Vulnerability Summary for the Week of November 29, 2021

Released
Dec 06, 2021
Document ID
SB21-340

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abb -- rtu500_firmwareImproper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).2021-11-267.1CVE-2021-35533
CONFIRM
amd -- amd_uprofThe AMDPowerProfiler.sys driver of AMD ?Prof tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.2021-12-019CVE-2021-26334
MISC
attendance_management_system_project -- attendance_management_systemattendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function.2021-12-017.5CVE-2021-44280
MISC
barracuda -- network_access_clientBarracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation.2021-12-017.2CVE-2021-42711
MISC
basercms -- basercmsBaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.2021-11-269CVE-2021-41279
CONFIRM
MISC
basercms -- basercmsThere is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.2021-11-269CVE-2021-41243
CONFIRM
MISC
businessdnasolutions -- topeaseMissing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges.2021-11-307.5CVE-2021-42544
CONFIRM
contest_gallery -- contest_galleryThe Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address2021-11-297.5CVE-2021-24915
MISC
MISC
dell -- emc_streaming_data_platformDell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user.2021-11-307.5CVE-2021-36330
MISC
dlink -- dir-809_firmwareD-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request.2021-12-0110CVE-2021-33266
MISC
MISC
dlink -- dir-809_firmwareD-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request.2021-12-0110CVE-2021-33267
MISC
MISC
dlink -- dir-809_firmwareD-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request.2021-12-0110CVE-2021-33274
MISC
MISC
dlink -- dir-809_firmwareD-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.2021-12-0110CVE-2021-33271
MISC
MISC
dlink -- dir-809_firmwareD-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request.2021-12-0110CVE-2021-33268
MISC
MISC
dlink -- dir-809_firmwareD-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.2021-12-017.2CVE-2021-33265
MISC
MISC
dlink -- dir-809_firmwareD-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request.2021-12-0110CVE-2021-33269
MISC
MISC
dlink -- dir-809_firmwareD-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request.2021-12-0110CVE-2021-33270
MISC
MISC
douzone -- neorsThe vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX.2021-11-309.3CVE-2020-7880
MISC
elecom -- wrc-1167gst2_firmwareImproper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to start the telnet service and execute an arbitrary OS command via unspecified vectors.2021-12-018.3CVE-2021-20864
MISC
MISC
elecom -- wrc-1167gst2_firmwareELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to execute an arbitrary OS command via unspecified vectors.2021-12-017.7CVE-2021-20859
MISC
MISC
elecom -- wrc-1167gst2_firmwareOS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors.2021-12-017.7CVE-2021-20863
MISC
MISC
employee_record_management_system_project -- employee_record_management_systemSQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.2021-12-017.5CVE-2021-43451
MISC
govicture -- wr1200_firmwareAn issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface).2021-11-307.2CVE-2021-43284
MISC
MISC
govicture -- wr1200_firmwareAn issue was discovered on Victure WR1200 devices through 1.0.3. A command injection vulnerability was found within the web interface of the device, allowing an attacker with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges. This occurs in the ping and traceroute features. An attacker would thus be able to use this vulnerability to open a reverse shell on the device with root privileges.2021-11-309CVE-2021-43283
MISC
MISC
hej -- hejhome_gkw-ic052_firmwareHejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..)2021-11-267.5CVE-2021-26611
MISC
html2csv_project -- html2csvThis affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files.2021-11-267.5CVE-2021-23654
CONFIRM
CONFIRM
jetbrains -- teamcityIn JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.2021-11-307.5CVE-2021-43202
MISC
libretime -- libretime_hvlibretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.2021-12-017.5CVE-2021-43685
MISC
mitsubishi -- melsec_iq-r_r00_cpu_firmwareImproper Input Validation vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.2021-12-017.8CVE-2021-20611
MISC
MISC
MISC
mitsubishi -- melsec_iq-r_r00_cpu_firmwareImproper Handling of Length Parameter Inconsistency vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.2021-12-017.8CVE-2021-20610
MISC
MISC
MISC
mitsubishi -- melsec_iq-r_r00_cpu_firmwareUncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.2021-12-017.8CVE-2021-20609
MISC
MISC
MISC
planetargon -- oh_my_zsh# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function.2021-11-307.5CVE-2021-3726
MISC
planetargon -- oh_my_zsh# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: - `rand-quote` plugin (`quote` function). - `hitokoto` plugin (`hitokoto` function).2021-11-307.5CVE-2021-3727
MISC
planetargon -- oh_my_zsh# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme.2021-11-3010CVE-2021-3769
MISC
qnap -- qvrA command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later2021-11-267.5CVE-2021-38685
CONFIRM
rosariosis -- rosariosisAn unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.2021-11-297.5CVE-2021-44427
MISC
shopex -- ecshopecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php.2021-12-027.5CVE-2021-43679
MISC
sun -- ehrdSunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.2021-12-019CVE-2021-43360
CONFIRM
sun -- ehrdSunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.2021-12-017.8CVE-2021-43358
CONFIRM
sun -- ehrdSunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.2021-12-019CVE-2021-43359
CONFIRM
tianocore -- edk2NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.2021-12-017.5CVE-2021-38575
MISC
tobesoft -- nexacroAn improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code.2021-11-307.5CVE-2021-26612
MISC
tripexpress_project -- tripexpresstripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER["argv"] then there is a path manipulation vulnerability.2021-11-297.5CVE-2021-43691
MISC
vestacp -- vesta_control_panelvesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.2021-11-297.5CVE-2021-43693
MISC
zohocorp -- manageengine_network_configuration_managerZoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.2021-11-307.5CVE-2021-43319
MISC
CONFIRM
zohocorp -- manageengine_servicedesk_plusZoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.2021-11-297.5CVE-2021-44077
MISC
MISC
MISC
MISC
zrlog -- zrlogA Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell2021-11-287.5CVE-2021-44093
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
acronis -- agentSensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 271472021-11-295CVE-2021-34800
MISC
acronis -- cyber_protectDLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 280352021-11-294.4CVE-2021-44198
MISC
acronis -- cyber_protectCross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 280352021-11-294.3CVE-2021-44201
MISC
actions-semi -- ats2819p_firmwareThe Bluetooth Classic implementation on Actions ATS2815 chipsets does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown of a device by flooding the target device with LMP_features_res packets.2021-11-306.1CVE-2021-31787
MISC
MISC
MISC
afreecatv -- afreecatvThe vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length.2021-11-266.5CVE-2020-7881
MISC
aomedia -- aomediaAOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.2021-12-024.3CVE-2020-36130
MISC
aomedia -- aomediaAOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.2021-12-024.3CVE-2020-36135
MISC
aomedia -- aomediaAOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.2021-12-026.8CVE-2020-36129
MISC
aomedia -- aomediaAOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.2021-12-026.8CVE-2020-36131
MISC
aomedia -- aomediaAOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.2021-12-026.8CVE-2020-36133
MISC
aomedia -- aomediaAOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c.2021-12-024.3CVE-2020-36134
MISC
backstage -- backstage@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a template, meaning you do not need write access to the templates. This method will not allow the attacker to control the contents of the injected file however, unless the template is also crafted in a specific way that gives control of the file contents. This vulnerability is fixed in version `0.15.14` of the `@backstage/plugin-scaffolder-backend`. This attack is mitigated by restricting access and requiring reviews when registering or modifying scaffolder templates.2021-11-295.5CVE-2021-43783
CONFIRM
MISC
bandisoft -- ark_libraryARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow.2021-11-266.8CVE-2021-26615
MISC
bannersky -- bsk_pdf_managerThe BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue2021-11-296.5CVE-2021-24860
MISC
bluez -- bluezA heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer.2021-11-295.8CVE-2019-8922
MISC
CONFIRM
bookstackapp -- bookstackbookstack is vulnerable to Improper Access Control2021-11-304CVE-2021-4026
CONFIRM
MISC
bookstackapp -- bookstackbookstack is vulnerable to Cross-Site Request Forgery (CSRF)2021-12-024CVE-2021-3944
MISC
CONFIRM
browser_and_operating_system_finder_project -- browser_and_operating_system_finderCross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator via unspecified vectors.2021-12-016.8CVE-2021-20851
MISC
MISC
bulk_datetime_change_project -- bulk_datetime_changeThe Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts.2021-11-295.5CVE-2021-24842
MISC
CONFIRM
businessdnasolutions -- topeaseIncorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users, via identifying said components in the front-end source code or other means.2021-11-304CVE-2021-42116
CONFIRM
businessdnasolutions -- topeaseMissing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID.2021-11-306.4CVE-2021-42115
CONFIRM
businessdnasolutions -- topeaseUnrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks.2021-11-306.5CVE-2021-42123
CONFIRM
businessdnasolutions -- topeaseInsufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s date attribute(s) allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads to breaking the object page that the date field is present.2021-11-304CVE-2021-42121
CONFIRM
businessdnasolutions -- topeaseInsufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution.2021-11-304CVE-2021-42117
CONFIRM
businessdnasolutions -- topeaseInsufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on all object attributes allows an authenticated remote attacker with Object Modification privileges to insert arbitrarily long strings, eventually leading to exhaustion of the underlying resource.2021-11-304CVE-2021-42120
CONFIRM
businessdnasolutions -- topeaseInsufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format, which makes the affected attribute non-editable.2021-11-304CVE-2021-42122
CONFIRM
bytecodealliance -- lucetLucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduced early in the development of Lucet and is present in all releases. As a result of this bug, and dependent on the memory backing for the Instance objects, it is possible to trigger a use-after-free when the Instance is dropped. Users should upgrade to the main branch of the Lucet repository. Lucet no longer provides versioned releases on crates.io. There is no way to remediate this vulnerability without upgrading.2021-11-306.8CVE-2021-43790
CONFIRM
MISC
MISC
cbads -- clickbank_affiliate_adsThe ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues2021-12-026.8CVE-2015-20105
MISC
MISC
MISC
chamilo -- chamilochamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.2021-12-014.3CVE-2021-43687
MISC
MISC
MISC
cloverdx -- cloverdxCloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.2021-12-016.8CVE-2021-42776
CONFIRM
MISC
codesys -- gitAffected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack.2021-12-015.8CVE-2021-34599
CONFIRM
concretecms -- concrete_cmsAn issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be changed without a prompt for the current password.2021-11-306.5CVE-2021-40101
CONFIRM
MISC
contact_form_with_captcha_project -- contact_form_with_captchaThe Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2.2021-11-296.8CVE-2021-42358
MISC
MISC
craftercms -- crafter_cmsUnauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).2021-12-025CVE-2021-23263
MISC
craftercms -- crafter_cmsInstallations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.2021-12-026.4CVE-2021-23264
MISC
craftercms -- crafter_cmsAuthenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.2021-12-026.5CVE-2021-23262
MISC
craftercms -- crafter_cmsAuthenticated administrators may override the system configuration file and cause a denial of service.2021-12-024CVE-2021-23261
MISC
craftercms -- crafter_cmsAuthenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).2021-12-026.5CVE-2021-23259
MISC
craftercms -- crafter_cmsAuthenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to execute arbitrary commands remotely (RCE).2021-12-026.5CVE-2021-23258
MISC
cryptshare -- cryptshare_serverAn open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' substring in the editor parameter.2021-11-304.9CVE-2021-42564
MISC
dell -- emc_streaming_data_platformDell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format.2021-11-304.3CVE-2021-36326
MISC
dell -- emc_streaming_data_platformDell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information.2021-11-304CVE-2021-36329
MISC
dell -- emc_streaming_data_platformDell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice.2021-11-305CVE-2021-36327
MISC
dell -- emc_streaming_data_platformDell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database.2021-11-306.5CVE-2021-36328
MISC
discourse -- discourseDiscourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.2021-12-015CVE-2021-43794
CONFIRM
MISC
discourse -- discourseDiscourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse2021-12-014CVE-2021-43793
CONFIRM
MISC
MISC
django-helpdesk_project -- django-helpdeskdjango-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2021-12-016.8CVE-2021-3994
MISC
CONFIRM
dzzoffice -- dzzofficedzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of exit function will be print for the user exit(json_encode($return)).2021-12-034.3CVE-2021-43673
MISC
eclipse -- mosquittoIn versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.2021-12-015CVE-2021-41039
CONFIRM
elecom -- wrc-1167gst2_firmwareImproper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors.2021-12-015.8CVE-2021-20861
MISC
MISC
elecom -- wrc-1167gst2_firmwareCross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page.2021-12-016.8CVE-2021-20860
MISC
MISC
elecom -- wrh-733gbk_firmwareELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors.2021-12-015.2CVE-2021-20854
MISC
MISC
elecom -- wrh-733gbk_firmwareBuffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors.2021-12-015.2CVE-2021-20852
MISC
MISC
elecom -- wrh-733gbk_firmwareELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors.2021-12-015.2CVE-2021-20853
MISC
MISC
elgg -- elggelgg is vulnerable to Authorization Bypass Through User-Controlled Key2021-12-014.3CVE-2021-3964
MISC
CONFIRM
emoji_button_project -- emoji_button@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code.2021-11-264.3CVE-2021-43785
CONFIRM
MISC
MISC
f-secure -- atlantA vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.2021-11-264.3CVE-2021-40833
MISC
MISC
firefly-iii -- firefly_iiifirefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)2021-12-014.3CVE-2021-4015
MISC
CONFIRM
fortinet -- forticlientAn unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.2021-12-016.9CVE-2021-32592
CONFIRM
gnu -- mailmanIn GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.2021-12-026.8CVE-2021-44227
MISC
haschek -- pictsharepictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST['hash'].2021-12-024.3CVE-2021-43683
MISC
hashicorp -- vaultHashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.2021-11-306.4CVE-2021-43998
MISC
huawei -- ecns280_td_firmwareSome Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300.2021-11-296.8CVE-2021-39995
MISC
ibm -- mq_applianceIBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441.2021-11-304.6CVE-2021-38967
XF
CONFIRM
ibm -- qradar_security_information_and_event_managerIBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281.2021-12-014.3CVE-2021-29849
CONFIRM
XF
ibm -- qradar_security_information_and_event_managerIBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033.2021-12-014.3CVE-2021-29779
CONFIRM
XF
ibm -- qradar_security_information_and_event_managerIBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074.2021-12-015CVE-2021-20400
XF
CONFIRM
ibm -- qradar_security_information_and_event_managerIBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087.2021-12-014CVE-2021-29863
XF
CONFIRM
iptime -- c200_firmwareThis issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command.2021-11-306.8CVE-2020-7879
MISC
ipuptime -- pinkiePinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1.2021-11-295CVE-2021-44428
MISC
issabel -- pbxissabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability.2021-11-294.3CVE-2021-43695
MISC
jamf -- jamfAn issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows.2021-12-016.5CVE-2021-40809
MISC
CONFIRM
MISC
kazencoders -- url_shortifyThe URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack.2021-11-294.3CVE-2021-24749
MISC
keepalived -- keepalivedIn Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property2021-11-265.5CVE-2021-44225
MISC
MISC
kimai -- kimai2kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2021-12-016CVE-2021-3985
MISC
CONFIRM
kimai2_project -- kimai2kimai2 is vulnerable to Improper Access Control2021-12-014CVE-2021-3992
CONFIRM
MISC
kimai2_project -- kimai2kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2021-12-014.3CVE-2021-3983
MISC
CONFIRM
librenms -- librenmsLibrenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php.2021-12-014.3CVE-2021-44279
MISC
librenms -- librenmsLibrenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php.2021-12-014.3CVE-2021-44277
MISC
linuxfoundation -- auth_backendBackstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`.2021-11-264.3CVE-2021-43776
CONFIRM
MISC
mahadiscom -- mahavitaranMahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, MITM or browser history.2021-12-024.3CVE-2020-27414
MISC
manage_project -- managemanage (last update Oct 24, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $_POST.2021-12-014.3CVE-2021-43689
MISC
mandsconsulting -- email_before_downloadThe Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues2021-11-296.5CVE-2021-24748
MISC
mycred -- mycredThe myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting2021-11-294.3CVE-2017-20008
MISC
CONFIRM
mycred -- mycredThe myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user2021-11-296.5CVE-2021-24755
MISC
nextcloud -- newsnextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android. Users should upgrade to version 0.9.9.63 or higher as soon as possible.2021-11-305.8CVE-2021-41256
MISC
MISC
CONFIRM
ninjaforms -- ninja_formsThe Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks2021-11-296.5CVE-2021-24889
MISC
nodebb -- nodebbNodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.2021-11-294.3CVE-2021-43787
MISC
MISC
CONFIRM
nodebb -- nodebbNodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.2021-11-294CVE-2021-43788
MISC
CONFIRM
MISC
nodebb -- nodebbNodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible.2021-11-295CVE-2021-43786
CONFIRM
MISC
MISC
nttdocomo -- wi-fi_station_sh-52a_firmwareCross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device.2021-12-014.3CVE-2021-20847
MISC
MISC
nzedb_project -- nzedbnZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET['t'].2021-12-024.3CVE-2021-43686
MISC
omnipod -- insulin_management_system_firmwareInsulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.2021-12-014.8CVE-2020-10627
MISC
MISC
os4ed -- opensisA SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.2021-11-306.8CVE-2021-41678
MISC
os4ed -- opensisA SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter.2021-11-306.8CVE-2021-41677
MISC
os4ed -- opensisA SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.2021-11-306.8CVE-2021-41679
MISC
php -- phpIn PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.2021-11-295CVE-2021-21707
MISC
phpwhois_project -- phpwhoisphpWhois (last update Jun 30 2021) is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is a XSS vulnerability.2021-11-294.3CVE-2021-43698
MISC
planetargon -- oh_my_zshVulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin.2021-11-306.8CVE-2021-3725
MISC
portswigger -- burp_suitePortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. In this scenario, the compromised account may have inherited read access to sensitive configuration, database, and log files.2021-11-304CVE-2021-44230
MISC
qnap -- qvrAn improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later2021-11-266.8CVE-2021-38686
CONFIRM
roundupwp -- registrations_for_the_events_calendarThe Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting2021-11-294.3CVE-2021-24876
MISC
s3scanner_project -- s3scannerS3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a <Key>../ substring in a ListBucketResult element.2021-11-295CVE-2021-32061
MISC
MISC
MISC
showdoc -- showdocshowdoc is vulnerable to URL Redirection to Untrusted Site2021-12-015.8CVE-2021-3989
MISC
CONFIRM
showdoc -- showdocshowdoc is vulnerable to Cross-Site Request Forgery (CSRF)2021-12-014.3CVE-2021-3993
CONFIRM
MISC
showdoc -- showdocshowdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)2021-12-014.3CVE-2021-3990
MISC
CONFIRM
showdoc -- showdocshowdoc is vulnerable to Cross-Site Request Forgery (CSRF)2021-12-016.8CVE-2021-4017
CONFIRM
MISC
sophos -- unified_threat_management_up2dateAn authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.2021-11-266.5CVE-2021-36807
CONFIRM
stetic -- steticThe Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6.2021-11-296.8CVE-2021-42364
MISC
MISC
taogogo -- taocmsTaocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.2021-12-026.5CVE-2021-25783
MISC
taogogo -- taocmsTaocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.2021-12-026.5CVE-2021-25784
MISC
thinkphp-bjyblog_project -- thinkphp-bjyblogthinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function will terminate the script and print the message to the user which has $_SERVER['HTTP_HOST'].2021-12-024.3CVE-2021-43682
MISC
trendmicro -- antivirusTrend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2021-11-304.6CVE-2021-43771
MISC
MISC
twmap_project -- twmaptwmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST then there is a XSS vulnerability.2021-11-294.3CVE-2021-43696
MISC
udisks_project -- udisksA vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.2021-11-296.3CVE-2021-3802
MISC
MISC
vercot -- servaServa 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1, a related issue to CVE-2013-0145.2021-11-295CVE-2021-44429
MISC
vim -- vimvim is vulnerable to Heap-based Buffer Overflow2021-12-016.8CVE-2021-4019
MISC
CONFIRM
FEDORA
vim -- vimvim is vulnerable to Heap-based Buffer Overflow2021-12-016.8CVE-2021-3984
MISC
CONFIRM
vmware -- spring_advanced_message_queuing_protocolIn Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message2021-11-304CVE-2021-22095
MISC
wipro -- holmesWipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application log files containing sensitive information via a predictable /log URI.2021-11-295CVE-2021-38283
MISC
MISC
wipro -- holmesWipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.2021-11-295CVE-2021-38147
MISC
MISC
workerman-thinkphp-redis_project -- workerman-thinkphp-redisWorkerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C('VAR_JSONP_HANDLER')] then there is a XSS vulnerability.2021-11-294.3CVE-2021-43697
MISC
wp-events-plugin -- events_managerThe Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues2021-12-014.3CVE-2020-35037
CONFIRM
MISC
wp-events-plugin -- events_managerThe Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection2021-12-016.5CVE-2020-35012
CONFIRM
MISC
youtubephpmirroring_project -- youtube-php-mirroringyoutube-php-mirroring (last update Jun 9, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php.2021-11-294.3CVE-2021-43692
MISC
yurunproxy_project -- yurunproxyYurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read.2021-12-014.3CVE-2021-43690
MISC
zblogcn -- z-blogphpZ-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \app_del.php.2021-12-026.4CVE-2020-29177
MISC
zerodream -- sakurapanelSakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data['proxy_name'].2021-12-024.3CVE-2021-43681
MISC
zohocorp -- manageengine_supportcenter_plusZoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.2021-11-305CVE-2021-43296
MISC
CONFIRM
zohocorp -- manageengine_supportcenter_plusZoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.2021-11-304.3CVE-2021-43294
MISC
CONFIRM
zohocorp -- manageengine_supportcenter_plusZoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.2021-11-304.3CVE-2021-43295
MISC
MISC
zrlog -- zrlogZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file2021-11-286.8CVE-2021-44094
MISC
zulip -- zulipZulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a user to the check_prereg_key_and_redirect endpoint, before getting redirected to POST to /accounts/register/. The problem was that validation was happening in the check_prereg_key_and_redirect part and not in /accounts/register/ - meaning that one could submit an expired confirmation key and be able to register. The issue is fixed in Zulip 4.8. There are no known workarounds and users are advised to upgrade as soon as possible.2021-12-025CVE-2021-43791
CONFIRM
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
acronis -- agentDLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 396122021-11-291.9CVE-2021-44199
MISC
acronis -- cyber_protectStored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 280352021-11-293.5CVE-2021-44203
MISC
acronis -- cyber_protectStored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 280352021-11-293.5CVE-2021-44202
MISC
acronis -- cyber_protectSelf cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 280352021-11-293.5CVE-2021-44200
MISC
asgaros -- asgaros_forumThe Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.2021-11-292.1CVE-2021-42365
MISC
MISC
bluez -- bluezAn issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.2021-11-293.3CVE-2019-8921
MISC
CONFIRM
businessdnasolutions -- topeasePersistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript code in an object attribute, which is then rendered in the Structure Component, to alter the intended functionality and steal cookies, the latter allowing for account takeover.2021-11-303.5CVE-2021-42118
CONFIRM
businessdnasolutions -- topeasePersistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then rendered in the Search Functionality, to alter the intended functionality and steal cookies, the latter allowing for account takeover.2021-11-303.5CVE-2021-42119
CONFIRM
cbads -- clickbank_affiliate_adsThe ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.2021-12-023.5CVE-2015-20106
MISC
craftercms -- crafter_cmsAuthenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.2021-12-023.5CVE-2021-23260
MISC
discourse -- discourseDiscourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. Users are advised to upgrade as soon as possible.2021-12-013.5CVE-2021-43792
MISC
CONFIRM
MISC
elecom -- wrc-1167gst2_firmwareImproper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to obtain anti-CSRF tokens and change the product's settings via unspecified vectors.2021-12-013.3CVE-2021-20862
MISC
MISC
elecom -- wrc-2533ghbk-i_firmwareCross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.2021-12-013.5CVE-2021-20857
MISC
MISC
elecom -- wrc-2533ghbk-i_firmwareCross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.2021-12-013.5CVE-2021-20858
MISC
MISC
elecom -- wrh-733gbk_firmwareCross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.2021-12-013.5CVE-2021-20855
MISC
MISC
elecom -- wrh-733gbk_firmwareCross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.2021-12-013.5CVE-2021-20856
MISC
MISC
essentialplugin -- popup_anythingThe Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks2021-11-293.5CVE-2021-24883
MISC
CONFIRM
MISC
generateblocks -- generateblocksThe GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.2021-11-293.5CVE-2021-24751
MISC
getawesomesupport -- awesome_supportMultiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee).2021-11-263.5CVE-2021-36919
MISC
CONFIRM
govicture -- wr1200_firmwareAn issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router's MAC address. The device default Wi-Fi password corresponds to the last 4 bytes of the MAC address of its 2.4 GHz network interface controller (NIC). An attacker within scanning range of the Wi-Fi network can thus scan for Wi-Fi networks to obtain the default key.2021-11-303.3CVE-2021-43282
MISC
MISC
hexo -- hexoHexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.2021-11-301.9CVE-2021-25987
MISC
MISC
ibm -- mq_applianceIBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215.2021-11-302.1CVE-2021-39000
CONFIRM
XF
ibm -- mq_applianceIBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 2120422021-11-302.1CVE-2021-38958
CONFIRM
XF
ibm -- mq_applianceIBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace.2021-11-302.1CVE-2021-38999
XF
CONFIRM
media-tags_project -- media-tagsThe Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htnl capability is disallowed.2021-11-293.5CVE-2021-24899
MISC
meetecho -- janusjanus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2021-11-273.5CVE-2021-4020
CONFIRM
MISC
my_calendar_project -- my_calendarThe My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue2021-11-293.5CVE-2021-24927
MISC
nxp -- kinetis_k82_firmwareNXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.2021-12-012.1CVE-2021-44479
MISC
MISC
okfn -- ckanIn CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious profile picture2021-12-013.5CVE-2021-25967
MISC
shoppagewp -- shop_page_wpThe Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2021-11-293.5CVE-2021-24811
MISC
smashballoon -- smash_balloon_social_post_feedThe Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages.2021-11-293.5CVE-2021-24918
MISC
MISC
snipeitapp -- snipe-itsnipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2021-12-013.5CVE-2021-4018
CONFIRM
MISC
sophos -- exploit_preventionA local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3.2021-11-262.1CVE-2021-25269
CONFIRM
stylishcostcalculator -- stylish_cost_calculatorThe Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions (available to authenticated users), which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, as well as frontend users due to the lack of sanitisation and escaping in some parameters2021-11-293.5CVE-2021-24822
MISC
taogogo -- taocmsTaocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column.2021-12-023.5CVE-2021-25785
MISC
wpchill -- check_\&_log_emailThe Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting2021-11-292.6CVE-2021-24908
MISC
wpkube -- about_author_boxThe About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks.2021-11-293.5CVE-2021-24745
MISC
wprssaggregator -- wp_rss_aggregatorThe WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.2021-11-293.5CVE-2021-24768
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
armeria -- armeria
 
Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Armeria's path validation logic. Armeria 1.13.4 or above contains the hardened path validation logic that handles `%2F` properly. This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path.2021-12-02not yet calculatedCVE-2021-43795
MISC
MISC
CONFIRM
broadcom -- network_flow_analysis
 
CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data.2021-12-02not yet calculatedCVE-2021-44050
MISC
FULLDISC
chamilo -- lms

 

Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.2021-12-03not yet calculatedCVE-2021-35414
MISC
MISC
MISC
MISC
MISC
MISC
MISC
chamilo -- lms
 
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.2021-12-03not yet calculatedCVE-2021-35413
MISC
MISC
MISC
MISC
chamilo -- lms
 
A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields.2021-12-03not yet calculatedCVE-2021-35415
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
circutor -- compact_dc-s_basic
 
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code.2021-12-02not yet calculatedCVE-2021-26777
MISC
egee_touch -- 3rd_generation_travel_padlock
 
An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app (either Android or iOS) to add the lock and take complete control. For successful exploitation, the attacker must be able to touch the lock's power button, and must be able to capture BLE network communication.2021-12-02not yet calculatedCVE-2021-44518
MISC
elgg -- elgg
 
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor2021-12-03not yet calculatedCVE-2021-3980
MISC
CONFIRM
firefly-iii -- firefly-iii
 
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)2021-12-04not yet calculatedCVE-2021-4005
CONFIRM
MISC
gmbh -- topease_platform
 
An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.2021-11-30not yet calculatedCVE-2021-42545
CONFIRM
hashicorp -- nomad_and_nomad_enterprise
 
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.2021-12-03not yet calculatedCVE-2021-43415
MISC
MISC
hitachi -- energy_fox61x
 
Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.2021-12-02not yet calculatedCVE-2021-40333
CONFIRM
CONFIRM
hitachi -- energy_fox61x
 
Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.2021-12-02not yet calculatedCVE-2021-40334
CONFIRM
CONFIRM
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.2021-12-03not yet calculatedCVE-2021-29756
CONFIRM
XF
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087.2021-12-03not yet calculatedCVE-2021-29716
CONFIRM
XF
ibm -- cognos_analytics
 
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.2021-12-03not yet calculatedCVE-2021-20470
XF
CONFIRM
ibm -- cognos_analytics
 
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212.2021-12-03not yet calculatedCVE-2021-29867
CONFIRM
XF
ibm -- cognos_analytics
 
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.2021-12-03not yet calculatedCVE-2021-38909
CONFIRM
XF
ibm -- cognos_analytics
 
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 2010912021-12-03not yet calculatedCVE-2021-29719
CONFIRM
XF
ibm -- cognos_analytics
 
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794.2021-12-03not yet calculatedCVE-2021-20493
XF
CONFIRM
kentico -- xperience
 
The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data.2021-12-03not yet calculatedCVE-2021-43991
MISC
libredwg -- libredwg
 
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.2021-12-02not yet calculatedCVE-2021-28236
MISC
libredwg -- libredwg
 
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.2021-12-02not yet calculatedCVE-2021-28237
MISC
librenms -- librenms
 
Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.2021-12-03not yet calculatedCVE-2021-44278
MISC
matyhft -- matyhtf
 
matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php.2021-12-03not yet calculatedCVE-2021-43676
MISC
nxp -- lpc55s69_devices
 
NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.2021-12-01not yet calculatedCVE-2021-40154
MISC
MISC
phpgrunkul -- hostel_management_system
 
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.2021-12-01not yet calculatedCVE-2021-43137
MISC
plupload -- plupload
 
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.2021-12-03not yet calculatedCVE-2021-23562
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
plupload -- plupload
 
All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.2021-12-03not yet calculatedCVE-2021-23758
CONFIRM
CONFIRM
renesas -- rx65_and_rx65n_devicesAn issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted.2021-12-02not yet calculatedCVE-2021-43327
MISC
showdoc -- showdoc
 
showdoc is vulnerable to URL Redirection to Untrusted Site2021-12-03not yet calculatedCVE-2021-4000
CONFIRM
MISC
tenda -- ac15_devices
 
A Stack-based Buffer Overflow vlnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind.2021-12-03not yet calculatedCVE-2021-44352
MISC
thinkup -- thinkup
 
** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php.2021-12-03not yet calculatedCVE-2021-43674
MISC
trend_micro -- apex_one
 
A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2021-12-03not yet calculatedCVE-2021-44022
MISC
trend_micro -- security_2021
 
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection.2021-12-03not yet calculatedCVE-2021-43772
MISC
trend_micro -- worry-free_business_securityAn unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020.2021-12-03not yet calculatedCVE-2021-44021
MISC
MISC
trend_micro -- worry-free_business_security
 
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021.2021-12-03not yet calculatedCVE-2021-44019
MISC
MISC
trend_micro -- worry-free_business_security
 
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021.2021-12-03not yet calculatedCVE-2021-44020
MISC
MISC
tsmuxer -- tsmuxer
 
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp.2021-12-03not yet calculatedCVE-2021-35346
MISC
MISC
tsmuxer -- tsmuxer
 
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h.2021-12-03not yet calculatedCVE-2021-35344
MISC
MISC
tuzicms -- tuzicms
 
SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php.2021-12-03not yet calculatedCVE-2021-44347
MISC
tuzicms -- tuzicms
 
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php.2021-12-03not yet calculatedCVE-2021-44348
MISC
tuzicms -- tuzicms
 
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php.2021-12-03not yet calculatedCVE-2021-44349
MISC
wokka_lokka -- q50_devices
 
Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords.2021-12-01not yet calculatedCVE-2021-44480
MISC
z-blogphp -- z-blogphp
 
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file.2021-12-02not yet calculatedCVE-2020-29176
MISC
zoho -- manageengine_m365_manager_plus
 
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.2021-11-30not yet calculatedCVE-2021-42099
CONFIRM
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.