Vulnerability Summary for the Week of November 8, 2021

Released
Nov 15, 2021
Document ID
SB21-319

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
airangel -- hsmx-app-25_firmwareAirangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution.2021-11-1010CVE-2021-40521
MISC
MISC
asgaros -- asgaros_forumThe Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue2021-11-087.5CVE-2021-24827
CONFIRM
MISC
azeotech -- daqfactoryThe affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown.2021-11-057.5CVE-2021-42543
MISC
cloudera -- cloudera_managerCloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.2021-11-087.5CVE-2021-30132
MISC
MISC
dolibarr -- dolibarrThe website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.2021-11-107.5CVE-2021-33816
MISC
MISC
FULLDISC
engineers_online_portal_project -- engineers_online_portalA file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing "<?php system($_GET["cmd"]); ?>" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id.2021-11-0510CVE-2021-42669
MISC
MISC
engineers_online_portal_project -- engineers_online_portalA SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.2021-11-057.5CVE-2021-42670
MISC
MISC
engineers_online_portal_project -- engineers_online_portalA SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server.2021-11-057.5CVE-2021-42668
MISC
MISC
engineers_online_portal_project -- engineers_online_portalAn SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.2021-11-057.5CVE-2021-42665
MISC
MISC
MISC
flowpaper -- pdf2jsonpdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch.2021-11-107.5CVE-2020-23878
MISC
MISC
genetechsolutions -- pie_registerThe Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.2021-11-087.5CVE-2021-24731
MISC
genexis -- platinum_4410_firmwareCross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router.2021-11-107.1CVE-2020-28137
MISC
gitlab -- gitlabAccidental logging of system root password in the migration log in all versions of GitLab CE/EE allows an attacker with local file system access to obtain system root-level privileges2021-11-057.2CVE-2021-39913
CONFIRM
MISC
gnu -- hurdAn issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.2021-11-077.2CVE-2021-43412
MISC
MISC
gnu -- hurdAn issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access.2021-11-079CVE-2021-43413
MISC
MISC
MISC
MISC
gnu -- hurdAn issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access.2021-11-078.5CVE-2021-43411
MISC
MISC
MISC
hitachi -- vantara_pentahoHitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.2021-11-087.5CVE-2021-34684
MISC
MISC
jetbrains -- hubIn JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.2021-11-097.5CVE-2021-43183
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.2021-11-097.5CVE-2021-43200
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.2021-11-097.5CVE-2021-43193
MISC
jetbrains -- youtrackJetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.2021-11-097.5CVE-2021-43185
MISC
kaysongroup -- php_event_calendarPHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database system. It can also be used to bypass the login form.2021-11-0810CVE-2021-42077
MISC
MISC
microsoft -- windows_10Windows Hyper-V Denial of Service Vulnerability2021-11-107.1CVE-2021-42284
MISC
microsoft -- windows_10Windows Kernel Elevation of Privilege Vulnerability2021-11-107.2CVE-2021-42285
MISC
microsoft -- windows_10Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability2021-11-107.7CVE-2021-26443
MISC
neoan -- neoan3-template### Impact Versions prior 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by mistake or maliciously. In theory all users of the package are affected as long as they either deal with direct user input or database values. A multi-step attack on is therefore plausible. ### Patches Version 1.1.1 has addressed this vulnerability. ```php $params = [ 'reverse' => fn($input) => strrev($input), // <-- no longer possible with version ~1.1.1 'value' => 'My website' ] TemplateFunctions::registerClosure('reverse', fn($input) => strrev($input)); // <-- still possible (and nicely isolated) Template::embrace('<h1>{{reverse(value)}}</h1>', $params); ``` ### Workarounds Unfortunately only working with hardcoded values is safe in prior versions. As this likely defeats the purpose of a template engine, please upgrade. ### References As a possible exploit is relatively easy to achieve, I will not share steps to reproduce the issue for now. ### For more information If you have any questions or comments about this advisory: * Open an issue in [our repo](https://github.com/sroehrl/neoan3-template)2021-11-087.5CVE-2021-41170
CONFIRM
MISC
MISC
online_event_booking_and_reservation_system_project -- online_event_booking_and_reservation_systemA SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.2021-11-057.5CVE-2021-42667
MISC
MISC
opengamepanel -- opengamepanelAn issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. An authenticated attacker could inject OS commands by starting a Counter-Strike server and using the map field to enter a Bash command.2021-11-109CVE-2021-37158
MISC
MISC
opengamepanel -- opengamepanelAn issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm has the root password in cleartext.2021-11-109CVE-2021-37157
MISC
MISC
owasp -- owasp_modsecurity_core_rule_setOWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.2021-11-057.5CVE-2021-35368
CONFIRM
MISC
CONFIRM
MISC
phpjabbers -- fundraising_scriptStivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function.2021-11-057.5CVE-2020-22226
MISC
phpjabbers -- fundraising_scriptStivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function.2021-11-057.5CVE-2020-22225
MISC
phpjabbers -- fundraising_scriptStivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function.2021-11-057.5CVE-2020-22223
MISC
realtek -- rtl8195am_firmwareA buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame.2021-11-117.5CVE-2021-43573
MISC
MISC
samsung -- smartthingsImproper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.2021-11-057.5CVE-2021-25508
MISC
science-miner -- pdf2xmlpdf2xml v2.0 was discovered to contain a stack buffer overflow in the component getObjectStream.2021-11-107.5CVE-2020-23877
MISC
MISC
science-miner -- pdf2xmlpdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump.2021-11-107.5CVE-2020-23873
MISC
MISC
science-miner -- pdf2xmlpdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::addAttributsNode.2021-11-107.5CVE-2020-23874
MISC
MISC
servicetonic -- servicetonicArbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.2021-11-087.5CVE-2021-28023
MISC
MISC
servicetonic -- servicetonicUnauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password.2021-11-087.5CVE-2021-28024
MISC
MISC
siemens -- capital_vstarA vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)2021-11-097.5CVE-2021-31886
MISC
MISC
siemens -- capital_vstarA vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)2021-11-097.5CVE-2021-31884
MISC
MISC
siemens -- sentron_powermanager_3A vulnerability has been identified in SENTRON powermanager V3 (All versions). The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.2021-11-097.2CVE-2021-37207
MISC
siemens -- simatic_pcs_7A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files.2021-11-097.5CVE-2021-40358
MISC
sitecore -- experience_platformSitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.2021-11-0510CVE-2021-42237
MISC
MISC
MISC
starkbank -- ecdsa-dotnetThe verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.2021-11-097.5CVE-2021-43569
MISC
MISC
starkbank -- ecdsa-javaThe verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.2021-11-097.5CVE-2021-43570
MISC
MISC
starkbank -- ecdsa-nodeThe verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.2021-11-097.5CVE-2021-43571
MISC
MISC
starkbank -- ecdsa-pythonThe verify function in the Stark Bank Python ECDSA library (ecdsa-python) 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.2021-11-097.5CVE-2021-43572
MISC
MISC
starkbank -- elixir_ecdsaThe verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.2021-11-097.5CVE-2021-43568
MISC
MISC
talend -- data_catalogAn issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed.2021-11-057.5CVE-2021-42837
MISC
CONFIRM
xorux -- lpar2rrdlpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.2021-11-087.5CVE-2021-42371
CONFIRM
CONFIRM
xorux -- lpar2rrdA shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service.2021-11-089CVE-2021-42372
CONFIRM
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
404_to_301_project -- 404_to_301The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin before 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack2021-11-084.3CVE-2021-24766
MISC
airangel -- hsmx-app-25_firmwareAirangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.2021-11-106.4CVE-2021-40519
MISC
MISC
androidbubbles -- wp_header_imagesThe WP Header Images WordPress plugin before 2.0.1 does not sanitise and escape the t parameter before outputting it back in the plugin's settings page, leading to a Reflected Cross-Site Scripting issue2021-11-084.3CVE-2021-24798
MISC
apostrophecms -- apostrophecmsApostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users' sessions.2021-11-086.4CVE-2021-25979
MISC
azeotech -- daqfactoryProject files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory.2021-11-056.8CVE-2021-42698
MISC
azeotech -- daqfactoryThe affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account.2021-11-054.3CVE-2021-42699
MISC
barrier_project -- barrierAn issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote attacker can thus cause file descriptor exhaustion in the server process, leading to denial of service.2021-11-085CVE-2021-42075
MLIST
MISC
barrier_project -- barrierAn issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption.2021-11-086.5CVE-2021-42072
MISC
MLIST
barrier_project -- barrierAn issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is "Unnamed" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.2021-11-085.8CVE-2021-42073
CONFIRM
MLIST
barrier_project -- barrierAn issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP messages.2021-11-085CVE-2021-42076
MLIST
MISC
barrier_project -- barrierAn issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentation fault in the barriers component (aka the server-side implementation of Barrier) by quickly opening and closing TCP connections while sending a Hello message for each TCP session.2021-11-085CVE-2021-42074
MLIST
MISC
batch_cat_project -- batch_catThe Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subscribers) can add/set/delete arbitrary categories to posts.2021-11-084CVE-2021-24788
MISC
beeline -- smart_box_firmwareBeeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi.2021-11-104.3CVE-2021-41427
MISC
MISC
MISC
beeline -- smart_box_firmwareBeeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm.2021-11-106.8CVE-2021-41426
MISC
MISC
MISC
beescms -- beescmsBEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.2021-11-086.8CVE-2020-23572
MISC
bookstackapp -- bookstackbookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')2021-11-054CVE-2021-3916
CONFIRM
MISC
casap_automated_enrollment_system_project -- casap_automated_enrollment_systemMultiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php, the (3) firstname, (4) class, and (5) status parameters in student_table.php, the (6) category and (7) class_name parameters in add_class1.php, the (8) fname, (9) mname,(10) lname, (11) address, (12) class, (13) gfname, (14) gmname, (15) glname, (16) rship, (17) status, (18) transport, and (19) route parameters in add_student.php, the (20) fname, (21) mname, (22) lname, (23) address, (24) class, (25) fgname, (26) gmname, (27) glname, (28) rship, (29) status, (30) transport, and (31) route parameters in save_stud.php,the (32) status, (33) fname, and (34) lname parameters in add_user.php, the (35) username, (36) firstname, and (37) status parameters in users.php, the (38) fname, (39) lname, and (40) status parameters in save_user.php, and the (41) activity_log, (42) aprjun, (43) class, (44) janmar, (45) Julsep,(46) octdec, (47) Students and (48) users parameters in table_name.2021-11-084.3CVE-2021-40261
MISC
chameleon_css_project -- chameleon_cssThe Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection2021-11-086.5CVE-2021-24626
MISC
MISC
cloudera -- cloudera_managerCloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.2021-11-084.3CVE-2021-29243
MISC
MISC
cloudera -- cloudera_managerCloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.2021-11-085CVE-2021-32483
MISC
MISC
cloudera -- cloudera_managerCloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter.2021-11-084.3CVE-2021-32482
MISC
MISC
cloudera -- hueCloudera Hue 4.6.0 allows XSS via the type parameter.2021-11-084.3CVE-2021-32481
MISC
CONFIRM
cloudera -- hueCloudera Hue 4.6.0 allows XSS.2021-11-084.3CVE-2021-29994
CONFIRM
CONFIRM
MISC
codesupply -- squaretypeThe Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request.2021-11-085CVE-2021-24840
MISC
dolibarr -- dolibarrDolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.2021-11-104.3CVE-2021-33618
MISC
MISC
MISC
FULLDISC
draftpress -- header_footer_code_managerThe Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections2021-11-086.5CVE-2021-24791
MISC
eclipse -- theiaIn versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().2021-11-104.3CVE-2021-41038
CONFIRM
CONFIRM
engineers_online_portal_project -- engineers_online_portalA SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.2021-11-056.5CVE-2021-42666
MISC
MISC
MISC
engineers_online_portal_project -- engineers_online_portalAn incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.2021-11-055CVE-2021-42671
MISC
MISC
enrocrypt_project -- enrocryptEnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.2021-11-085CVE-2021-39182
MISC
CONFIRM
feataholic -- maz_loaderThe MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.2021-11-086.5CVE-2021-24669
MISC
flowpaper -- pdf2jsonpdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject.2021-11-105CVE-2020-23879
MISC
MISC
fullworks -- redirect_404_error_page_to_homepage_or_custom_page_with_logsThe Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack2021-11-084.3CVE-2021-24767
MISC
fusionpbx -- fusionpbxAn issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).2021-11-056.5CVE-2021-43406
MISC
fusionpbx -- fusionpbxAn issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).2021-11-056.5CVE-2021-43405
MISC
MISC
fusionpbx -- fusionpbxAn issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.2021-11-056.5CVE-2021-43404
MISC
g_auto-hyperlink_project -- g_auto-hyperlinkThe G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection2021-11-086.5CVE-2021-24627
MISC
MISC
genetechsolutions -- pie_registerThe Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username2021-11-086.8CVE-2021-24647
MISC
genie_wp_favicon_project -- genie_wp_faviconThe Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF in place when updating the favicon, which could allow attackers to make a logged in admin change it via a CSRF attack2021-11-084.3CVE-2021-24674
MISC
getgrav -- gravgrav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')2021-11-055CVE-2021-3924
CONFIRM
MISC
gitlab -- gitlabImproper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred2021-11-055CVE-2021-39897
MISC
CONFIRM
MISC
gitlab -- gitlabIn all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from.2021-11-055CVE-2021-39898
MISC
CONFIRM
MISC
gitlab -- gitlabA potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage.2021-11-055CVE-2021-39907
MISC
CONFIRM
MISC
gitlab -- gitlabA potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion.2021-11-055CVE-2021-39912
CONFIRM
MISC
MISC
gitlab -- gitlabAn Improper Access Control vulnerability in the GraphQL API in GitLab CE/EE since version 13.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request2021-11-054CVE-2021-39904
CONFIRM
MISC
MISC
gitlab -- gitlabImproper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf.2021-11-054.3CVE-2021-39906
MISC
CONFIRM
MISC
gitlab -- gitlabAn improper access control flaw in GitLab CE/EE since version 13.9 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers2021-11-054CVE-2021-39911
MISC
CONFIRM
gitlab -- gitlabAn information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with2021-11-054CVE-2021-39905
MISC
CONFIRM
MISC
gitlab -- gitlabIn all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint.2021-11-054CVE-2021-39901
MISC
CONFIRM
MISC
gnu -- hurdAn issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access.2021-11-076.9CVE-2021-43414
MISC
MISC
golang -- goGo before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.2021-11-084.3CVE-2021-41772
MISC
golang -- goImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.2021-11-084.3CVE-2021-41771
MISC
google -- androidImproper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution.2021-11-054.6CVE-2021-25503
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse undefined behavior (binding references to `nullptr`s). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. We will deprecate TensorFlow's boosted trees APIs in subsequent releases. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-054.6CVE-2021-41208
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or `CHECK`-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. We have discovered these issues internally via tooling while working on improving/testing GPU op determinism. As such, we don't have reproducers and there will be multiple fixes for these issues. These fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-054.6CVE-2021-41206
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-054.3CVE-2021-41213
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an undefined behavior due to binding a reference to `nullptr`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-054.6CVE-2021-41214
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the indices in `perm` are all valid. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-054.6CVE-2021-41216
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to `true` and never assigns `false`. This results in unitialized variable access if callers assume that `EinsumHelper::ParseEquation()` always sets these flags. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-054.6CVE-2021-41201
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to `nullptr`. This occurs whenever the dimensions of `a` or `b` are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, we should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-054.6CVE-2021-41219
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats. The fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-054.6CVE-2021-41203
CONFIRM
MISC
MISC
MISC
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-054.6CVE-2021-41228
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the `input`, `input_h` and `input_c` parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-054.6CVE-2021-41221
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been `std::move()`d from are still accessed. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected.2021-11-054.6CVE-2021-41220
CONFIRM
MISC
gvectors -- wpdiscuzThe wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment.2021-11-084.3CVE-2021-24806
MISC
hitachi -- vantara_pentahoAn issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials.2021-11-085CVE-2021-31602
MISC
MISC
hitachi -- vantara_pentahoUploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution).2021-11-086.5CVE-2021-34685
MISC
MISC
hitachi -- vantara_pentahoAn issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code.2021-11-086.5CVE-2021-31599
MISC
MISC
hitachi -- vantara_pentahoAn issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials.2021-11-084CVE-2021-31601
MISC
MISC
hitachi -- vantara_pentahoAn issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames.2021-11-084CVE-2021-31600
MISC
MISC
hospital_management_system_project -- hospital_management_systemMultiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php.2021-11-054.3CVE-2021-39411
MISC
hp -- futuresmart_4A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution.2021-11-094.6CVE-2019-18912
MISC
ibm -- business_automation_workflowIBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.2021-11-054.3CVE-2021-29753
CONFIRM
XF
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401.2021-11-104CVE-2021-38887
CONFIRM
XF
ibm -- mq_applianceIBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.2021-11-084CVE-2021-29843
XF
CONFIRM
ibm -- qradar_network_securityIBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467.2021-11-084.3CVE-2020-4152
CONFIRM
XF
ibm -- qradar_network_securityIBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340.2021-11-084.3CVE-2020-4160
XF
CONFIRM
igexsolutions -- wpschoolpressThe School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above.2021-11-086.5CVE-2021-24575
MISC
irfanview -- irfanviewIrfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a "Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850".2021-11-056.8CVE-2020-23565
MISC
irfanview -- irfanviewIrfanview v4.53 allows attackers to to cause a denial of service (DoS) via a crafted JPEG 2000 file. Related to "Integer Divide By Zero starting at JPEG2000!ShowPlugInSaveOptions_W+0x00000000000082ea"2021-11-054.3CVE-2020-23567
MISC
irfanview -- irfanviewIrfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8.2021-11-054.3CVE-2020-23566
MISC
jetbrains -- hubIn JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.2021-11-095CVE-2021-43180
MISC
jetbrains -- hubIn JetBrains Hub before 2021.1.13690, stored XSS is possible.2021-11-094.3CVE-2021-43181
MISC
jetbrains -- hubIn JetBrains Hub before 2021.1.13415, a DoS via user information is possible.2021-11-095CVE-2021-43182
MISC
jetbrains -- ktorIn JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.2021-11-095CVE-2021-43203
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.2021-11-095CVE-2021-43195
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.1.2, user enumeration was possible.2021-11-095CVE-2021-43194
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.2021-11-095CVE-2021-43201
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.2021-11-095CVE-2021-43196
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.2021-11-095CVE-2021-43199
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.2021-11-094.3CVE-2021-43197
MISC
jetbrains -- youtrack_mobileIn JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information.2021-11-095CVE-2021-43187
MISC
jetbrains -- youtrack_mobileIn JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible.2021-11-095CVE-2021-43190
MISC
jetbrains -- youtrack_mobileJetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS.2021-11-095CVE-2021-43191
MISC
jetbrains -- youtrack_mobileIn JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible.2021-11-095CVE-2021-43192
MISC
legalweb -- wp_dsgvo_toolsWP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanently delete an arbitrary post or page on the site by sending an AJAX request with the “action” parameter set to “admin-dismiss-unsubscribe” and the “id” parameter set to the post to be deleted. Sending such a request would move the post to the trash, and repeating the request would permanently delete the post in question.2021-11-056.4CVE-2021-42359
MISC
loco_translate_project -- loco_translateThe Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations.2021-11-084CVE-2021-24721
MISC
lua -- luaStack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.2021-11-094.3CVE-2021-43519
MISC
MISC
mcafee -- drive_encryptionDLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.2021-11-104.6CVE-2021-31853
CONFIRM
mendix -- mendixA vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow authenticated attackers to retrieve the changedDate attribute of arbitrary objects, even when they don't have read access to them.2021-11-094CVE-2021-42026
MISC
mendix -- mendixA vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow authenticated attackers to manipulate the content of System.FileDocument objects in some cases, regardless whether they have write access to it.2021-11-096.8CVE-2021-42025
MISC
meross -- mss550x_firmwareMeross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. This could allow a remote attacker to obtain the Wi-Fi SSID as well as the password configured by the user from Meross app via Http/JSON plain request.2021-11-054.3CVE-2021-3774
CONFIRM
microsoft -- 365_appsMicrosoft Access Remote Code Execution Vulnerability2021-11-106.8CVE-2021-41368
MISC
MISC
microsoft -- 365_appsMicrosoft Excel Security Feature Bypass Vulnerability2021-11-106.8CVE-2021-42292
MISC
microsoft -- 365_appsMicrosoft Word Remote Code Execution Vulnerability2021-11-106.9CVE-2021-42296
MISC
microsoft -- 365_appsMicrosoft Excel Remote Code Execution Vulnerability2021-11-106.8CVE-2021-40442
MISC
microsoft -- edgeMicrosoft Edge (Chrome based) Spoofing on IE Mode2021-11-104.3CVE-2021-41351
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Remote Code Execution Vulnerability2021-11-106.5CVE-2021-42321
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42305.2021-11-104.3CVE-2021-41349
MISC
microsoft -- power_bi_report_serverPower BI Report Server Spoofing Vulnerability2021-11-106.8CVE-2021-41372
MISC
microsoft -- remote_desktopRemote Desktop Protocol Client Information Disclosure Vulnerability2021-11-104.3CVE-2021-38665
MISC
microsoft -- visual_studioDiagnostics Hub Standard Collector Elevation of Privilege Vulnerability2021-11-104.6CVE-2021-42277
MISC
MISC
microsoft -- windows_10Chakra Scripting Engine Memory Corruption Vulnerability2021-11-105.1CVE-2021-42279
MISC
microsoft -- windows_10Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability2021-11-104.6CVE-2021-42286
MISC
microsoft -- windows_10NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41367, CVE-2021-41370.2021-11-104.6CVE-2021-42283
MISC
microsoft -- windows_10Windows Feedback Hub Elevation of Privilege Vulnerability2021-11-104.6CVE-2021-42280
MISC
MISC
microsoft -- windows_10Windows Installer Elevation of Privilege Vulnerability2021-11-104.6CVE-2021-41379
MISC
MISC
microsoft -- windows_10Windows Fast FAT File System Driver Elevation of Privilege Vulnerability2021-11-104.6CVE-2021-41377
MISC
microsoft -- windows_10Windows Desktop Bridge Elevation of Privilege Vulnerability2021-11-104.6CVE-2021-36957
MISC
microsoft -- windows_10NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41367, CVE-2021-42283.2021-11-104.6CVE-2021-41370
MISC
microsoft -- windows_10Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability2021-11-104.6CVE-2021-41366
MISC
microsoft -- windows_10Microsoft COM for Windows Remote Code Execution Vulnerability2021-11-106.5CVE-2021-42275
MISC
microsoft -- windows_10Windows NTFS Remote Code Execution Vulnerability2021-11-106.5CVE-2021-41378
MISC
microsoft -- windows_10Remote Desktop Client Remote Code Execution Vulnerability2021-11-106.8CVE-2021-38666
MISC
microsoft -- windows_10Microsoft Windows Media Foundation Remote Code Execution Vulnerability2021-11-106.8CVE-2021-42276
MISC
microsoft -- windows_10Windows Denial of Service Vulnerability2021-11-105CVE-2021-41356
MISC
microsoft -- windows_10NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41370, CVE-2021-42283.2021-11-104.6CVE-2021-41367
MISC
microsoft -- windows_serverActive Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42287, CVE-2021-42291.2021-11-106.5CVE-2021-42282
MISC
microsoft -- windows_serverActive Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.2021-11-106.5CVE-2021-42287
MISC
microsoft -- windows_serverActive Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42287.2021-11-106.5CVE-2021-42291
MISC
microsoft -- windows_server_2008Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42282, CVE-2021-42287, CVE-2021-42291.2021-11-106.5CVE-2021-42278
MISC
nlnetlabs -- routinatorIn NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP connections, this time-out was only applied to individual read or write operations rather than the complete request. Thus, if an RRDP repository sends a little bit of data before that time-out expired, it can continuously extend the time it takes for the request to finish. Since validation will only continue once the update of an RRDP repository has concluded, this delay will cause validation to stall, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all.2021-11-095CVE-2021-43173
MISC
nlnetlabs -- routinatorNLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of white space in the encoded data. The gzip scheme compresses such white space extremely well, leading to very small compressed files that become huge when being decompressed for further processing, big enough that Routinator runs out of memory when parsing input data waiting for the next XML element.2021-11-095CVE-2021-43174
MISC
nlnetlabs -- routinatorNLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of another CA using a different RRDP repository, a malicious CA can create a chain of CAs of de-facto infinite length. Routinator prior to version 0.10.2 did not contain a limit on the length of such a chain and will therefore continue to process this chain forever. As a result, the validation run will never finish, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all.2021-11-095CVE-2021-43172
MISC
nomacs -- nomacsA buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial of service (DoS) via a crafted MNG file.2021-11-104.3CVE-2020-23884
MISC
MISC
MISC
online_event_booking_and_reservation_system_project -- online_event_booking_and_reservation_systemAn HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice.2021-11-054.3CVE-2021-42663
MISC
MISC
opnsense -- opnsenseA Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester.2021-11-084.3CVE-2021-42770
CONFIRM
MISC
oppia -- oppiaOppia 3.1.4 does not verify that certain URLs are valid before navigating to them.2021-11-085.8CVE-2021-41733
MISC
phoenix_media_rename_project -- phoenix_media_renameThe Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own.2021-11-084CVE-2021-24816
MISC
php_event_calendar_project -- php_event_calendarPHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the site.2021-11-084.3CVE-2021-42078
MISC
MISC
phpjabbers -- fundraising_scriptStivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function.2021-11-054.3CVE-2020-22222
MISC
phpjabbers -- fundraising_scriptStivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function.2021-11-054.3CVE-2020-22224
MISC
pomerium -- pomeriumPomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using `allowed_idp_claims` as part of policy. If using `allowed_idp_claims` and a user's claims are changed, Pomerium can make incorrect authorization decisions. This issue has been resolved in v0.15.6. For users unable to upgrade clear data on `databroker` service by clearing redis or restarting the in-memory databroker to force claims to be updated.2021-11-056.5CVE-2021-41230
CONFIRM
MISC
post_content_xmlrpc_project -- post_content_xmlrpcThe Post Content XMLRPC WordPress plugin through 1.0 does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections2021-11-086.5CVE-2021-24629
MISC
MISC
publishpress -- post_expiratorThe Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts.2021-11-084CVE-2021-24783
MISC
remoteclinic -- remote_clinicMultiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) gender parameters; in (3) staff/edit-my-profile.php via the (a) Title, (b) First Name, (c) Last Name, (d) Skype, and (e) Address parameters; and in (4) clinics/settings.php via the (a) portal_name, (b) guardian_short_name, (c) guardian_name, (d) opening_time, (e) closing_time, (f) access_level_5, (g) access_level_4, (h) access_level_ 3, (i) access_level_2, (j) access_level_1, (k) currency, (l) mobile_number, (m) address, (n) patient_contact, (o) patient_address, and (p) patient_email parameters.2021-11-054.3CVE-2021-39416
MISC
MISC
MISC
samsung -- samsung_passImproper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked.2021-11-056.8CVE-2021-25505
MISC
sap -- abap_platform_kernelSAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.2021-11-105.5CVE-2021-40501
MISC
MISC
sap -- commerceSAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from B2B units they do not belong to.2021-11-106.5CVE-2021-40502
MISC
MISC
sap -- netweaver_application_server_for_abapA certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.2021-11-104CVE-2021-40504
MISC
MISC
schreikasten_project -- schreikastenThe Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenticated SQL Injections which can be exploited by users as low as author2021-11-086.5CVE-2021-24630
MISC
MISC
science-miner -- pdf2xmlpdf2xml v2.0 was discovered to contain a memory leak in the function TextPage::testLinkedText.2021-11-105CVE-2020-23876
MISC
MISC
science-miner -- pdf2xmlA NULL pointer dereference in the function TextPage::restoreState of pdf2xml v2.0 allows attackers to cause a denial of service (DoS).2021-11-105CVE-2020-23872
MISC
MISC
seopanel -- seo_panelMultiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) webmaster-tools.php, and (k) reports.php; the (3) order_col parameter in (a) analytics.php, (b) review.php, (c) social_media.php, and (d) webmaster-tools.php; and the (4) pageno parameter in (a) alerts.php, (b) log.php, (c) keywords.php, (d) proxy.php, (e) searchengine.php, and (f) siteauditor.php.2021-11-054.3CVE-2021-39413
MISC
servicetonic -- servicetonicBlind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.2021-11-085CVE-2021-28022
MISC
MISC
shareaholic -- similar_postsThe Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILTERED_HTML set to true) via the 'widget_rrm_similar_posts_condition' widget setting of the plugin.2021-11-086CVE-2021-24537
MISC
shopping_portal_project -- shopping_portalMultiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php, and the (3) PHP_SELF parameter in captcha/index.php.2021-11-054.3CVE-2021-39412
MISC
siemens -- capital_vstarA vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)2021-11-095CVE-2021-31881
MISC
MISC
siemens -- capital_vstarA vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)2021-11-096.5CVE-2021-31888
MISC
MISC
siemens -- capital_vstarA vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)2021-11-095CVE-2021-31344
MISC
MISC
siemens -- capital_vstarA vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)2021-11-095CVE-2021-31885
MISC
MISC
siemens -- capital_vstarA vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)2021-11-096.5CVE-2021-31887
MISC
MISC
siemens -- capital_vstarA vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)2021-11-095CVE-2021-31883
MISC
MISC
siemens -- capital_vstarA vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)2021-11-096.4CVE-2021-31345
MISC
MISC
siemens -- capital_vstarA vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)2021-11-096.4CVE-2021-31346
MISC
MISC
siemens -- capital_vstarA vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)2021-11-095CVE-2021-31882
MISC
MISC
siemens -- capital_vstarA vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)2021-11-096.4CVE-2021-31889
MISC
MISC
siemens -- capital_vstarA vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)2021-11-096.4CVE-2021-31890
MISC
MISC
siemens -- climatix_pol909_firmwareA vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.2021-11-095.8CVE-2021-40366
MISC
siemens -- simatic_pcs_7A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files.2021-11-095CVE-2021-40359
MISC
siemens -- simatic_pcs_7A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system.2021-11-095CVE-2021-40364
MISC
speex -- speexA stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.2021-11-104.3CVE-2020-23904
MISC
tailor_management_system_project -- tailor_management_systemMultiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester Tailor Management 1.0 via the (1) eid parameter in (a) partedit.php and (b) customeredit.php, the (2) id parameter in (a) editmeasurement.php and (b) addpayment.php, and the (3) error parameter in index.php.2021-11-084.3CVE-2021-40260
MISC
thruk -- thrukThruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it.2021-11-094.3CVE-2021-35489
MISC
MISC
thruk -- thrukThruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it.2021-11-094.3CVE-2021-35488
MISC
MISC
tipsandtricks-hq -- simple_download_monitorThe Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download.2021-11-084CVE-2021-24698
MISC
tipsandtricks-hq -- simple_download_monitorThe Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues2021-11-084.3CVE-2021-24697
MISC
tipsandtricks-hq -- simple_download_monitorThe Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the Download is in a review state, contributor could make JavaScript code execute in a context of a reviewer such as admin and make them create a rogue admin account, or install a malicious plugin2021-11-086CVE-2021-24693
MISC
tipsandtricks-hq -- simple_download_monitorThe Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames2021-11-085CVE-2021-24695
MISC
unlimited_popups_project -- unlimited_popupsThe Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection2021-11-086.5CVE-2021-24631
MISC
MISC
vfront -- vfrontMultiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter in search_all.php and the (2) msg parameter in add.attach.php.2021-11-084.3CVE-2021-39420
MISC
vim -- vimvim is vulnerable to Stack-based Buffer Overflow2021-11-054.6CVE-2021-3928
CONFIRM
MISC
FEDORA
vim -- vimvim is vulnerable to Heap-based Buffer Overflow2021-11-056.8CVE-2021-3927
CONFIRM
MISC
FEDORA
vmware -- spring_cloud_gatewayApplications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.2021-11-084CVE-2021-22051
MISC
wclovers -- frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatibleThe WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks2021-11-086.5CVE-2021-24835
MISC
web-dorado -- spidercatalogThe SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category2021-11-086.5CVE-2021-24625
MISC
MISC
wildbit-soft -- wildbit_viewerA buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted JPG file. Related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at JPGCodec+0x753648.2021-11-104.3CVE-2020-23890
MISC
MISC
wildbit-soft -- wildbit_viewerA User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.2021-11-104.3CVE-2020-23901
MISC
MISC
wildbit-soft -- wildbit_viewerA User Mode Write AV in Editor+0x576b of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.2021-11-104.3CVE-2020-23896
MISC
MISC
wildbit-soft -- wildbit_viewerA User Mode Write AV in Editor!TMethodImplementationIntercept+0x3c3682 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.2021-11-104.3CVE-2020-23893
MISC
MISC
wildbit-soft -- wildbit_viewerA User Mode Write AV in Editor+0x5cd7 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.2021-11-104.3CVE-2020-23891
MISC
MISC
wildbit-soft -- wildbit_viewerA User Mode Write AV in Editor!TMethodImplementationIntercept+0x53f6c3 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted psd file.2021-11-104.3CVE-2020-23888
MISC
MISC
wildbit-soft -- wildbit_viewerA User Mode Write AV in ntdll!RtlpCoalesceFreeBlocks+0x268 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.2021-11-104.3CVE-2020-23894
MISC
MISC
wildbit-soft -- wildbit_viewerA User Mode Write AV starting at Editor!TMethodImplementationIntercept+0x4189c6 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted ico file.2021-11-104.3CVE-2020-23889
MISC
MISC
wildbit-soft -- wildbit_viewerA buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address may be used as a return value starting at Editor!TMethodImplementationIntercept+0x528a3.2021-11-104.3CVE-2020-23902
MISC
MISC
wildbit-soft -- wildbit_viewerA User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.2021-11-104.3CVE-2020-23895
MISC
MISC
wildbit-soft -- wildbit_viewerA buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b.2021-11-104.3CVE-2020-23900
MISC
MISC
wildbit-soft -- wildbit_viewerA User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.2021-11-104.3CVE-2020-23899
MISC
MISC
wildbit-soft -- wildbit_viewerA User Mode Write AV in Editor+0x5ea2 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.2021-11-104.3CVE-2020-23898
MISC
MISC
wildbit-soft -- wildbit_viewerA User Mode Write AV in Editor!TMethodImplementationIntercept+0x54dcec of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.2021-11-104.3CVE-2020-23897
MISC
MISC
wow-company -- wow_formsThe Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection2021-11-086.5CVE-2021-24628
MISC
MISC
wp-buy -- visitor_traffic_real_time_statisticsThe Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue2021-11-086.5CVE-2021-24829
MISC
wp_seo_redirect_301_project -- wp_seo_redirect_301The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack2021-11-084.3CVE-2021-24832
MISC
wp_survey_plus_project -- wp_survey_plusThe WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site Scripting issues2021-11-084.3CVE-2021-24801
MISC
wpaffiliatemanager -- affiliates_managerThe Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue2021-11-086.5CVE-2021-24844
CONFIRM
MISC
xorux -- lpar2rrdA password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)2021-11-084.3CVE-2021-42370
CONFIRM
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
addtoany -- addtoany_share_buttonsThe AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2021-11-083.5CVE-2021-24616
MISC
CONFIRM
airangel -- hsmx-app-25_firmwareAirangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access.2021-11-103.5CVE-2021-40517
MISC
MISC
apostrophecms -- apostrophecmsApostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed.2021-11-073.5CVE-2021-25978
MISC
azeotech -- daqfactoryAn attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account.2021-11-052.6CVE-2021-42701
MISC
bookingholdings -- booking.com_banner_creatorThe Booking.com Banner Creator WordPress plugin through 1.4.2 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2021-11-083.5CVE-2021-24646
MISC
bookingholdings -- booking.com_product_helperThe Booking.com Product Helper WordPress plugin through 1.0.1 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2021-11-083.5CVE-2021-24645
MISC
engineers_online_portal_project -- engineers_online_portalA Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.2021-11-053.5CVE-2021-42664
MISC
MISC
MISC
MISC
eset -- cyber_securityESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot.2021-11-082.1CVE-2021-37850
MISC
gitlab -- gitlabLack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE since version 11.3 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances2021-11-053.5CVE-2021-39909
MISC
MISC
CONFIRM
gitlab -- gitlabIn all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source.2021-11-052.1CVE-2021-39895
MISC
CONFIRM
MISC
google -- androidA vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.2021-11-052.1CVE-2021-25502
MISC
google -- androidA missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise.2021-11-052.1CVE-2021-25500
MISC
google -- androidAn improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.2021-11-052.1CVE-2021-25501
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41197
CONFIRM
MISC
MISC
MISC
MISC
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41196
MISC
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-053.6CVE-2021-41205
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the implementation of `tf.math.segment_*` operations results in a `CHECK`-fail related abort (and denial of service) if a segment id in `segment_ids` is large. This is similar to CVE-2021-29584 (and similar other reported vulnerabilities in TensorFlow, localized to specific APIs): the implementation (both on CPU and GPU) computes the output shape using `AddDim`. However, if the number of elements in the tensor overflows an `int64_t` value, `AddDim` results in a `CHECK` failure which provokes a `std::abort`. Instead, code should use `AddDimWithStatus`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41195
CONFIRM
MISC
MISC
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions if `tf.image.resize` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too much for the `int64_t` type and the overflow is detected via a `CHECK` statement. This aborts the process. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41199
CONFIRM
MISC
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41200
MISC
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64 = condition ? int64 : double`. Due to C++ implicit conversion rules, both branches of the condition will be cast to `double` and the result would be truncated before the assignment. This result in overflows. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41202
CONFIRM
MISC
MISC
MISC
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions if `tf.tile` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too much for the `int64_t` type and the overflow is detected via a `CHECK` statement. This aborts the process. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41198
MISC
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the `tstring` TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41227
CONFIRM
MISC
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41204
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41209
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-053.6CVE-2021-41210
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs whenever `axis` is a negative value less than `-1`. In this case, we are accessing data before the start of a heap buffer. The code allows `axis` to be an optional argument (`s` would contain an `error::NOT_FOUND` error code). Otherwise, it assumes that `axis` is a valid index into the dimensions of the `input` tensor. If `axis` is less than `-1` then this results in a heap OOB read. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected.2021-11-053.6CVE-2021-41211
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-053.6CVE-2021-41212
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-053.6CVE-2021-41223
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of `indices` does not match the size of `values`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-053.6CVE-2021-41224
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is because of missing validation between the elements of the `values` argument and the shape of the sparse output. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-053.6CVE-2021-41226
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the implementation of `ParallelConcat` misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41207
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41225
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one value and at least one value is negative. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41222
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count` argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41218
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an `Enter` node) always exists when encountering the second node (e.g., an `Exit` node). When this is not the case, `parent` is `nullptr` so dereferencing it causes a crash. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41217
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `DeserializeSparse` can trigger a null pointer dereference. This is because the shape inference function assumes that the `serialize_sparse` tensor is a tensor with positive rank (and having `3` as the last dimension). The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.2021-11-052.1CVE-2021-41215
MISC
CONFIRM
gtranslate -- google_language_translatorThe Translate WordPress – Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2021-11-083.5CVE-2021-24594
CONFIRM
MISC
ibm -- qradar_network_securityIBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174269.2021-11-083.5CVE-2020-4153
CONFIRM
XF
ibm -- security_guardiumIBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.2021-11-083.5CVE-2021-29735
CONFIRM
XF
igexsolutions -- wpschoolpressThe School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues.2021-11-083.5CVE-2021-24664
MISC
jetbrains -- teamcityIn JetBrains TeamCity before 2021.1.2, stored XSS is possible.2021-11-093.5CVE-2021-43198
MISC
jetbrains -- youtrackJetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.2021-11-093.5CVE-2021-43186
MISC
jetbrains -- youtrackIn JetBrains YouTrack before 2021.3.21051, stored XSS is possible.2021-11-093.5CVE-2021-43184
MISC
mendix -- mendixA vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache.2021-11-091.9CVE-2021-42015
MISC
microsoft -- azure_real_time_operating_systemAzure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-42301, CVE-2021-42323.2021-11-101.9CVE-2021-26444
MISC
microsoft -- azure_sphereAzure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41374, CVE-2021-41375.2021-11-102.1CVE-2021-41376
MISC
microsoft -- azure_sphereAzure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41375, CVE-2021-41376.2021-11-102.1CVE-2021-41374
MISC
microsoft -- azure_sphereAzure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41374, CVE-2021-41376.2021-11-102.1CVE-2021-41375
MISC
microsoft -- fslogixFSLogix Information Disclosure Vulnerability2021-11-102.1CVE-2021-41373
MISC
microsoft -- windows_10Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41371.2021-11-102.1CVE-2021-38631
MISC
microsoft -- windows_10Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38631.2021-11-102.1CVE-2021-41371
MISC
microsoft -- windows_10Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability2021-11-102.1CVE-2021-42274
MISC
online_enrollment_management_system_in_php_project -- online_enrollment_management_system_in_phpA Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter.2021-11-083.5CVE-2021-40577
MISC
online_event_booking_and_reservation_system_project -- online_event_booking_and_reservation_systemA Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.2021-11-053.5CVE-2021-42662
MISC
MISC
MISC
MISC
poweradmin -- pa_server_monitorA cross-site scripting (XSS) vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe.2021-11-053.5CVE-2021-26844
MISC
MISC
print-o-matic_project -- print-o-maticThe Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2021-11-083.5CVE-2021-24710
MISC
CONFIRM
publify_project -- publifyIn Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.2021-11-103.5CVE-2021-25974
CONFIRM
MISC
publify_project -- publifyIn publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.2021-11-103.5CVE-2021-25975
CONFIRM
MISC
quiz_tool_lite_project -- quiz_tool_liteThe Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2021-11-083.5CVE-2021-24701
MISC
qwizcards_project -- qwizcardsThe Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2021-11-083.5CVE-2021-24706
MISC
samsung -- group_sharingIntent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information.2021-11-052.1CVE-2021-25504
MISC
samsung -- healthNon-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service.2021-11-052.1CVE-2021-25506
MISC
samsung -- samsung_flowA missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders.2021-11-053.6CVE-2021-25509
MISC
samsung -- samsung_flowImproper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization.2021-11-052.7CVE-2021-25507
MISC
schiocco -- support_boardThe Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed.2021-11-083.5CVE-2021-24807
MISC
MISC
MISC
siemens -- simatic_rtls_locating_managerA vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the application service.2021-11-092.1CVE-2020-10054
MISC
siemens -- simatic_rtls_locating_managerA vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks.2021-11-092.1CVE-2020-10053
MISC
siemens -- simatic_rtls_locating_managerA vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks.2021-11-092.1CVE-2020-10052
MISC
wooassist -- storefront_footer_textThe Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed.2021-11-083.5CVE-2021-24607
MISC
wp_all_export_project -- wp_all_exportThe Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2021-11-083.5CVE-2021-24708
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
airangel -- airangel
 
Airangel HSMX Gateway devices through 5.2.04 allow CSRF.2021-11-10not yet calculatedCVE-2021-40518
MISC
MISC
airangel -- airangel
 
Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials.2021-11-10not yet calculatedCVE-2021-40520
MISC
MISC
alquistmanager -- alquistmanager
 
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access.2021-11-12not yet calculatedCVE-2021-43492
MISC
antilles -- antilles
 
A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi.2021-11-12not yet calculatedCVE-2021-3840
CONFIRM
apache -- shardingspehere
 
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0.2021-11-11not yet calculatedCVE-2021-26558
MISC
MLIST
apache -- superset
 
Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.2021-11-12not yet calculatedCVE-2021-41972
CONFIRM
CONFIRM
apache -- traffic_control_traffic_ops
 
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.2021-11-11not yet calculatedCVE-2021-43350
CONFIRM
MLIST
MLIST
arris -- surfboard_sb8200
 
The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.2021-11-09not yet calculatedCVE-2021-20119
MISC
asus -- routers
 
ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.2021-11-12not yet calculatedCVE-2021-37910
MISC
belledonne -- belle-sipBelledonne Belle-sip before 5.0.20 can crash applications such as Linphone via " \ " in the display name of a From header.2021-11-12not yet calculatedCVE-2021-43611
MISC
MISC
belledonne -- belle-sip
 
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056.2021-11-12not yet calculatedCVE-2021-43610
MISC
MISC
binatone -- hubble_camerasAn exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device.2021-11-12not yet calculatedCVE-2021-3788
CONFIRM
binatone -- hubble_cameras
 
A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device.2021-11-12not yet calculatedCVE-2021-3790
CONFIRM
binatone -- hubble_cameras
 
A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services.2021-11-12not yet calculatedCVE-2021-3787
CONFIRM
binatone -- hubble_cameras
 
An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware.2021-11-12not yet calculatedCVE-2021-3793
CONFIRM
binatone -- hubble_cameras
 
Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker.2021-11-12not yet calculatedCVE-2021-3792
CONFIRM
binatone -- hubble_cameras
 
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.2021-11-12not yet calculatedCVE-2021-3789
CONFIRM
binatone -- hubble_cameras
 
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password.2021-11-12not yet calculatedCVE-2021-3791
CONFIRM
bitdefender -- enpoint_security_tools
 
Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions.2021-11-09not yet calculatedCVE-2021-3641
CONFIRM
blackberry -- protectA low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system and gaining the ability to delete data from the local system.2021-11-10not yet calculatedCVE-2021-32022
MISC
blackberry -- protect
 
A denial of service vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system.2021-11-10not yet calculatedCVE-2021-32021
MISC
blackberry -- protect
 
An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system.2021-11-10not yet calculatedCVE-2021-32023
MISC
bluez -- bluez
 
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.2021-11-12not yet calculatedCVE-2021-41229
CONFIRM
bookstack -- bookstack
 
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type2021-11-13not yet calculatedCVE-2021-3915
MISC
CONFIRM
broadcom -- emulex_hba_managerBroadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated.2021-11-12not yet calculatedCVE-2021-42775
MISC
CONFIRM
broadcom -- emulex_hba_manager
 
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated.2021-11-12not yet calculatedCVE-2021-42774
MISC
CONFIRM
broadcom -- emulex_hba_manager
 
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated.2021-11-12not yet calculatedCVE-2021-42773
MISC
CONFIRM
commit -- commit
 
Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.2021-11-12not yet calculatedCVE-2021-43496
MISC
cradlepoint -- cradlepoint
 
Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line.2021-11-07not yet calculatedCVE-2021-37471
MISC
MISC
dell -- bios
 
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.2021-11-12not yet calculatedCVE-2021-36325
MISC
dell -- bios
 
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.2021-11-12not yet calculatedCVE-2021-36324
MISC
dell -- bios
 
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.2021-11-12not yet calculatedCVE-2021-36323
MISC
dell -- emc_powerscale_nodes
 
Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.2021-11-12not yet calculatedCVE-2021-36315
MISC
dell -- emc_powerscale_onefs
 
Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions.2021-11-12not yet calculatedCVE-2021-21528
MISC
dell -- powerscale_onefs
 
Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB.2021-11-12not yet calculatedCVE-2021-36305
MISC
dheater -- dheater
 
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.2021-11-11not yet calculatedCVE-2002-20001
MISC
MISC
MISC
MISC
django -- helpdesk
 
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2021-11-13not yet calculatedCVE-2021-3945
MISC
CONFIRM
docsis -- docsis
 
Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd component to execute commands on the device.2021-11-10not yet calculatedCVE-2021-39474
MISC
MISC
ets5password -- ets5password
 
** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported.2021-11-09not yet calculatedCVE-2021-43575
MISC
ffmpeg -- ffmpeg
 
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity.2021-11-10not yet calculatedCVE-2020-23906
MISC
firefly-iii -- firefly-iii
 
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)2021-11-13not yet calculatedCVE-2021-3921
CONFIRM
MISC
formalms -- formalms
 
An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform.2021-11-10not yet calculatedCVE-2021-43136
MISC
MISC
MISC
MISC
fort -- validator
 
FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation.2021-11-09not yet calculatedCVE-2021-43114
MISC
github -- enterprise_server
 
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program.2021-11-10not yet calculatedCVE-2021-22870
MISC
MISC
MISC
google -- google
 
An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.2021-11-10not yet calculatedCVE-2021-43561
MISC
hewlett_packard -- laserjet_solution_software
 
A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client.2021-11-09not yet calculatedCVE-2019-18916
MISC
hewlett_packard -- multiple_printers
 
During installation with certain driver software or application packages an arbitrary code execution could occur.2021-11-09not yet calculatedCVE-2020-28419
MISC
hewlett_packard -- officejet_pro_printers
 
A Buffer Overflow and Information Disclosure issue exists in HP OfficeJet Pro Printers before 001.1937C, and HP PageWide Managed Printers and HP PageWide Pro Printers before 001.1937D exists; A maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device.2021-11-09not yet calculatedCVE-2019-16240
MISC
hewlett_packard -- printers
 
A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link.2021-11-09not yet calculatedCVE-2019-18914
MISC
ibm -- security_siteprotector_system
 
IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052.2021-11-12not yet calculatedCVE-2020-4140
XF
CONFIRM
ibm -- security_siteprotector_system
 
IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129.2021-11-12not yet calculatedCVE-2020-4146
CONFIRM
XF
ibm -- system_x_servers
 
A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session.2021-11-12not yet calculatedCVE-2021-3723
CONFIRM
ibm -- tivoli_key_lifecycle_ma
 
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.2021-11-12not yet calculatedCVE-2021-38985
XF
CONFIRM
ibm -- tivoli_key_lifecycle_maagerIBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.2021-11-12not yet calculatedCVE-2021-38973
CONFIRM
XF
ibm -- tivoli_key_lifecycle_manager
 
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.2021-11-12not yet calculatedCVE-2021-38972
XF
CONFIRM
icms -- icms
 
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.2021-11-12not yet calculatedCVE-2020-21141
MISC
icrem -- h8
 
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality.2021-11-10not yet calculatedCVE-2021-3380
MISC
MISC
MISC
MISC
jamf -- pro
 
The server in Jamf Pro before 10.32.0 has a vulnerability affecting integrity and availability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability.2021-11-12not yet calculatedCVE-2021-39303
MISC
CONFIRM
jenkins -- active_choices_plugin
 
Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.2021-11-12not yet calculatedCVE-2021-21699
CONFIRM
MLIST
jenkins -- owasp
 
Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2021-11-12not yet calculatedCVE-2021-43577
CONFIRM
MLIST
jenkins -- performance_plugin
 
Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2021-11-12not yet calculatedCVE-2021-21701
CONFIRM
MLIST
jenkins -- pom2config
 
Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.2021-11-12not yet calculatedCVE-2021-43576
CONFIRM
MLIST
jenkins -- scriptler_plugin
 
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.2021-11-12not yet calculatedCVE-2021-21700
CONFIRM
MLIST
jenkins -- squash_tm_publisher
 
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.2021-11-12not yet calculatedCVE-2021-43578
CONFIRM
MLIST
jetbrains -- youtrack_mobileIn JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete.2021-11-09not yet calculatedCVE-2021-43189
MISC
jetbrains -- youtrack_mobile
 
In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete.2021-11-09not yet calculatedCVE-2021-43188
MISC
json-schema -- json-schema
 
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')2021-11-13not yet calculatedCVE-2021-3918
MISC
CONFIRM
kubernetes -- kuztomize-controller
 
kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could execute commands inside the kustomize-controller container by embedding a shell script in a Kubernetes Secret. This can be used to run `kubectl` commands under the Service Account of kustomize-controller, thus allowing an authenticated Kubernetes user to gain cluster admin privileges. In affected versions multitenant environments where non-admin users have permissions to create Flux Kustomization objects are affected by this issue. This vulnerability was fixed in kustomize-controller v0.15.0 (included in flux2 v0.18.0) released on 2021-10-08. Starting with v0.15, the kustomize-controller no longer executes shell commands on the container OS and the `kubectl` binary has been removed from the container image. To prevent the creation of Kubernetes Service Accounts with `secrets` in namespaces owned by tenants, a Kubernetes validation webhook such as Gatekeeper OPA or Kyverno can be used.2021-11-12not yet calculatedCVE-2021-41254
CONFIRM
legion -- phone_pro
 
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.2021-11-12not yet calculatedCVE-2021-3720
CONFIRM
lenovo -- desktop
 
A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.2021-11-12not yet calculatedCVE-2021-3519
CONFIRM
lenovo -- notebook_and_thinkpad
 
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.2021-11-12not yet calculatedCVE-2021-3786
CONFIRM
lenovo -- thinkcentre_and_thnkstation
 
A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.2021-11-12not yet calculatedCVE-2021-3719
CONFIRM
lenovo -- thinkpad
 
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.2021-11-12not yet calculatedCVE-2021-3843
CONFIRM
lenovo -- thinkpad
 
A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.2021-11-12not yet calculatedCVE-2021-3718
CONFIRM
lenovo -- thinkpad
 
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.2021-11-12not yet calculatedCVE-2021-3599
CONFIRM
liquidfiles -- liquidfiles
 
LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin.2021-11-11not yet calculatedCVE-2021-43397
CONFIRM
MISC
microsoft -- 3d_viewer
 
3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-43208.2021-11-10not yet calculatedCVE-2021-43209
MISC
microsoft -- 3d_viewer
 
3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-43209.2021-11-10not yet calculatedCVE-2021-43208
MISC
microsoft -- azureAzure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42303, CVE-2021-42304.2021-11-10not yet calculatedCVE-2021-42302
MISC
microsoft -- azureAzure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42302, CVE-2021-42303.2021-11-10not yet calculatedCVE-2021-42304
MISC
microsoft -- azure
 
Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26444, CVE-2021-42301.2021-11-10not yet calculatedCVE-2021-42323
MISC
microsoft -- azure
 
Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26444, CVE-2021-42323.2021-11-10not yet calculatedCVE-2021-42301
MISC
microsoft -- azure
 
Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42302, CVE-2021-42304.2021-11-10not yet calculatedCVE-2021-42303
MISC
microsoft -- azure
 
Azure Sphere Tampering Vulnerability2021-11-10not yet calculatedCVE-2021-42300
MISC
microsoft -- dynamics_365
 
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability2021-11-10not yet calculatedCVE-2021-42316
MISC
microsoft -- exchange_server_spoofing
 
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-41349.2021-11-10not yet calculatedCVE-2021-42305
MISC
microsoft -- visual_studioVisual Studio Code Elevation of Privilege Vulnerability2021-11-10not yet calculatedCVE-2021-42322
MISC
microsoft -- visual_studio
 
Visual Studio Elevation of Privilege Vulnerability2021-11-10not yet calculatedCVE-2021-42319
MISC
microsoft -- windows
 
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.2021-11-12not yet calculatedCVE-2021-43332
MISC
CONFIRM
microsoft -- windows
 
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.2021-11-12not yet calculatedCVE-2021-43331
MISC
CONFIRM
microsoft -- windows
 
There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.2021-11-12not yet calculatedCVE-2021-42563
MISC
microsoft -- windows
 
Microsoft Defender Remote Code Execution Vulnerability2021-11-10not yet calculatedCVE-2021-42298
MISC
microsoft -- windows
 
Windows Hello Security Feature Bypass Vulnerability2021-11-10not yet calculatedCVE-2021-42288
MISC
motorola -- binatone_hubble_cameras
 
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.2021-11-12not yet calculatedCVE-2021-3577
CONFIRM
nim -- nim
 
Nim is a systems programming language with a focus on efficiency, expressiveness, and elegance. In affected versions the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI validation. For example: parseUri("http://localhost\0hello").hostname is set to "localhost\0hello". Additionally, httpclient.getContent accepts null bytes in the input URL and ignores any data after the first null byte. Example: getContent("http://localhost\0hello") makes a request to localhost:80. An attacker can use a null bytes to bypass the check and mount a SSRF attack.2021-11-12not yet calculatedCVE-2021-41259
CONFIRM
npm -- ci_command
 
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json.2021-11-13not yet calculatedCVE-2021-43616
MISC
MISC
octorpki -- octorpkiOctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character).2021-11-11not yet calculatedCVE-2021-3910
MISC
octorpki -- octorpkiOctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).2021-11-11not yet calculatedCVE-2021-3912
MISC
octorpki -- octorpki
 
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.2021-11-11not yet calculatedCVE-2021-3907
MISC
octorpki -- octorpki
 
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.2021-11-11not yet calculatedCVE-2021-3908
MISC
octorpki -- octorpki
 
OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive.2021-11-11not yet calculatedCVE-2021-3909
MISC
octorpki -- octorpki
 
If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.2021-11-11not yet calculatedCVE-2021-3911
MISC
ohmyzsh -- ohmyzsh
 
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command2021-11-12not yet calculatedCVE-2021-3934
CONFIRM
MISC
opencv-rest-api -- opencv-rest-api
 
OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.2021-11-12not yet calculatedCVE-2021-43494
MISC
openzeppelin -- openzeppelin
 
OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrade; initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301).2021-11-12not yet calculatedCVE-2021-41264
MISC
CONFIRM
MISC
palo_alto_networks -- pan-osA memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.2021-11-10not yet calculatedCVE-2021-3064
CONFIRM
palo_alto_networks -- pan-osAn OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 firewalls are impacted by this issue.2021-11-10not yet calculatedCVE-2021-3061
CONFIRM
palo_alto_networks -- pan-os
 
An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue.2021-11-10not yet calculatedCVE-2021-3060
CONFIRM
CONFIRM
CONFIRM
palo_alto_networks -- pan-os
 
An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20 VM-Series firewalls; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11 VM-Series firewalls; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14 VM-Series firewalls; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8 VM-Series firewalls. Prisma Access customers are not impacted by this issue.2021-11-10not yet calculatedCVE-2021-3062
CONFIRM
palo_alto_networks -- pan-os
 
An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h4; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8-h4; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers are not impacted by this issue.2021-11-10not yet calculatedCVE-2021-3063
CONFIRM
palo_alto_networks -- pan-os
 
An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 Preferred or Prisma Access 2.1 Innovation firewalls are impacted by this issue.2021-11-10not yet calculatedCVE-2021-3059
CONFIRM
palo_alto_networks -- pan-os
 
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. This issue does not impact Prisma Access firewalls.2021-11-10not yet calculatedCVE-2021-3058
CONFIRM
palo_alto_networks -- pan-os
 
A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue.2021-11-10not yet calculatedCVE-2021-3056
CONFIRM
phoenix -- contactIn Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active2021-11-10not yet calculatedCVE-2021-34598
CONFIRM
phoenix -- contact
 
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.2021-11-10not yet calculatedCVE-2021-34582
CONFIRM
python -- discord
 
Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the token filter does not trigger. This means that by including any non-blacklisted URL moderation filters can be bypassed. This issue has been resolved in commit 67390298852513d13e0213870e50fb3cff1424e02021-11-05not yet calculatedCVE-2021-41250
MISC
CONFIRM
qnap -- nas
 
A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Multimedia Console. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Multimedia Console: Multimedia Console 1.4.3 ( 2021/10/05 ) and later2021-11-13not yet calculatedCVE-2021-38684
MISC
qnap -- qmailagentA cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later2021-11-13not yet calculatedCVE-2021-34357
MISC
qualcomm -- multiple_snapdragon_productsPossible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile2021-11-12not yet calculatedCVE-2021-1979
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible denial of service scenario due to improper input validation of received NAS OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile2021-11-12not yet calculatedCVE-2021-1982
CONFIRM
qualcomm -- multiple_snapdragon_productsA FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-11-12not yet calculatedCVE-2021-1973
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-11-12not yet calculatedCVE-2021-30284
CONFIRM
qualcomm -- multiple_snapdragon_productsPossible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2021-11-12not yet calculatedCVE-2021-30259
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2021-11-12not yet calculatedCVE-2021-1912
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music2021-11-12not yet calculatedCVE-2021-30263
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2021-11-12not yet calculatedCVE-2021-30264
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity2021-11-12not yet calculatedCVE-2021-30321
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-11-12not yet calculatedCVE-2021-30254
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-11-12not yet calculatedCVE-2021-30255
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables2021-11-12not yet calculatedCVE-2021-1975
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile2021-11-12not yet calculatedCVE-2021-1981
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2021-11-12not yet calculatedCVE-2021-30266
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile2021-11-12not yet calculatedCVE-2021-1921
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking2021-11-12not yet calculatedCVE-2021-1903
CONFIRM
qualcomm -- multiple_snapdragon_products
 
Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2021-11-12not yet calculatedCVE-2021-1924
CONFIRM
qualcomm -- multple_snapdragon_productsPossible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and Route statistics in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2021-11-12not yet calculatedCVE-2021-30265
CONFIRM
rcdevs -- openotp
 
An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application.2021-11-10not yet calculatedCVE-2021-42111
MISC
red_hat -- red_hat
 
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.2021-11-10not yet calculatedCVE-2021-3572
MISC
sap -- cloud_sdk
 
@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some cases, when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its permissions. By default, destination caching is disabled. The security for caching has been increased. The changes are released in version 1.52.0. Users unable to upgrade are advised to disable destination caching (it is disabled by default).2021-11-05not yet calculatedCVE-2021-41251
MISC
CONFIRM
MISC
sap -- erp_hcm_portugal
 
SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.2021-11-10not yet calculatedCVE-2021-42062
MISC
MISC
sap -- sap
 
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.2021-11-10not yet calculatedCVE-2021-40503
MISC
MISC
servermanager -- servermanager
 
ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code.2021-11-12not yet calculatedCVE-2021-43493
MISC
showdoc -- showdoc
 
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)2021-11-13not yet calculatedCVE-2021-3775
MISC
CONFIRM
showdoc -- showdoc
 
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)2021-11-13not yet calculatedCVE-2021-3683
CONFIRM
MISC
showdoc -- showdoc
 
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)2021-11-13not yet calculatedCVE-2021-3776
MISC
CONFIRM
siveillance -- video_dlna_server
 
A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application’s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks.2021-11-09not yet calculatedCVE-2021-42021
MISC
snipe-it -- snipe-itsnipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2021-11-13not yet calculatedCVE-2021-3938
MISC
CONFIRM
snipe-it -- snipe-it
 
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)2021-11-13not yet calculatedCVE-2021-3931
CONFIRM
MISC
softing -- industrial_automation
 
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted.2021-11-10not yet calculatedCVE-2021-40873
MISC
MISC
softing -- industrial_automation
 
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted.2021-11-10not yet calculatedCVE-2021-40871
MISC
MISC
softing -- industrial_automation
 
An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted.2021-11-10not yet calculatedCVE-2021-40872
MISC
MISC
speex -- speex
 
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.2021-11-10not yet calculatedCVE-2020-23903
MISC
talkyard -- talkyard
 
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.2021-11-11not yet calculatedCVE-2021-25980
CONFIRM
MISC
thymelead-spring -- thymelead-spring
 
In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.2021-11-09not yet calculatedCVE-2021-43466
MISC
tp-link -- tl-wr840n_routers
 
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.2021-11-13not yet calculatedCVE-2021-41653
MISC
MISC
MISC
twill -- twill
 
twill is vulnerable to Cross-Site Request Forgery (CSRF)2021-11-13not yet calculatedCVE-2021-3932
CONFIRM
MISC
typo3 -- typo3
 
An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this.2021-11-10not yet calculatedCVE-2021-43562
MISC
typo3 -- typo3
 
An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to download various media files from the DAM system.2021-11-10not yet calculatedCVE-2021-43563
MISC
typo3 -- typo3
 
An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf).2021-11-10not yet calculatedCVE-2021-43564
MISC
uclibc -- uclibc
 
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur.2021-11-10not yet calculatedCVE-2021-43523
MISC
MISC
MISC
vivo -- jovi_smart_scene
 
The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.2021-11-10not yet calculatedCVE-2020-12488
CONFIRM
vmware -- vcenter_server
 
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.2021-11-10not yet calculatedCVE-2021-22048
MISC
xnview -- mp
 
XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree.2021-11-10not yet calculatedCVE-2020-23886
MISC
MISC
xnview -- mp
 
XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33.2021-11-10not yet calculatedCVE-2020-23887
MISC
MISC
zoho -- manageengineZoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.2021-11-11not yet calculatedCVE-2021-42002
CONFIRM
zoho -- manageengine
 
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.2021-11-11not yet calculatedCVE-2021-42847
CONFIRM
zoho -- manageengine_network_configuration_manager
 
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search.2021-11-11not yet calculatedCVE-2021-41081
CONFIRM
zoho -- manageengine_network_configuration_manager
 
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search.2021-11-11not yet calculatedCVE-2021-41080
CONFIRM
zoho -- manageengine_patch_connect_plus
 
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.2021-11-11not yet calculatedCVE-2021-41833
CONFIRM
CONFIRM
zoom -- client_for_meetings
 
In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. This could allow meeting participants to be targeted for social engineering attacks.2021-11-11not yet calculatedCVE-2021-34419
MISC
zoom -- client_for_meetings
 
The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer's computer.2021-11-11not yet calculatedCVE-2021-34420
MISC
MISC
zoom -- keybase_clientThe Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution.2021-11-11not yet calculatedCVE-2021-34422
MISC
zoom -- keybase_client
 
The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer's device.2021-11-11not yet calculatedCVE-2021-34421
MISC
zoom -- on-premise_meeting_connector
 
The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703, Zoom On-Premise Recording Connector before version 3.8.45.20210703, Zoom On-Premise Virtual Room Connector before version 4.4.6868.20210703, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5496.20210703 fails to validate input sent in requests to set the network proxy password. This could lead to remote command injection by a web portal administrator.2021-11-11not yet calculatedCVE-2021-34417
MISC
zoom -- on-premise_meeting_connector
 
The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise Recording Connector before version 3.8.42.20200905, Zoom On-Premise Virtual Room Connector before version 4.4.6344.20200612, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5492.20200616 fails to validate that a NULL byte was sent while authenticating. This could lead to a crash of the login service.2021-11-11not yet calculatedCVE-2021-34418
MISC
zydis -- zydis
 
Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap buffer overflows. Older versions of Zydis failed to properly initialize the string object within the formatter buffer, forgetting to initialize a few fields, leaving their value to chance. This could then in turn cause zycore functions like `ZyanStringAppend` to make incorrect calculations for the new target size, resulting in heap memory corruption. This does not affect the regular uncustomized Zydis formatter, because Zydis internally doesn't use the string functions in zycore that act upon these fields. However, because the zycore string functions are the intended way to work with the formatter buffer for users of the library that wish to extend the formatter, we still consider this to be a vulnerability in Zydis. This bug is patched starting in version 3.2.1. As a workaround, users may refrain from using zycore string functions in their formatter hooks until updating to a patched version.2021-11-08not yet calculatedCVE-2021-41253
MISC
MISC
MISC
CONFIRM

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.