Vulnerability Summary for the Week of January 3, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
beyondtrust -- appliance_base_software | BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full admin access to the appliance, by tricking the administrator into creating a new admin account through an XSS/CSRF attack involving a crafted request to the /appliance/users?action=edit endpoint. This cross-site-scripting (XSS) vulnerability occurs when it does not properly sanitize an unauthenticated crafted web request to the server | 2022-01-05 | 9.3 | CVE-2021-31589 MISC MISC MISC |
sun_moon_jingyao -- network_computer_terminal_protection_system_firmware | The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service. | 2022-01-03 | 7.7 | CVE-2021-45917 CONFIRM |
transloadit -- uppy | uppy is vulnerable to Server-Side Request Forgery (SSRF) | 2022-01-04 | 7.5 | CVE-2022-0086 MISC CONFIRM |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
artifex -- ghostscript | Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). | 2022-01-01 | 4.3 | CVE-2021-45944 MISC MISC DEBIAN |
artifex -- ghostscript | Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). | 2022-01-01 | 4.3 | CVE-2021-45949 MISC MISC MISC DEBIAN |
assimp -- assimp | Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper). | 2022-01-01 | 4.3 | CVE-2021-45948 MISC MISC |
asus -- rt-ac52u_b1_firmware | Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack. | 2022-01-03 | 4.3 | CVE-2021-46109 MISC |
atlassian -- jira_server_and_data_center | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (XSS) vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting a malicious website. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. | 2022-01-04 | 4.3 | CVE-2021-43942 MISC |
booking_calendar_project -- booking_calendar | The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 2022-01-03 | 4.3 | CVE-2021-25040 MISC |
daybydaycrm -- daybyday_crm | In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort. | 2022-01-05 | 4 | CVE-2022-22110 CONFIRM MISC |
daybydaycrm -- daybyday_crm | In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allows the attacker to gain access to the highest privileged user in the application. | 2022-01-05 | 6.5 | CVE-2022-22111 CONFIRM MISC |
daybydaycrm -- daybyday_crm | In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information. | 2022-01-05 | 4 | CVE-2022-22108 CONFIRM MISC |
daybydaycrm -- daybyday_crm | In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all. | 2022-01-05 | 4 | CVE-2022-22107 CONFIRM MISC |
dhrystone_project -- dhrystone | A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS). | 2022-01-03 | 5 | CVE-2020-23026 MISC |
dmproadmap_project -- dmproadmap | DMP Roadmap before 3.0.4 allows XSS. | 2022-01-01 | 4.3 | CVE-2021-44896 MISC MISC MISC |
fluxbb -- fluxbb | Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability. | 2022-01-04 | 4.3 | CVE-2021-43677 MISC MISC |
geminilabs -- site_reviews | The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsr_action AJAX action (available to unauthenticated and any authenticated users), allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the plugin | 2022-01-03 | 4.3 | CVE-2021-24973 CONFIRM MISC |
github_readme_stats_project -- github_readme_stats | Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError. | 2022-01-06 | 4.3 | CVE-2020-23986 MISC |
gpac -- gpac | A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service. | 2022-01-05 | 4.3 | CVE-2021-45831 MISC |
gpac -- gpac | A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial of Service (context-dependent). | 2022-01-05 | 4.3 | CVE-2021-46038 MISC |
ideabox -- powerpack_addons_for_elementor | The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | 2022-01-03 | 4.3 | CVE-2021-25027 CONFIRM MISC |
premio -- chaty | The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting | 2022-01-03 | 4.3 | CVE-2021-25016 MISC |
updraftplus -- updraftplus | The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues | 2022-01-03 | 4.3 | CVE-2021-25022 CONFIRM CONFIRM MISC |
uwebsockets_project -- uwebsockets | uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds write in std::__1::pair<unsigned int, void*> uWS::HttpParser::fenceAndConsumePostPadded<0 (called from uWS::HttpParser::consumePostPadded and std::__1::__function::__func<LLVMFuzzerTestOneInput::$_0, std::__1::allocator<LL). | 2022-01-01 | 4.3 | CVE-2021-45945 MISC MISC MISC |
vim -- vim | vim is vulnerable to Use After Free | 2021-12-31 | 6.8 | CVE-2021-4192 CONFIRM MISC |
vim -- vim | vim is vulnerable to Out-of-bounds Read | 2021-12-31 | 4.3 | CVE-2021-4193 MISC CONFIRM |
vmware -- cloud_foundation | VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. | 2022-01-04 | 6.9 | CVE-2021-22045 MISC MISC MISC |
wasm3_project -- wasm3 | Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from CompileElseBlock and Compile_If). | 2022-01-01 | 4.3 | CVE-2021-45929 MISC MISC |
wasm3_project -- wasm3 | Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Compile_LoopOrBlock and CompileBlockStatements). | 2022-01-01 | 4.3 | CVE-2021-45946 MISC MISC |
wasm3_project -- wasm3 | Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from EvaluateExpression and InitDataSegments). | 2022-01-01 | 4.3 | CVE-2021-45947 MISC MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
bludit -- bludit | A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. | 2022-01-06 | 3.5 | CVE-2021-45745 MISC MISC |
bludit -- bludit | A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. | 2022-01-06 | 3.5 | CVE-2021-45744 MISC MISC |
booster -- booster_for_woocommerce | The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue | 2022-01-03 | 2.6 | CVE-2021-25001 MISC |
booster -- booster_for_woocommerce | The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delete_role parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue | 2022-01-03 | 2.6 | CVE-2021-25000 MISC |
booster -- booster_for_woocommerce | The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notice parameter before outputting it back in the admin dashboard when the Pdf Invoicing module is enabled, leading to a Reflected Cross-Site Scripting | 2022-01-03 | 2.6 | CVE-2021-24999 MISC |
convos -- convos | Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an <a> tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">" but escaping for double quotes does not exist. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible. | 2022-01-04 | 3.5 | CVE-2022-21649 CONFIRM MISC MISC MISC |
daybydaycrm -- daybyday_crm | In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks. | 2022-01-05 | 3.5 | CVE-2022-22109 MISC CONFIRM |
litespeedtech -- litespeed_cache | The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting | 2022-01-03 | 3.5 | CVE-2021-24963 CONFIRM MISC |
litespeedtech -- litespeed_cache | The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then be output in some pages without being sanitised and escaped. Combining those two issues, an unauthenticated attacker could put Cross-Site Scripting payloads in pages visited by users. | 2022-01-03 | 2.6 | CVE-2021-24964 MISC |
mlcalc -- mortgage_calculator\/loan_calculator | The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks | 2022-01-03 | 3.5 | CVE-2021-24828 MISC |
oroinc -- oroplatform | OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview a vulnerable email template. There are no workarounds that address this vulnerability. Users are advised to upgrade as soon as is possible. | 2022-01-04 | 3.5 | CVE-2021-41236 CONFIRM MISC |
vehicle_service_management_system_project -- vehicle_service_management_system | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel. | 2022-01-06 | 3.5 | CVE-2021-46069 MISC MISC |
vehicle_service_management_system_project -- vehicle_service_management_system | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel. | 2022-01-06 | 3.5 | CVE-2021-46072 MISC MISC |
vehicle_service_management_system_project -- vehicle_service_management_system | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel. | 2022-01-06 | 3.5 | CVE-2021-46070 MISC MISC |
vehicle_service_management_system_project -- vehicle_service_management_system | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel. | 2022-01-06 | 3.5 | CVE-2021-46068 MISC MISC |
wpovernight -- woocommerce_pdf_invoices\&_packing_slips | The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard | 2022-01-03 | 3.5 | CVE-2021-24991 MISC |
wptravelengine -- wp_travel_engine | The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as editor to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed | 2022-01-03 | 3.5 | CVE-2021-24680 MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
harmonyos -- mobile_devices | HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file. | 2022-01-03 | not yet calculated | CVE-2021-37128 MISC |
alpine -- linux | The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration. | 2022-01-06 | not yet calculated | CVE-2022-22704 MISC |
apache -- avro | A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue. | 2022-01-06 | not yet calculated | CVE-2021-43045 CONFIRM MLIST |
apache -- geode | Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0. | 2022-01-04 | not yet calculated | CVE-2021-34797 MISC MISC |
apache -- james | Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted. | 2022-01-04 | not yet calculated | CVE-2021-40525 MISC MLIST |
apache -- james | In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user needs to be authenticated to exploit this vulnerability. This affected Apache James prior to version 3.6.1. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. | 2022-01-04 | not yet calculated | CVE-2021-40111 MISC MLIST |
apache -- james | In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking. | 2022-01-04 | not yet calculated | CVE-2021-40110 MISC MLIST |
apache -- james | Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information. | 2022-01-04 | not yet calculated | CVE-2021-38542 MISC MLIST |
apache -- kylin | In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. | 2022-01-06 | not yet calculated | CVE-2021-45457 MISC MLIST |
apache -- kylin | All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. For endpoints accepting node details in HTTP message body, unauthenticated (but limited) server-side request forgery (SSRF) can be achieved. This issue affects Apache Kylin Apache Kylin 3 versions prior to 3.1.2. | 2022-01-06 | not yet calculated | CVE-2021-27738 MISC MLIST |
apache -- kylin | Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal project name to pass the check and perform the following steps, resulting in a command injection vulnerability. This issue affects Apache Kylin 4.0.0. | 2022-01-06 | not yet calculated | CVE-2021-45456 MISC MLIST |
apache -- kylin | Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. | 2022-01-06 | not yet calculated | CVE-2021-31522 MISC MLIST |
apache -- kylin | Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. | 2022-01-06 | not yet calculated | CVE-2021-45458 MISC MLIST MLIST |
apache -- kylin | Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions. | 2022-01-06 | not yet calculated | CVE-2021-36774 MISC MLIST |
apache -- pluto | The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact | 2022-01-06 | not yet calculated | CVE-2021-36737 MISC |
apache -- pluto | The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact | 2022-01-06 | not yet calculated | CVE-2021-36738 MISC |
apache -- pluto | The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks. | 2022-01-06 | not yet calculated | CVE-2021-36739 MISC |
asus -- rt-ax56u_wi-fi_router | ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service. | 2022-01-03 | not yet calculated | CVE-2021-44158 CONFIRM |
atalegacysmm -- atalegacysmm | An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check. | 2022-01-06 | not yet calculated | CVE-2021-41842 MISC |
atlassian -- jira_server | Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. | 2022-01-06 | not yet calculated | CVE-2021-43947 N/A |
atlassian -- jira_server | Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.21.0. | 2022-01-05 | not yet calculated | CVE-2021-43946 MISC |
bidriectional -- unicode | Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways. | 2022-01-05 | not yet calculated | CVE-2021-22567 MISC MISC |
bios -- bios | A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system. | 2022-01-03 | not yet calculated | CVE-2021-38576 MISC |
bluetooth -- bluetooth | In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198608; Issue ID: ALPS06198608. | 2022-01-04 | not yet calculated | CVE-2022-20023 MISC |
bluetooth -- bluetooth | In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198578; Issue ID: ALPS06198578. | 2022-01-04 | not yet calculated | CVE-2022-20022 MISC |
bluetooth -- bluetooth | In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198513; Issue ID: ALPS06198513. | 2022-01-04 | not yet calculated | CVE-2022-20021 MISC |
bookstack -- bookstack | bookstack is vulnerable to Improper Access Control | 2022-01-06 | not yet calculated | CVE-2021-4194 CONFIRM MISC |
changlain -- blocklist | Changlian Blocklist has a Business Logic Errors vulnerability .Successful exploitation of this vulnerability may expand the attack surface of the message class. | 2022-01-03 | not yet calculated | CVE-2021-39968 MISC |
codeigniter -- codeigniter | CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL injection. Users are advised to upgrade to v4.1.6 or later. Users unable to upgrade as advised to not use the `old()` function and form_helper nor `RedirectResponse::withInput()` and `redirect()->withInput()`. | 2022-01-04 | not yet calculated | CVE-2022-21647 MISC CONFIRM |
containerd -- containerd | containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible. | 2022-01-05 | not yet calculated | CVE-2021-43816 CONFIRM MISC MISC MISC |
controlup -- real-time_agent | An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method. | 2022-01-04 | not yet calculated | CVE-2021-45912 MISC MISC |
controlup -- real-time_agent | A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel. | 2022-01-04 | not yet calculated | CVE-2021-45913 MISC MISC |
convos -- convos | Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after uploading a file the XSS attack is triggered upon a user viewing the file. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible. | 2022-01-04 | not yet calculated | CVE-2022-21650 CONFIRM MISC MISC MISC |
discourse -- discourse | Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. No workarounds for this issue exist. | 2022-01-04 | not yet calculated | CVE-2021-43850 MISC CONFIRM |
discourse -- discourse | Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade. | 2022-01-05 | not yet calculated | CVE-2022-21642 MISC CONFIRM |
django -- django | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. | 2022-01-05 | not yet calculated | CVE-2021-45116 MISC MISC CONFIRM |
django -- django | Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | 2022-01-05 | not yet calculated | CVE-2021-45452 MISC MISC CONFIRM |
django -- django | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. | 2022-01-05 | not yet calculated | CVE-2021-45115 MISC MISC CONFIRM |
dolibarr -- dolibarr | admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. | 2022-01-02 | not yet calculated | CVE-2022-22293 MISC |
doprolog -- doprolog | In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. | 2022-01-06 | not yet calculated | CVE-2021-46143 MISC MISC |
enc -- datavault | ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does not know the secret key) can make ciphertext modifications that are reflected in modified plaintext. There is no data integrity mechanism. (This behavior occurs across USB drives sold under multiple brand names.) | 2022-01-02 | not yet calculated | CVE-2021-36751 MISC MISC |
expat -- expat | In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). | 2022-01-01 | not yet calculated | CVE-2021-45960 MISC MISC MISC |
forge -- forge | forge is vulnerable to URL Redirection to Untrusted Site | 2022-01-06 | not yet calculated | CVE-2022-0122 MISC CONFIRM |
fortinet -- fortimail | A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection. | 2022-01-05 | not yet calculated | CVE-2020-15933 CONFIRM |
fortinet -- fortios | A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages. | 2022-01-04 | not yet calculated | CVE-2021-44168 CONFIRM |
foxit -- pdf_reader | Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API. | 2022-01-04 | not yet calculated | CVE-2021-45980 MISC MISC MISC |
foxit -- pdf_reader | Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API. | 2022-01-04 | not yet calculated | CVE-2021-45978 MISC MISC MISC |
foxit -- pdf_reader | Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API. | 2022-01-04 | not yet calculated | CVE-2021-45979 MISC MISC MISC |
giftrans -- giftrans | The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data. | 2022-01-01 | not yet calculated | CVE-2021-45972 MISC MISC MISC |
glpi -- glpi | GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin. | 2022-01-05 | not yet calculated | CVE-2021-43779 MISC CONFIRM |
gpac -- gpac | A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets function, which causes a Denial of Servie (context-dependent). | 2022-01-06 | not yet calculated | CVE-2021-46040 MISC |
gpac -- gpac | A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service. | 2022-01-06 | not yet calculated | CVE-2021-46042 MISC |
gpac -- gpac | A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent). | 2022-01-06 | not yet calculated | CVE-2021-46044 MISC |
gpac -- gpac | A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service. | 2022-01-06 | not yet calculated | CVE-2021-46041 MISC |
gpac -- gpac | A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, which causes a Denial of Service (context-dependent). | 2022-01-06 | not yet calculated | CVE-2021-46039 MISC |
gpac -- gpac | A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes a Denial of Service. | 2022-01-06 | not yet calculated | CVE-2021-46043 MISC |
harmonyos -- mobile_devices | HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission. | 2022-01-03 | not yet calculated | CVE-2021-39970 MISC |
harmonyos -- mobile_devices | There is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | 2022-01-03 | not yet calculated | CVE-2021-39966 MISC MISC |
harmonyos -- mobile_devices | Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call. | 2022-01-03 | not yet calculated | CVE-2021-39981 MISC |
harmonyos -- mobile_devices | The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | 2022-01-03 | not yet calculated | CVE-2021-39988 MISC |
harmonyos -- mobile_devices
| Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected. | 2022-01-03 | not yet calculated | CVE-2021-37125 MISC |
harmonyos -- mobile_devices
| There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission. | 2022-01-03 | not yet calculated | CVE-2021-37121 MISC |
harmonyos -- mobile_devices
| There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | 2022-01-03 | not yet calculated | CVE-2021-37114 MISC MISC |
harmonyos -- mobile_devices
| Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed. | 2022-01-03 | not yet calculated | CVE-2021-37126 MISC |
harmonyos -- mobile_devices
| There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion. | 2022-01-03 | not yet calculated | CVE-2021-37111 MISC MISC |
harmonyos -- mobile_devices
| PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed. | 2022-01-03 | not yet calculated | CVE-2021-37116 MISC |
harmonyos -- mobile_devices | There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | 2022-01-03 | not yet calculated | CVE-2021-39967 MISC MISC |
harmonyos -- mobile_devices | There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | 2022-01-03 | not yet calculated | CVE-2021-39969 MISC MISC |
harmonyos -- mobile_devices | The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | 2022-01-03 | not yet calculated | CVE-2021-39985 MISC |
harmonyos -- mobile_devices | There is a Null pointer dereference in Smartphones.Successful exploitation of this vulnerability may cause the kernel to break down. | 2022-01-03 | not yet calculated | CVE-2021-39973 MISC MISC |
harmonyos -- mobile_devices | Password vault has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability could compromise confidentiality. | 2022-01-03 | not yet calculated | CVE-2021-39971 MISC |
harmonyos -- mobile_devices | There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | 2022-01-03 | not yet calculated | CVE-2021-39974 MISC MISC |
harmonyos -- mobile_devices | The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience. | 2022-01-03 | not yet calculated | CVE-2021-39990 MISC |
harmonyos -- mobile_devices | The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | 2022-01-03 | not yet calculated | CVE-2021-39977 MISC |
harmonyos -- mobile_devices | The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | 2022-01-03 | not yet calculated | CVE-2021-39989 MISC |
harmonyos -- mobile_devices | HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity. | 2022-01-03 | not yet calculated | CVE-2021-39979 MISC |
harmonyos -- mobile_devices | Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure. | 2022-01-03 | not yet calculated | CVE-2021-39980 MISC |
harmonyos -- mobile_devices | Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation of this vulnerability may read and write arbitrary files by tampering with Phone Manager notifications. | 2022-01-03 | not yet calculated | CVE-2021-39982 MISC |
harmonyos -- mobile_devices | The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | 2022-01-03 | not yet calculated | CVE-2021-39983 MISC |
harmonyos -- mobile_devices | Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerability may cause privacy and security issues. | 2022-01-03 | not yet calculated | CVE-2021-39978 MISC |
harmonyos -- mobile_devices | There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation. | 2022-01-03 | not yet calculated | CVE-2021-37120 MISC |
harmonyos -- mobile_devices | Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerability may use Higher Permissions for invoking the interface of location-related components. | 2022-01-03 | not yet calculated | CVE-2021-37134 MISC |
harmonyos -- mobile_devices | There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. | 2022-01-03 | not yet calculated | CVE-2021-37119 MISC MISC |
harmonyos -- mobile_devices | There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | 2022-01-03 | not yet calculated | CVE-2021-37133 MISC MISC |
harmonyos -- mobile_devices | There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | 2022-01-03 | not yet calculated | CVE-2021-37110 MISC MISC |
harmonyos -- mobile_devices | Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak. | 2022-01-03 | not yet calculated | CVE-2021-37112 MISC |
harmonyos -- mobile_devices | There is a Privilege escalation vulnerability with the file system component in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | 2022-01-03 | not yet calculated | CVE-2021-37113 MISC MISC |
harmonyos -- mobile_devices | There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. | 2022-01-03 | not yet calculated | CVE-2021-37117 MISC MISC |
harmonyos -- mobile_devices | The HwNearbyMain module has a Improper Handling of Exceptional Conditions vulnerability.Successful exploitation of this vulnerability may lead to message leak. | 2022-01-03 | not yet calculated | CVE-2021-37118 MISC |
harmonyos -- mobile_devices | The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | 2022-01-03 | not yet calculated | CVE-2021-39987 MISC |
harmonyos -- mobile_devices | PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission. | 2022-01-03 | not yet calculated | CVE-2021-37132 MISC |
hdf5 -- hdf5 | A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service. | 2022-01-05 | not yet calculated | CVE-2021-45830 MISC |
hdf5 -- hdf5 | A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent). | 2022-01-05 | not yet calculated | CVE-2021-45833 MISC |
hdf5 -- hdf5 | A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent). | 2022-01-05 | not yet calculated | CVE-2021-45832 MISC |
hdf5 -- hdf5 | HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service. | 2022-01-03 | not yet calculated | CVE-2021-45829 MISC |
hilinksvc -- hilinksvc | Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks. | 2022-01-03 | not yet calculated | CVE-2021-39975 MISC |
hilinksvc -- hilinksvc | Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash. | 2022-01-03 | not yet calculated | CVE-2021-37098 MISC |
honda -- civic_2012 | The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization. | 2022-01-06 | not yet calculated | CVE-2021-46145 MISC MISC MISC MISC |
hoppscotch -- hoppscotch | hoppscotch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | 2022-01-06 | not yet calculated | CVE-2022-0121 CONFIRM MISC |
huawei -- idap | Huawei idap module has a Out-of-bounds Read vulnerability.Successful exploitation of this vulnerability may cause Denial of Service. | 2022-01-03 | not yet calculated | CVE-2021-39984 MISC |
huawei -- myhuawei_app | MyHuawei-App has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could compromise confidentiality. | 2022-01-03 | not yet calculated | CVE-2021-39972 MISC |
ibm -- powervm_hypervisor | IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019. | 2022-01-05 | not yet calculated | CVE-2021-38918 CONFIRM XF |
index.php -- index.php | Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | 2022-01-06 | not yet calculated | CVE-2021-44584 MISC MISC |
insta_hms -- insta_hms | Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | 2022-01-06 | not yet calculated | CVE-2021-42841 MISC |
insyde -- insydeh20 | An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (CommBufferData). | 2022-01-06 | not yet calculated | CVE-2021-45971 MISC |
insyde -- insydeh20 | An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer. | 2022-01-05 | not yet calculated | CVE-2020-5956 MISC |
insyde -- insydeh20 | An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the CommBuffer+8 location). | 2022-01-05 | not yet calculated | CVE-2021-45969 MISC |
insyde -- insydeh20 | An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the status code saved at the CommBuffer+4 location). | 2022-01-05 | not yet calculated | CVE-2021-45970 MISC |
jawn -- jawn | Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection. | 2022-01-05 | not yet calculated | CVE-2022-21653 MISC CONFIRM |
kd_camera -- hw_driver | In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862966; Issue ID: ALPS05862966. | 2022-01-04 | not yet calculated | CVE-2022-20015 MISC |
konica_minolta -- bizhub | Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier, bizhub C3850/C3350/3850FS, bizhub 4750/4050, bizhub C3110, bizhub C3100P) allows a physical attacker to obtain unsent scanned image data when scanned data transmission is stopped due to the network error by ejecting a HDD before the scan job times out. | 2022-01-04 | not yet calculated | CVE-2021-20870 MISC MISC MISC MISC |
konica_minolta -- bizhub | Protection mechanism failure vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier) allows a physical attacker to bypass the firmware integrity verification and to install malicious firmware. | 2022-01-04 | not yet calculated | CVE-2021-20872 MISC MISC MISC MISC |
konica_minolta -- bizhub | Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain the credentials if the destination information including credentials are registered in the address book via a specific SOAP message. | 2022-01-04 | not yet calculated | CVE-2021-20871 MISC MISC MISC MISC |
konica_minolta -- bizhub | Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain some of user credentials if LDAP server authentication is enabled via a specific SOAP message. | 2022-01-04 | not yet calculated | CVE-2021-20869 MISC MISC MISC MISC |
konica_minolta -- bizhub | Incorrect authorization vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain user credentials if external server authentication is enabled via a specific SOAP message sent by an administrative user. | 2022-01-04 | not yet calculated | CVE-2021-20868 MISC MISC MISC MISC |
kubectl -- kubectl | kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events. | 2022-01-07 | not yet calculated | CVE-2021-25743 CONFIRM |
latte -- latte | Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8. Users unable to upgrade should not accept template input from untrusted sources. | 2022-01-04 | not yet calculated | CVE-2022-21648 MISC CONFIRM |
libcodecdrv -- libcodecdrv | In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05943906; Issue ID: ALPS05943906. | 2022-01-04 | not yet calculated | CVE-2022-20020 MISC |
libming -- libming | In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file. | 2022-01-06 | not yet calculated | CVE-2021-44591 MISC MISC |
libming -- libming | In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability. | 2022-01-06 | not yet calculated | CVE-2021-44590 MISC MISC |
libmtkomxgsmdec -- libmtkomxgsmdec | In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917620; Issue ID: ALPS05917620. | 2022-01-04 | not yet calculated | CVE-2022-20019 MISC |
lighttpd -- lighttpd | In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes), as demonstrated by remote denial of service (daemon crash). | 2022-01-06 | not yet calculated | CVE-2022-22707 MISC |
linux -- linux_kernel | Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) | 2022-01-06 | not yet calculated | CVE-2021-28715 MISC |
linux -- linux_kernel | Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) | 2022-01-06 | not yet calculated | CVE-2021-28714 MISC |
livehelperchat -- livehelperchat | livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | 2022-01-04 | not yet calculated | CVE-2022-0083 CONFIRM MISC |
manageengine -- adselfservice_plus | ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists. | 2022-01-03 | not yet calculated | CVE-2021-20147 MISC |
manageengine -- adselfservice_plus | ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain. | 2022-01-03 | not yet calculated | CVE-2021-20148 MISC |
mcafee -- application_and_change_control | Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run. | 2022-01-04 | not yet calculated | CVE-2021-31833 CONFIRM |
mdp_driver -- mdp_driver | In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478. | 2022-01-04 | not yet calculated | CVE-2022-20012 MISC |
mediatek -- wifi_driver | In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN20190426015. | 2022-01-04 | not yet calculated | CVE-2021-41789 MISC |
modem_emm -- moden_emm | In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933. | 2022-01-04 | not yet calculated | CVE-2021-40148 MISC |
mruby -- mrruby | mruby is vulnerable to Heap-based Buffer Overflow | 2022-01-02 | not yet calculated | CVE-2022-0080 CONFIRM MISC |
navigatecms -- navigatecms | An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter. | 2022-01-06 | not yet calculated | CVE-2021-44351 MISC |
netskope -- client | Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level. | 2022-01-04 | not yet calculated | CVE-2021-41388 CONFIRM |
nltk -- nltk | nltk is vulnerable to Inefficient Regular Expression Complexity | 2022-01-04 | not yet calculated | CVE-2021-3842 CONFIRM MISC |
openexr -- openexr | OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable. | 2022-01-01 | not yet calculated | CVE-2021-45942 MISC MISC MISC MISC CONFIRM |
openwhyd -- openwhyd | openwhyd is vulnerable to Improper Authorization | 2022-01-03 | not yet calculated | CVE-2021-3837 CONFIRM MISC |
opmantek -- open-audit | An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory. | 2022-01-03 | not yet calculated | CVE-2021-44674 MISC MISC MISC MISC |
oroplatform -- oroplatform | OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are vulnerable to Prototype Pollution. This issue has been patched in version 4.2.8. Users unable to upgrade may configure a firewall to drop requests containing next strings: `__proto__` , `constructor[prototype]`, and `constructor.prototype` to mitigate this issue. | 2022-01-04 | not yet calculated | CVE-2021-43852 MISC CONFIRM |
pac4j -- pac4j | Pac4j v5.1 and earlier allows (by default) clients to accept and successfully validate ID Tokens with "none" algorithm (i.e., tokens with no signature) which is not secure and violates the OpenID Core Specification. The "none" algorithm does not require any signature verification when validating the ID tokens, which allows the attacker to bypass the token validation by injecting a malformed ID token using "none" as the value of "alg" key in the header with an empty signature value. | 2022-01-06 | not yet calculated | CVE-2021-44878 MISC MISC |
pjsip -- pjsip | PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch. | 2022-01-04 | not yet calculated | CVE-2021-41141 CONFIRM MISC |
qualcomm -- bluecore | Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore | 2022-01-03 | not yet calculated | CVE-2021-35093 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-30274 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible buffer overflow due to lack of range check while processing a DIAG command for COEX management in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-01-03 | not yet calculated | CVE-2021-30289 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-30275 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | 2022-01-03 | not yet calculated | CVE-2021-30273 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-30272 CONFIRM |
qualcomm -- multiple_snapdragon_products | Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-30278 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-30282 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible denial of service due to improper handling of debug register trap from user applications in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-01-03 | not yet calculated | CVE-2021-30283 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-30335 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible assertion due to lack of input validation in PUSCH configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT | 2022-01-03 | not yet calculated | CVE-2021-30293 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-30303 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-30270 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible out of bound read due to lack of domain input validation while processing APK close session request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables | 2022-01-03 | not yet calculated | CVE-2021-30336 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-30337 CONFIRM |
qualcomm -- multiple_snapdragon_products | Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2022-01-03 | not yet calculated | CVE-2021-30348 CONFIRM |
qualcomm -- multiple_snapdragon_products | An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-30351 CONFIRM |
qualcomm -- multiple_snapdragon_products | Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-01-03 | not yet calculated | CVE-2021-1918 CONFIRM |
qualcomm -- multiple_snapdragon_products | Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-1894 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-30269 CONFIRM |
qualcomm -- multiple_snapdragon_products | Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-01-03 | not yet calculated | CVE-2021-30262 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible integer overflow to buffer overflow due to improper input validation in FTM ARA commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-01-03 | not yet calculated | CVE-2021-30267 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-01-03 | not yet calculated | CVE-2021-30268 CONFIRM |
qualcomm -- multiple_snapdragon_products | An integer overflow due to improper check performed after the address and size passed are aligned in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2020-11263 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-30271 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-30279 CONFIRM |
qualcomm -- multiple_snapdragon_products | Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-30298 CONFIRM |
qualcomm -- multiple_snapdragon_products | Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wired Infrastructure and Networking | 2022-01-03 | not yet calculated | CVE-2021-30276 CONFIRM |
qutscloud -- multiple_devices | A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later | 2022-01-07 | not yet calculated | CVE-2021-38674 MISC |
roundcube -- roundcube | Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. | 2022-01-06 | not yet calculated | CVE-2021-46144 MISC MISC MISC MISC MISC DEBIAN |
scratch-svg-renderer -- scratch-svg-renderer | A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file. | 2022-01-06 | not yet calculated | CVE-2020-27428 MISC |
seninf -- driver | In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863018; Issue ID: ALPS05863018. | 2022-01-04 | not yet calculated | CVE-2022-20018 MISC |
shockwall -- shockwall | The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially. | 2022-01-03 | not yet calculated | CVE-2021-45916 CONFIRM |
shopware -- shopware | Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account can't be used to login with said account. This also means, that upon a password change, all existing sessions for a given customer account are automatically considered invalid. There is no workaround for this issue. | 2022-01-05 | not yet calculated | CVE-2022-21652 MISC CONFIRM MISC |
shopware -- shopware | Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible. | 2022-01-05 | not yet calculated | CVE-2022-21651 MISC CONFIRM MISC |
showdoc -- showdoc | showdoc is vulnerable to Generation of Error Message Containing Sensitive Information | 2022-01-03 | not yet calculated | CVE-2022-0079 CONFIRM MISC |
sourcecodester -- vehicle_service_managemant_system | In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover. | 2022-01-06 | not yet calculated | CVE-2021-46067 MISC MISC |
sourcecodester -- vehicle_service_managemant_system | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel. | 2022-01-06 | not yet calculated | CVE-2021-46071 MISC MISC |
sourcecodester -- vehicle_service_managemant_system | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel. | 2022-01-06 | not yet calculated | CVE-2021-46074 MISC MISC |
sourcecodester -- vehicle_service_management_system | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel. | 2022-01-06 | not yet calculated | CVE-2021-46073 MISC MISC |
sourcecodester -- vehicle_service_management_system | Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution. | 2022-01-06 | not yet calculated | CVE-2021-46076 MISC MISC |
sourcecodester -- vehicle_service_management_system | A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability. | 2022-01-06 | not yet calculated | CVE-2021-46080 MISC MISC |
sourcecodester -- vehicle_service_management_system | An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection. | 2022-01-06 | not yet calculated | CVE-2021-46079 MISC MISC |
sourcecodester -- vehicle_service_management_system | A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations. | 2022-01-06 | not yet calculated | CVE-2021-46075 MISC MISC |
sourcecodester -- vehicle_service_management_system | An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability. | 2022-01-06 | not yet calculated | CVE-2021-46078 MISC MISC |
spinnaker -- spinnaker | Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation & execution. This lets an arbitrary user with access to the gate endpoint to create a pipeline and execute it without authentication. If users haven't setup Role-based access control (RBAC) with-in spinnaker, this enables remote execution and access to deploy almost any resources on any account. Patches are available on the latest releases of the supported branches and users are advised to upgrade as soon as possible. Users unable to upgrade should enable RBAC on ALL accounts and applications. This mitigates the ability of a pipeline to affect any accounts. Block application access unless permission are enabled. Users should make sure ALL application creation is restricted via appropriate wildcards. | 2022-01-04 | not yet calculated | CVE-2021-43832 CONFIRM |
spinnaker -- spinnaker | Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs. | 2022-01-04 | not yet calculated | CVE-2021-39143 CONFIRM |
starwind -- san_&_nas_build_1578 | StarWind SAN & NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to bypass authentication resulting in escalation of privileges. | 2022-01-04 | not yet calculated | CVE-2021-45389 MISC |
sync -- sync2101 | A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products). | 2022-01-06 | not yet calculated | CVE-2021-44564 MISC MISC |
talkyard -- talkyard | In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks) | 2022-01-03 | not yet calculated | CVE-2021-25981 MISC MISC MISC |
tcpslice -- tcpslice | Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact. | 2022-01-05 | not yet calculated | CVE-2021-41043 MISC |
tlr -- 2005ksh | TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats. | 2022-01-03 | not yet calculated | CVE-2021-45428 MISC |
totolink -- ex200 | The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution. | 2022-01-04 | not yet calculated | CVE-2021-43711 MISC |
uriparser -- uriparser | An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. | 2022-01-06 | not yet calculated | CVE-2021-46142 MISC MISC CONFIRM |
uriparser -- uriparser | An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. | 2022-01-06 | not yet calculated | CVE-2021-46141 MISC MISC CONFIRM |
userfrosting -- userfrosting | In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account. | 2022-01-03 | not yet calculated | CVE-2021-25994 MISC MISC |
usoc -- usoc | USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue. | 2022-01-04 | not yet calculated | CVE-2022-21644 CONFIRM MISC |
usoc -- usoc | USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue. | 2022-01-04 | not yet calculated | CVE-2022-21643 MISC CONFIRM |
vim -- vim | vim is vulnerable to Out-of-bounds Read | 2022-01-06 | not yet calculated | CVE-2022-0128 MISC CONFIRM |
vow_driver -- vow_driver | In vow driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862986; Issue ID: ALPS05862986. | 2022-01-04 | not yet calculated | CVE-2022-20016 MISC |
vow_driver -- vow_driver | In vow driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05837742. | 2022-01-04 | not yet calculated | CVE-2022-20013 MISC |
vow_driver -- vow_driver | In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05857308; Issue ID: ALPS05857308. | 2022-01-04 | not yet calculated | CVE-2022-20014 MISC |
whatsapp -- whatsapp | The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor. | 2022-01-04 | not yet calculated | CVE-2021-24042 CONFIRM |
wordpress -- wordpress | The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin | 2022-01-03 | not yet calculated | CVE-2021-25020 MISC |
wordpress -- wordpress | The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated. | 2022-01-03 | not yet calculated | CVE-2021-24893 MISC |
wordpress -- wordpress | The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text parameter before using it in a SQL statement via the eme_searchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL injection attacks | 2022-01-03 | not yet calculated | CVE-2021-25030 MISC |
wordpress -- wordpress | WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability. | 2022-01-06 | not yet calculated | CVE-2022-21661 CONFIRM MISC MISC |
wordpress -- wordpress | WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. | 2022-01-06 | not yet calculated | CVE-2022-21664 MISC CONFIRM MISC |
wordpress -- wordpress | WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. | 2022-01-06 | not yet calculated | CVE-2022-21663 MISC CONFIRM |
wordpress -- wordpress | WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. | 2022-01-06 | not yet calculated | CVE-2022-21662 MISC CONFIRM |
wordpress -- wordpress | All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs. | 2022-01-03 | not yet calculated | CVE-2021-24831 MISC |
wordpress -- wordpress | The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue | 2022-01-03 | not yet calculated | CVE-2021-24786 MISC |
wordpress -- wordpress | The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbp_convert_table_name parameter before using it in a SQL statement to convert the related table, leading to an SQL injection | 2022-01-03 | not yet calculated | CVE-2021-25023 MISC |
wordpress -- wordpress | The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin | 2022-01-03 | not yet calculated | CVE-2021-25021 MISC |
ws-scrcpy -- ws-scrcpy | ws-scrcpy is vulnerable to External Control of File Name or Path | 2022-01-04 | not yet calculated | CVE-2021-3845 MISC CONFIRM |
xen -- xen
| Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 | 2022-01-05 | not yet calculated | CVE-2021-28713 MISC |
xen -- xen | Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 | 2022-01-05 | not yet calculated | CVE-2021-28711 MISC |
xen -- xen | Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 | 2022-01-05 | not yet calculated | CVE-2021-28712 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.