Vulnerability Summary for the Week of July 26, 2021

Released
Aug 02, 2021
Document ID
SB21-214

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
naviwebs -- navigatecmsIn NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database.2021-07-267.5CVE-2021-37473
MISC
MISC
MISC
naviwebs -- navigatecmsIn NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database.2021-07-267.5CVE-2021-37475
MISC
MISC
MISC
naviwebs -- navigatecmsIn NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database.2021-07-267.5CVE-2021-37476
MISC
MISC
MISC
naviwebs -- navigatecmsIn NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database.2021-07-267.5CVE-2021-37477
MISC
MISC
MISC
sourcecodester -- e-commerce_websiteArbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php.2021-07-237.5CVE-2021-25207
MISC
sourcecodester -- responsive_ordering_systemArbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php.2021-07-237.5CVE-2021-25206
MISC
sourcecodester -- travel_management_systemArbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.2021-07-237.5CVE-2021-25208
MISC
victor_cms_project -- victor_cmsArbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.2021-07-237.5CVE-2021-25203
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
learning_management_system_project -- learning_management_systemSQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.2021-07-235CVE-2021-25201
MISC
nchsoftware -- ivm_attendantNCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function.2021-07-256.5CVE-2021-37444
MISC
MISC
nchsoftware -- ivm_attendantNCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.2021-07-255.5CVE-2021-37443
MISC
MISC
nchsoftware -- ivm_attendantNCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.2021-07-254CVE-2021-37442
MISC
MISC
nchsoftware -- quorumIn NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.2021-07-254CVE-2021-37445
MISC
MISC
omeka -- omekaCross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML.2021-07-234.3CVE-2021-26799
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cmsmadesimple -- cms_made_simpleCross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.2021-07-263.5CVE-2020-23240
MISC
cmsmadesimple -- cms_made_simpleCross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.2021-07-263.5CVE-2020-23241
MISC
evo -- evolution_cmsCross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.2021-07-263.5CVE-2020-23238
MISC
lavalite -- lavaliteCross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".2021-07-263.5CVE-2020-23234
MISC
naviwebs -- navigatecmsCross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.2021-07-263.5CVE-2020-23242
MISC
naviwebs -- navigatecmsCross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.2021-07-263.5CVE-2020-23243
MISC
nchsoftware -- axon_pbxCross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected).2021-07-253.5CVE-2021-37462
MISC
MISC
nchsoftware -- axon_pbxCross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected).2021-07-253.5CVE-2021-37461
MISC
MISC
nchsoftware -- axon_pbxCross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).2021-07-253.5CVE-2021-37460
MISC
MISC
nchsoftware -- axon_pbxCross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).2021-07-253.5CVE-2021-37459
MISC
MISC
nchsoftware -- axon_pbxCross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).2021-07-253.5CVE-2021-37458
MISC
MISC
nchsoftware -- axon_pbxCross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).2021-07-253.5CVE-2021-37457
MISC
MISC
nchsoftware -- axon_pbxCross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).2021-07-253.5CVE-2021-37456
MISC
MISC
nchsoftware -- axon_pbxCross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).2021-07-253.5CVE-2021-37455
MISC
MISC
nchsoftware -- axon_pbxCross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).2021-07-253.5CVE-2021-37454
MISC
MISC
nchsoftware -- axon_pbxCross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).2021-07-253.5CVE-2021-37453
MISC
MISC
nchsoftware -- ivm_attendantCross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).2021-07-253.5CVE-2021-37451
MISC
MISC
nchsoftware -- ivm_attendantCross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).2021-07-253.5CVE-2021-37450
MISC
MISC
nchsoftware -- quorumIn NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored).2021-07-253.5CVE-2021-37463
MISC
MISC
nchsoftware -- quorumIn NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored).2021-07-253.5CVE-2021-37464
MISC
MISC
nchsoftware -- quorumIn NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected).2021-07-253.5CVE-2021-37465
MISC
MISC
nchsoftware -- quorumIn NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected).2021-07-253.5CVE-2021-37466
MISC
MISC
nchsoftware -- quorumIn NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected).2021-07-253.5CVE-2021-37467
MISC
MISC
nchsoftware -- webdictateIn NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.2021-07-253.5CVE-2021-37470
MISC
MISC
sourcecodester -- e-commerce_websiteCross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php.2021-07-233.5CVE-2021-25204
MISC
textpattern -- textpatternCross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.2021-07-263.5CVE-2020-23239
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
1password -- 1password
 
A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code.2021-07-26not yet calculatedCVE-2020-18173
MISC
3xlogic -- infinias_eidc32_devices
 
Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied.2021-07-26not yet calculatedCVE-2020-12681
MISC
MISC
abloy -- key_manger
 
An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions.2021-07-26not yet calculatedCVE-2020-18170
MISC
acronis -- agent
 
A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data.2021-07-30not yet calculatedCVE-2020-14999
MISC
adobe -- indesign
 
Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2021-07-30not yet calculatedCVE-2021-36004
MISC
amazon -- echo_dot
 
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations.2021-07-24not yet calculatedCVE-2021-37436
MISC
MISC
MISC
MISC
apache -- dirstudio-1219
 
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue affects Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions.2021-07-26not yet calculatedCVE-2021-33900
CONFIRM
apache -- juddi
 
Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. The objects get deserialized without any check on the incoming data. In the worst case, it may let the attacker run arbitrary code remotely. For both jUDDI web service applications and jUDDI clients, the usage of RMI is disabled by default. Since this is an optional feature and an extension to the UDDI protocol, the likelihood of impact is low. Starting with 3.3.10, all RMI related code was removed.2021-07-29not yet calculatedCVE-2021-37578
CONFIRM
apache -- openid_connect
 
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.2021-07-26not yet calculatedCVE-2021-32792
CONFIRM
MISC
MISC
MISC
apache -- openid_connect
 
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.2021-07-26not yet calculatedCVE-2021-32791
CONFIRM
MISC
MISC
archisteamfarm -- archisteamfarm

 

ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. In versions prior to 4.3.1.0 a Denial of Service (aka DoS) vulnerability which allows attacker to remotely crash running ASF instance through sending a specifically-crafted Steam chat message exists. The user sending the message does not need to be authorized within the bot or ASF process. The attacker needs to know ASF's `CommandPrefix` in advance, but majority of ASF setups run with an unchanged default value. This attack does not allow attacker to gain any potentially-sensitive information, such as logins or passwords, does not allow to execute arbitrary commands and otherwise exploit the crash further. The issue is patched in ASF V4.3.1.0. The only workaround which guarantees complete protection is running all bots with `OnlineStatus` of `0` (Offline). In this setup, ASF is able to ignore even the specifically-crafted message without attempting to interpret it.2021-07-26not yet calculatedCVE-2021-32795
MISC
CONFIRM
MISC
archisteamfarm -- archisteamfarm
 
ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code `POST /Api/ASF` ASF API endpoint responsible for updating global ASF config incorrectly removed `IPCPassword` from the resulting config when the caller did not specify it explicitly. Due to the above, it was possible for the user to accidentally remove `IPCPassword` security measure from his IPC interface when updating global ASF config, which exists as part of global config update functionality in ASF-ui. Removal of `IPCPassword` possesses a security risk, as unauthorized users may in result access the IPC interface after such modification. The issue is patched in ASF V5.1.2.4 and future versions. We recommend to manually verify that `IPCPassword` is specified after update, and if not, set it accordingly. In default settings, ASF is configured to allow IPC access from `localhost` only and should not affect majority of users.2021-07-26not yet calculatedCVE-2021-32794
CONFIRM
MISC
MISC
archive_tar -- archive_tar
 
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.2021-07-30not yet calculatedCVE-2021-32610
MISC
MLIST
CONFIRM
MISC
FEDORA
FEDORA
atlassian -- multiple_jira_products
 
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated.2021-07-29not yet calculatedCVE-2020-36239
MISC
MISC
MISC
autohotkey -- autohotkey
 
A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges.2021-07-26not yet calculatedCVE-2020-18174
MISC
beckhoff_automation_gmbh&co -- cx9020
 
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect.2021-07-23not yet calculatedCVE-2020-20741
MISC
bludit -- bludit
 
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.2021-07-23not yet calculatedCVE-2021-25808
MISC
charm -- charm
 
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data.2021-07-30not yet calculatedCVE-2021-37588
MISC
MISC
MISC
MISC
charm -- charm
 
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data.2021-07-30not yet calculatedCVE-2021-37587
MISC
MISC
MISC
MISC
MISC
checkmk -- checkmk
 
The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts), the XSS payload will be triggered when the user accesses some specific sections of the application. In the same sense a very dangerous potential way would be when an attacker who has the monitor role (not administrator) manages to get a stored XSS to steal the secretAutomation (for the use of the API in administrator mode) and thus be able to create another administrator user who has high privileges on the CheckMK monitoring web console. Another way is that persistent XSS allows an attacker to modify the displayed content or change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session.2021-07-26not yet calculatedCVE-2021-36563
MISC
claws_mail -- claws_mail
 
textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.2021-07-30not yet calculatedCVE-2021-37746
MISC
MISC
MISC
concrete5 -- concrete5
 
Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.2021-07-30not yet calculatedCVE-2021-36766
FULLDISC
MISC
MISC
creston -- multiple_devices
 
On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.2021-07-30not yet calculatedCVE-2020-16839
CONFIRM
MISC
CONFIRM
csz -- cms
 
CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.2021-07-30not yet calculatedCVE-2021-37144
MISC
curly-bracket-parser -- curly-bracket-parser
 
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.2021-07-28not yet calculatedCVE-2021-23416
CONFIRM
CONFIRM
deepmergefn -- deepmergefn
 
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.2021-07-28not yet calculatedCVE-2021-23417
CONFIRM
CONFIRM
dell -- emc_avamar_serverDeserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system.2021-07-28not yet calculatedCVE-2020-5341
CONFIRM
dell -- emc_avamar_server
 
Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.2021-07-29not yet calculatedCVE-2020-5329
CONFIRM
dell -- emc_data_protection_advisor
 
Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only privileges.2021-07-28not yet calculatedCVE-2020-5351
CONFIRM
dell -- emc_idrac9
 
Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.2021-07-29not yet calculatedCVE-2021-21538
CONFIRM
dell -- emc_isilon_onefs
 
Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols.2021-07-28not yet calculatedCVE-2020-26180
CONFIRM
dell -- emc_networker
 
Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.2021-07-29not yet calculatedCVE-2021-21546
CONFIRM
dell -- isilon_onefs
 
The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.2021-07-29not yet calculatedCVE-2020-5353
CONFIRM
discourse -- discourse
 
Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic.2021-07-27not yet calculatedCVE-2021-32788
MISC
CONFIRM
MISC
dm -- fingertool
 
DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to improper authentication by a replay attack, allowing local attackers to bypass user authentication and access all features and data on the USB.2021-07-26not yet calculatedCVE-2021-26824
MISC
MISC
eclipse -- mosquitto
 
In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.2021-07-27not yet calculatedCVE-2021-34432
CONFIRM
ectouch -- ectouch
 
SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php..2021-07-30not yet calculatedCVE-2020-21806
MISC
egain -- chat
 
eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field.2021-07-30not yet calculatedCVE-2020-15948
MISC
elasticsearch -- elasticsearch
 
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.2021-07-26not yet calculatedCVE-2021-22144
MISC
elfinder.aspnet -- elfinder.aspnet
 
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.2021-07-28not yet calculatedCVE-2021-23415
CONFIRM
CONFIRM
engineercms -- engineercms
 
engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser.2021-07-30not yet calculatedCVE-2021-36605
MISC
exiv2 -- exiv2
 
An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.2021-07-26not yet calculatedCVE-2021-31292
MISC
exiv2 -- exiv2
 
A heap-based buffer overflow vulnerability in jp2image.cpp of Exiv2 0.27.3 allows attackers to cause a denial of service (DOS) via crafted metadata.2021-07-26not yet calculatedCVE-2021-31291
MISC
fetchmail -- fetchmail
 
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.2021-07-30not yet calculatedCVE-2021-36386
MISC
CONFIRM
MISC
firefly-iii -- firefly-iii
 
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts2021-07-25not yet calculatedCVE-2021-3663
CONFIRM
MISC
flatpress -- flatpress
 
Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php.2021-07-30not yet calculatedCVE-2020-22761
MISC
MISC
freerdp -- freerdpIn FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU.2021-07-30not yet calculatedCVE-2021-37595
MISC
MISC
freerdp -- freerdp
 
In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU.2021-07-30not yet calculatedCVE-2021-37594
MISC
MISC
ge_automation -- proficy_machine_edition
 
Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll".2021-07-30not yet calculatedCVE-2021-29298
MISC
MISC
ge_automation -- proficy_machine_edition
 
Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll".2021-07-30not yet calculatedCVE-2021-29297
MISC
MISC
glances -- glances
 
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.2021-07-29not yet calculatedCVE-2021-23418
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
graylog -- graylogA Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).2021-07-31not yet calculatedCVE-2021-37760
MISC
graylog -- graylog
 
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).2021-07-31not yet calculatedCVE-2021-37759
MISC
groupsession -- groupsessionCross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL.2021-07-30not yet calculatedCVE-2021-20787
MISC
MISC
groupsession -- groupsessionOpen redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack via a specially crafted URL.2021-07-30not yet calculatedCVE-2021-20789
MISC
MISC
groupsession -- groupsession
 
Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL.2021-07-30not yet calculatedCVE-2021-20785
MISC
MISC
groupsession -- groupsession
 
Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL.2021-07-30not yet calculatedCVE-2021-20786
MISC
MISC
groupsession -- groupsession
 
Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote authenticated attacker to conduct a port scan from the product and/or obtain information from the internal Web server.2021-07-30not yet calculatedCVE-2021-20788
MISC
MISC
gtranslate -- pro_and_enterprise
 
In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_var function runs at the top of all pages and echoes out the contents of $_SERVER['REQUEST_URI']. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below, or in cases where an attacker is able to modify the request en route between the client and the server, or in cases where the user is using an atypical browsing solution.2021-07-30not yet calculatedCVE-2021-34630
MISC
house_rental_and_property_listing -- house_rental_and_property_listingMultiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number.2021-07-23not yet calculatedCVE-2021-25790
MISC
MISC
MISC
hucart -- hucart
 
Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php.2021-07-30not yet calculatedCVE-2020-18158
MISC
ibm -- i2_analyst_notebook_premium
 
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681.2021-07-26not yet calculatedCVE-2021-29767
XF
CONFIRM
ibm -- i2_analyst_notebook_premium
 
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 202769.2021-07-26not yet calculatedCVE-2021-29769
XF
CONFIRM
ibm -- i2_analyst_notebook_premium
 
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771.2021-07-26not yet calculatedCVE-2021-29770
XF
CONFIRM
ibm -- i2_analyst_notebook_premium
 
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680.2021-07-26not yet calculatedCVE-2021-29766
CONFIRM
XF
ibm -- i2_analysts_notebook_premium
 
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341.2021-07-26not yet calculatedCVE-2021-20430
CONFIRM
XF
ibm -- i2_analysts_notebook_premium
 
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. IBM X-Force ID: 196342.2021-07-26not yet calculatedCVE-2021-20431
XF
CONFIRM
ibm -- i2_analyze
 
IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168.2021-07-26not yet calculatedCVE-2021-29784
XF
CONFIRM
ibm -- i2_ibase
 
IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 184984.2021-07-26not yet calculatedCVE-2020-4623
CONFIRM
XF
ibm -- jazz_foundation_products
 
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.2021-07-28not yet calculatedCVE-2020-4974
CONFIRM
XF
ibm -- jazz_foundation_products
 
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.2021-07-28not yet calculatedCVE-2020-5004
CONFIRM
XF
ibm -- parner_engagement_manger
 
IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 203091.2021-07-30not yet calculatedCVE-2021-29781
XF
CONFIRM
ibm -- qradar_siem

 

IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073.2021-07-27not yet calculatedCVE-2021-20399
XF
CONFIRM
ibm -- qradar_siem
 
IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448.2021-07-26not yet calculatedCVE-2021-20337
CONFIRM
XF
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232.2021-07-27not yet calculatedCVE-2021-20562
CONFIRM
XF
ibm -- sterling_connect_direct_browser_user_interface
 
IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229.2021-07-26not yet calculatedCVE-2021-20560
CONFIRM
XF
ibm -- websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.2021-07-30not yet calculatedCVE-2021-29736
XF
CONFIRM
isomorphic-git -- isomorphic-git
 
isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository.2021-07-30not yet calculatedCVE-2021-30483
MISC
MISC
MISC
isula-build -- isula-build
 
isula-build before 0.9.5-8 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data.2021-07-26not yet calculatedCVE-2021-33629
MISC
jszip -- jszip
 
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.2021-07-25not yet calculatedCVE-2021-23413
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
jumpserver -- jumpserver
 
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.2021-07-23not yet calculatedCVE-2021-3169
MISC
MISC
MISC
kubernetes -- contour
 
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy remotely (a denial of service), or to expose the existence of any Secret that Envoy is using for its configuration, including most notably TLS Keypairs. However, it *cannot* be used to get the *content* of those secrets. Since this attack allows access to the administration interface, a variety of administration options are available, such as shutting down the Envoy or draining traffic. In general, the Envoy admin interface cannot easily be used for making changes to the cluster, in-flight requests, or backend services, but it could be used to shut down or drain Envoy, change traffic routing, or to retrieve secret metadata, as mentioned above. The issue will be addressed in Contour v1.18.0 and a cherry-picked patch release, v1.17.1, has been released to cover users who cannot upgrade at this time. For more details refer to the linked GitHub Security Advisory.2021-07-23not yet calculatedCVE-2021-32783
MISC
CONFIRM
MISC
lemonldap -- lemonldap
 
An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.2021-07-30not yet calculatedCVE-2021-35472
MISC
MISC
DEBIAN
CONFIRM
linux -- linux_kernel
 
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.2021-07-30not yet calculatedCVE-2021-37600
MISC
MISC
linux -- linux_kernel
 
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.2021-07-26not yet calculatedCVE-2021-37576
MISC
MISC
MLIST
meow -- meow
 
Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timing differences.2021-07-30not yet calculatedCVE-2021-37606
MISC
MISC
metinfo -- metinfo
 
Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php.2021-07-30not yet calculatedCVE-2020-18157
MISC
metinfo -- metinfo
 
SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.2021-07-30not yet calculatedCVE-2020-18175
MISC
micro_focus -- zenworks
 
A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges.2021-07-30not yet calculatedCVE-2021-22521
MISC
misp -- misp
 
app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format.2021-07-30not yet calculatedCVE-2021-37743
MISC
misp -- misp
 
app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships.2021-07-30not yet calculatedCVE-2021-37742
MISC
misp -- misp
 
app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster.2021-07-26not yet calculatedCVE-2021-37534
MISC
nagios -- log_server
 
Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page.2021-07-30not yet calculatedCVE-2021-35478
MISC
MISC
MISC
nagios -- log_server
 
Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page.2021-07-30not yet calculatedCVE-2021-35479
MISC
MISC
MISC
navigatecms -- navigatecms
 
In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database.2021-07-26not yet calculatedCVE-2021-37478
MISC
MISC
MISC
nch -- axon_pbx
 
NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.2021-07-25not yet calculatedCVE-2021-37441
MISC
MISC
nch -- axon_pbx
 
NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.2021-07-25not yet calculatedCVE-2021-37440
MISC
MISC
nch -- flexiserver
 
NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability.2021-07-25not yet calculatedCVE-2021-37439
MISC
MISC
nch -- ivm_attendant

 

Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).2021-07-25not yet calculatedCVE-2021-37449
MISC
MISC
nch -- ivm_attendant
 
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).2021-07-25not yet calculatedCVE-2021-37448
MISC
MISC
nch -- quorum
 
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading.2021-07-25not yet calculatedCVE-2021-37446
MISC
MISC
nch -- quorum
 
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.2021-07-25not yet calculatedCVE-2021-37447
MISC
MISC
nch -- quorum
 
NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.2021-07-25not yet calculatedCVE-2021-37452
MISC
MISC
nch -- reflect_crm
 
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.2021-07-25not yet calculatedCVE-2021-37468
MISC
MISC
nch -- webdictate
 
In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem.2021-07-25not yet calculatedCVE-2021-37469
MISC
MISC
neo4j -- graph_database
 
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges.2021-07-30not yet calculatedCVE-2021-34802
MISC
MISC
nextcloud -- richdocuments
 
Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI ("Web Application Open Platform Interface") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does not result in gaining access to data that the user has not yet access to, it can result in a bypass of any enforced watermark on documents as described on the [Nextcloud Virtual Data Room](https://nextcloud.com/virtual-data-room/) website and [our documentation](https://portal.nextcloud.com/article/nextcloud-and-virtual-data-room-configuration-59.html). The Nextcloud Richdocuments releases 3.8.3 and 4.2.0 add an additional admin settings for an allowlist of IP addresses that can access the WOPI API. We recommend upgrading and configuring the allowlist to a list of Collabora servers. There is no known workaround. Note that this primarily results a bypass of any configured watermark or download protection using File Access Control. If you do not require or rely on these as a security feature no immediate action is required on your end.2021-07-27not yet calculatedCVE-2021-32748
MISC
MISC
CONFIRM
nimble -- nimble
 
Common is a package of common modules that can be accessed by NIMBLE services. Common before commit number 3b96cb0293d3443b870351945f41d7d55cb34b53 did not properly verify the signature of JSON Web Tokens. This allows someone to forge a valid JWT. Being able to forge JWTs may lead to authentication bypasses. Commit number 3b96cb0293d3443b870351945f41d7d55cb34b53 contains a patch for the issue. As a workaround, one may use the parseClaimsJws method to correctly verify the signature of a JWT.2021-07-26not yet calculatedCVE-2021-32631
MISC
MISC
MISC
CONFIRM
nukevet -- shops
 
SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php.2021-07-30not yet calculatedCVE-2020-21808
MISC
MISC
MISC
nukevet -- shops
 
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.2021-07-30not yet calculatedCVE-2020-21809
MISC
MISC
MISC
MISC
nukeviet -- nukeviet
 
Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module.2021-07-30not yet calculatedCVE-2020-22765
MISC
objectplanet -- opinio
 
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey['importFile'] URI. The XXE can then be triggered at a admin/preview.do?action=previewSurvey&surveyId= URI.2021-07-31not yet calculatedCVE-2020-26564
MISC
CONFIRM
objectplanet -- opinio
 
ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is also stored XSS if input to survey/admin/*.do is accepted from untrusted users.)2021-07-30not yet calculatedCVE-2020-26563
MISC
objectplanet -- opinio
 
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.2021-07-31not yet calculatedCVE-2020-26806
MISC
CONFIRM
objectplanet -- opinio
 
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.2021-07-31not yet calculatedCVE-2020-26565
MISC
CONFIRM
online_doctor_appointment)system -- online_doctor_appointment_system
 
Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.2021-07-23not yet calculatedCVE-2021-25791
MISC
MISC
MISC
online_pet_shop -- we app
 
Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter.2021-07-30not yet calculatedCVE-2021-35458
MISC
MISC
openshift -- openshift
 
It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.2021-07-30not yet calculatedCVE-2021-3636
MISC
optical_bb -- e-wmta2.3
 
Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page.2021-07-30not yet calculatedCVE-2021-20783
MISC
otrs -- community_editionAgents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.2021-07-26not yet calculatedCVE-2021-36091
CONFIRM
otrs -- community_edition
 
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.2021-07-26not yet calculatedCVE-2021-36092
CONFIRM
otrs_ag -- community_edition
 
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.2021-07-26not yet calculatedCVE-2021-21443
CONFIRM
otrs_ag -- community_edition
 
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.2021-07-26not yet calculatedCVE-2021-21440
CONFIRM
otrs_ag -- time_accounting
 
In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19.2021-07-26not yet calculatedCVE-2021-21442
CONFIRM
ox -- documents
 
OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32.2021-07-30not yet calculatedCVE-2021-28094
MISC
FULLDISC
MISC
ox -- documents
 
OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32.2021-07-30not yet calculatedCVE-2021-28093
MISC
FULLDISC
MISC
ox -- documents
 
OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32.2021-07-30not yet calculatedCVE-2021-28095
MISC
FULLDISC
MISC
patterson -- eaglesoft
 
Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations (that have the same software version). This provides remote access to SQL database credentials. (In the normal use of the product, retrieving those credentials only occurs after a username/password authentication step; however, this authentication step is on the client side, and an attacker can develop their own client that skips this step.)2021-07-30not yet calculatedCVE-2021-35193
MISC
MISC
MISC
peel -- shopping
 
PEEL Shopping before 9.4.0.1 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands via the id parameter on the achat/produit_details.php?id={SQLi] endpoint. Upon a successful SQL injection attack, an attacker can read sensitive data from the database or modify database data.2021-07-30not yet calculatedCVE-2021-37593
MISC
powerdns -- authoritative_server
 
PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception.2021-07-30not yet calculatedCVE-2021-36754
MLIST
CONFIRM
MISC
powervm -- logical_partition_mobility
 
The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 1982322021-07-29not yet calculatedCVE-2021-20505
XF
CONFIRM
prosody -- muc.lib.lua
 
muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.2021-07-30not yet calculatedCVE-2021-37601
MISC
MISC
rdoc -- rdoc
 
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.2021-07-30not yet calculatedCVE-2021-31799
MISC
MISC
replay -- sorcery
 
replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock.2021-07-30not yet calculatedCVE-2021-36983
MISC
MISC
replicated -- classic_2
 
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.2021-07-30not yet calculatedCVE-2020-10590
CONFIRM
MISC
MISC
rpcms -- rpcms
 
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the articles published by the injected user will trigger the XSS.2021-07-26not yet calculatedCVE-2021-37392
MISC
MISC
rpcms -- rpcms
 
In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.2021-07-26not yet calculatedCVE-2021-37394
MISC
MISC
rpcms -- rpcms
 
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the XSS.2021-07-26not yet calculatedCVE-2021-37393
MISC
MISC
ruby -- rubyIn Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.2021-07-30not yet calculatedCVE-2021-28966
MISC
s-cms -- s-cmsA cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.2021-07-30not yet calculatedCVE-2020-20699
MISC
s-cms -- s-cms
 
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.2021-07-30not yet calculatedCVE-2020-20698
MISC
s-cms -- s-cms
 
A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.2021-07-30not yet calculatedCVE-2020-20701
MISC
s-cms -- s-cms
 
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.2021-07-30not yet calculatedCVE-2020-20700
MISC
sangoma -- asteriskPJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1.2021-07-23not yet calculatedCVE-2021-32686
CONFIRM
MISC
MISC
MISC
sangoma -- asterisk
 
An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.2021-07-30not yet calculatedCVE-2021-31878
MISC
FULLDISC
MISC
MISC
MISC
sangoma -- asterisk
 
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.2021-07-30not yet calculatedCVE-2021-32558
MISC
FULLDISC
MISC
MISC
solarwinds -- orion_platform
 
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing numbers) and the access control on Services/NodeManagement.asmx/DeleteObjNow is incorrect. To exploit this, an attacker must be authenticated and must have node management rights associated with at least one valid group on the platform.2021-07-30not yet calculatedCVE-2021-28674
MISC
CONFIRM
sophos -- utm
 
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.2021-07-29not yet calculatedCVE-2021-25273
CONFIRM
sourcecodester -- basic_shopping_cart
 
A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin.2021-07-30not yet calculatedCVE-2021-34165
MISC
sourcecodester -- learning_management_system
 
Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php.2021-07-30not yet calculatedCVE-2021-25200
MISC
sourcecodester -- online_covid_vaccination_scheduler_system
 
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator.2021-07-30not yet calculatedCVE-2021-36621
MISC
sourcecodester -- phone_shop_sales_management)system
 
Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.2021-07-30not yet calculatedCVE-2021-36624
MISC
sourcecodester -- simple_food_website
 
A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin.2021-07-30not yet calculatedCVE-2021-34166
MISC
suse -- linux_enterprise_server
 
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-up version 1.6-1.4 and prior versions.2021-07-28not yet calculatedCVE-2021-32000
CONFIRM
suse -- rancher
 
A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc) and decrypt it, without having to know the token value. This issue affects: SUSE Rancher K3s version v1.19.12+k3s1, v1.20.8+k3s1, v1.21.2+k3s1 and prior versions; RKE2 version v1.19.12+rke2r1, v1.20.8+rke2r1, v1.21.2+rke2r1 and prior versions.2021-07-28not yet calculatedCVE-2021-32001
CONFIRM
tcexam -- tcexamAn exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password reset request was made for an email address that was not registered with a user then we would be presented with an ‘unknown email’ error. If an email is given that is registered with a user then this error will not appear. A malicious actor could abuse this to enumerate the email addresses of2021-07-30not yet calculatedCVE-2021-20113
MISC
tcexam -- tcexam
 
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_select_mediafile.php could upload a malicious javascript payload which would be triggered when another user views the file.2021-07-30not yet calculatedCVE-2021-20112
MISC
tcexam -- tcexam
 
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_filemanager.php could upload a malicious javascript payload which would be triggered when another user views the file.2021-07-30not yet calculatedCVE-2021-20111
MISC
tcexam -- tcexam
 
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.2021-07-30not yet calculatedCVE-2021-20114
MISC
techsmith -- snagit
 
TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges.2021-07-26not yet calculatedCVE-2020-18171
MISC
techsmith -- snagit
 
A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges.2021-07-26not yet calculatedCVE-2020-18169
MISC
telegram -- web_k_alpha
 
Telegram Web K Alpha 0.6.1 allows XSS via a document name.2021-07-30not yet calculatedCVE-2021-37596
MISC
tinvexr -- tinvexr
 
tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS).2021-07-26not yet calculatedCVE-2020-18430
MISC
MISC
tinvexr -- tinvexr
 
tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS).2021-07-26not yet calculatedCVE-2020-18428
MISC
MISC
trend_micro -- apex_one
 
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability.2021-07-29not yet calculatedCVE-2021-36741
N/A
N/A
N/A
N/A
trend_micro -- apex_one
 
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2021-07-29not yet calculatedCVE-2021-36742
N/A
N/A
N/A
N/A
trezor -- sebebugprivilege
 
A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges.2021-07-26not yet calculatedCVE-2020-18172
MISC
twothink -- twothink
 
A remote code execution (RCE) vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code.2021-07-26not yet calculatedCVE-2020-17952
MISC
tx9 -- automatic_food_dispenser
 
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).2021-07-26not yet calculatedCVE-2021-37555
MISC
ucms -- ucms
 
UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.2021-07-23not yet calculatedCVE-2021-25809
MISC
url-parse -- url-parse
 
url-parse is vulnerable to URL Redirection to Untrusted Site2021-07-26not yet calculatedCVE-2021-3664
MISC
CONFIRM
video.js -- video.js
 
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.2021-07-28not yet calculatedCVE-2021-23414
CONFIRM
CONFIRM
CONFIRM
CONFIRM
videolan -- vlc_media_playerA NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.2021-07-26not yet calculatedCVE-2021-25804
MISC
videolan -- vlc_media_playerA buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.2021-07-26not yet calculatedCVE-2021-25803
MISC
videolan -- vlc_media_player
 
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.2021-07-26not yet calculatedCVE-2021-25802
MISC
videolan -- vlc_media_player
 
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.2021-07-26not yet calculatedCVE-2021-25801
MISC
visual_studio -- code
 
The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder.2021-07-30not yet calculatedCVE-2021-30124
MISC
MISC
MISC
wdscanner -- wdscannerCross Site Scripting vulnerabiity exists in WDScanner 1.1 in the system management page.2021-07-30not yet calculatedCVE-2020-21854
MISC
whatsns -- whatsns
 
SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm.2021-07-30not yet calculatedCVE-2020-18013
MISC
woocommerce -- gutenberg_blocks
 
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.2021-07-26not yet calculatedCVE-2021-32789
CONFIRM
MISC
MISC
MISC
MISC
woocommerce -- gutenberg_blocks
 
Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to the WooCommerce site can exploit vulnerable endpoints of `/wp-json/wc/v3/webhooks`, `/wp-json/wc/v2/webhooks` and other webhook listing API. Read-only SQL queries can be executed using this exploit, while data will not be returned, by carefully crafting `search` parameter information can be disclosed using timing and related attacks. Version 3.3.6 is the earliest version of Woocommerce with a patch for this vulnerability. There are no known workarounds other than upgrading.2021-07-26not yet calculatedCVE-2021-32790
CONFIRM
MISC
wordpress -- wordpress
 
The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.2021-07-30not yet calculatedCVE-2020-11511
MISC
MISC
MISC
wordpress -- wordpress
 
The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8.2021-07-30not yet calculatedCVE-2021-34629
MISC
xmldom -- xmldomxmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This issue has been resolved in version 0.7.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.2021-07-27not yet calculatedCVE-2021-32796
MISC
CONFIRM
MISC
ypsomed -- mylife
 
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process.2021-07-30not yet calculatedCVE-2021-27491
MISC
ypsomed -- mylife
 
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint.2021-07-30not yet calculatedCVE-2021-27495
MISC
yzmcms -- yzcms
 
Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html.2021-07-30not yet calculatedCVE-2020-19118
MISC
zoho_manageengine -- password_manager_pro
 
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid.2021-07-31not yet calculatedCVE-2021-33617
MISC
MISC
MISC
zope -- zope
 
The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies defined in `AccessControl` severely restrict access to Python modules and only exempt a few that are deemed safe, such as Python's `string` module. However, full access to the `string` module also allows access to the class `Formatter`, which can be overridden and extended within `Script (Python)` in a way that provides access to other unsafe Python libraries. Those unsafe Python libraries can be used for remote code execution. By default, you need to have the admin-level Zope "Manager" role to add or edit `Script (Python)` objects through the web. Only sites that allow untrusted users to add/edit these scripts through the web - which would be a very unusual configuration to begin with - are at risk. The problem has been fixed in AccessControl 4.3 and 5.2. Only AccessControl versions 4 and 5 are vulnerable, and only on Python 3, not Python 2.7. As a workaround, a site administrator can restrict adding/editing `Script (Python)` objects through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing these scripts through the web should be restricted to trusted users only. This is the default configuration in Zope.2021-07-30not yet calculatedCVE-2021-32807
MISC
MISC
CONFIRM
zyxel -- gs1900-8
 
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.2021-07-26not yet calculatedCVE-2021-35030
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.