Vulnerability Summary for the Week of December 13, 2021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abb -- omnicore_c30_firmware | A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port. | 2021-12-13 | 9.3 | CVE-2021-22279 MISC |
amazon -- aws_opensearch | The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file. | 2021-12-12 | 7.5 | CVE-2021-44833 MISC MISC |
amd -- amd_generic_encapsulated_software_architecture | Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system. | 2021-12-10 | 7.2 | CVE-2020-12890 MISC |
apache -- log4j | Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. | 2021-12-10 | 9.3 | CVE-2021-44228 MISC MLIST MLIST MISC CONFIRM CISCO MLIST CONFIRM CONFIRM FEDORA MLIST MLIST MISC MLIST DEBIAN CONFIRM MISC MISC MISC MLIST CONFIRM CERT-VN MISC MISC MISC MISC MISC MLIST CONFIRM MS |
blackberry -- qnx_software_development_platform | A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process. | 2021-12-13 | 7.5 | CVE-2021-32024 MISC |
c2fo -- comb | All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function. | 2021-12-10 | 7.5 | CVE-2021-23561 CONFIRM |
crocoblock -- jetengine | Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. | 2021-12-15 | 7.5 | CVE-2021-41844 MISC |
digi -- transport_dr64_firmware | An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc. | 2021-12-10 | 10 | CVE-2021-35978 MISC MISC |
digitalocean -- toxcore | A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet. | 2021-12-13 | 7.5 | CVE-2021-44847 MISC |
emlog -- emlog | A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. | 2021-12-14 | 7.5 | CVE-2021-40883 MISC |
employee_record_management_system_project -- employee_record_management_system | SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system. | 2021-12-13 | 10 | CVE-2021-44966 MISC |
employee_record_management_system_project -- employee_record_management_system | Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. | 2021-12-13 | 7.8 | CVE-2021-44965 MISC |
fastadmin -- fastadmin | fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access. | 2021-12-13 | 10 | CVE-2021-43117 MISC |
frentix -- openolat | OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files anywhere on the target system. The attack could be used to write files anywhere in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account, an enabled REST API and the rights on a business object to call the vulnerable REST calls. The problem is fixed in version 15.5.12 and 16.0.5. There is a workaround available. The vulnerability requires the REST module to be enabled. Disabling the REST module or limiting the REST module via some firewall or web-server access rules to be accessed only be trusted systems will mitigate the risk. | 2021-12-10 | 7.9 | CVE-2021-41242 MISC CONFIRM MISC MISC |
glfusion -- glfusion | glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php. | 2021-12-14 | 7.5 | CVE-2021-44949 MISC |
google -- android | In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. This could lead to local escalation of privilege CONTROL_ALWAYS_ON_VPN with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-191382886 | 2021-12-15 | 7.2 | CVE-2021-0649 MISC |
google -- android | In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064258. | 2021-12-15 | 7.2 | CVE-2021-0675 MISC |
google -- android | In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195962697 | 2021-12-15 | 7.2 | CVE-2021-0921 MISC |
google -- android | In ActivityThread.java, there is a possible way to collide the content provider's authorities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197647956 | 2021-12-15 | 7.2 | CVE-2021-0799 MISC |
google -- android | In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06076938; Issue ID: ALPS06076938. | 2021-12-15 | 7.2 | CVE-2021-0904 MISC |
google -- android | In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195338390 | 2021-12-15 | 7.2 | CVE-2021-0923 MISC |
google -- android | In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194461020References: Upstream kernel | 2021-12-15 | 7.2 | CVE-2021-0924 MISC |
google -- android | In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-191053931 | 2021-12-15 | 7.2 | CVE-2021-0926 MISC |
google -- android | In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175 | 2021-12-15 | 7.2 | CVE-2021-0927 MISC |
google -- android | In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-188675581 | 2021-12-15 | 7.2 | CVE-2021-0928 MISC |
google -- android | In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187527909References: Upstream kernel | 2021-12-15 | 7.2 | CVE-2021-0929 MISC |
google -- android | In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performed as the System UI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173025705 | 2021-12-15 | 7.2 | CVE-2021-0932 MISC |
google -- android | In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196970023 | 2021-12-15 | 7.2 | CVE-2021-0970 MISC |
google -- android | Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A | 2021-12-15 | 7.5 | CVE-2021-39644 MISC |
google -- android | In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-180745296 | 2021-12-15 | 10 | CVE-2021-0889 MISC |
google -- android | In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-193363621 | 2021-12-15 | 7.1 | CVE-2021-0964 MISC |
google -- android | In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197536150 | 2021-12-15 | 8.3 | CVE-2021-0918 MISC |
google -- android | In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure due to a limited change in behavior based on the out of bounds data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191444150 | 2021-12-15 | 7.8 | CVE-2021-0925 MISC |
google -- android | In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetooth device, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-172251622 | 2021-12-15 | 7.9 | CVE-2021-0933 MISC |
google -- android | In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-181660091 | 2021-12-15 | 8.3 | CVE-2021-0930 MISC |
google -- android | In vorbis_book_decodev_set of codebook.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199065614 | 2021-12-15 | 9.3 | CVE-2021-0967 MISC |
google -- android | Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A | 2021-12-15 | 10 | CVE-2021-39645 MISC |
ibm -- powervm_hypervisor | IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018. | 2021-12-10 | 9.4 | CVE-2021-38917 XF CONFIRM |
ibm -- spectrum_copy_data_management | IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958. | 2021-12-13 | 10 | CVE-2021-39065 CONFIRM XF |
ibm -- spectrum_copy_data_management | IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523. | 2021-12-13 | 7.5 | CVE-2021-39052 XF CONFIRM |
itextpdf -- itext | iTextPDF in iText before 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. | 2021-12-15 | 7.5 | CVE-2021-43113 MISC CONFIRM |
listary -- listary | An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content. | 2021-12-14 | 7.6 | CVE-2021-41067 MISC MISC |
markdown_to_pdf_project -- markdown_to_pdf | The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. | 2021-12-10 | 7.5 | CVE-2021-23639 CONFIRM CONFIRM CONFIRM |
max-3000 -- maxsite_cms | Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page. | 2021-12-10 | 7.5 | CVE-2021-27983 MISC |
merge-deep2_project -- merge-deep2 | All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function. | 2021-12-10 | 7.5 | CVE-2021-23700 CONFIRM |
nocean -- totop_link | The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize() PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain. | 2021-12-13 | 7.5 | CVE-2021-24857 MISC |
online_magazine_management_system_project -- online_magazine_management_system | Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application. | 2021-12-15 | 7.5 | CVE-2021-44653 MISC |
online_pre-owned\/used_car_showroom_management_system_project -- online_pre-owned\/used_car_showroom_management_system | Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application. | 2021-12-15 | 7.5 | CVE-2021-44655 MISC |
opencats -- opencats | OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php. | 2021-12-15 | 10 | CVE-2021-41560 MISC CONFIRM MISC |
pluck-cms -- pluck | In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files. | 2021-12-10 | 7.5 | CVE-2021-27984 MISC |
pluck-cms -- pluck | Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution. | 2021-12-10 | 7.5 | CVE-2021-31746 MISC |
reprisesoftware -- reprise_license_manager | An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.) | 2021-12-13 | 9 | CVE-2021-44153 MISC MISC |
reprisesoftware -- reprise_license_manager | An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account. | 2021-12-13 | 7.5 | CVE-2021-44152 MISC MISC |
sap -- abap_platform | Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | 2021-12-14 | 7.5 | CVE-2021-44231 MISC MISC |
sap -- netweaver_application_server_for_abap | Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system. | 2021-12-14 | 7.2 | CVE-2021-44235 MISC MISC |
sey_project -- sey | All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function. | 2021-12-10 | 7.5 | CVE-2021-23663 CONFIRM |
siemens -- 7kg9501-0aa01-2aa1_firmware | A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41). The affected firmware contains a buffer overflow vulnerability in the web application that could allow a remote attacker with engineer or admin priviliges to potentially perform remote code execution. | 2021-12-14 | 9 | CVE-2021-44165 CONFIRM |
siemens -- sipass_integrated | A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. | 2021-12-14 | 7.5 | CVE-2021-44524 CONFIRM CONFIRM |
stopbadbots -- block_and_stop_bad_bots | The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection | 2021-12-13 | 7.5 | CVE-2021-24863 MISC |
taogogo -- taocms | There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26 | 2021-12-14 | 7.5 | CVE-2021-45014 MISC |
thimpress -- learnpress | The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues | 2021-12-13 | 7.5 | CVE-2021-24951 MISC |
webnus -- modern_events_calendar_lite | The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue | 2021-12-13 | 7.5 | CVE-2021-24946 MISC |
zohocorp -- manageengine_desktop_central | Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. | 2021-12-12 | 10 | CVE-2021-44515 CONFIRM MISC CONFIRM |
zzcms -- zzcms | A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php. | 2021-12-15 | 7.5 | CVE-2021-42945 MISC MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abantecart -- abantecart | An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS. | 2021-12-14 | 4.3 | CVE-2021-42050 MISC MISC |
advancedcustomfields -- advanced_custom_fields | Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors. | 2021-12-13 | 4 | CVE-2021-20866 MISC MISC MISC |
advancedcustomfields -- advanced_custom_fields | Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors. | 2021-12-13 | 5 | CVE-2021-20865 MISC MISC MISC |
advancedcustomfields -- advanced_custom_fields | Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors. | 2021-12-13 | 4 | CVE-2021-20867 MISC MISC MISC |
apache -- log4j | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | 2021-12-14 | 6.8 | CVE-2021-4104 MISC MISC MISC CERT-VN |
app\ -- \ | The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. | 2021-12-13 | 6.8 | CVE-2020-16154 MISC MISC |
auerswald -- comfortel_3600_ip_firmware | Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring. | 2021-12-13 | 5 | CVE-2021-40856 MISC MISC |
auerswald -- compact_5500r_ip_firmware | Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. | 2021-12-13 | 4 | CVE-2021-40857 MISC MISC |
auerswald -- compact_5500r_ip_firmware | Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring. | 2021-12-13 | 6.8 | CVE-2021-40858 MISC MISC |
automox -- automox | Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. | 2021-12-15 | 4.6 | CVE-2021-43326 MISC CONFIRM |
automox -- automox | Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression. | 2021-12-15 | 4.6 | CVE-2021-43325 MISC CONFIRM |
clementine-player -- clementine | Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. | 2021-12-15 | 6.8 | CVE-2021-40826 MISC |
clementine-player -- clementine | Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move, affecting the MP3 file parsing functionality at memcpy+0x265. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. | 2021-12-15 | 6.8 | CVE-2021-40827 MISC |
cleverplugins -- seo_booster | The SEO Booster WordPress plugin through 3.7 allows for authenticated SQL injection via the "fn_my_ajaxified_dataloader_ajax" AJAX request as the $_REQUEST['order'][0]['dir'] parameter is not properly escaped leading to blind and error-based SQL injections. | 2021-12-13 | 6.5 | CVE-2021-24747 MISC |
cm-wp -- auto_featured_image | The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue. | 2021-12-13 | 4.3 | CVE-2021-24932 MISC |
collabora -- online | Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session's authentication token which was also passed in at iframe creation time. Users should upgrade to Collabora Online 6.4.16 or higher or Collabora Online 4.2.20 or higher. Collabora Online Development Edition 21.11 is not affected. | 2021-12-13 | 4.3 | CVE-2021-43817 CONFIRM |
contact_form_advanced_database_project -- contact_form_advanced_database | The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its delete_cf7_data and export_cf7_data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The delete_cf7_data would lead to arbitrary metadata deletion, as well as PHP Object Injection if a suitable gadget chain is present in another plugin, as user data is passed to the maybe_unserialize() function without being first validated. | 2021-12-13 | 4 | CVE-2021-24790 MISC |
cpan\ -- \ | The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data. | 2021-12-13 | 4 | CVE-2020-16155 MISC MISC |
cuppacms -- cuppacms | An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. | 2021-12-14 | 6.5 | CVE-2021-3376 MISC |
cybelesoft -- thinfinity_virtualui | In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists. | 2021-12-13 | 5 | CVE-2021-44848 MISC MISC |
dbeaver -- dbeaver | dbeaver is vulnerable to Improper Restriction of XML External Entity Reference | 2021-12-14 | 4.3 | CVE-2021-3836 CONFIRM MISC |
digi -- transport_dr64_firmware | An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users' passwords. | 2021-12-10 | 4 | CVE-2021-37187 MISC MISC |
digi -- transport_dr64_firmware | An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway. | 2021-12-10 | 6.5 | CVE-2021-37188 MISC MISC |
digi -- transport_wr11_firmware | An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session. | 2021-12-10 | 5 | CVE-2021-37189 MISC MISC |
digitalocean -- toxcore | The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target's DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node. | 2021-12-13 | 4.3 | CVE-2018-25022 MISC MISC MISC |
digitalocean -- toxcore | The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS). | 2021-12-13 | 5 | CVE-2018-25021 MISC MISC MISC |
dpsoft -- parsian_bank_gateway_for_woocommerce | The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via and parameter due to a var_dump() on $_POST variables found in the ~/vendor/dpsoft/parsian-payment/sample/rollback-payment.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | 2021-12-14 | 4.3 | CVE-2021-39309 MISC MISC |
duogeek -- duofaq-responsive-flat-simple-faq | The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8. | 2021-12-14 | 4.3 | CVE-2021-39319 MISC MISC |
duogeek -- simple_image_gallery | The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6. | 2021-12-14 | 4.3 | CVE-2021-39313 MISC MISC |
f-secure -- safe | A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack. | 2021-12-10 | 4.3 | CVE-2021-40834 MISC MISC |
facebook -- hermes | A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | 2021-12-13 | 6.8 | CVE-2021-24045 CONFIRM MISC |
fatcatapps -- pixel_cat | The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks | 2021-12-13 | 6 | CVE-2021-24922 MISC |
fortinet -- fortios | A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations. | 2021-12-13 | 6.6 | CVE-2021-36169 CONFIRM |
frenify -- mediamatic | The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin through 2.7, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection | 2021-12-13 | 6.5 | CVE-2021-24848 MISC |
genesys -- workforce_management | A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter. | 2021-12-15 | 4.3 | CVE-2021-26787 MISC MISC |
get_custom_field_values_project -- get_custom_field_values | The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata. | 2021-12-13 | 4 | CVE-2021-24872 MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent. | 2021-12-13 | 4 | CVE-2021-39940 MISC CONFIRM MISC |
gitlab -- gitlab | Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki. | 2021-12-13 | 4 | CVE-2021-39936 MISC MISC CONFIRM |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack. | 2021-12-13 | 4 | CVE-2021-39933 MISC MISC CONFIRM |
gitlab -- gitlab | A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands | 2021-12-13 | 4 | CVE-2021-39938 MISC CONFIRM |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege to a maintainer on projects they import | 2021-12-13 | 5.5 | CVE-2021-39944 MISC MISC CONFIRM |
gitlab -- gitlab | A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances | 2021-12-13 | 6.5 | CVE-2021-39937 MISC CONFIRM |
gitlab -- gitlab | An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager | 2021-12-13 | 4 | CVE-2021-39939 CONFIRM MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes. | 2021-12-13 | 4 | CVE-2021-39932 MISC CONFIRM |
gitlab -- gitlab | Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates | 2021-12-13 | 4 | CVE-2021-39930 MISC CONFIRM MISC |
gitlab -- gitlab | Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. | 2021-12-13 | 4 | CVE-2021-39934 MISC CONFIRM MISC |
gitlab -- gitlab | Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed. | 2021-12-13 | 4 | CVE-2021-39918 CONFIRM MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack. | 2021-12-13 | 4 | CVE-2021-39917 MISC MISC CONFIRM |
gitlab -- gitlab | Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. | 2021-12-13 | 4 | CVE-2021-39916 CONFIRM MISC MISC |
gitlab -- gitlab | Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked | 2021-12-13 | 4 | CVE-2021-39945 MISC MISC CONFIRM |
gitlab -- gitlab | Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects | 2021-12-13 | 5 | CVE-2021-39915 CONFIRM MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API | 2021-12-13 | 5 | CVE-2021-39935 MISC CONFIRM MISC |
gitlab -- gitlab | An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members | 2021-12-13 | 5 | CVE-2021-39941 MISC MISC CONFIRM |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature. | 2021-12-13 | 4.3 | CVE-2021-39910 CONFIRM MISC MISC |
glfusion -- glfusion | glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction. | 2021-12-14 | 6.4 | CVE-2021-44935 MISC |
glfusion -- glfusion | glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied. | 2021-12-14 | 5 | CVE-2021-44937 MISC |
glfusion -- glfusion | glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist. | 2021-12-14 | 4.3 | CVE-2021-44948 MISC |
glfusion -- glfusion | glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist. | 2021-12-14 | 4.3 | CVE-2021-44942 MISC |
gnome -- epiphany | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list. | 2021-12-16 | 4.3 | CVE-2021-45085 MISC MISC |
gnome -- epiphany | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. | 2021-12-16 | 4.3 | CVE-2021-45086 MISC MISC |
gnome -- epiphany | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. | 2021-12-16 | 4.3 | CVE-2021-45087 MISC MISC |
gnome -- epiphany | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. | 2021-12-16 | 4.3 | CVE-2021-45088 MISC MISC |
gnuboard -- gnuboard5 | gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 2021-12-14 | 4.3 | CVE-2021-3831 MISC CONFIRM |
google -- android | In onCreate of UsbPermissionActivity.java, there is a possible way to grant an app access to USB without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183610267 | 2021-12-15 | 4.4 | CVE-2021-1016 MISC |
google -- android | In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191981182 | 2021-12-15 | 4.6 | CVE-2021-0981 MISC |
google -- android | In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-177931370 | 2021-12-15 | 4.9 | CVE-2021-0653 MISC |
google -- android | In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675 | 2021-12-15 | 4.9 | CVE-2021-0704 MISC |
google -- android | In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-180747689 | 2021-12-15 | 4.7 | CVE-2021-0931 MISC |
google -- android | In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user's contacts with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-195748381 | 2021-12-15 | 4.7 | CVE-2021-0952 MISC |
google -- android | In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-183411279 | 2021-12-15 | 4.7 | CVE-2021-1038 MISC |
google -- android | In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195630721 | 2021-12-15 | 4.6 | CVE-2021-0922 MISC |
google -- android | In phNxpNHal_DtaUpdate of phNxpNciHal_dta.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183487770 | 2021-12-15 | 4.6 | CVE-2021-0977 MISC |
google -- android | In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192475653 | 2021-12-15 | 4.6 | CVE-2021-0984 MISC |
google -- android | In onCreate of AllowBindAppWidgetActivity.java, there is a possible bypass of user interaction requirements due to unclear UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-184676316 | 2021-12-15 | 4.4 | CVE-2021-0769 MISC |
google -- android | In getOffsetBeforeAfter of TextLine.java, there is a possible denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193849901 | 2021-12-15 | 4.3 | CVE-2021-0993 MISC |
google -- android | In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190403923 | 2021-12-15 | 4.6 | CVE-2021-0985 MISC |
google -- android | In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-199680600 | 2021-12-15 | 4.3 | CVE-2021-0976 MISC |
google -- android | In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-188893559 | 2021-12-15 | 4.3 | CVE-2021-0971 MISC |
google -- android | In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-196858999 | 2021-12-15 | 4.6 | CVE-2021-0999 MISC |
google -- android | In onEventReceived of EventResultPersister.java, there is a possible intent redirection due to a confused deputy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191283525 | 2021-12-15 | 4.6 | CVE-2021-1024 MISC |
google -- android | In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193033243 | 2021-12-15 | 4.6 | CVE-2021-1027 MISC |
google -- android | In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel | 2021-12-15 | 6.9 | CVE-2021-0920 MISC MLIST |
google -- android | In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034677 | 2021-12-15 | 4.6 | CVE-2021-1029 MISC |
google -- android | In getTitle of AccessPoint.java, there is a possible unhandled exception due to a missing null check. This could lead to remote denial of service if a proximal Wi-Fi AP provides invalid information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-199922685 | 2021-12-15 | 4.3 | CVE-2021-0969 MISC |
google -- android | In snoozeNotificationInt of NotificationManagerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031703 | 2021-12-15 | 4.4 | CVE-2021-1021 MISC |
google -- android | In snoozeNotification of NotificationListenerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195111725 | 2021-12-15 | 4.4 | CVE-2021-1020 MISC |
google -- android | In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion due to a misleading user consent dialog. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031401 | 2021-12-15 | 4.4 | CVE-2021-1019 MISC |
google -- android | In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-167403112 | 2021-12-15 | 6.9 | CVE-2021-0434 MISC |
google -- android | In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034683 | 2021-12-15 | 4.6 | CVE-2021-1028 MISC |
google -- android | In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a possible Bluetooth service crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180420059 | 2021-12-15 | 5 | CVE-2021-1022 MISC |
google -- android | Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A | 2021-12-15 | 5 | CVE-2021-39646 MISC |
google -- android | In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197868577 | 2021-12-15 | 6.8 | CVE-2021-0968 MISC |
google -- android | In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194300867 | 2021-12-15 | 5.8 | CVE-2021-0965 MISC |
grafana -- grafana | Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text. | 2021-12-10 | 4 | CVE-2021-43813 MISC MISC CONFIRM MISC MISC MISC MLIST |
h2database -- h2 | The package com.h2database:h2 from 0 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability. | 2021-12-10 | 6.4 | CVE-2021-23463 CONFIRM CONFIRM CONFIRM CONFIRM |
h5p-css-editor_project -- h5p-css-editor | The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the ~/h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | 2021-12-14 | 4.3 | CVE-2021-39318 MISC MISC |
hashicorp -- consul | HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace. | 2021-12-12 | 6.5 | CVE-2021-41805 MISC MISC |
hd-network_real-time_monitoring_system_project -- hd-network_real-time_monitoring_system | HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter. | 2021-12-15 | 5 | CVE-2021-45043 MISC MISC |
hp -- storeserv_management_console | A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1. | 2021-12-10 | 6.5 | CVE-2021-29214 MISC |
htaccess-redirect_project -- htaccess-redirect | The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the link parameter found in the ~/htaccess-redirect.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.3.1. | 2021-12-14 | 4.3 | CVE-2021-38361 MISC MISC |
huawei -- cloudengine_7800_firmware | There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust. | 2021-12-13 | 5 | CVE-2021-40008 MISC |
huawei -- ecns280_td_firmware | There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure. | 2021-12-13 | 4 | CVE-2021-40007 MISC |
huntflow -- huntflow_enterprise | An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching for the "isLdap" JavaScript parameter in the HTML source code. | 2021-12-10 | 5 | CVE-2021-37935 MISC |
huntflow -- huntflow_enterprise | Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing. | 2021-12-10 | 5 | CVE-2021-37934 MISC |
ibm -- i2_analysts_notebook | IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439. | 2021-12-13 | 4.6 | CVE-2021-39049 CONFIRM XF |
ibm -- i2_analysts_notebook | IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440. | 2021-12-13 | 4.6 | CVE-2021-39050 CONFIRM XF |
ibm -- mq_for_hpe_nonstop | IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404. | 2021-12-14 | 4.4 | CVE-2021-38950 CONFIRM XF |
ibm -- powervm_hypervisor | IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894. | 2021-12-10 | 6.8 | CVE-2021-38937 XF CONFIRM |
ibm -- spectrum_copy_data_management | IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID: 214957. | 2021-12-13 | 5 | CVE-2021-39064 CONFIRM XF |
ibm -- spectrum_copy_data_management | IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 214617. | 2021-12-13 | 5 | CVE-2021-39058 CONFIRM XF |
ibm -- spectrum_copy_data_management | IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin Console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 214524. | 2021-12-13 | 5 | CVE-2021-39053 XF CONFIRM |
ibm -- spectrum_copy_data_management | IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242. | 2021-12-13 | 5 | CVE-2021-38947 CONFIRM XF |
ibm -- spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956. | 2021-12-13 | 6.4 | CVE-2021-39063 CONFIRM XF |
ibm -- spectrum_protect_plus | The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046. | 2021-12-13 | 4.3 | CVE-2020-4496 CONFIRM XF |
ibm -- spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616. | 2021-12-13 | 5.5 | CVE-2021-39057 CONFIRM XF |
improved_include_page_project -- improved_include_page | The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to. | 2021-12-13 | 4 | CVE-2021-24845 MISC |
jackalope_doctrine-dbal_project -- jackalope_doctrine-dbal | Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API (PHPCR) using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible, you can escape all places where `$property` is used to filter `sv:name` in the class `Jackalope\Transport\DoctrineDBAL\Query\QOMWalker`: `XPath::escape($property)`. Node names and xpaths can contain `"` or `;` according to the JCR specification. The jackalope component that translates the query object model into doctrine dbal queries does not properly escape the names and paths, so that a accordingly crafted node name can lead to an SQL injection. If queries are never done from user input, or if you validate the user input to not contain `;`, you are not affected. | 2021-12-13 | 6.8 | CVE-2021-43822 MISC CONFIRM |
kyma-project -- kyma | Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. | 2021-12-14 | 6.5 | CVE-2021-38182 MISC MISC |
likebtn -- like_button_rating | The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog. | 2021-12-13 | 6 | CVE-2021-24945 MISC |
link-list-manager_project -- link-list-manager | The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the ~/llm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | 2021-12-14 | 4.3 | CVE-2021-39311 MISC MISC |
linuxfoundation -- besu | Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart contracts that ask for shifts between approximately 2 billion and 4 billion bits (nonsensical but valid values for the operation) will fail to execute and hence fail to validate. In networks where vulnerable versions are mining with other clients or non-vulnerable versions this will result in a fork and the relevant transactions will not be included in the fork. In networks where vulnerable versions are not mining (such as Rinkeby) no fork will result and the validator nodes will stop accepting blocks. In networks where only vulnerable versions are mining the relevant transaction will not be included in any blocks. When the network adds a non-vulnerable version the network will act as in the first case. Besu 21.10.2 contains a patch for this issue. Besu 21.7.4 is not vulnerable and clients can roll back to that version. There is a workaround available: Once a transaction with the relevant shift operations is included in the canonical chain, the only remediation is to make sure all nodes are on non-vulnerable versions. | 2021-12-13 | 5 | CVE-2021-41272 CONFIRM MISC MISC |
lxml -- lxml | lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. | 2021-12-13 | 6.8 | CVE-2021-43818 MISC MISC CONFIRM MISC |
lycheeorganisation -- lychee | Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user. | 2021-12-15 | 4.3 | CVE-2021-43675 MISC MISC MISC |
magic-post-voice_project -- magic-post-voice | The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the ~/inc/admin/main.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | 2021-12-14 | 4.3 | CVE-2021-39315 MISC MISC |
mercurius_project -- mercurius | Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8.10.0 to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to `/graphql` unless they are using a custom error handler. The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2. As a workaround users may use a custom error handler. | 2021-12-13 | 5 | CVE-2021-43801 MISC CONFIRM MISC |
microsoft -- hevc_video_extensions | HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40452, CVE-2021-40453. | 2021-12-15 | 6.8 | CVE-2021-41360 MISC |
microsoft -- hevc_video_extensions | HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40453, CVE-2021-41360. | 2021-12-15 | 6.8 | CVE-2021-40452 MISC |
microsoft -- hevc_video_extensions | HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40452, CVE-2021-41360. | 2021-12-15 | 6.8 | CVE-2021-40453 MISC |
mruby -- mruby | mruby is vulnerable to NULL Pointer Dereference | 2021-12-15 | 5 | CVE-2021-4110 CONFIRM MISC |
nodejs -- node.js | Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue. | 2021-12-10 | 4.3 | CVE-2021-43803 MISC MISC MISC MISC CONFIRM |
openwhyd -- openwhyd | openwhyd is vulnerable to URL Redirection to Untrusted Site | 2021-12-10 | 5.8 | CVE-2021-3829 CONFIRM MISC |
page\/post_content_shortcode_project -- page\/post_content_shortcode | The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors. | 2021-12-13 | 4 | CVE-2021-24819 MISC |
patrowl -- patrowlmanager | PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/<owner_id>/<tmp_file> In that, owner_id is predictable and tmp_file is in format of import_<ownder_id>_<time_created>, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files This vulnerability is capable of allowing unlogged in users to download all finding imports file. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds. | 2021-12-14 | 5 | CVE-2021-43828 CONFIRM MISC |
patrowl -- patrowlmanager | PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and potentially other forms of code injection. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds for this issue. | 2021-12-14 | 6.5 | CVE-2021-43829 CONFIRM MISC MISC |
perl -- comprehensive_perl_archive_network | CPAN 2.28 allows Signature Verification Bypass. | 2021-12-13 | 6.8 | CVE-2020-16156 MISC MISC MISC |
phoeniixx -- filter_portfolio_gallery | The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery (CSRF) check when deleting a Gallery, which could allow attackers to make a logged in admin delete arbitrary Gallery. | 2021-12-13 | 4.3 | CVE-2021-24795 MISC |
phpservermonitor -- php_server_monitor | phpservermon is vulnerable to Improper Neutralization of CRLF Sequences | 2021-12-12 | 5.8 | CVE-2021-4097 MISC CONFIRM |
pimcore -- pimcore | pimcore is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-12-10 | 4.3 | CVE-2021-4082 MISC CONFIRM |
pimcore -- pimcore | pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 2021-12-10 | 4.3 | CVE-2021-4084 CONFIRM MISC |
piwigo -- piwigo | A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location. | 2021-12-14 | 4.3 | CVE-2021-40882 MISC |
pluck-cms -- pluck | Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password. | 2021-12-10 | 5 | CVE-2021-31745 MISC |
pluck-cms -- pluck | Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks. | 2021-12-10 | 5.8 | CVE-2021-31747 MISC |
plugins360 -- all-in-one_video_gallery | The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue | 2021-12-13 | 6.5 | CVE-2021-24970 MISC |
profilepress -- user_registration\,_login_form\,_user_profile_\&_membership | The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppress_cc_data parameter before outputting it back in an attribute of an admin dashboard page, leading to a Reflected Cross-Site Scripting issue | 2021-12-13 | 4.3 | CVE-2021-24954 CONFIRM MISC |
profilepress -- user_registration\,_login_form\,_user_profile_\&_membership | The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not escape the data parameter of the pp_get_forms_by_builder_type AJAX action before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue | 2021-12-13 | 4.3 | CVE-2021-24955 CONFIRM MISC |
quotes_collection_project -- quotes_collection | The Quotes Collection WordPress plugin through 2.5.2 does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection | 2021-12-13 | 6.5 | CVE-2021-24861 MISC |
registrationmagic -- registrationmagic | The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plugin. This affects versions equal to, and less than, 5.0.1.7. | 2021-12-14 | 6.8 | CVE-2021-4073 MISC MISC MISC |
reprisesoftware -- reprise_license_manager | An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g., /goforms/menu) and saving the name of the cookie sent with the response. The attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit. | 2021-12-13 | 5 | CVE-2021-44151 MISC MISC |
reprisesoftware -- reprise_license_manager | An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users. | 2021-12-13 | 5 | CVE-2021-44155 MISC MISC |
reprisesoftware -- reprise_license_manager | An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/edit_opt, which will then be triggered when running the diagnostics (via /goform/diagnostics_doit), resulting in a buffer overflow. | 2021-12-13 | 6.5 | CVE-2021-44154 MISC MISC |
sap -- 3d_visual_enterprise_viewer | When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application | 2021-12-14 | 4.3 | CVE-2021-42070 MISC MISC |
sap -- 3d_visual_enterprise_viewer | When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application | 2021-12-14 | 4.3 | CVE-2021-42069 MISC MISC |
sap -- 3d_visual_enterprise_viewer | When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 2021-12-14 | 4.3 | CVE-2021-42068 MISC MISC |
sap -- commerce | If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the parameterized "in" clause accepts more than 1000 values. | 2021-12-14 | 6.8 | CVE-2021-42064 MISC MISC |
sap -- knowledge_warehouse | A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data. | 2021-12-14 | 4.3 | CVE-2021-42063 MISC MISC |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition. | 2021-12-14 | 4.3 | CVE-2021-44007 CONFIRM |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. | 2021-12-14 | 4.3 | CVE-2021-44004 CONFIRM |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition. | 2021-12-14 | 4.3 | CVE-2021-44003 CONFIRM |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Image.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted TIF files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15111) | 2021-12-14 | 4.3 | CVE-2021-44017 CONFIRM |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. | 2021-12-14 | 4.3 | CVE-2021-44008 CONFIRM |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. | 2021-12-14 | 4.3 | CVE-2021-44009 CONFIRM |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. | 2021-12-14 | 4.3 | CVE-2021-44010 CONFIRM |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer while parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15101) | 2021-12-14 | 4.3 | CVE-2021-44011 CONFIRM |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14974) | 2021-12-14 | 6.8 | CVE-2021-44001 CONFIRM |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15102) | 2021-12-14 | 4.3 | CVE-2021-44012 CONFIRM |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The VCRUNTIME140.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted CGM files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15109) | 2021-12-14 | 4.3 | CVE-2021-44015 CONFIRM |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058) | 2021-12-14 | 6.8 | CVE-2021-44002 CONFIRM |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process. | 2021-12-14 | 6.8 | CVE-2021-44005 CONFIRM |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process. | 2021-12-14 | 6.8 | CVE-2021-44006 CONFIRM |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15103) | 2021-12-14 | 6.8 | CVE-2021-44013 CONFIRM |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057) | 2021-12-14 | 6.8 | CVE-2021-44014 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14845) | 2021-12-14 | 6.8 | CVE-2021-44432 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14829) | 2021-12-14 | 6.8 | CVE-2021-44430 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14907) | 2021-12-14 | 6.8 | CVE-2021-44438 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14906) | 2021-12-14 | 6.8 | CVE-2021-44437 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14902, ZDI-CAN-14866) | 2021-12-14 | 6.8 | CVE-2021-44434 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14841) | 2021-12-14 | 4.3 | CVE-2021-44431 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14905) | 2021-12-14 | 4.3 | CVE-2021-44436 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15052) | 2021-12-14 | 4.3 | CVE-2021-44444 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14843, ZDI-CAN-15051) | 2021-12-14 | 4.3 | CVE-2021-44448 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14908) | 2021-12-14 | 6.8 | CVE-2021-44439 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14903) | 2021-12-14 | 6.8 | CVE-2021-44435 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14900) | 2021-12-14 | 6.8 | CVE-2021-44433 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14995) | 2021-12-14 | 6.8 | CVE-2021-44442 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to memory corruption condition while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14912) | 2021-12-14 | 6.8 | CVE-2021-44440 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14911) | 2021-12-14 | 6.8 | CVE-2021-44447 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14913) | 2021-12-14 | 6.8 | CVE-2021-44441 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15039) | 2021-12-14 | 6.8 | CVE-2021-44443 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15054) | 2021-12-14 | 6.8 | CVE-2021-44445 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15055, ZDI-CAN-14915, ZDI-CAN-14865) | 2021-12-14 | 6.8 | CVE-2021-44450 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14828, ZDI-CAN-14898) | 2021-12-14 | 6.8 | CVE-2021-44446 CONFIRM |
siemens -- jt_open_toolkit | A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830) | 2021-12-14 | 6.8 | CVE-2021-44449 CONFIRM |
siemens -- sipass_integrated | A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. | 2021-12-14 | 5 | CVE-2021-44522 CONFIRM CONFIRM |
siemens -- sipass_integrated | A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries. | 2021-12-14 | 6.4 | CVE-2021-44523 CONFIRM CONFIRM |
siemens -- teamcenter_active_workspace | A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All versions < V5.2.3). The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights. | 2021-12-14 | 6.5 | CVE-2021-41547 CONFIRM |
single_post_exporter_project -- single_post_exporter | The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL | 2021-12-13 | 4.3 | CVE-2021-24780 MISC |
snipeitapp -- snipe-it | snipe-it is vulnerable to Improper Access Control | 2021-12-10 | 4 | CVE-2021-4089 CONFIRM MISC |
socomec -- remote_view_pro_firmware | An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenticated attacker can bypass a client-side file-type check and upload arbitrary .php files. | 2021-12-15 | 6.5 | CVE-2021-41870 MISC MISC |
sourcegraph -- sourcegraph | Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A successful attack would require an authenticated bad actor to create many Saved Searches or Code Monitors to receive confirmation that a specific string exists. This could allow an attacker to guess formatted tokens in source code, such as API keys. This issue was patched in version 3.33.2 and any future versions of Sourcegraph. We strongly encourage upgrading to secure versions. If you are unable to, you may disable Saved Searches and Code Monitors. | 2021-12-13 | 4 | CVE-2021-43823 CONFIRM MISC |
storeapps -- temporary_login_without_password | The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them | 2021-12-13 | 4 | CVE-2021-24836 MISC |
sysaid -- application_programming_interface | Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server. | 2021-12-14 | 5 | CVE-2021-36721 CERT |
taogogo -- taocms | taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. | 2021-12-14 | 6.4 | CVE-2021-45015 MISC |
trueranker -- true_ranker | The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file. | 2021-12-14 | 5 | CVE-2021-39312 MISC MISC |
unisys -- cargo_mobile | Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False. | 2021-12-14 | 4.3 | CVE-2021-43388 MISC |
user_meta_shortcodes_project -- user_meta_shortcodes | The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes | 2021-12-13 | 4 | CVE-2021-24859 MISC |
verint -- workforce_optimization | Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter. | 2021-12-15 | 4.3 | CVE-2021-36450 MISC MISC MISC |
wanderlust-webdesign -- woo-enviopack | The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the ~/includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | 2021-12-14 | 4.3 | CVE-2021-39314 MISC MISC |
we-con -- levistudiou | WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code. | 2021-12-13 | 6.8 | CVE-2021-43983 MISC |
webnus -- modern_events_calendar_lite | The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its mec_list_load_more AJAX call (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue | 2021-12-13 | 4.3 | CVE-2021-24925 MISC |
windyroad -- real_wysiwyg | The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHP_SELF in the ~/real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2. | 2021-12-14 | 4.3 | CVE-2021-39310 MISC MISC |
woo-myghpay-payment-gateway_project -- woo-myghpay-payment-gateway | The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the clientref parameter found in the ~/processresponse.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.0. | 2021-12-14 | 4.3 | CVE-2021-39308 MISC MISC |
wp_admin_logo_changer_project -- wp_admin_logo_changer | The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin update them via a CSRF attack. | 2021-12-13 | 4.3 | CVE-2021-24784 MISC |
wp_limits_project -- wp_limits | The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values | 2021-12-13 | 4.3 | CVE-2021-24818 MISC |
wp_system_log_project -- wp_system_log | The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs. | 2021-12-13 | 4.3 | CVE-2021-24756 MISC |
wpcloudplugins -- lets-box | Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. | 2021-12-13 | 4.3 | CVE-2021-42549 CONFIRM |
wpcloudplugins -- out-of-the-box | Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. | 2021-12-13 | 4.3 | CVE-2021-42547 CONFIRM |
wpcloudplugins -- share-one-drive | Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. | 2021-12-13 | 4.3 | CVE-2021-42548 CONFIRM |
wpcloudplugins -- use-your-drive | Insufficient Input Validation in the search functionality of Wordpress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. | 2021-12-13 | 4.3 | CVE-2021-42546 CONFIRM |
wpeden -- shiny_buttons | The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template (wpbtn_save_template function hooked to the init action), nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored Cross-Site Scripting issues. | 2021-12-13 | 4.3 | CVE-2021-24792 MISC |
yetiforce -- yetiforce_customer_relationship_management | yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 2021-12-14 | 4.3 | CVE-2021-4107 CONFIRM MISC |
yetiforce -- yetiforce_customer_relationship_management | yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-12-11 | 4.3 | CVE-2021-4092 CONFIRM MISC |
yetiforce -- yetiforce_customer_relationship_management | yetiforcecrm is vulnerable to Business Logic Errors | 2021-12-15 | 4 | CVE-2021-4111 CONFIRM MISC |
yetiforce -- yetiforce_customer_relationship_management | yetiforcecrm is vulnerable to Business Logic Errors | 2021-12-15 | 4 | CVE-2021-4117 CONFIRM MISC |
zoom -- meetings | The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat’s “link preview” functionality. In versions prior to 5.7.3, if a user were to enable the chat’s “link preview” feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly. | 2021-12-14 | 4 | CVE-2021-34425 MISC |
zzcms -- zzcms | Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php. | 2021-12-13 | 4.3 | CVE-2020-19042 MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abantecart -- abantecart | An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload. | 2021-12-14 | 3.5 | CVE-2021-42051 MISC MISC |
amd -- epyc_7001_firmware | A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM). | 2021-12-10 | 3.6 | CVE-2021-26340 MISC |
apache -- log4j | It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. | 2021-12-14 | 2.6 | CVE-2021-45046 MLIST MISC MISC CONFIRM CISCO MLIST CONFIRM CERT-VN CONFIRM DEBIAN CONFIRM CONFIRM MLIST |
basixonline -- nex-forms | The NEX-Forms WordPress plugin through 7.9.4 does not escape some of its settings and form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2021-12-13 | 3.5 | CVE-2021-24705 MISC |
calderaforms -- caldera_forms | The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2021-12-13 | 3.5 | CVE-2021-24896 MISC |
comment_engine_pro_project -- comment_engine_pro | Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role. | 2021-12-10 | 3.5 | CVE-2021-36911 CONFIRM MISC |
conva -- fathom_analytics | The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $site_id parameter found in the ~/fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 3.0.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | 2021-12-14 | 3.5 | CVE-2021-41836 MISC MISC |
display_post_metadata_project -- display_post_metadata | The Display Post Metadata WordPress plugin before 1.5.0 adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks | 2021-12-13 | 3.5 | CVE-2021-24855 MISC |
dolibarr -- dolibarr | A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box. | 2021-12-15 | 3.5 | CVE-2021-42220 MISC MISC |
fatcatapps -- pixel_cat | The Pixel Cat WordPress plugin before 2.6.3 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | 2021-12-13 | 3.5 | CVE-2021-24972 MISC |
flex_local_fonts_project -- flex_local_fonts | The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2021-12-13 | 3.5 | CVE-2021-24782 MISC |
get_custom_field_values_project -- get_custom_field_values | The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks | 2021-12-13 | 3.5 | CVE-2021-24871 MISC |
gitlab -- gitlab | In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure. | 2021-12-13 | 2.1 | CVE-2021-39919 MISC CONFIRM |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error. | 2021-12-13 | 3.5 | CVE-2021-39931 MISC CONFIRM MISC |
google -- android | In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190619791 | 2021-12-15 | 2.1 | CVE-2021-0987 MISC |
google -- android | In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191954233 | 2021-12-15 | 2.1 | CVE-2021-0988 MISC |
google -- android | In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180104327 | 2021-12-15 | 1.9 | CVE-2021-0992 MISC |
google -- android | In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194105812 | 2021-12-15 | 2.1 | CVE-2021-0989 MISC |
google -- android | In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-185591180 | 2021-12-15 | 2.1 | CVE-2021-0990 MISC |
google -- android | In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193801134 | 2021-12-15 | 2.1 | CVE-2021-0994 MISC |
google -- android | In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197536547 | 2021-12-15 | 2.1 | CVE-2021-0995 MISC |
google -- android | In 'ih264e_find_bskip_params()' of ih264e_me.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193442575 | 2021-12-15 | 2.1 | CVE-2021-0998 MISC |
google -- android | In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191086488 | 2021-12-15 | 2.1 | CVE-2021-0997 MISC |
google -- android | In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197328178 | 2021-12-15 | 1.9 | CVE-2021-0973 MISC |
google -- android | In adjustStreamVolume of AudioService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194110891 | 2021-12-15 | 2.1 | CVE-2021-1018 MISC |
google -- android | In hasNamedWallpaper of WallpaperManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193800652 | 2021-12-15 | 2.1 | CVE-2021-1025 MISC |
google -- android | In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192245204 | 2021-12-15 | 2.1 | CVE-2021-0983 MISC |
google -- android | In startRanging of RttServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194798757 | 2021-12-15 | 2.1 | CVE-2021-1026 MISC |
google -- android | In setNotificationsShownFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194697001 | 2021-12-15 | 2.1 | CVE-2021-1030 MISC |
google -- android | In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-197336441 | 2021-12-15 | 1.9 | CVE-2021-0919 MISC |
google -- android | In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192247339 | 2021-12-15 | 2.1 | CVE-2021-0986 MISC |
google -- android | In nfaHciCallback of HciEventManager.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-181346545 | 2021-12-15 | 2.7 | CVE-2021-0996 MISC |
google -- android | In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192368508 | 2021-12-15 | 2.1 | CVE-2021-0982 MISC |
google -- android | In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199754277 | 2021-12-15 | 3.3 | CVE-2021-0963 MISC |
google -- android | In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191772737 | 2021-12-15 | 2.1 | CVE-2021-0979 MISC |
google -- android | In onCreate of RequestIgnoreBatteryOptimizations.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195963373 | 2021-12-15 | 1.9 | CVE-2021-1023 MISC |
google -- android | In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192587406 | 2021-12-15 | 2.1 | CVE-2021-0978 MISC |
google -- android | In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-181588752 | 2021-12-15 | 2.7 | CVE-2021-0991 MISC |
google -- android | In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-198346478 | 2021-12-15 | 2.1 | CVE-2021-0966 MISC |
grafana -- grafana | Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. | 2021-12-10 | 3.5 | CVE-2021-43815 CONFIRM MISC MISC MISC MISC MLIST |
ibm -- spectrum_copy_data_management | IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 214525. | 2021-12-13 | 3.5 | CVE-2021-39054 XF CONFIRM |
ibm -- spectrum_protect_backup-archive_client | IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438. | 2021-12-13 | 2.1 | CVE-2021-39048 XF CONFIRM |
ibm -- spectrum_protect_operations_center | IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610. | 2021-12-13 | 2.1 | CVE-2021-38901 XF CONFIRM |
inspirational_quote_rotator_project -- inspirational_quote_rotator | The Inspirational Quote Rotator WordPress plugin through 1.0.0 does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the "Quotes list" even when the unfiltered_html capability is disallowed | 2021-12-13 | 3.5 | CVE-2021-24771 MISC |
sap -- business_one | SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application. | 2021-12-14 | 3.5 | CVE-2021-42066 MISC MISC |
sap -- businessobjects_business_intelligence_platform | SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the "Quick Prompt" workflow. | 2021-12-14 | 3.5 | CVE-2021-42061 MISC MISC |
siemens -- simatic_easie_pcs_7_skill | A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files. The affected file download function is disabled by default. | 2021-12-14 | 3.5 | CVE-2021-42022 CONFIRM |
socomec -- remote_view_pro_firmware | An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper validation of input into the username field makes it possible to place a stored XSS payload. This is executed if an administrator views the System Event Log. | 2021-12-15 | 3.5 | CVE-2021-41871 MISC MISC |
sofico -- miles_rich_internet_application | Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting (XSS). An attacker with access to a user account of the RIA IT or the Fleet role can create a crafted work order in the damage reports section (or change existing work orders). The XSS payload is in the work order number. | 2021-12-15 | 3.5 | CVE-2021-41557 MISC MISC |
thruk -- thruk | Thruk 2.40-2 allows stored XSS. | 2021-12-15 | 3.5 | CVE-2021-35490 MISC MISC |
ultimate_nofollow_project -- ultimate_nofollow | The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks | 2021-12-13 | 3.5 | CVE-2021-24817 MISC |
variation_swatches_for_woocommerce_project -- variation_swatches_for_woocommerce | The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability. | 2021-12-14 | 3.5 | CVE-2021-42367 MISC MISC |
yetiforce -- yetiforce_customer_relationship_management | yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 2021-12-15 | 3.5 | CVE-2021-4116 MISC CONFIRM |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
N/A -- N/A | pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. | 2021-12-16 | not yet calculated | CVE-2021-45095 MISC MISC |
addons-ssh -- addons-ssh | ** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against complex social engineering situations. | 2021-12-16 | not yet calculated | CVE-2021-45099 MISC MISC |
ajaxsoundstudio -- ajaxsoundstudio | Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name. | 2021-12-17 | not yet calculated | CVE-2021-41499 MISC |
alac_decoder -- alac_decoder | In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237. | 2021-12-17 | not yet calculated | CVE-2021-0674 MISC |
anchor -- cms | Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations. | 2021-12-15 | not yet calculated | CVE-2021-44116 MISC |
anonaddy -- anonaddy | A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. | 2021-12-15 | not yet calculated | CVE-2021-42216 MISC MISC MISC |
apache -- log4j2 | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3. | 2021-12-18 | not yet calculated | CVE-2021-45105 MISC CONFIRM MLIST DEBIAN MISC CISCO |
apache -- nifi | In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information. | 2021-12-17 | not yet calculated | CVE-2021-44145 MISC MLIST |
apache -- sling_commons_messaging_mail | Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. Apache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default. - https://javaee.github.io/javamail/docs/SSLNOTES.txt - https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html - https://github.com/eclipse-ee4j/mail/issues/429 | 2021-12-14 | not yet calculated | CVE-2021-44549 MISC |
apple -- ios | GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass. | 2021-12-16 | not yet calculated | CVE-2021-3179 MISC MISC MISC |
apple -- ios | An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar. | 2021-12-16 | not yet calculated | CVE-2021-40835 MISC MISC |
apusys -- apusys | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05670549. | 2021-12-17 | not yet calculated | CVE-2021-0897 MISC |
apusys -- apusys | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656488. | 2021-12-17 | not yet calculated | CVE-2021-0903 MISC |
apusys -- apusys | In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656484. | 2021-12-17 | not yet calculated | CVE-2021-0902 MISC |
apusys -- apusys | In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618. | 2021-12-17 | not yet calculated | CVE-2021-0901 MISC |
apusys -- apusys | In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672055. | 2021-12-17 | not yet calculated | CVE-2021-0900 MISC |
apusys -- apusys | In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672059. | 2021-12-17 | not yet calculated | CVE-2021-0899 MISC |
apusys -- apusys | In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672071. | 2021-12-17 | not yet calculated | CVE-2021-0898 MISC |
apusys -- apusys | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05722511. | 2021-12-17 | not yet calculated | CVE-2021-0678 MISC |
apusys -- apusys | In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781. | 2021-12-17 | not yet calculated | CVE-2021-0679 MISC |
apusys -- apusys | In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474. | 2021-12-17 | not yet calculated | CVE-2021-0893 MISC |
apusys -- apusys | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672038. | 2021-12-17 | not yet calculated | CVE-2021-0894 MISC |
apusys -- apusys | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672003. | 2021-12-17 | not yet calculated | CVE-2021-0895 MISC |
apusys -- apusys | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05671206. | 2021-12-17 | not yet calculated | CVE-2021-0896 MISC |
atomix -- atomix | An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node. | 2021-12-16 | not yet calculated | CVE-2020-35213 MISC |
atomix -- atomix | An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations. | 2021-12-16 | not yet calculated | CVE-2020-35214 MISC |
atomix -- atomix | An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information. | 2021-12-16 | not yet calculated | CVE-2020-35209 MISC |
atomix -- atomix | A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages. | 2021-12-16 | not yet calculated | CVE-2020-35210 MISC |
atomix -- atomix | An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext. | 2021-12-16 | not yet calculated | CVE-2020-35211 MISC |
atomix -- atomix | An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states. | 2021-12-16 | not yet calculated | CVE-2020-35215 MISC |
atomix -- atomix | An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages. | 2021-12-16 | not yet calculated | CVE-2020-35216 MISC |
audio_aurisys_hal -- audio_aurisys_hal | In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326. | 2021-12-17 | not yet calculated | CVE-2021-0673 MISC |
auth0 -- auth0 | The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | 2021-12-16 | not yet calculated | CVE-2021-43812 MISC CONFIRM |
bitdefender -- endpoint_security_tools | A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272 | 2021-12-16 | not yet calculated | CVE-2021-3959 MISC |
bitdefender -- gravityzone | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272 | 2021-12-16 | not yet calculated | CVE-2021-3960 MISC |
bookstack -- bookstack | bookstack is vulnerable to Improper Access Control | 2021-12-15 | not yet calculated | CVE-2021-4119 MISC CONFIRM |
bus_pass_management_system -- bus_pass_management_system | In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. | 2021-12-16 | not yet calculated | CVE-2021-44315 MISC MISC |
bus_pass_management_system -- bus_pass_management_system | In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability. | 2021-12-16 | not yet calculated | CVE-2021-44317 MISC MISC |
catfish -- catfish | Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via a Google search in url:/catfishcms/index.php/admin/Index/addmenu.htmland then the .html file on the website that uses this editor (the file suffix is allowed). | 2021-12-15 | not yet calculated | CVE-2021-45018 MISC |
catfish -- catfish | Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as your malicious url address in the Add Menu column. | 2021-12-15 | not yet calculated | CVE-2021-45017 MISC |
cbioportal -- cbioportal | A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json. | 2021-12-16 | not yet calculated | CVE-2021-38244 MISC MISC |
ccu_driver -- ccu_driver | In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827154; Issue ID: ALPS05827154. | 2021-12-17 | not yet calculated | CVE-2021-0677 MISC |
convos-chat -- convos-chat | A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before 6.32. | 2021-12-17 | not yet calculated | CVE-2021-42584 MISC MISC MISC |
cvxopt -- cvxopt | Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects. | 2021-12-17 | not yet calculated | CVE-2021-41500 MISC |
discourse -- discourse | discourse-footnote is a library providing footnotes for posts in Discourse. ### Impact When posting an inline footnote wrapped in `<a>` tags (e.g. `<a>^[footnote]</a>`, the resulting rendered HTML would include a nested `<a>`, which is stripped by Nokogiri because it is not valid. This then caused a javascript error on topic pages because we were looking for an `<a>` element inside the footnote reference span and getting its ID, and because it did not exist we got a null reference error in javascript. Users are advised to update to version 0.2. As a workaround editing offending posts from the rails console or the database console for self-hosters, or disabling the plugin in the admin panel can mitigate this issue. | 2021-12-14 | not yet calculated | CVE-2021-43827 MISC CONFIRM |
dojo -- dojo | All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. | 2021-12-17 | not yet calculated | CVE-2021-23450 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
dojo -- dojo | All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is. | 2021-12-17 | not yet calculated | CVE-2021-23797 CONFIRM |
elabftw -- elabftw | eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows any authenticated user to gain access to arbitrary accounts by setting a specially crafted email address. This vulnerability impacts all instances that have not set an explicit email domain name allowlist. Note that whereas neither administrators nor targeted users are notified of a change, an attacker will need to control an account. The default settings require administrators to validate newly created accounts. The problem has been patched. Users should upgrade to at least version 4.2.0. For users unable to upgrade enabling an email domain allow list (from Sysconfig panel, Security tab) will completely resolve the issue. | 2021-12-16 | not yet calculated | CVE-2021-43833 CONFIRM MISC |
elabftw -- elabftw | eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the (default) local password mechanism. Users should upgrade to at least version 4.2.0. | 2021-12-16 | not yet calculated | CVE-2021-43834 MISC CONFIRM |
fatpipe_network -- fatpipe_warp_ipvpn_and_mpvpn_software | A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005. | 2021-12-15 | not yet calculated | CVE-2021-27859 CONFIRM MISC MISC |
fatpipe_network -- fatpipe_warp_ipvpn_and_mpvpn_software | A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004. | 2021-12-15 | not yet calculated | CVE-2021-27858 CONFIRM MISC MISC |
fatpipe_network -- fatpipe_warp_ipvpn_and_mpvpn_software | A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003. | 2021-12-15 | not yet calculated | CVE-2021-27857 MISC CONFIRM MISC |
fatpipe_network -- fatpipe_warp_ipvpn_and_mpvpn_software | FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002. | 2021-12-15 | not yet calculated | CVE-2021-27856 MISC CONFIRM MISC |
fatpipe_network -- fatpipe_warp_ipvpn_and_mpvpn_software | FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001. | 2021-12-15 | not yet calculated | CVE-2021-27855 MISC MISC CONFIRM |
fiberhome -- onu_gpon_an5506 | FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon. | 2021-12-16 | not yet calculated | CVE-2021-42912 MISC MISC MISC |
fortiguard -- forticlientems | A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol. | 2021-12-16 | not yet calculated | CVE-2021-41028 CONFIRM |
ftpshell -- ftpshell | A buffer overflow vulnerability in the Virtual Path Mapping component of FTPShell v6.83 allows attackers to cause a denial of service (DoS). | 2021-12-17 | not yet calculated | CVE-2020-18077 MISC |
galette -- galette | Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds. | 2021-12-16 | not yet calculated | CVE-2021-41262 MISC CONFIRM |
galette -- galette | Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been resolved in the 0.9.6 release and all users are advised to upgrade. There are no known workarounds. | 2021-12-16 | not yet calculated | CVE-2021-41261 CONFIRM MISC |
galette -- galette | Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue. | 2021-12-16 | not yet calculated | CVE-2021-41260 CONFIRM MISC |
geniezone_driver -- geniezone_driver | In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009. | 2021-12-17 | not yet calculated | CVE-2021-0676 MISC |
gnu -- binutils | stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. | 2021-12-15 | not yet calculated | CVE-2021-45078 MISC MISC |
google -- android | In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible disclosure of freed kernel heap memory due to a use after free. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187851056References: N/A | 2021-12-15 | not yet calculated | CVE-2021-1042 MISC |
google -- android | In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel | 2021-12-15 | not yet calculated | CVE-2021-39648 MISC |
google -- android | In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857506 | 2021-12-15 | not yet calculated | CVE-2021-1003 MISC |
google -- android | In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194533433 | 2021-12-15 | not yet calculated | CVE-2021-1002 MISC |
google -- android | In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190435883 | 2021-12-15 | not yet calculated | CVE-2021-1001 MISC |
google -- android | In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196046570References: Upstream kernel | 2021-12-15 | not yet calculated | CVE-2021-0961 MISC |
google -- android | In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel information due to uninitialized data. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-120612905References: Upstream kernel | 2021-12-15 | not yet calculated | CVE-2021-39636 MISC |
google -- android | In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193579873References: N/A | 2021-12-15 | not yet calculated | CVE-2021-39637 MISC |
google -- android | In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195607566References: N/A | 2021-12-15 | not yet calculated | CVE-2021-39638 MISC |
google -- android | In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. This could lead to local escalation of privilege with physical access to device internals with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198291476References: N/A | 2021-12-15 | not yet calculated | CVE-2021-39639 MISC |
google -- android | In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157294279References: N/A | 2021-12-15 | not yet calculated | CVE-2021-39640 MISC |
google -- android | Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A | 2021-12-15 | not yet calculated | CVE-2021-39641 MISC |
google -- android | In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195731663References: N/A | 2021-12-15 | not yet calculated | CVE-2021-39642 MISC |
google -- android | In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195573629References: N/A | 2021-12-15 | not yet calculated | CVE-2021-39643 MISC |
google -- android | In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible reinitialization of TEE due to improper locking. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198713939References: N/A | 2021-12-15 | not yet calculated | CVE-2021-39647 MISC |
google -- android | In regmap_exit of regmap.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049006References: N/A | 2021-12-15 | not yet calculated | CVE-2021-39649 MISC |
google -- android | In TBD of TBD, there is a possible downgrade attack due to under utilized anti-rollback protections. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194697257References: N/A | 2021-12-15 | not yet calculated | CVE-2021-1043 MISC |
google -- android | In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-169763055References: N/A | 2021-12-15 | not yet calculated | CVE-2021-39650 MISC |
google -- android | In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN confirmation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193438173References: N/A | 2021-12-15 | not yet calculated | CVE-2021-39651 MISC |
google -- android | In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194499021References: N/A | 2021-12-15 | not yet calculated | CVE-2021-39652 MISC |
google -- android | In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193443223References: N/A | 2021-12-15 | not yet calculated | CVE-2021-39653 MISC |
google -- android | Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A | 2021-12-15 | not yet calculated | CVE-2021-39655 MISC |
google -- android | In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel | 2021-12-15 | not yet calculated | CVE-2021-39656 MISC |
google -- android | In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel | 2021-12-15 | not yet calculated | CVE-2021-39657 MISC |
google -- android | In update of km_compat.cpp, there is a possible loss of potentially sensitive data due to a logic error in the code. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200041882 | 2021-12-15 | not yet calculated | CVE-2021-0958 MISC |
google -- android | In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532 | 2021-12-15 | not yet calculated | CVE-2021-0956 MISC |
google -- android | In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-192085766 | 2021-12-15 | not yet calculated | CVE-2021-0955 MISC |
google -- android | In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-143559931 | 2021-12-15 | not yet calculated | CVE-2021-0954 MISC |
google -- android | In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278 | 2021-12-15 | not yet calculated | CVE-2021-0953 MISC |
google -- android | In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-190286685 | 2021-12-15 | not yet calculated | CVE-2021-0650 MISC |
google -- android | In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197749180 | 2021-12-15 | not yet calculated | CVE-2021-1004 MISC |
google -- android | In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530889 | 2021-12-15 | not yet calculated | CVE-2021-1005 MISC |
google -- android | In several functions of DatabaseManager.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183961974 | 2021-12-15 | not yet calculated | CVE-2021-1006 MISC |
google -- android | In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186404356 | 2021-12-15 | not yet calculated | CVE-2021-1013 MISC |
google -- android | In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195570681References: N/A | 2021-12-15 | not yet calculated | CVE-2021-1044 MISC |
google -- android | Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A | 2021-12-15 | not yet calculated | CVE-2021-1045 MISC |
google -- android | In (TBD) of (TBD), there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182950799References: N/A | 2021-12-15 | not yet calculated | CVE-2021-1041 MISC |
google -- android | In valid_ipc_dram_addr of cm_access_control.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197966306References: N/A | 2021-12-15 | not yet calculated | CVE-2021-1047 MISC |
google -- android | In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel | 2021-12-15 | not yet calculated | CVE-2021-1048 MISC |
google -- android | In onCreate of BluetoothPairingSelectionFragment.java, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182810085 | 2021-12-15 | not yet calculated | CVE-2021-1040 MISC |
google -- android | In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182808318 | 2021-12-15 | not yet calculated | CVE-2021-1039 MISC |
google -- android | In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine whether an app is installed, without querypermissions due to a missing permission check. This could lead to localinformation disclosure with no additional execution privileges needed. Userinteraction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193441322 | 2021-12-15 | not yet calculated | CVE-2021-1034 MISC |
google -- android | In getMimeGroup of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-184745603 | 2021-12-15 | not yet calculated | CVE-2021-1032 MISC |
google -- android | In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194697004 | 2021-12-15 | not yet calculated | CVE-2021-1031 MISC |
google -- android | In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530496 | 2021-12-15 | not yet calculated | CVE-2021-1015 MISC |
google -- android | In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186776740 | 2021-12-15 | not yet calculated | CVE-2021-1014 MISC |
google -- android | In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-182583850 | 2021-12-15 | not yet calculated | CVE-2021-1017 MISC |
google -- android | In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195412179 | 2021-12-15 | not yet calculated | CVE-2021-1012 MISC |
google -- android | In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189858128 | 2021-12-15 | not yet calculated | CVE-2021-1009 MISC |
google -- android | In btu_hcif_process_event of btu_hcif.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-167759047 | 2021-12-15 | not yet calculated | CVE-2021-1007 MISC |
google -- android | In setPackageStoppedState of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-188219307 | 2021-12-15 | not yet calculated | CVE-2021-1011 MISC |
google -- android | In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197327688 | 2021-12-15 | not yet calculated | CVE-2021-1008 MISC |
google -- android | In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195609074References: N/A | 2021-12-15 | not yet calculated | CVE-2021-1046 MISC |
google -- android | In getSigningKeySet of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857801 | 2021-12-15 | not yet calculated | CVE-2021-1010 MISC |
gradio -- gradio | Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access any files on the host computer if they know the file names or file paths. This is limited only by the host operating system. Paths are opened in read only mode. The problem has been patched in gradio 2.5.0. | 2021-12-15 | not yet calculated | CVE-2021-43831 MISC CONFIRM |
hashicorp -- vault_and_vault_enterprise | In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0. | 2021-12-17 | not yet calculated | CVE-2021-45042 MISC MISC |
hillrom -- welch_allyn_cardio_products | The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges. | 2021-12-15 | not yet calculated | CVE-2021-43935 MISC |
htcondor -- htcondor | An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow. | 2021-12-16 | not yet calculated | CVE-2021-45102 MISC |
htcondor -- htcondor | An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users' jobs and/or read their data. | 2021-12-16 | not yet calculated | CVE-2021-45101 MISC |
ibm -- bmc_firmware | BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267. | 2021-12-15 | not yet calculated | CVE-2021-29847 CONFIRM XF |
ibm -- business_automation_workflow | IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209165. | 2021-12-17 | not yet calculated | CVE-2021-38883 CONFIRM XF |
irfanview -- irfanview | IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ReadXPM_W+0x0000000000000531. | 2021-12-15 | not yet calculated | CVE-2020-23545 MISC MISC MISC |
ivanti -- workspace_control | Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity. | 2021-12-15 | not yet calculated | CVE-2019-19138 MISC MISC |
jflyfox -- jfinal_cms | JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service. | 2021-12-16 | not yet calculated | CVE-2021-37262 MISC |
jsx-slack -- jsx-slack | jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `<blockquote>` tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters. Users are advised to upgrade as soon as possible. | 2021-12-17 | not yet calculated | CVE-2021-43838 MISC CONFIRM |
knime -- knime | KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content. | 2021-12-16 | not yet calculated | CVE-2021-45097 MISC |
knime -- knime | KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. | 2021-12-16 | not yet calculated | CVE-2021-45096 MISC MISC MISC |
ksmbd -- ksmbd | The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption. | 2021-12-16 | not yet calculated | CVE-2021-45100 MISC MISC MISC |
laravel-filemanager -- laravel-filemanager | This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload window - Upload an image file, then capture the request - Edit the request contents with a malicious file (webshell) - Enter the path of file uploaded on URL - Remote Code Execution **Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories). | 2021-12-17 | not yet calculated | CVE-2021-23814 CONFIRM CONFIRM |
lattelatte -- lattelatte | This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions. | 2021-12-17 | not yet calculated | CVE-2021-23803 CONFIRM CONFIRM CONFIRM |
limesurvey -- limesurvey | Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI. | 2021-12-14 | not yet calculated | CVE-2018-10228 MISC |
listary -- listary | An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds). | 2021-12-14 | not yet calculated | CVE-2021-41065 MISC MISC |
listary -- listary | An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will not ask for permissions again if a user tries to access files on the system from Listary itself (it will bypass UAC protection; there is no privilege validation of the current user that runs via Listary). | 2021-12-14 | not yet calculated | CVE-2021-41066 MISC MISC |
livehelperchat -- livehelperchat | livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-12-18 | not yet calculated | CVE-2021-4131 CONFIRM MISC |
livehelperchat -- livehelperchat | livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-12-16 | not yet calculated | CVE-2021-4123 MISC CONFIRM |
livehelperchat -- livehelperchat | livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 2021-12-17 | not yet calculated | CVE-2021-4132 CONFIRM MISC |
logback -- logback | In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. | 2021-12-16 | not yet calculated | CVE-2021-42550 MISC MISC CONFIRM |
matrix -- libolm | The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web. | 2021-12-14 | not yet calculated | CVE-2021-44538 MISC MISC |
mattermost -- mattermost | Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post. | 2021-12-17 | not yet calculated | CVE-2021-37863 MISC MISC |
mattermost -- mattermost | Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token. | 2021-12-17 | not yet calculated | CVE-2021-37862 MISC MISC |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn't have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead. | 2021-12-17 | not yet calculated | CVE-2021-44857 CONFIRM MISC |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents. | 2021-12-17 | not yet calculated | CVE-2021-45038 CONFIRM MISC |
meetecho -- janus-gateway | janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 2021-12-16 | not yet calculated | CVE-2021-4124 CONFIRM MISC |
message_bus -- message_bus | message_bus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled (default off) are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user were to gain access to the diagnostic route. The impact is also greater if there is no proxy for your web application as the number of steps up the directories is not bounded. For deployments which uses a proxy, the impact varies. For example, If a request goes through a proxy like Nginx with `merge_slashes` enabled, the number of steps up the directories that can be read is limited to 3 levels. This issue has been patched in version 3.3.7. Users unable to upgrade should ensure that MessageBus::Diagnostics is disabled. | 2021-12-17 | not yet calculated | CVE-2021-43840 CONFIRM MISC |
microsoft -- 4k_wireless_display_adapter | Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43899 MISC |
microsoft -- appx | Windows AppX Installer Spoofing Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43890 MISC |
microsoft -- asp.net_core_and_visual_studio | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43877 MISC |
microsoft -- biztalk_esb_toolkit | Microsoft BizTalk ESB Toolkit Spoofing Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43892 MISC |
microsoft -- bot_framework_sdk | Bot Framework SDK Remote Code Execution Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43225 MISC |
microsoft -- defender | Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882. | 2021-12-15 | not yet calculated | CVE-2021-43889 MISC |
microsoft -- defender | Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. | 2021-12-15 | not yet calculated | CVE-2021-42311 MISC |
microsoft -- defender | Microsoft Defender for IoT Information Disclosure Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43888 MISC |
microsoft -- defender | Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. | 2021-12-15 | not yet calculated | CVE-2021-41365 MISC |
microsoft -- defender | Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43889. | 2021-12-15 | not yet calculated | CVE-2021-43882 MISC |
microsoft -- defender | Microsoft Defender for IOT Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-42312 MISC |
microsoft -- defender | Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. | 2021-12-15 | not yet calculated | CVE-2021-42310 MISC |
microsoft -- defender | Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. | 2021-12-15 | not yet calculated | CVE-2021-42313 MISC |
microsoft -- defender | Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. | 2021-12-15 | not yet calculated | CVE-2021-42314 MISC |
microsoft -- defender | Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-43882, CVE-2021-43889. | 2021-12-15 | not yet calculated | CVE-2021-42315 MISC |
microsoft -- excel | Microsoft Excel Remote Code Execution Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43256 MISC |
microsoft -- jet_red_database_engine_and_access_connectivity_engine | Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-42293 MISC |
microsoft -- nfts | NTFS Set Short Name Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43240 MISC |
microsoft -- office | Visual Basic for Applications Information Disclosure Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-42295 MISC |
microsoft -- office | Microsoft Office Trust Center Spoofing Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43255 MISC |
microsoft -- office | Microsoft Office Graphics Remote Code Execution Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43875 MISC |
microsoft -- office | Microsoft Office app Remote Code Execution Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43905 MISC |
microsoft -- powershell | Microsoft PowerShell Spoofing Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43896 MISC |
microsoft -- sharepoint | Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42309. | 2021-12-15 | not yet calculated | CVE-2021-42294 MISC |
microsoft -- sharepoint | Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42294. | 2021-12-15 | not yet calculated | CVE-2021-42309 MISC |
microsoft -- sharepoint | Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242. | 2021-12-15 | not yet calculated | CVE-2021-42320 MISC |
microsoft -- sharepoint_server | Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42320. | 2021-12-15 | not yet calculated | CVE-2021-43242 MISC |
microsoft -- storage_spaces_controller | Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43235. | 2021-12-15 | not yet calculated | CVE-2021-43227 MISC |
microsoft -- visual_studio | Visual Studio Code Remote Code Execution Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43891 MISC |
microsoft -- visual_studio | Visual Studio Code WSL Extension Remote Code Execution Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43907 MISC |
microsoft -- visual_studio | Visual Studio Code Spoofing Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43908 MISC |
microsoft -- vp9_video_extensions | VP9 Video Extensions Information Disclosure Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43243 MISC |
microsoft -- windows | Remote Desktop Client Remote Code Execution Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43233 MISC |
microsoft -- windows | Windows Kernel Information Disclosure Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43244 MISC |
microsoft -- windows | Windows TCP/IP Driver Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43247 MISC |
microsoft -- windows | Windows Installer Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43883 MISC |
microsoft -- windows | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43239 MISC |
microsoft -- windows | Windows Remote Access Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43238 MISC |
microsoft -- windows | Windows Setup Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43237 MISC |
microsoft -- windows | Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43222. | 2021-12-15 | not yet calculated | CVE-2021-43236 MISC |
microsoft -- windows | Windows Fax Service Remote Code Execution Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43234 MISC |
microsoft -- windows | Windows Event Tracing Remote Code Execution Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43232 MISC |
microsoft -- windows | Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43230. | 2021-12-15 | not yet calculated | CVE-2021-43231 MISC |
microsoft -- windows | Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43231. | 2021-12-15 | not yet calculated | CVE-2021-43230 MISC |
microsoft -- windows | A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user’s Git repository could leverage this vulnerability to potentially execute arbitrary Windows commands on a user’s local system. | 2021-12-14 | not yet calculated | CVE-2021-34426 MISC |
microsoft -- windows | Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43230, CVE-2021-43231. | 2021-12-15 | not yet calculated | CVE-2021-43229 MISC |
microsoft -- windows | SymCrypt Denial of Service Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43228 MISC |
microsoft -- windows | Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43207. | 2021-12-15 | not yet calculated | CVE-2021-43226 MISC |
microsoft -- windows | Windows Common Log File System Driver Information Disclosure Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43224 MISC |
microsoft -- windows | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43223 MISC |
microsoft -- windows | Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43236. | 2021-12-15 | not yet calculated | CVE-2021-43222 MISC |
microsoft -- windows | DirectX Graphics Kernel File Denial of Service Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43219 MISC |
microsoft -- windows | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43217 MISC |
microsoft -- windows | Windows Media Center Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-40441 MISC |
microsoft -- windows | Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43216 MISC |
microsoft -- windows | iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution | 2021-12-15 | not yet calculated | CVE-2021-43215 MISC |
microsoft -- windows | Web Media Extensions Remote Code Execution Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43214 MISC |
microsoft -- windows | Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43226. | 2021-12-15 | not yet calculated | CVE-2021-43207 MISC |
microsoft -- windows | Windows Print Spooler Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-41333 MISC |
microsoft -- windows_device_management | Windows Mobile Device Management Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43880 MISC |
microsoft -- windows_digital_media_receiver | Windows Digital Media Receiver Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43248 MISC |
microsoft -- windows_digital_tv_tuner | Windows Digital TV Tuner Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43245 MISC |
microsoft -- windows_encrypting_file_system | Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43893 MISC |
microsoft -- windows_hyper-v | Windows Hyper-V Denial of Service Vulnerability | 2021-12-15 | not yet calculated | CVE-2021-43246 MISC |
mitsubishi_electric -- gx_works2 | Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file. | 2021-12-17 | not yet calculated | CVE-2021-20608 MISC MISC MISC |
mitsubishi_electric -- gx_works2_melsoft_navigator_and_ezsocket | Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, MELSOFT Navigator all versions and EZSocket all versions allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker. | 2021-12-17 | not yet calculated | CVE-2021-20606 MISC MISC MISC |
mitsubishi_electric -- gx_works2_melsoft_navigator_and_ezsocket | Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, MELSOFT Navigator all versions and EZSocket all versions allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker. | 2021-12-17 | not yet calculated | CVE-2021-20607 MISC MISC MISC |
mongodb -- mongodb_servier | An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server v4.4 versions prior to 4.4.6. | 2021-12-15 | not yet calculated | CVE-2021-20330 MISC |
motorola_solutions -- avigilon_devices | Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180. | 2021-12-15 | not yet calculated | CVE-2021-38701 CONFIRM MISC |
numpy -- numpy | Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. | 2021-12-17 | not yet calculated | CVE-2021-41495 MISC |
numpy -- numpy | Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. | 2021-12-17 | not yet calculated | CVE-2021-41496 MISC |
numpy -- numpy | Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects. | 2021-12-17 | not yet calculated | CVE-2021-34141 MISC |
numpy -- numpy | A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. | 2021-12-17 | not yet calculated | CVE-2021-33430 MISC |
opencast -- opencast | Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE requests. This bypasses restrictions otherwise put on these types of requests and aids in cross-site request forgery (CSRF) attacks, which would otherwise not be possible. The vulnerability allows attackers to craft links or forms which may change the server state. This issue is fixed in Opencast 9.10 and 10.0. You can mitigate the problem by setting the `SameSite=Strict` attribute for your cookies. If this is a viable option for you depends on your integrations. We strongly recommend updating in any case. | 2021-12-14 | not yet calculated | CVE-2021-43807 CONFIRM MISC MISC |
opencast -- opencast | Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interface. Before Opencast 9.10 and 10.6, Opencast would open and include local files during ingests. Attackers could exploit this to include most local files the process has read access to, extracting secrets from the host machine. An attacker would need to have the privileges required to add new media to exploit this. But these are often widely given. The issue has been fixed in Opencast 10.6 and 11.0. You can mitigate this issue by narrowing down the read access Opencast has to files on the file system using UNIX permissions or mandatory access control systems like SELinux. This cannot prevent access to files Opencast needs to read though and we highly recommend updating. | 2021-12-14 | not yet calculated | CVE-2021-43821 CONFIRM MISC MISC MISC |
openemr -- openemr | An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI. | 2021-12-17 | not yet calculated | CVE-2021-41843 MISC MISC MISC FULLDISC |
openssl -- libssl | Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). | 2021-12-14 | not yet calculated | CVE-2021-4044 CONFIRM CONFIRM |
opf -- openproject | OpenProject is a web-based project management software. OpenProject versions >= 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in the `reassign_to_id` parameter. The vulnerability has been fixed in version 12.0.4. Versions prior to 12.0.0 are not affected. If you're upgrading from an older version, ensure you are upgrading to at least version 12.0.4. If you are unable to upgrade in a timely fashion, the following patch can be applied: https://github.com/opf/openproject/pull/9983.patch | 2021-12-14 | not yet calculated | CVE-2021-43830 MISC MISC MISC CONFIRM |
owncast -- owncast | Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-src is required to be set to blob for the video player. | 2021-12-14 | not yet calculated | CVE-2021-39183 CONFIRM |
parallels -- remote_application_server | Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password. | 2021-12-17 | not yet calculated | CVE-2020-8968 CONFIRM |
peopledoc-- vault-cli | vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix `!template!`, vault-cli interprets the rest of the contents of the secret as a Jinja2 template. Jinja2 is a powerful templating engine and is not designed to safely render arbitrary templates. An attacker controlling a jinja2 template rendered on a machine can trigger arbitrary code, making this a Remote Code Execution (RCE) risk. If the content of the vault can be completely trusted, then this is not a problem. Otherwise, if your threat model includes cases where an attacker can manipulate a secret value read from the vault using vault-cli, then this vulnerability may impact you. In 3.0.0, the code related to interpreting vault templated secrets has been removed entirely. Users are advised to upgrade as soon as possible. For users unable to upgrade a workaround does exist. Using the environment variable `VAULT_CLI_RENDER=false` or the flag `--no-render` (placed between `vault-cli` and the subcommand, e.g. `vault-cli --no-render get-all`) or adding `render: false` to the vault-cli configuration yaml file disables rendering and removes the vulnerability. Using the python library, you can use: `vault_cli.get_client(render=False)` when creating your client to get a client that will not render templated secrets and thus operates securely. | 2021-12-16 | not yet calculated | CVE-2021-43837 MISC MISC CONFIRM |
phpgurukul -- phpgurukul | Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary account. | 2021-12-16 | not yet calculated | CVE-2021-26800 MISC MISC |
pyo_&it -- pyo_&it | Buffer overflow in ajaxsoundstudio.com Pyo < and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name. | 2021-12-17 | not yet calculated | CVE-2021-41498 MISC |
rapid7 -- insight_agent | Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629. | 2021-12-14 | not yet calculated | CVE-2021-4007 MISC CONFIRM |
rare-technologies -- bounter | Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash bucket. | 2021-12-17 | not yet calculated | CVE-2021-41497 MISC |
rizinorg -- rizin | Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade. | 2021-12-13 | not yet calculated | CVE-2021-43814 MISC CONFIRM MISC |
sap -- grc_access_control | SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges. | 2021-12-14 | not yet calculated | CVE-2021-44233 MISC MISC |
sap -- saf-t_framework_transaction_saftn_g | SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server. | 2021-12-14 | not yet calculated | CVE-2021-44232 MISC MISC |
seafile -- seafile | Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn't check whether it's associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue. | 2021-12-14 | not yet calculated | CVE-2021-43820 CONFIRM MISC |
securitashome -- home_alarm_system | An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. This lets an adversary, among other things, disarm an armed system. | 2021-12-15 | not yet calculated | CVE-2021-40170 MISC CONFIRM |
securitashome -- home_alarm_system | The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system. | 2021-12-15 | not yet calculated | CVE-2021-40171 MISC MISC |
semcms -- semcms | A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password. | 2021-12-17 | not yet calculated | CVE-2020-18078 MISC |
semcms -- semcms | The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query. | 2021-12-17 | not yet calculated | CVE-2020-18081 MISC |
sick -- sopas_et | SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable. | 2021-12-17 | not yet calculated | CVE-2021-32499 MISC |
sick -- sopas_et | SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator | 2021-12-17 | not yet calculated | CVE-2021-32498 MISC |
sick -- sopas_et | SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks. | 2021-12-17 | not yet calculated | CVE-2021-32497 MISC |
siemens -- modelsim_simulation_and_questa_simulation | A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property (IP) data in accordance with the IEEE 1735 recommended practice. This could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE 1735 recommended practice. | 2021-12-14 | not yet calculated | CVE-2021-42023 CONFIRM |
siemens -- simcenter_star-ccm+_viewer | A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < 2021.3.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. | 2021-12-14 | not yet calculated | CVE-2021-42024 CONFIRM |
siemens -- sinumerik_edge | A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server. | 2021-12-14 | not yet calculated | CVE-2021-42027 CONFIRM |
snipe-it -- snipe-it | snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | 2021-12-18 | not yet calculated | CVE-2021-4130 CONFIRM MISC |
snipe-it -- snipe-it | snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 2021-12-14 | not yet calculated | CVE-2021-4108 MISC CONFIRM |
sourcecodester_vehice_service_management_system -- sourcecodester_vehice_service_management_system | Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Owner fullname parameter in a Send Service Request in vehicle_service. | 2021-12-16 | not yet calculated | CVE-2021-41962 MISC |
stackstorm -- stackstorm | In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to backwards compatibility. Stackstorm now sets sandboxed mode for jinja by default. | 2021-12-15 | not yet calculated | CVE-2021-44657 MISC MISC MISC MISC |
sulu -- sulu | Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language. | 2021-12-15 | not yet calculated | CVE-2021-43836 CONFIRM MISC |
sulu -- sulu | Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually. | 2021-12-15 | not yet calculated | CVE-2021-43835 CONFIRM MISC |
suricata -- suricata | An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. These packets will not trigger a Suricata reject action. | 2021-12-16 | not yet calculated | CVE-2021-45098 MISC MISC MISC MISC |
suse -- longhorn | A Improper Access Control vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3. | 2021-12-17 | not yet calculated | CVE-2021-36779 CONFIRM CONFIRM |
suse -- longhorn | A Improper Access Control vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3v. | 2021-12-17 | not yet calculated | CVE-2021-36780 CONFIRM CONFIRM |
tcman_gim -- tcman_gim | TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information. | 2021-12-17 | not yet calculated | CVE-2021-40851 CONFIRM |
tcman_gim -- tcman_gim | TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information. | 2021-12-17 | not yet calculated | CVE-2021-40853 CONFIRM |
tcman_gim -- tcman_gim | TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx. | 2021-12-17 | not yet calculated | CVE-2021-40850 CONFIRM |
tcman_gim -- tcman_gim | TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information. | 2021-12-17 | not yet calculated | CVE-2021-40852 CONFIRM |
teeworlds -- teeworlds | Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service or code execution. | 2021-12-15 | not yet calculated | CVE-2021-43518 MISC MISC |
thinfinity -- virtualui | Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. | 2021-12-16 | not yet calculated | CVE-2021-45092 MISC |
thinkphp5 -- thinkphp5 | SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php. | 2021-12-15 | not yet calculated | CVE-2021-44350 MISC |
tibco_software_inc -- spotfire_server | The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Server: versions 10.10.6 and below, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, and TIBCO Spotfire Server: versions 11.5.0 and 11.6.0. | 2021-12-14 | not yet calculated | CVE-2021-43051 CONFIRM CONFIRM |
tp-link -- tp-link | An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before V1_211117 could allow an attacker to send a specially crafted HTTP/0.9 packet that could cause a cache poisoning attack. | 2021-12-17 | not yet calculated | CVE-2021-41451 MISC MISC MISC |
trend_micro -- maximum_security | A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service. | 2021-12-16 | not yet calculated | CVE-2021-44023 MISC MISC |
tuleap -- tuleap | Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with read access to a CVS repository could execute arbitrary SQL queries. Tuleap instances without an active CVS repositories are not impacted. The following versions contain the fix: Tuleap Community Edition 13.2.99.155, Tuleap Enterprise Edition 13.1-7, and Tuleap Enterprise Edition 13.2-6. | 2021-12-15 | not yet calculated | CVE-2021-43806 CONFIRM MISC MISC MISC |
tuleap -- tuleap | Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. The following versions contain the fix: Tuleap Community Edition 13.2.99.83, Tuleap Enterprise Edition 13.1-6, and Tuleap Enterprise Edition 13.2-4. | 2021-12-15 | not yet calculated | CVE-2021-43782 MISC CONFIRM MISC MISC MISC |
tuleap -- tuleap | Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. This issue has been patched in Tuleap Community Edition 13.2.99.31, Tuleap Enterprise Edition 13.1-5, and Tuleap Enterprise Edition 13.2-3. | 2021-12-15 | not yet calculated | CVE-2021-41276 CONFIRM MISC MISC MISC |
uipath_app_studio -- uipath_app_studio | An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization. | 2021-12-14 | not yet calculated | CVE-2021-44043 MISC MISC |
uipath_assistant -- uipath_assistant | UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV file path. | 2021-12-14 | not yet calculated | CVE-2021-44041 MISC MISC |
uipath_assistant -- uipath_assistant | An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the injected content does not match an existing process). A determined attacker could leverage this to execute JavaScript in the context of the Electron application. | 2021-12-14 | not yet calculated | CVE-2021-44042 MISC MISC |
vaultcli -- vaultcli | Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43227. | 2021-12-15 | not yet calculated | CVE-2021-43235 MISC |
vmware -- workspace_one_uem_console | VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. | 2021-12-17 | not yet calculated | CVE-2021-22054 MISC |
wechat-php-sdk -- wechat-php-sdk | Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php. | 2021-12-17 | not yet calculated | CVE-2021-43678 MISC MISC |
wolters_kluwer -- teammate_am | Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files. | 2021-12-17 | not yet calculated | CVE-2021-44035 MISC MISC |
wordpress -- wordpress | Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin. | 2021-12-15 | not yet calculated | CVE-2021-36888 CONFIRM CONFIRM |
xorg -- xserver | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-12-17 | not yet calculated | CVE-2021-4009 MISC MISC FEDORA FEDORA |
xorg -- xserver | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-12-17 | not yet calculated | CVE-2021-4010 MISC MISC FEDORA FEDORA |
xorg -- xserver | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-12-17 | not yet calculated | CVE-2021-4008 MISC MISC FEDORA FEDORA |
xorg -- xserver | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-12-17 | not yet calculated | CVE-2021-4011 MISC MISC FEDORA FEDORA |
yetiforcecrm -- yetiforcecrm | yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 2021-12-16 | not yet calculated | CVE-2021-4121 MISC CONFIRM |
zimbra -- zimbra_collaboration | An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. | 2021-12-15 | not yet calculated | CVE-2020-18985 MISC |
zimbra -- zimbra_collaboration | A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection. | 2021-12-15 | not yet calculated | CVE-2020-18984 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.