev fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. 2021-09-16 not yet calculated CVE-2020-21534
MISC fig2dev -- fig2dev fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. 2021-09-16 not yet calculated CVE-2020-21531
MISC fig2dev -- fig2dev
  fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. 2021-09-16 not yet calculated CVE-2020-21529
MISC fig2dev -- fig2dev
  fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. 2021-09-16 not yet calculated CVE-2020-21530
MISC fig2dev -- fig2dev
  fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. 2021-09-16 not yet calculated CVE-2020-21532
MISC fig2dev -- fig2dev
  fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. 2021-09-16 not yet calculated CVE-2020-21533
MISC fig2dev -- fig2dev
  fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. 2021-09-16 not yet calculated CVE-2020-21535
MISC flexnet -- publisher
  A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash. 2021-09-17 not yet calculated CVE-2020-12080
MISC geutebruck -- geutebruck Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33550
CONFIRM
CONFIRM geutebruck -- geutebruck Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33551
CONFIRM
CONFIRM geutebruck -- geutebruck Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33553
CONFIRM
CONFIRM geutebruck -- geutebruck Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33548
CONFIRM
CONFIRM geutebruck -- geutebruck Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33544
CONFIRM
CONFIRM geutebruck -- geutebruck
  Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33545
CONFIRM
CONFIRM geutebruck -- geutebruck
  Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33554
CONFIRM
CONFIRM geutebruck -- geutebruck
  Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33546
CONFIRM
CONFIRM geutebruck -- geutebruck
  Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33552
CONFIRM
CONFIRM geutebruck -- geutebruck
  Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33549
CONFIRM
CONFIRM
MISC geutebruck -- geutebruck
  Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code. 2021-09-13 not yet calculated CVE-2021-33547
CONFIRM
CONFIRM geutebruck -- geutebruck
  Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. 2021-09-13 not yet calculated CVE-2021-33543
CONFIRM
CONFIRM gibbon -- gibbon
  Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component. 2021-09-13 not yet calculated CVE-2021-40214
MISC
MISC
MISC glpi -- glpi GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI. 2021-09-15 not yet calculated CVE-2021-39211
CONFIRM
MISC glpi -- glpi
  GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading. 2021-09-15 not yet calculated CVE-2021-39209
CONFIRM
MISC glpi -- glpi
  GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround. 2021-09-15 not yet calculated CVE-2021-39213
CONFIRM
MISC glpi -- glpi
  GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue is fixed in version 9.5.6. As a workaround, one may avoid using the "remember me" feature. 2021-09-15 not yet calculated CVE-2021-39210
CONFIRM
MISC
MISC gnu -- mailman_postorius
  An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place. 2021-09-10 not yet calculated CVE-2021-40347
CONFIRM
MISC
CONFIRM
MISC
MISC
DEBIAN gpac -- gpac The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. 2021-09-13 not yet calculated CVE-2021-32134
MISC
MISC gpac -- gpac Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. 2021-09-13 not yet calculated CVE-2021-33363
MISC
MISC gpac -- gpac Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. 2021-09-13 not yet calculated CVE-2021-32136
MISC
MISC gpac -- gpac Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. 2021-09-13 not yet calculated CVE-2021-32137
MISC
MISC gpac -- gpac
  The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. 2021-09-13 not yet calculated CVE-2021-32138
MISC
MISC gpac -- gpac
  Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. 2021-09-13 not yet calculated CVE-2021-33366
MISC
MISC gpac -- gpac
  The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. 2021-09-13 not yet calculated CVE-2021-32139
MISC
MISC gpac -- gpac
  The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. 2021-09-13 not yet calculated CVE-2021-32132
MISC
MISC gpac -- gpac
  Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. 2021-09-13 not yet calculated CVE-2021-33364
MISC
MISC gpac -- gpac
  Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. 2021-09-13 not yet calculated CVE-2021-33362
MISC
MISC gpac -- gpac
  Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. 2021-09-13 not yet calculated CVE-2021-33361
MISC
MISC gpac -- gpac
  The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. 2021-09-13 not yet calculated CVE-2021-32135
MISC
MISC gpac -- gpac
  Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. 2021-09-13 not yet calculated CVE-2021-33365
MISC
MISC hashicorp -- terraform_enterprise
  HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1. 2021-09-15 not yet calculated CVE-2021-40862
MISC hestiacp -- hestiacp
  hestiacp is vulnerable to Use of Wrong Operator in String Comparison 2021-09-15 not yet calculated CVE-2021-3797
CONFIRM
MISC hgiga -- oaklouds
  The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in. 2021-09-15 not yet calculated CVE-2021-37912
CONFIRM hgiga -- oaklouds
  The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in. 2021-09-15 not yet calculated CVE-2021-37913
CONFIRM hunter -- express
  XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths. 2021-09-17 not yet calculated CVE-2021-41317
MISC
MISC
MISC ibm -- db2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470. 2021-09-16 not yet calculated CVE-2021-29825
XF
CONFIRM ibm -- db2
  IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780. 2021-09-16 not yet calculated CVE-2021-29752
CONFIRM
XF ibm -- db2
  IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267. 2021-09-16 not yet calculated CVE-2021-29763
CONFIRM
XF ibm -- financial_transaction_manager
  IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. 2021-09-14 not yet calculated CVE-2021-29841
XF
CONFIRM ibm -- qradar_siem
  IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201778. 2021-09-15 not yet calculated CVE-2021-29750
CONFIRM
XF ibm -- security_guardium
  IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345. 2021-09-15 not yet calculated CVE-2021-20433
CONFIRM
XF ibm -- security_guardium
  IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865. 2021-09-15 not yet calculated CVE-2021-29773
CONFIRM
XF ibm -- security_secret_server
  IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 199328. 2021-09-14 not yet calculated CVE-2021-20582
CONFIRM
XF ibm -- security_secret_server
  IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243. 2021-09-14 not yet calculated CVE-2021-20569
XF
CONFIRM ibm -- security_secret_server
  IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322. 2021-09-14 not yet calculated CVE-2021-20508
XF
CONFIRM ibm -- websphere_application_server
  IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. 2021-09-16 not yet calculated CVE-2021-29842
CONFIRM
XF imagemagick -- imagemagick
  ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />. 2021-09-13 not yet calculated CVE-2021-39212
CONFIRM
MISC
MISC industrial_edge -- management
  A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system. 2021-09-14 not yet calculated CVE-2021-37184
MISC ionic_identity -- vault
  In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication. 2021-09-10 not yet calculated CVE-2021-3145
MISC
MISC jfinal -- cms Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'. 2021-09-15 not yet calculated CVE-2020-19150
MISC jfinal -- cms Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'. 2021-09-15 not yet calculated CVE-2020-19148
MISC jfinal -- cms
  Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. 2021-09-15 not yet calculated CVE-2020-19155
MISC jfinal -- cms
  Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'. 2021-09-15 not yet calculated CVE-2020-19147
MISC jfinal -- cms
  Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'. 2021-09-15 not yet calculated CVE-2020-19154
MISC jfinal -- cms
  Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'. 2021-09-15 not yet calculated CVE-2020-19151
MISC jfinal -- cms
  Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'. 2021-09-15 not yet calculated CVE-2020-19146
MISC jfinal -- jfinal
  Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js. 2021-09-15 not yet calculated CVE-2021-40639
MISC
MISC
MISC jitsi -- meet
  Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading. 2021-09-15 not yet calculated CVE-2021-39205
MISC
MISC
MISC
CONFIRM jitsi -- meet
  Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue is fixed in Jitsi Meet 2.0.5963. There are no known workarounds aside from updating. 2021-09-15 not yet calculated CVE-2021-39215
MISC
CONFIRM jizhicms -- jizhicms
  An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file. 2021-09-15 not yet calculated CVE-2020-21483
MISC johnson -- controls_kt-1
  The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01 2021-09-15 not yet calculated CVE-2021-27662
CERT
CONFIRM kaden -- picoflux_air
  In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties. 2021-09-16 not yet calculated CVE-2021-34576
CONFIRM kitecms -- kitecms
  A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account. 2021-09-13 not yet calculated CVE-2020-20671
MISC kitecms -- kitecms
  An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file. 2021-09-13 not yet calculated CVE-2020-20672
MISC kooboo -- cms
  Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server. 2021-09-14 not yet calculated CVE-2021-36581
MISC
MISC kooboo -- cms
  In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL. 2021-09-14 not yet calculated CVE-2021-36582
MISC
MISC laiketui -- laiketui
  Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'. 2021-09-15 not yet calculated CVE-2020-19159
MISC libde265 -- libde265 libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21602
MISC libde265 -- libde265 libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21598
MISC libde265 -- libde265 libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21595
MISC libde265 -- libde265 libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21597
MISC libde265 -- libde265 libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21596
MISC libde265 -- libde265
  libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21600
MISC libde265 -- libde265
  libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21599
MISC libde265 -- libde265
  libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21605
MISC libde265 -- libde265
  libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21594
MISC libde265 -- libde265
  libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21603
MISC libde265 -- libde265
  libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21604
MISC libde265 -- libde265
  libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21606
MISC libde265 -- libde265
  libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file. 2021-09-16 not yet calculated CVE-2020-21601
MISC libmobi -- libmobi
  libmobi is vulnerable to Out-of-bounds Write 2021-09-15 not yet calculated CVE-2021-3751
CONFIRM
MISC libsixel -- libsixel Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. 2021-09-17 not yet calculated CVE-2020-21548
MISC libsixel -- libsixel Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. 2021-09-17 not yet calculated CVE-2020-21547
MISC libsixel -- libsixel
  Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c. 2021-09-14 not yet calculated CVE-2020-21050
MISC
MISC
MISC
MISC
MISC libsixel -- libsixel
  An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file. 2021-09-14 not yet calculated CVE-2020-21049
MISC
MISC
MISC
MISC
MISC libsixel -- libsixel
  An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file. 2021-09-14 not yet calculated CVE-2020-21048
MISC
MISC
MISC
MISC
MISC logo! -- cmr2020
  A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU 3000 family (All versions). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information. 2021-09-14 not yet calculated CVE-2021-37186
MISC maccms -- maccms A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names. 2021-09-14 not yet calculated CVE-2020-21082
MISC maccms -- maccms
  A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL. 2021-09-14 not yet calculated CVE-2020-21081
MISC matrix-js-sdk -- matrix-js-sdk

  A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end-to-end encrypted messages sent by affected clients. 2021-09-13 not yet calculated CVE-2021-40824
MISC
MISC matrix-js-sdk -- matrix-js-sdk
  A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-end encrypted messages sent by affected clients. 2021-09-13 not yet calculated CVE-2021-40823
MISC
MISC mcafee -- data_loss_prevention_discover
  A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. 2021-09-17 not yet calculated CVE-2021-31845
CONFIRM mcafee -- data_loss_prevention_endpoint
  A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. 2021-09-17 not yet calculated CVE-2021-31844
CONFIRM mcafee -- endpoint_security
  Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location. 2021-09-17 not yet calculated CVE-2021-31843
CONFIRM mcafee -- endpoint_security
  XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process. 2021-09-17 not yet calculated CVE-2021-31842
CONFIRM metinfo -- metinfo
  MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel. 2021-09-15 not yet calculated CVE-2020-21127
MISC metinfo -- metinfo
  MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo. 2021-09-15 not yet calculated CVE-2020-21126
MISC microsoft -- azure
  Azure Sphere Information Disclosure Vulnerability 2021-09-15 not yet calculated CVE-2021-36956
MISC microsoft -- dynamics_business
  Microsoft Dynamics Business Central Cross-site Scripting Vulnerability 2021-09-15 not yet calculated CVE-2021-40440
MISC microsoft -- edge
  Microsoft Edge (Chromium-based) Tampering Vulnerability 2021-09-15 not yet calculated CVE-2021-38669
MISC microsoft -- excel
  Microsoft Excel Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-38655
MISC
MISC microsoft -- office Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38660. 2021-09-15 not yet calculated CVE-2021-38658
MISC
MISC microsoft -- office Microsoft Office Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-38659
MISC
MISC microsoft -- office
  Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38653. 2021-09-15 not yet calculated CVE-2021-38654
MISC
MISC microsoft -- office
  Microsoft Office Graphics Component Information Disclosure Vulnerability 2021-09-15 not yet calculated CVE-2021-38657
MISC microsoft -- office
  Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38658. 2021-09-15 not yet calculated CVE-2021-38660
MISC microsoft -- office
  Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38654. 2021-09-15 not yet calculated CVE-2021-38653
MISC
MISC microsoft -- sharepoint

  Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-38651. 2021-09-15 not yet calculated CVE-2021-38652
MISC microsoft -- sharepoint
  Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-38652. 2021-09-15 not yet calculated CVE-2021-38651
MISC microsoft -- visual_studio
  Visual Studio Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-26434
MISC
MISC microsoft -- visual_studio
  Visual Studio Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-36952
MISC
MISC microsoft -- visual_studio
  Visual Studio Code Spoofing Vulnerability 2021-09-15 not yet calculated CVE-2021-26437
MISC microsoft -- win32k
  Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639. 2021-09-15 not yet calculated CVE-2021-36975
MISC microsoft -- windows Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36969, CVE-2021-38636. 2021-09-15 not yet calculated CVE-2021-38635
MISC microsoft -- windows Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36960. 2021-09-15 not yet calculated CVE-2021-36972
MISC microsoft -- windows Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36963, CVE-2021-38633. 2021-09-15 not yet calculated CVE-2021-36955
MISC microsoft -- windows Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38649. 2021-09-15 not yet calculated CVE-2021-38648
MISC microsoft -- windows Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38648, CVE-2021-38649. 2021-09-15 not yet calculated CVE-2021-38645
MISC microsoft -- windows Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-38633. 2021-09-15 not yet calculated CVE-2021-36963
MISC microsoft -- windows Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38628. 2021-09-15 not yet calculated CVE-2021-38638
MISC microsoft -- windows Windows Storage Information Disclosure Vulnerability 2021-09-15 not yet calculated CVE-2021-38637
MISC microsoft -- windows Windows WLAN AutoConfig Service Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-36965
MISC microsoft -- windows Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-36963. 2021-09-15 not yet calculated CVE-2021-38633
MISC microsoft -- windows Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36964. 2021-09-15 not yet calculated CVE-2021-38630
MISC microsoft -- windows Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38671, CVE-2021-40447. 2021-09-15 not yet calculated CVE-2021-38667
MISC microsoft -- windows Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-38671. 2021-09-15 not yet calculated CVE-2021-40447
MISC microsoft -- windows
  Microsoft Windows Update Client Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-38634
MISC
MISC microsoft -- windows
  adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag 2021-09-15 not yet calculated CVE-2021-3706
MISC
CONFIRM microsoft -- windows
  Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38635, CVE-2021-38636. 2021-09-15 not yet calculated CVE-2021-36969
MISC microsoft -- windows
  HEVC Video Extensions Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-38661
MISC microsoft -- windows
  Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-36973
MISC microsoft -- windows
  Windows SMB Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-36974
MISC microsoft -- windows
  Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-40447. 2021-09-15 not yet calculated CVE-2021-38671
MISC microsoft -- windows
  Windows DNS Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-36968
MISC microsoft -- windows
  Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38648. 2021-09-15 not yet calculated CVE-2021-38649
MISC microsoft -- windows
  Windows Key Storage Provider Security Feature Bypass Vulnerability 2021-09-15 not yet calculated CVE-2021-38624
MISC microsoft -- windows
  Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36969, CVE-2021-38635. 2021-09-15 not yet calculated CVE-2021-38636
MISC microsoft -- windows
  Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38626. 2021-09-15 not yet calculated CVE-2021-38625
MISC microsoft -- windows
  Open Management Infrastructure Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-38647
MISC microsoft -- windows
  Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-38646
MISC microsoft -- windows
  Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38625. 2021-09-15 not yet calculated CVE-2021-38626
MISC microsoft -- windows
  Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-38644
MISC microsoft -- windows
  Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38638. 2021-09-15 not yet calculated CVE-2021-38628
MISC microsoft -- windows
  Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability 2021-09-15 not yet calculated CVE-2021-38629
MISC microsoft -- windows
  Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975. 2021-09-15 not yet calculated CVE-2021-38639
MISC microsoft -- windows
  BitLocker Security Feature Bypass Vulnerability 2021-09-15 not yet calculated CVE-2021-38632
MISC microsoft -- windows
  Microsoft Office Spoofing Vulnerability 2021-09-15 not yet calculated CVE-2021-38650
MISC microsoft -- windows
  Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-36967
MISC microsoft -- windows
  Windows Bind Filter Driver Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-36954
MISC microsoft -- windows
  Windows Scripting Engine Memory Corruption Vulnerability 2021-09-15 not yet calculated CVE-2021-26435
MISC microsoft -- windows
  Microsoft MSHTML Remote Code Execution Vulnerability 2021-09-15 not yet calculated CVE-2021-40444
MISC microsoft -- windows
  Microsoft Accessibility Insights for Android Information Disclosure Vulnerability 2021-09-15 not yet calculated CVE-2021-40448
MISC microsoft -- windows
  Windows Subsystem for Linux Elevation of Privilege Vulnerability 2021-09-15 not yet calculated CVE-2021-36966
MISC microsoft -- windows
  Windows Authenticode Spoofing Vulnerability 2021-09-15 not yet calculated CVE-2021-36959
MISC microsoft -- windows
  Windows Installer Denial of Service Vulnerability 2021-09-15 not yet calculated CVE-2021-36961
MISC