Vulnerability Summary for the Week of January 3, 2022

Released
Jan 10, 2022
Document ID
SB22-010

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
beyondtrust -- appliance_base_softwareBeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full admin access to the appliance, by tricking the administrator into creating a new admin account through an XSS/CSRF attack involving a crafted request to the /appliance/users?action=edit endpoint. This cross-site-scripting (XSS) vulnerability occurs when it does not properly sanitize an unauthenticated crafted web request to the server2022-01-059.3CVE-2021-31589
MISC
MISC
MISC
sun_moon_jingyao -- network_computer_terminal_protection_system_firmwareThe server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.2022-01-037.7CVE-2021-45917
CONFIRM
transloadit -- uppyuppy is vulnerable to Server-Side Request Forgery (SSRF)2022-01-047.5CVE-2022-0086
MISC
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
artifex -- ghostscriptGhostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).2022-01-014.3CVE-2021-45944
MISC
MISC
DEBIAN
artifex -- ghostscriptGhostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).2022-01-014.3CVE-2021-45949
MISC
MISC
MISC
DEBIAN
assimp -- assimpOpen Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper).2022-01-014.3CVE-2021-45948
MISC
MISC
asus -- rt-ac52u_b1_firmwareInvalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack.2022-01-034.3CVE-2021-46109
MISC
atlassian -- jira_server_and_data_centerAffected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (XSS) vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting a malicious website. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.2022-01-044.3CVE-2021-43942
MISC
booking_calendar_project -- booking_calendarThe Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting2022-01-034.3CVE-2021-25040
MISC
daybydaycrm -- daybyday_crmIn Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort.2022-01-054CVE-2022-22110
CONFIRM
MISC
daybydaycrm -- daybyday_crmIn DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allows the attacker to gain access to the highest privileged user in the application.2022-01-056.5CVE-2022-22111
CONFIRM
MISC
daybydaycrm -- daybyday_crmIn Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information.2022-01-054CVE-2022-22108
CONFIRM
MISC
daybydaycrm -- daybyday_crmIn Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all.2022-01-054CVE-2022-22107
CONFIRM
MISC
dhrystone_project -- dhrystoneA NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS).2022-01-035CVE-2020-23026
MISC
dmproadmap_project -- dmproadmapDMP Roadmap before 3.0.4 allows XSS.2022-01-014.3CVE-2021-44896
MISC
MISC
MISC
fluxbb -- fluxbbFluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability.2022-01-044.3CVE-2021-43677
MISC
MISC
geminilabs -- site_reviewsThe Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsr_action AJAX action (available to unauthenticated and any authenticated users), allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the plugin2022-01-034.3CVE-2021-24973
CONFIRM
MISC
github_readme_stats_project -- github_readme_statsGithub Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError.2022-01-064.3CVE-2020-23986
MISC
gpac -- gpacA Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service.2022-01-054.3CVE-2021-45831
MISC
gpac -- gpacA Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial of Service (context-dependent).2022-01-054.3CVE-2021-46038
MISC
ideabox -- powerpack_addons_for_elementorThe PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue2022-01-034.3CVE-2021-25027
CONFIRM
MISC
premio -- chatyThe Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting2022-01-034.3CVE-2021-25016
MISC
updraftplus -- updraftplusThe UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues2022-01-034.3CVE-2021-25022
CONFIRM
CONFIRM
MISC
uwebsockets_project -- uwebsocketsuWebSockets 19.0.0 through 20.8.0 has an out-of-bounds write in std::__1::pair<unsigned int, void*> uWS::HttpParser::fenceAndConsumePostPadded<0 (called from uWS::HttpParser::consumePostPadded and std::__1::__function::__func<LLVMFuzzerTestOneInput::$_0, std::__1::allocator<LL).2022-01-014.3CVE-2021-45945
MISC
MISC
MISC
vim -- vimvim is vulnerable to Use After Free2021-12-316.8CVE-2021-4192
CONFIRM
MISC
vim -- vimvim is vulnerable to Out-of-bounds Read2021-12-314.3CVE-2021-4193
MISC
CONFIRM
vmware -- cloud_foundationVMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.2022-01-046.9CVE-2021-22045
MISC
MISC
MISC
wasm3_project -- wasm3Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from CompileElseBlock and Compile_If).2022-01-014.3CVE-2021-45929
MISC
MISC
wasm3_project -- wasm3Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Compile_LoopOrBlock and CompileBlockStatements).2022-01-014.3CVE-2021-45946
MISC
MISC
wasm3_project -- wasm3Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from EvaluateExpression and InitDataSegments).2022-01-014.3CVE-2021-45947
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
bludit -- bluditA Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.2022-01-063.5CVE-2021-45745
MISC
MISC
bludit -- bluditA Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.2022-01-063.5CVE-2021-45744
MISC
MISC
booster -- booster_for_woocommerceThe Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue2022-01-032.6CVE-2021-25001
MISC
booster -- booster_for_woocommerceThe Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delete_role parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue2022-01-032.6CVE-2021-25000
MISC
booster -- booster_for_woocommerceThe Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notice parameter before outputting it back in the admin dashboard when the Pdf Invoicing module is enabled, leading to a Reflected Cross-Site Scripting2022-01-032.6CVE-2021-24999
MISC
convos -- convosConvos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an <a> tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">" but escaping for double quotes does not exist. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.2022-01-043.5CVE-2022-21649
CONFIRM
MISC
MISC
MISC
daybydaycrm -- daybyday_crmIn Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks.2022-01-053.5CVE-2022-22109
MISC
CONFIRM
litespeedtech -- litespeed_cacheThe LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting2022-01-033.5CVE-2021-24963
CONFIRM
MISC
litespeedtech -- litespeed_cacheThe LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then be output in some pages without being sanitised and escaped. Combining those two issues, an unauthenticated attacker could put Cross-Site Scripting payloads in pages visited by users.2022-01-032.6CVE-2021-24964
MISC
mlcalc -- mortgage_calculator\/loan_calculatorThe Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks2022-01-033.5CVE-2021-24828
MISC
oroinc -- oroplatformOroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview a vulnerable email template. There are no workarounds that address this vulnerability. Users are advised to upgrade as soon as is possible.2022-01-043.5CVE-2021-41236
CONFIRM
MISC
vehicle_service_management_system_project -- vehicle_service_management_systemA Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.2022-01-063.5CVE-2021-46069
MISC
MISC
vehicle_service_management_system_project -- vehicle_service_management_systemA Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel.2022-01-063.5CVE-2021-46072
MISC
MISC
vehicle_service_management_system_project -- vehicle_service_management_systemA Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel.2022-01-063.5CVE-2021-46070
MISC
MISC
vehicle_service_management_system_project -- vehicle_service_management_systemA Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.2022-01-063.5CVE-2021-46068
MISC
MISC
wpovernight -- woocommerce_pdf_invoices\&_packing_slipsThe WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard2022-01-033.5CVE-2021-24991
MISC
wptravelengine -- wp_travel_engineThe WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as editor to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed2022-01-033.5CVE-2021-24680
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
harmonyos -- mobile_devicesHwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file.2022-01-03not yet calculatedCVE-2021-37128
MISC
alpine -- linux
 
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.2022-01-06not yet calculatedCVE-2022-22704
MISC
apache -- avro
 
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.2022-01-06not yet calculatedCVE-2021-43045
CONFIRM
MLIST
apache -- geode
 
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0.2022-01-04not yet calculatedCVE-2021-34797
MISC
MISC
apache -- james
 
Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted.2022-01-04not yet calculatedCVE-2021-40525
MISC
MLIST
apache -- james
 
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user needs to be authenticated to exploit this vulnerability. This affected Apache James prior to version 3.6.1. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade.2022-01-04not yet calculatedCVE-2021-40111
MISC
MLIST
apache -- james
 
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking.2022-01-04not yet calculatedCVE-2021-40110
MISC
MLIST
apache -- james
 
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.2022-01-04not yet calculatedCVE-2021-38542
MISC
MLIST
apache -- kylinIn Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.2022-01-06not yet calculatedCVE-2021-45457
MISC
MLIST
apache -- kylin
 
All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. For endpoints accepting node details in HTTP message body, unauthenticated (but limited) server-side request forgery (SSRF) can be achieved. This issue affects Apache Kylin Apache Kylin 3 versions prior to 3.1.2.2022-01-06not yet calculatedCVE-2021-27738
MISC
MLIST
apache -- kylin
 
Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal project name to pass the check and perform the following steps, resulting in a command injection vulnerability. This issue affects Apache Kylin 4.0.0.2022-01-06not yet calculatedCVE-2021-45456
MISC
MLIST
apache -- kylin
 
Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.2022-01-06not yet calculatedCVE-2021-31522
MISC
MLIST
apache -- kylin
 
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.2022-01-06not yet calculatedCVE-2021-45458
MISC
MLIST
MLIST
apache -- kylin
 
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.2022-01-06not yet calculatedCVE-2021-36774
MISC
MLIST
apache -- pluto
 
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact2022-01-06not yet calculatedCVE-2021-36737
MISC
apache -- pluto
 
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact2022-01-06not yet calculatedCVE-2021-36738
MISC
apache -- pluto
 
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.2022-01-06not yet calculatedCVE-2021-36739
MISC
asus -- rt-ax56u_wi-fi_router
 
ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.2022-01-03not yet calculatedCVE-2021-44158
CONFIRM
atalegacysmm -- atalegacysmm
 
An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check.2022-01-06not yet calculatedCVE-2021-41842
MISC
atlassian -- jira_server
 
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.2022-01-06not yet calculatedCVE-2021-43947
N/A
atlassian -- jira_server
 
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.21.0.2022-01-05not yet calculatedCVE-2021-43946
MISC
bidriectional -- unicode
 
Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways.2022-01-05not yet calculatedCVE-2021-22567
MISC
MISC
bios -- bios
 
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.2022-01-03not yet calculatedCVE-2021-38576
MISC
bluetooth -- bluetooth
 
In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198608; Issue ID: ALPS06198608.2022-01-04not yet calculatedCVE-2022-20023
MISC
bluetooth -- bluetooth
 
In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198578; Issue ID: ALPS06198578.2022-01-04not yet calculatedCVE-2022-20022
MISC
bluetooth -- bluetooth
 
In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198513; Issue ID: ALPS06198513.2022-01-04not yet calculatedCVE-2022-20021
MISC
bookstack -- bookstack
 
bookstack is vulnerable to Improper Access Control2022-01-06not yet calculatedCVE-2021-4194
CONFIRM
MISC
changlain -- blocklist
 
Changlian Blocklist has a Business Logic Errors vulnerability .Successful exploitation of this vulnerability may expand the attack surface of the message class.2022-01-03not yet calculatedCVE-2021-39968
MISC
codeigniter -- codeigniter
 
CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL injection. Users are advised to upgrade to v4.1.6 or later. Users unable to upgrade as advised to not use the `old()` function and form_helper nor `RedirectResponse::withInput()` and `redirect()->withInput()`.2022-01-04not yet calculatedCVE-2022-21647
MISC
CONFIRM
containerd -- containerd
 
containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible.2022-01-05not yet calculatedCVE-2021-43816
CONFIRM
MISC
MISC
MISC
controlup -- real-time_agent
 
An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method.2022-01-04not yet calculatedCVE-2021-45912
MISC
MISC
controlup -- real-time_agent
 
A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel.2022-01-04not yet calculatedCVE-2021-45913
MISC
MISC
convos -- convos
 
Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after uploading a file the XSS attack is triggered upon a user viewing the file. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.2022-01-04not yet calculatedCVE-2022-21650
CONFIRM
MISC
MISC
MISC
discourse -- discourse
 
Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. No workarounds for this issue exist.2022-01-04not yet calculatedCVE-2021-43850
MISC
CONFIRM
discourse -- discourse
 
Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade.2022-01-05not yet calculatedCVE-2022-21642
MISC
CONFIRM
django -- django
 
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.2022-01-05not yet calculatedCVE-2021-45116
MISC
MISC
CONFIRM
django -- django
 
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.2022-01-05not yet calculatedCVE-2021-45452
MISC
MISC
CONFIRM
django -- django
 
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.2022-01-05not yet calculatedCVE-2021-45115
MISC
MISC
CONFIRM
dolibarr -- dolibarr
 
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.2022-01-02not yet calculatedCVE-2022-22293
MISC
doprolog -- doprolog
 
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.2022-01-06not yet calculatedCVE-2021-46143
MISC
MISC
enc -- datavault
 
ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does not know the secret key) can make ciphertext modifications that are reflected in modified plaintext. There is no data integrity mechanism. (This behavior occurs across USB drives sold under multiple brand names.)2022-01-02not yet calculatedCVE-2021-36751
MISC
MISC
expat -- expat
 
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).2022-01-01not yet calculatedCVE-2021-45960
MISC
MISC
MISC
forge -- forge
 
forge is vulnerable to URL Redirection to Untrusted Site2022-01-06not yet calculatedCVE-2022-0122
MISC
CONFIRM
fortinet -- fortimail
 
A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection.2022-01-05not yet calculatedCVE-2020-15933
CONFIRM
fortinet -- fortios
 
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.2022-01-04not yet calculatedCVE-2021-44168
CONFIRM
foxit -- pdf_readerFoxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API.2022-01-04not yet calculatedCVE-2021-45980
MISC
MISC
MISC
foxit -- pdf_reader
 
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API.2022-01-04not yet calculatedCVE-2021-45978
MISC
MISC
MISC
foxit -- pdf_reader
 
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API.2022-01-04not yet calculatedCVE-2021-45979
MISC
MISC
MISC
giftrans -- giftrans
 
The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.2022-01-01not yet calculatedCVE-2021-45972
MISC
MISC
MISC
glpi -- glpi
 
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.2022-01-05not yet calculatedCVE-2021-43779
MISC
CONFIRM
gpac -- gpacA Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets function, which causes a Denial of Servie (context-dependent).2022-01-06not yet calculatedCVE-2021-46040
MISC
gpac -- gpacA Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service.2022-01-06not yet calculatedCVE-2021-46042
MISC
gpac -- gpac
 
A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent).2022-01-06not yet calculatedCVE-2021-46044
MISC
gpac -- gpac
 
A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service.2022-01-06not yet calculatedCVE-2021-46041
MISC
gpac -- gpac
 
A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, which causes a Denial of Service (context-dependent).2022-01-06not yet calculatedCVE-2021-46039
MISC
gpac -- gpac
 
A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes a Denial of Service.2022-01-06not yet calculatedCVE-2021-46043
MISC
harmonyos -- mobile_devicesHwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission.2022-01-03not yet calculatedCVE-2021-39970
MISC
harmonyos -- mobile_devicesThere is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.2022-01-03not yet calculatedCVE-2021-39966
MISC
MISC
harmonyos -- mobile_devicesChang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call.2022-01-03not yet calculatedCVE-2021-39981
MISC
harmonyos -- mobile_devicesThe HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.2022-01-03not yet calculatedCVE-2021-39988
MISC
harmonyos -- mobile_devices

 

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected.2022-01-03not yet calculatedCVE-2021-37125
MISC
harmonyos -- mobile_devices

 

There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission.2022-01-03not yet calculatedCVE-2021-37121
MISC
harmonyos -- mobile_devices

 

There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.2022-01-03not yet calculatedCVE-2021-37114
MISC
MISC
harmonyos -- mobile_devices

 

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed.2022-01-03not yet calculatedCVE-2021-37126
MISC
harmonyos -- mobile_devices

 

There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion.2022-01-03not yet calculatedCVE-2021-37111
MISC
MISC
harmonyos -- mobile_devices

 

PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed.2022-01-03not yet calculatedCVE-2021-37116
MISC
harmonyos -- mobile_devices
 
There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.2022-01-03not yet calculatedCVE-2021-39967
MISC
MISC
harmonyos -- mobile_devices
 
There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.2022-01-03not yet calculatedCVE-2021-39969
MISC
MISC
harmonyos -- mobile_devices
 
The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitation of this vulnerability may cause a process to restart.2022-01-03not yet calculatedCVE-2021-39985
MISC
harmonyos -- mobile_devices
 
There is a Null pointer dereference in Smartphones.Successful exploitation of this vulnerability may cause the kernel to break down.2022-01-03not yet calculatedCVE-2021-39973
MISC
MISC
harmonyos -- mobile_devices
 
Password vault has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability could compromise confidentiality.2022-01-03not yet calculatedCVE-2021-39971
MISC
harmonyos -- mobile_devices
 
There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.2022-01-03not yet calculatedCVE-2021-39974
MISC
MISC
harmonyos -- mobile_devices
 
The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience.2022-01-03not yet calculatedCVE-2021-39990
MISC
harmonyos -- mobile_devices
 
The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.2022-01-03not yet calculatedCVE-2021-39977
MISC
harmonyos -- mobile_devices
 
The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability may cause a process to restart.2022-01-03not yet calculatedCVE-2021-39989
MISC
harmonyos -- mobile_devices
 
HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity.2022-01-03not yet calculatedCVE-2021-39979
MISC
harmonyos -- mobile_devices
 
Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure.2022-01-03not yet calculatedCVE-2021-39980
MISC
harmonyos -- mobile_devices
 
Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation of this vulnerability may read and write arbitrary files by tampering with Phone Manager notifications.2022-01-03not yet calculatedCVE-2021-39982
MISC
harmonyos -- mobile_devices
 
The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.2022-01-03not yet calculatedCVE-2021-39983
MISC
harmonyos -- mobile_devices
 
Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerability may cause privacy and security issues.2022-01-03not yet calculatedCVE-2021-39978
MISC
harmonyos -- mobile_devices
 
There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation.2022-01-03not yet calculatedCVE-2021-37120
MISC
harmonyos -- mobile_devices
 
Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerability may use Higher Permissions for invoking the interface of location-related components.2022-01-03not yet calculatedCVE-2021-37134
MISC
harmonyos -- mobile_devices
 
There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.2022-01-03not yet calculatedCVE-2021-37119
MISC
MISC
harmonyos -- mobile_devices
 
There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.2022-01-03not yet calculatedCVE-2021-37133
MISC
MISC
harmonyos -- mobile_devices
 
There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.2022-01-03not yet calculatedCVE-2021-37110
MISC
MISC
harmonyos -- mobile_devices
 
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak.2022-01-03not yet calculatedCVE-2021-37112
MISC
harmonyos -- mobile_devices
 
There is a Privilege escalation vulnerability with the file system component in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.2022-01-03not yet calculatedCVE-2021-37113
MISC
MISC
harmonyos -- mobile_devices
 
There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.2022-01-03not yet calculatedCVE-2021-37117
MISC
MISC
harmonyos -- mobile_devices
 
The HwNearbyMain module has a Improper Handling of Exceptional Conditions vulnerability.Successful exploitation of this vulnerability may lead to message leak.2022-01-03not yet calculatedCVE-2021-37118
MISC
harmonyos -- mobile_devices
 
The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.2022-01-03not yet calculatedCVE-2021-39987
MISC
harmonyos -- mobile_devices
 
PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission.2022-01-03not yet calculatedCVE-2021-37132
MISC
hdf5 -- hdf5A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.2022-01-05not yet calculatedCVE-2021-45830
MISC
hdf5 -- hdf5
 
A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).2022-01-05not yet calculatedCVE-2021-45833
MISC
hdf5 -- hdf5
 
A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).2022-01-05not yet calculatedCVE-2021-45832
MISC
hdf5 -- hdf5
 
HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.2022-01-03not yet calculatedCVE-2021-45829
MISC
hilinksvc -- hilinksvc
 
Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks.2022-01-03not yet calculatedCVE-2021-39975
MISC
hilinksvc -- hilinksvc
 
Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash.2022-01-03not yet calculatedCVE-2021-37098
MISC
honda -- civic_2012
 
The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization.2022-01-06not yet calculatedCVE-2021-46145
MISC
MISC
MISC
MISC
hoppscotch -- hoppscotch
 
hoppscotch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor2022-01-06not yet calculatedCVE-2022-0121
CONFIRM
MISC
huawei -- idap
 
Huawei idap module has a Out-of-bounds Read vulnerability.Successful exploitation of this vulnerability may cause Denial of Service.2022-01-03not yet calculatedCVE-2021-39984
MISC
huawei -- myhuawei_app
 
MyHuawei-App has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could compromise confidentiality.2022-01-03not yet calculatedCVE-2021-39972
MISC
ibm -- powervm_hypervisor
 
IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019.2022-01-05not yet calculatedCVE-2021-38918
CONFIRM
XF
index.php -- index.php
 
Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter.2022-01-06not yet calculatedCVE-2021-44584
MISC
MISC
insta_hms -- insta_hms
 
Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.2022-01-06not yet calculatedCVE-2021-42841
MISC
insyde -- insydeh20An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (CommBufferData).2022-01-06not yet calculatedCVE-2021-45971
MISC
insyde -- insydeh20
 
An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer.2022-01-05not yet calculatedCVE-2020-5956
MISC
insyde -- insydeh20
 
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the CommBuffer+8 location).2022-01-05not yet calculatedCVE-2021-45969
MISC
insyde -- insydeh20
 
An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the status code saved at the CommBuffer+4 location).2022-01-05not yet calculatedCVE-2021-45970
MISC
jawn -- jawn
 
Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection.2022-01-05not yet calculatedCVE-2022-21653
MISC
CONFIRM
kd_camera -- hw_driver
 
In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862966; Issue ID: ALPS05862966.2022-01-04not yet calculatedCVE-2022-20015
MISC
konica_minolta -- bizhubImproper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier, bizhub C3850/C3350/3850FS, bizhub 4750/4050, bizhub C3110, bizhub C3100P) allows a physical attacker to obtain unsent scanned image data when scanned data transmission is stopped due to the network error by ejecting a HDD before the scan job times out.2022-01-04not yet calculatedCVE-2021-20870
MISC
MISC
MISC
MISC
konica_minolta -- bizhubProtection mechanism failure vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier) allows a physical attacker to bypass the firmware integrity verification and to install malicious firmware.2022-01-04not yet calculatedCVE-2021-20872
MISC
MISC
MISC
MISC
konica_minolta -- bizhub
 
Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain the credentials if the destination information including credentials are registered in the address book via a specific SOAP message.2022-01-04not yet calculatedCVE-2021-20871
MISC
MISC
MISC
MISC
konica_minolta -- bizhub
 
Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain some of user credentials if LDAP server authentication is enabled via a specific SOAP message.2022-01-04not yet calculatedCVE-2021-20869
MISC
MISC
MISC
MISC
konica_minolta -- bizhub
 
Incorrect authorization vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain user credentials if external server authentication is enabled via a specific SOAP message sent by an administrative user.2022-01-04not yet calculatedCVE-2021-20868
MISC
MISC
MISC
MISC
kubectl -- kubectl
 
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.2022-01-07not yet calculatedCVE-2021-25743
CONFIRM
latte -- latte
 
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8. Users unable to upgrade should not accept template input from untrusted sources.2022-01-04not yet calculatedCVE-2022-21648
MISC
CONFIRM
libcodecdrv -- libcodecdrv
 
In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05943906; Issue ID: ALPS05943906.2022-01-04not yet calculatedCVE-2022-20020
MISC
libming -- libming
 
In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file.2022-01-06not yet calculatedCVE-2021-44591
MISC
MISC
libming -- libming
 
In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability.2022-01-06not yet calculatedCVE-2021-44590
MISC
MISC
libmtkomxgsmdec -- libmtkomxgsmdec
 
In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917620; Issue ID: ALPS05917620.2022-01-04not yet calculatedCVE-2022-20019
MISC
lighttpd -- lighttpd
 
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes), as demonstrated by remote denial of service (daemon crash).2022-01-06not yet calculatedCVE-2022-22707
MISC
linux -- linux_kernel
 
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)2022-01-06not yet calculatedCVE-2021-28715
MISC
linux -- linux_kernel
 
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)2022-01-06not yet calculatedCVE-2021-28714
MISC
livehelperchat -- livehelperchat
 
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information2022-01-04not yet calculatedCVE-2022-0083
CONFIRM
MISC
manageengine -- adselfservice_plus
 
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.2022-01-03not yet calculatedCVE-2021-20147
MISC
manageengine -- adselfservice_plus
 
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain.2022-01-03not yet calculatedCVE-2021-20148
MISC
mcafee -- application_and_change_control
 
Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run.2022-01-04not yet calculatedCVE-2021-31833
CONFIRM
mdp_driver -- mdp_driver
 
In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478.2022-01-04not yet calculatedCVE-2022-20012
MISC
mediatek -- wifi_driver
 
In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN20190426015.2022-01-04not yet calculatedCVE-2021-41789
MISC
modem_emm -- moden_emm
 
In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933.2022-01-04not yet calculatedCVE-2021-40148
MISC
mruby -- mrruby
 
mruby is vulnerable to Heap-based Buffer Overflow2022-01-02not yet calculatedCVE-2022-0080
CONFIRM
MISC
navigatecms -- navigatecms
 
An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter.2022-01-06not yet calculatedCVE-2021-44351
MISC
netskope -- client
 
Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.2022-01-04not yet calculatedCVE-2021-41388
CONFIRM
nltk -- nltk
 
nltk is vulnerable to Inefficient Regular Expression Complexity2022-01-04not yet calculatedCVE-2021-3842
CONFIRM
MISC
openexr -- openexr
 
OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.2022-01-01not yet calculatedCVE-2021-45942
MISC
MISC
MISC
MISC
CONFIRM
openwhyd -- openwhyd
 
openwhyd is vulnerable to Improper Authorization2022-01-03not yet calculatedCVE-2021-3837
CONFIRM
MISC
opmantek -- open-audit
 
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.2022-01-03not yet calculatedCVE-2021-44674
MISC
MISC
MISC
MISC
oroplatform -- oroplatform
 
OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are vulnerable to Prototype Pollution. This issue has been patched in version 4.2.8. Users unable to upgrade may configure a firewall to drop requests containing next strings: `__proto__` , `constructor[prototype]`, and `constructor.prototype` to mitigate this issue.2022-01-04not yet calculatedCVE-2021-43852
MISC
CONFIRM
pac4j -- pac4j
 
Pac4j v5.1 and earlier allows (by default) clients to accept and successfully validate ID Tokens with "none" algorithm (i.e., tokens with no signature) which is not secure and violates the OpenID Core Specification. The "none" algorithm does not require any signature verification when validating the ID tokens, which allows the attacker to bypass the token validation by injecting a malformed ID token using "none" as the value of "alg" key in the header with an empty signature value.2022-01-06not yet calculatedCVE-2021-44878
MISC
MISC
pjsip -- pjsip
 
PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch.2022-01-04not yet calculatedCVE-2021-41141
CONFIRM
MISC
qualcomm -- bluecore
 
Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore2022-01-03not yet calculatedCVE-2021-35093
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-30274
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible buffer overflow due to lack of range check while processing a DIAG command for COEX management in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-01-03not yet calculatedCVE-2021-30289
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-30275
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables2022-01-03not yet calculatedCVE-2021-30273
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-30272
CONFIRM
qualcomm -- multiple_snapdragon_productsImproper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-30278
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-30282
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible denial of service due to improper handling of debug register trap from user applications in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile2022-01-03not yet calculatedCVE-2021-30283
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-30335
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible assertion due to lack of input validation in PUSCH configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT2022-01-03not yet calculatedCVE-2021-30293
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-30303
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-30270
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible out of bound read due to lack of domain input validation while processing APK close session request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables2022-01-03not yet calculatedCVE-2021-30336
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-30337
CONFIRM
qualcomm -- multiple_snapdragon_productsImproper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music2022-01-03not yet calculatedCVE-2021-30348
CONFIRM
qualcomm -- multiple_snapdragon_productsAn out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-30351
CONFIRM
qualcomm -- multiple_snapdragon_productsImproper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile2022-01-03not yet calculatedCVE-2021-1918
CONFIRM
qualcomm -- multiple_snapdragon_productsImproper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-1894
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-30269
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-01-03not yet calculatedCVE-2021-30262
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible integer overflow to buffer overflow due to improper input validation in FTM ARA commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile2022-01-03not yet calculatedCVE-2021-30267
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-01-03not yet calculatedCVE-2021-30268
CONFIRM
qualcomm -- multiple_snapdragon_products
 
An integer overflow due to improper check performed after the address and size passed are aligned in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2020-11263
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-30271
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-30279
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-30298
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wired Infrastructure and Networking2022-01-03not yet calculatedCVE-2021-30276
CONFIRM
qutscloud -- multiple_devices
 
A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later2022-01-07not yet calculatedCVE-2021-38674
MISC
roundcube -- roundcube
 
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.2022-01-06not yet calculatedCVE-2021-46144
MISC
MISC
MISC
MISC
MISC
DEBIAN
scratch-svg-renderer -- scratch-svg-renderer
 
A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file.2022-01-06not yet calculatedCVE-2020-27428
MISC
seninf -- driver
 
In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863018; Issue ID: ALPS05863018.2022-01-04not yet calculatedCVE-2022-20018
MISC
shockwall -- shockwall
 
The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially.2022-01-03not yet calculatedCVE-2021-45916
CONFIRM
shopware -- shopware
 
Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account can't be used to login with said account. This also means, that upon a password change, all existing sessions for a given customer account are automatically considered invalid. There is no workaround for this issue.2022-01-05not yet calculatedCVE-2022-21652
MISC
CONFIRM
MISC
shopware -- shopware
 
Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible.2022-01-05not yet calculatedCVE-2022-21651
MISC
CONFIRM
MISC
showdoc -- showdoc
 
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information2022-01-03not yet calculatedCVE-2022-0079
CONFIRM
MISC
sourcecodester -- vehicle_service_managemant_systemIn Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover.2022-01-06not yet calculatedCVE-2021-46067
MISC
MISC
sourcecodester -- vehicle_service_managemant_system
 
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel.2022-01-06not yet calculatedCVE-2021-46071
MISC
MISC
sourcecodester -- vehicle_service_managemant_system
 
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel.2022-01-06not yet calculatedCVE-2021-46074
MISC
MISC
sourcecodester -- vehicle_service_management_systemA Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.2022-01-06not yet calculatedCVE-2021-46073
MISC
MISC
sourcecodester -- vehicle_service_management_system
 
Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution.2022-01-06not yet calculatedCVE-2021-46076
MISC
MISC
sourcecodester -- vehicle_service_management_system
 
A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability.2022-01-06not yet calculatedCVE-2021-46080
MISC
MISC
sourcecodester -- vehicle_service_management_system
 
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection.2022-01-06not yet calculatedCVE-2021-46079
MISC
MISC
sourcecodester -- vehicle_service_management_system
 
A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.2022-01-06not yet calculatedCVE-2021-46075
MISC
MISC
sourcecodester -- vehicle_service_management_system
 
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability.2022-01-06not yet calculatedCVE-2021-46078
MISC
MISC
spinnaker -- spinnaker
 
Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation & execution. This lets an arbitrary user with access to the gate endpoint to create a pipeline and execute it without authentication. If users haven't setup Role-based access control (RBAC) with-in spinnaker, this enables remote execution and access to deploy almost any resources on any account. Patches are available on the latest releases of the supported branches and users are advised to upgrade as soon as possible. Users unable to upgrade should enable RBAC on ALL accounts and applications. This mitigates the ability of a pipeline to affect any accounts. Block application access unless permission are enabled. Users should make sure ALL application creation is restricted via appropriate wildcards.2022-01-04not yet calculatedCVE-2021-43832
CONFIRM
spinnaker -- spinnaker
 
Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs.2022-01-04not yet calculatedCVE-2021-39143
CONFIRM
starwind -- san_&_nas_build_1578
 
StarWind SAN & NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to bypass authentication resulting in escalation of privileges.2022-01-04not yet calculatedCVE-2021-45389
MISC
sync -- sync2101
 
A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products).2022-01-06not yet calculatedCVE-2021-44564
MISC
MISC
talkyard -- talkyard
 
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks)2022-01-03not yet calculatedCVE-2021-25981
MISC
MISC
MISC
tcpslice -- tcpslice
 
Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.2022-01-05not yet calculatedCVE-2021-41043
MISC
tlr -- 2005ksh
 
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.2022-01-03not yet calculatedCVE-2021-45428
MISC
totolink -- ex200
 
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.2022-01-04not yet calculatedCVE-2021-43711
MISC
uriparser -- uriparserAn issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.2022-01-06not yet calculatedCVE-2021-46142
MISC
MISC
CONFIRM
uriparser -- uriparserAn issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.2022-01-06not yet calculatedCVE-2021-46141
MISC
MISC
CONFIRM
userfrosting -- userfrosting
 
In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.2022-01-03not yet calculatedCVE-2021-25994
MISC
MISC
usoc -- usocUSOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.2022-01-04not yet calculatedCVE-2022-21644
CONFIRM
MISC
usoc -- usoc
 
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.2022-01-04not yet calculatedCVE-2022-21643
MISC
CONFIRM
vim -- vim
 
vim is vulnerable to Out-of-bounds Read2022-01-06not yet calculatedCVE-2022-0128
MISC
CONFIRM
vow_driver -- vow_driver
 
In vow driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862986; Issue ID: ALPS05862986.2022-01-04not yet calculatedCVE-2022-20016
MISC
vow_driver -- vow_driver
 
In vow driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05837742.2022-01-04not yet calculatedCVE-2022-20013
MISC
vow_driver -- vow_driver
 
In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05857308; Issue ID: ALPS05857308.2022-01-04not yet calculatedCVE-2022-20014
MISC
whatsapp -- whatsapp
 
The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.2022-01-04not yet calculatedCVE-2021-24042
CONFIRM
wordpress -- wordpressThe CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin2022-01-03not yet calculatedCVE-2021-25020
MISC
wordpress -- wordpressThe Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated.2022-01-03not yet calculatedCVE-2021-24893
MISC
wordpress -- wordpressThe Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text parameter before using it in a SQL statement via the eme_searchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL injection attacks2022-01-03not yet calculatedCVE-2021-25030
MISC
wordpress -- wordpress
 
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.2022-01-06not yet calculatedCVE-2022-21661
CONFIRM
MISC
MISC
wordpress -- wordpress
 
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.2022-01-06not yet calculatedCVE-2022-21664
MISC
CONFIRM
MISC
wordpress -- wordpress
 
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.2022-01-06not yet calculatedCVE-2022-21663
MISC
CONFIRM
wordpress -- wordpress
 
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.2022-01-06not yet calculatedCVE-2022-21662
MISC
CONFIRM
wordpress -- wordpress
 
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.2022-01-03not yet calculatedCVE-2021-24831
MISC
wordpress -- wordpress
 
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue2022-01-03not yet calculatedCVE-2021-24786
MISC
wordpress -- wordpress
 
The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbp_convert_table_name parameter before using it in a SQL statement to convert the related table, leading to an SQL injection2022-01-03not yet calculatedCVE-2021-25023
MISC
wordpress -- wordpress
 
The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin2022-01-03not yet calculatedCVE-2021-25021
MISC
ws-scrcpy -- ws-scrcpy
 
ws-scrcpy is vulnerable to External Control of File Name or Path2022-01-04not yet calculatedCVE-2021-3845
MISC
CONFIRM
xen -- xen

 

Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-287132022-01-05not yet calculatedCVE-2021-28713
MISC
xen -- xen
 
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-287132022-01-05not yet calculatedCVE-2021-28711
MISC
xen -- xen
 
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-287132022-01-05not yet calculatedCVE-2021-28712
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.