US National Cyber Awareness System Bulletins

CISA Bulletins Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

  • Vulnerability Summary for the Week of July 12, 2021
    by CISA on July 19, 2021 at 10:50 am

    Original release date: July 19, 2021  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info echobh — sharecare Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data. 2021-07-13 7.5 CVE-2021-33578MISC echobh — sharecare An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated users to access pages that are vulnerable to attacks such as SQL injection. 2021-07-13 7.5 CVE-2021-36124MISC espruino — espruino Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code. 2021-07-13 7.5 CVE-2020-22884MISC fortinet — forticlient An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. 2021-07-12 7.2 CVE-2021-26089CONFIRM fortinet — fortimail A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification. 2021-07-09 7.5 CVE-2021-24020CONFIRM fortinet — fortimail Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. 2021-07-09 7.5 CVE-2021-24007CONFIRM golang — go golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. 2021-07-09 7.5 CVE-2012-2666MISCMISCMISCMISC google — android In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181346550 2021-07-14 7.8 CVE-2021-0596MISC google — android In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-154319182 2021-07-14 7.2 CVE-2020-0417MISC google — android In flv extractor, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187161771 2021-07-14 7.2 CVE-2021-0577MISC google — android In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-167389063 2021-07-14 10 CVE-2021-0515MISC google — android In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-184963385 2021-07-14 7.2 CVE-2021-0585MISC google — android In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176445224 2021-07-14 7.9 CVE-2021-0594MISC google — android In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185259758 2021-07-14 7.2 CVE-2021-0587MISC google — android In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180939982 2021-07-14 7.2 CVE-2021-0589MISC google — android In various functions in WideVine, there are possible out of bounds writes due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-188061006 2021-07-14 9.3 CVE-2021-0592MISC google — android In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9 Android-11 Android-8.1Android ID: A-162604069 2021-07-14 9.3 CVE-2021-0514MISC google — android In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-177573895 2021-07-14 7.2 CVE-2021-0602MISC halo — halo Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. 2021-07-12 7.5 CVE-2020-18980MISC jsish — jsish Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code. 2021-07-13 7.5 CVE-2020-22875MISCMISC jsish — jsish Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code. 2021-07-13 7.5 CVE-2020-22874MISCMISC jsish — jsish Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code. 2021-07-13 7.5 CVE-2020-22873MISC kaseya — vsa Kaseya VSA before 9.5.5 allows remote code execution. 2021-07-09 7.5 CVE-2021-30118MISC kramerav — viaware KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg. 2021-07-12 7.5 CVE-2021-35064MISC linux — linux_kernel An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-07-09 7.2 CVE-2021-3612MISCMISC linuxptp_project — linuxptp A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. 2021-07-09 8 CVE-2021-3570MISCDEBIANFEDORAFEDORA metinfo — metinfo SQL Injection vulnerability in Metinfo 7.0.0beta in index.php. 2021-07-12 7.5 CVE-2020-21132MISCMISC metinfo — metinfo SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid. 2021-07-12 7.5 CVE-2020-21133MISCMISC microsoft — exchange_server Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-34473. 2021-07-14 7.5 CVE-2021-31206MISC microsoft — windows_10 Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31979, CVE-2021-34514. 2021-07-14 7.2 CVE-2021-33771MISC microsoft — windows_10 Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability 2021-07-14 7.5 CVE-2021-33757MISC microsoft — windows_10 Windows Secure Kernel Mode Security Feature Bypass Vulnerability 2021-07-14 7.2 CVE-2021-33744MISC microsoft — windows_10 Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33771, CVE-2021-34514. 2021-07-14 7.2 CVE-2021-31979MISC microsoft — windows_10 Windows Media Remote Code Execution Vulnerability 2021-07-14 9.3 CVE-2021-33740MISC nextcloud — nextcloud_server Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications (e.g. DAV sync clients), and can also be configured by the user to not have any filesystem access. Due to a lacking permission check, the tokens were able to change their own permissions in versions prior to 19.0.13, 20.0.11, and 21.0.3. Thus fileystem limited tokens were able to grant themselves access to the filesystem. The issue is patched in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds aside from upgrading. 2021-07-12 7.5 CVE-2021-32688MISCCONFIRMMISC nextcloud — nextcloud_server Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. 2021-07-12 7.5 CVE-2021-32726MISCMISCCONFIRM ninjateam — filebird The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the get_col function and it allows SQL injection. The Rest API endpoint which invokes this function also does not have any required permissions/authentication and can be accessed by an anonymous user. 2021-07-12 7.5 CVE-2021-24385CONFIRMMISC putil-merge_project — putil-merge Prototype pollution vulnerability in ‘putil-merge’ versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution. 2021-07-14 7.5 CVE-2021-25953MISC python — pillow Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. 2021-07-13 7.5 CVE-2021-34552MISCMISC qualcomm — apq8009w_firmware Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables 2021-07-13 10 CVE-2020-11307CONFIRM qualcomm — apq8017_firmware Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-07-13 7.2 CVE-2021-1890CONFIRM qualcomm — apq8017_firmware Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-07-13 7.2 CVE-2021-1886CONFIRM qualcomm — apq8017_firmware Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-07-13 7.2 CVE-2021-1889CONFIRM qualcomm — apq8017_firmware Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables 2021-07-13 7.2 CVE-2021-1888CONFIRM qualcomm — aqt1000_firmware Possible buffer overflow due to improper validation of buffer length while processing fast boot commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2021-07-13 7.2 CVE-2021-1931CONFIRM qualcomm — aqt1000_firmware Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-07-13 7.2 CVE-2021-1940CONFIRM qualcomm — aqt1000_firmware Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2021-07-13 10 CVE-2021-1965CONFIRM sap — netweaver_as_abap A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions – 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable. 2021-07-14 7.5 CVE-2021-33678MISCMISC solarwinds — dameware_mini_remote_control In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM. 2021-07-13 9.4 CVE-2021-31217MISCMISC totaljs — total.js The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. 2021-07-12 7.5 CVE-2021-23389MISCMISCMISC totaljs — total4 The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. 2021-07-12 7.5 CVE-2021-23390MISCMISCMISC wms_project — wms SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the “username” parameter in the component “chkuser.php”. 2021-07-12 7.5 CVE-2020-18544MISC wpdevart — poll\,_survey\,_questionnaire_and_voting_system The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks 2021-07-12 7.5 CVE-2021-24442CONFIRMMISC Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — ant When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected. 2021-07-14 4.3 CVE-2021-36373MISCMISCMLISTMLISTMLIST apache — ant When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. 2021-07-14 4.3 CVE-2021-36374MISCMISCMLISTMLISTMLIST apache — tomcat Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: – Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; – Tomcat honoured the identify encoding; and – Tomcat did not ensure that, if present, the chunked encoding was the final encoding. 2021-07-12 5 CVE-2021-33037MISC apache — tomcat A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64. 2021-07-12 5 CVE-2021-30639MISCMLISTMLIST artifex — mujs Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service. 2021-07-13 5 CVE-2020-22886MISC artifex — mujs Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service. 2021-07-13 5 CVE-2020-22885MISC autodesk — design_review A maliciously crafted PDF, PICT or TIFF file can be used to write beyond the allocated buffer while parsing PDF, PICT or TIFF files in Autodesk 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code. 2021-07-09 6.8 CVE-2021-27036MISC autodesk — design_review A maliciously crafted TIFF file in Autodesk 2018, 2017, 2013, 2012, 2011 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code. 2021-07-09 6.8 CVE-2021-27039MISC autodesk — design_review A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. An attacker can leverage this to execute arbitrary code. 2021-07-09 6.8 CVE-2021-27038MISC autodesk — design_review A maliciously crafted PNG, PDF or DWF file in Autodesk 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability can be exploited by remote attackers to execute arbitrary code. 2021-07-09 6.8 CVE-2021-27037MISC autodesk — design_review A heap-based buffer overflow could occur while parsing PICT or TIFF files in Autodesk 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code. 2021-07-09 6.8 CVE-2021-27034MISC autodesk — design_review A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PDF, PICT or DWF files. This vulnerability can be exploited to execute arbitrary code. 2021-07-09 6.8 CVE-2021-27035MISC axiosys — bento4 A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS). 2021-07-13 4.3 CVE-2020-19719MISC axiosys — bento4 An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS). 2021-07-13 4.3 CVE-2020-19722MISC axiosys — bento4 An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). 2021-07-13 4.3 CVE-2020-19720MISC axiosys — bento4 An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). 2021-07-13 4.3 CVE-2020-19718MISC axiosys — bento4 An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). 2021-07-13 4.3 CVE-2020-19717MISC axiosys — bento4 A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS). 2021-07-13 4.3 CVE-2020-19721MISC baidu — umeditor Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php. 2021-07-14 4.3 CVE-2020-18145MISC bookingcore — booking_core The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed. 2021-07-14 6.8 CVE-2020-25445MISC bookingcore — booking_core Cross Site Request Forgery (CSRF) vulnerability in Booking Core – Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user’s email ID, which can later be used to reset the password. The new password will be sent to a modified email ID. 2021-07-14 4.3 CVE-2020-27379MISC brave — brave In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension’s proxy settings, resulting in possible information disclosure. 2021-07-12 4.3 CVE-2021-22916MISC brave — browser Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled. 2021-07-12 4.3 CVE-2021-22917MISC codeblab — glass The Glass WordPress plugin through 1.3.2 does not sanitise or escape its “Glass Pages” setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. 2021-07-12 4.3 CVE-2021-24434CONFIRM dell — emc_unity_operating_environment Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 2021-07-12 4.6 CVE-2021-21590MISC dell — emc_unity_operating_environment Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate privileges. 2021-07-12 4.6 CVE-2021-21589MISC dell — emc_unity_operating_environment Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 2021-07-12 4.6 CVE-2021-21591MISC dell — powerflex_presentation_server Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead to configuration changes. 2021-07-12 4.3 CVE-2021-21588MISC delta_project — delta dandavison delta before 0.8.3 on Windows resolves an executable’s pathname as a relative path from the current directory. 2021-07-13 4.4 CVE-2021-36376CONFIRMMISCMISC devolutions — devolutions_server Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). 2021-07-12 4.3 CVE-2021-36382MISC echobh — sharecare An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on the server filesystems as well any files accessible via Universal Naming Convention (UNC) paths. 2021-07-13 4 CVE-2021-36123MISC echobh — sharecare An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access/EligFeedParse_Sup/UnzipFile_Upd.cfm is susceptible to a command argument injection vulnerability when processing remote input in the zippass parameter from an authenticated user, leading to the ability to inject arbitrary arguments to 7z.exe. 2021-07-13 6.5 CVE-2021-36122MISC echobh — sharecare An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeed_Mnt/FileUpload_Upd.cfm is susceptible to an unrestricted upload vulnerability via the name1 parameter, when processing remote input from an authenticated user, leading to the ability for arbitrary files to be written to arbitrary filesystem locations via ../ Directory Traversal on the Z: drive (a hard-coded drive letter where ShareCare application files reside) and remote code execution as the ShareCare service user (NT AUTHORITY\SYSTEM). 2021-07-13 6.5 CVE-2021-36121MISC edgexfoundry — edgex_foundry EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is created, the client_id and client_secret required to obtain an OAuth2 authentication token are set to the username of the proxy user. A remote network attacker can then perform a dictionary-based password attack on the OAuth2 token endpoint of the API gateway to obtain an OAuth2 authentication token and use that token to make authenticated calls to EdgeX microservices from an untrusted network. OAuth2 is the default authentication method in EdgeX Edinburgh release. The default authentication method was changed to JWT in Fuji and later releases. Users should upgrade to the EdgeX Ireland release to obtain the fix. The OAuth2 authentication method is disabled in Ireland release. If unable to upgrade and OAuth2 authentication is required, users should create OAuth2 users directly using the Kong admin API and forgo the use of the `security-proxy-setup` tool to create OAuth2 users. 2021-07-09 5.8 CVE-2021-32753MISCCONFIRM edifecs — transaction_management In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user’s browser via logon.jsp?logon_error= on the login screen of the Web application. 2021-07-12 5 CVE-2021-36381MISCMISC element-it — http_commander A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives. 2021-07-14 4 CVE-2021-33211MISCMISC element-it — http_commander An SSRF vulnerability in the “Upload from URL” feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address. 2021-07-14 4 CVE-2021-33213MISCMISC esri — arcgis_server A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application. 2021-07-10 4.3 CVE-2021-29107CONFIRM esri — arcgis_server A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. 2021-07-10 4.3 CVE-2021-29106CONFIRM esri — arcgis_server A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attacks. 2021-07-11 6.4 CVE-2021-29102CONFIRM esri — arcgis_server A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application. 2021-07-11 4.3 CVE-2021-29104CONFIRM esri — arcgis_server A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. 2021-07-11 4.3 CVE-2021-29103CONFIRM eventespresso — event_espresso A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. 2021-07-13 4.3 CVE-2020-26153MISCMISC exiv2 — exiv2 A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). 2021-07-13 4.3 CVE-2020-19716MISC exiv2 — exiv2 An integer overflow vulnerability in the getUShort function of Exiv2 0.27.1 results in segmentation faults within the application, leading to a denial of service (DOS). 2021-07-13 4.3 CVE-2020-19715MISC fetchdesigns — sign-up_sheets The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue 2021-07-12 6 CVE-2021-24441CONFIRM fortinet — fortiap An improper neutralization of special elements used in an OS Command vulnerability in FortiAP’s console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments. 2021-07-09 4.6 CVE-2021-26106CONFIRM fortinet — fortimail A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests. 2021-07-12 5 CVE-2021-26090CONFIRM fortinet — fortimail An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests. 2021-07-12 6.5 CVE-2021-24015CONFIRM fortinet — fortimail A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible. 2021-07-09 5 CVE-2021-26100CONFIRM fortinet — fortimail Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests. 2021-07-12 4 CVE-2021-24013CONFIRM fortinet — fortimail Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext. 2021-07-12 4 CVE-2021-26099CONFIRM fortinet — fortimail Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. 2021-07-09 6.5 CVE-2021-22129CONFIRM fortinet — fortisandbox A concurrent execution using shared resource with improper synchronization (‘race condition’) in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands. 2021-07-09 6.3 CVE-2020-29014CONFIRM foxitsoftware — foxit_reader Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled. 2021-07-09 4.3 CVE-2021-33795MISC foxitsoftware — foxit_reader Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary. 2021-07-09 6.8 CVE-2021-33792MISC getambassador — emissary-ingress Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend. (2.x versions are unaffected. 1.x versions are unaffected with certain configuration settings involving prune_unreachable_routes and a wildcard Host resource.) 2021-07-09 4.3 CVE-2021-36371MISCMISC google — android In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java, there is a possible leak of location-sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176541017 2021-07-14 4.9 CVE-2021-0518MISC google — android In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-182584940 2021-07-14 6.9 CVE-2021-0586MISC google — android In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-177238342 2021-07-14 4.9 CVE-2021-0588MISC google — android In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174495520 2021-07-14 4.4 CVE-2021-0441MISC google — android In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-179042963 2021-07-14 6.9 CVE-2021-0600MISC google — android In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-180643802 2021-07-14 4.9 CVE-2021-0601MISC google — android In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-182809425 2021-07-14 4.4 CVE-2021-0603MISC google — android In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-175213041 2021-07-14 4.9 CVE-2021-0590MISC google — android In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-171430330 2021-07-14 4.6 CVE-2021-0486MISC google — android In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175614289 2021-07-14 4.9 CVE-2021-0599MISC google — android In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502 2021-07-14 4.9 CVE-2021-0597MISC halo — halo File Deletion vulnerability in Halo 0.4.3 via delBackup. 2021-07-12 6.4 CVE-2020-19038MISC halo — halo Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. 2021-07-12 5 CVE-2020-19037MISC halo — halo Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter. 2021-07-12 4.3 CVE-2020-18979MISC halo — halo SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. 2021-07-12 5 CVE-2020-23079MISC hms-networks — ecatcher In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation. 2021-07-09 6 CVE-2021-33214MISCMISCMISCMISC hmtalk — daviewindy DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by DaviewIndy. Attackers could exploit this and arbitrary code execution. 2021-07-12 6.8 CVE-2020-7872MISC huawei — harmonyos A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability. Local attackers may exploit this vulnerability to cause system denial of service. 2021-07-14 4.9 CVE-2021-22318MISC ibm — cloud_pak_for_applications IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308. 2021-07-13 6.5 CVE-2021-20423XFCONFIRM ibm — cloud_pak_for_applications IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. IBM X-Force ID: 196304. 2021-07-13 5 CVE-2021-20422CONFIRMXF ibm — cloud_pak_for_applications IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361. 2021-07-13 4.3 CVE-2021-20369CONFIRMXF ibm — cloud_pak_for_applications IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195031. 2021-07-13 5 CVE-2021-20360CONFIRMXF ibm — cloud_pak_for_applications IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. X-Force ID: 196309. 2021-07-13 4 CVE-2021-20424XFCONFIRM ibm — event_streams IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. IBM X-Force ID: 203450. 2021-07-12 6.5 CVE-2021-29792CONFIRMXF ibm — guardium_data_encryption IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216. 2021-07-12 4 CVE-2021-20414CONFIRMXF ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 200966. 2021-07-09 4.3 CVE-2021-29712CONFIRMXF ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164. 2021-07-09 6.5 CVE-2021-29730XFCONFIRM ibm — mq_appliance IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815. 2021-07-12 6.8 CVE-2020-4938CONFIRMXF ibm — tivoli_netcool\/impact IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556. 2021-07-12 5 CVE-2021-29794XFCONFIRM icinga — icinga Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to unauthorized users exists between versions 2.0.0 and 2.8.2. Custom variables are user-defined keys and values on configuration objects in Icinga 2. These are commonly used to reference secrets in other configurations such as check commands to be able to authenticate with a service being checked. Icinga Web 2 displays these custom variables to logged in users with access to said hosts or services. In order to protect the secrets from being visible to anyone, it’s possible to setup protection rules and blacklists in a user’s role. Protection rules result in `***` being shown instead of the original value, the key will remain. Backlists will hide a custom variable entirely from the user. Besides using the UI, custom variables can also be accessed differently by using an undocumented URL parameter. By adding a parameter to the affected routes, Icinga Web 2 will show these columns additionally in the respective list. This parameter is also respected when exporting to JSON or CSV. Protection rules and blacklists however have no effect in this case. Custom variables are shown as-is in the result. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, one may set up a restriction to hide hosts and services with the custom variable in question. 2021-07-12 4 CVE-2021-32747MISCMISCCONFIRMMISC ipfire — ipfire Lightning Wire Labs IPFire 2.21 (x86_64) – Core Update 130 is affected by: Cross Site Scripting (XSS). The impact is: Session Hijacking (local). The component is: Affected at Routing configuration via the “Remark” text box or “remark” parameter. The attack vector is: Attacker need to craft the malicious javascript code. 2021-07-12 4.3 CVE-2020-19204MISCMISC jsish — jsish Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter. 2021-07-13 5 CVE-2020-22907MISC kaseya — vsa SQL injection exists in Kaseya VSA before 9.5.6. 2021-07-09 6.5 CVE-2021-30117MISC kaseya — vsa Local file inclusion exists in Kaseya VSA before 9.5.6. 2021-07-09 6.5 CVE-2021-30121MISC kaseya — vsa Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requirement. 2021-07-09 5 CVE-2021-30120MISC kaseya — vsa An XML External Entity (XXE) issue exists in Kaseya VSA before 9.5.6. 2021-07-09 6.5 CVE-2021-30201MISC linecorp — line LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView. 2021-07-13 4.3 CVE-2021-36214MISC linuxfoundation — grpc_swift Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests. 2021-07-09 5 CVE-2021-36153MISCMISCMISC linuxfoundation — grpc_swift LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service. 2021-07-09 5 CVE-2021-36155MISCMISCMISC linuxfoundation — grpc_swift HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption. 2021-07-09 5 CVE-2021-36154MISCMISCMISC linuxptp_project — linuxptp A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1. 2021-07-09 5.5 CVE-2021-3571MISCFEDORAFEDORA metinfo — metinfo SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage. 2021-07-12 6.5 CVE-2020-21131MISCMISC microfocus — netiq_advanced_authentication Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1. 2021-07-12 4 CVE-2021-22515CONFIRM microsoft — bing Microsoft Bing Search Spoofing Vulnerability 2021-07-14 4.3 CVE-2021-33753MISC microsoft — exchange_server Microsoft Exchange Information Disclosure Vulnerability 2021-07-14 5 CVE-2021-33766MISCMISC microsoft — exchange_server Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31206, CVE-2021-34473. 2021-07-14 6.5 CVE-2021-31196MISC microsoft — exchange_server Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34470, CVE-2021-34523. 2021-07-14 5.2 CVE-2021-33768MISC microsoft — hevc_video_extensions HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31947, CVE-2021-33775, CVE-2021-33776, CVE-2021-33777. 2021-07-14 6.8 CVE-2021-33778MISC microsoft — hevc_video_extensions HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31947, CVE-2021-33776, CVE-2021-33777, CVE-2021-33778. 2021-07-14 6.8 CVE-2021-33775MISC microsoft — hevc_video_extensions HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31947, CVE-2021-33775, CVE-2021-33777, CVE-2021-33778. 2021-07-14 6.8 CVE-2021-33776MISC microsoft — hevc_video_extensions HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31947, CVE-2021-33775, CVE-2021-33776, CVE-2021-33778. 2021-07-14 6.8 CVE-2021-33777MISC microsoft — hevc_video_extensions HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33775, CVE-2021-33776, CVE-2021-33777, CVE-2021-33778. 2021-07-14 6.8 CVE-2021-31947MISC microsoft — open_enclave_software_development_kit Open Enclave SDK Elevation of Privilege Vulnerability 2021-07-14 4.6 CVE-2021-33767MISC microsoft — power_bi_report_server Power BI Remote Code Execution Vulnerability 2021-07-14 6.8 CVE-2021-31984MISC microsoft — windows_10 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33773, CVE-2021-34445, CVE-2021-34456. 2021-07-14 4.6 CVE-2021-33761MISC microsoft — windows_10 Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-33772, CVE-2021-34490. 2021-07-14 5 CVE-2021-31183MISC microsoft — windows_10 Windows Desktop Bridge Elevation of Privilege Vulnerability 2021-07-14 4.6 CVE-2021-33759MISC microsoft — windows_10 Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34460, CVE-2021-34510, CVE-2021-34512, CVE-2021-34513. 2021-07-14 4.6 CVE-2021-33751MISC microsoft — windows_10 Windows Projected File System Elevation of Privilege Vulnerability 2021-07-14 4.6 CVE-2021-33743MISC microsoft — windows_10 Windows Event Tracing Elevation of Privilege Vulnerability 2021-07-14 4.6 CVE-2021-33774MISC microsoft — windows_10 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33761, CVE-2021-34445, CVE-2021-34456. 2021-07-14 4.6 CVE-2021-33773MISC microsoft — windows_10 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability 2021-07-14 4.6 CVE-2021-33784MISC microsoft — windows_10 Windows Authenticode Spoofing Vulnerability 2021-07-14 4.3 CVE-2021-33782MISC microsoft — windows_10 Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33749, CVE-2021-33750, CVE-2021-33756. 2021-07-14 6.8 CVE-2021-33752MISC microsoft — windows_10 Windows Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-33755. 2021-07-14 4 CVE-2021-33758MISC microsoft — windows_10 Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-31183, CVE-2021-34490. 2021-07-14 5 CVE-2021-33772MISC microsoft — windows_10 Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33749, CVE-2021-33750, CVE-2021-33752. 2021-07-14 6.8 CVE-2021-33756MISC microsoft — windows_10 Windows Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-33758. 2021-07-14 5 CVE-2021-33755MISC microsoft — windows_10 Windows SMB Information Disclosure Vulnerability 2021-07-14 4 CVE-2021-33783MISC microsoft — windows_10 Windows AF_UNIX Socket Provider Denial of Service Vulnerability 2021-07-14 5 CVE-2021-33785MISC microsoft — windows_10 Azure AD Security Feature Bypass Vulnerability 2021-07-14 5.5 CVE-2021-33781MISC microsoft — windows_10 Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33750, CVE-2021-33752, CVE-2021-33756. 2021-07-14 6.8 CVE-2021-33749MISC microsoft — windows_10 Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33749, CVE-2021-33752, CVE-2021-33756. 2021-07-14 6.8 CVE-2021-33750MISC microsoft — windows_server_2008 Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-34494, CVE-2021-34525. 2021-07-14 6.5 CVE-2021-33780MISC microsoft — windows_server_2008 Windows Key Distribution Center Information Disclosure Vulnerability 2021-07-14 4.3 CVE-2021-33764MISC microsoft — windows_server_2008 Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33754, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525. 2021-07-14 6.5 CVE-2021-33746MISC microsoft — windows_server_2008 Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-34442, CVE-2021-34444, CVE-2021-34499. 2021-07-14 4 CVE-2021-33745MISC microsoft — windows_server_2008 Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525. 2021-07-14 6 CVE-2021-33754MISC microsoft — windows_server_2016 Windows ADFS Security Feature Bypass Vulnerability 2021-07-14 5.5 CVE-2021-33779MISC mikrotik — routeros Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference. 2021-07-13 4 CVE-2020-20250MISCMISC mikrotik — routeros Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). 2021-07-13 4 CVE-2020-20252MISC mitre — caldera A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service. 2021-07-12 6.5 CVE-2020-19907MISC moddable — moddable Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61. 2021-07-13 5 CVE-2020-22882MISC nextcloud — nextcloud Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.16.1, the Nextcloud Android client skipped a step that involved the client checking if a private key belonged to a previously downloaded public certificate. If the Nextcloud instance served a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. The vulnerability is patched in version 3.16.1. As a workaround, do not add additional end-to-end encrypted devices to a user account. 2021-07-12 5 CVE-2021-32727CONFIRMMISCMISCMISC nextcloud — nextcloud_mail Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist. 2021-07-12 4 CVE-2021-32707MISCMISCCONFIRM nextcloud — nextcloud_server Nextcloud Text is a collaborative document editing application that uses Markdown. A cross-site scripting vulnerability is present in versions prior to 19.0.13, 20.0.11, and 21.0.3. The Nextcloud Text application shipped with Nextcloud server used a `text/html` Content-Type when serving files to users. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, use a browser that has support for Content-Security-Policy. 2021-07-12 4.3 CVE-2021-32733MISCMISCCONFIRM nextcloud — nextcloud_server Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. 2021-07-12 5 CVE-2021-32703CONFIRMMISCMISC nextcloud — nextcloud_server Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. 2021-07-12 5 CVE-2021-32705MISCMISCCONFIRM nextcloud — nextcloud_server Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to trick users into downloading malicious files with a benign file extension. This would show in UI behaviours where Nextcloud applications would display a benign file extension (e.g. JPEG), but the file will actually be downloaded with an executable file extension. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. Administrators of Nextcloud instances do not have a workaround available, but developers of Nextcloud apps may manually escape the file name before passing it into `DownloadResponse`. 2021-07-12 6.8 CVE-2021-32679CONFIRMMISCMISC nextcloud — nextcloud_server Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. No workarounds aside from upgrading are known to exist. 2021-07-12 5 CVE-2021-32678MISCMISCCONFIRM nextcloud — nextcloud_server Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. 2021-07-12 5 CVE-2021-32741MISCMISCCONFIRM nextcloud — nextcloud_server Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings. 2021-07-12 5 CVE-2021-32734CONFIRMMISCMISC nextcloud — nextcloud_server Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. 2021-07-12 5 CVE-2021-32725CONFIRMMISCMISC nextcloud — talk Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and 11.3.0. As a workaround, don’t allow users to choose usernames themselves. This is the default behaviour of Nextcloud, but some user providers may allow doing so. 2021-07-12 4 CVE-2021-32689MISCMISCMISCCONFIRMMISC nodejs — node.js Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo(). 2021-07-12 6.4 CVE-2021-22918MISCMISC nodejs — node.js Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. 2021-07-12 4.4 CVE-2021-22921MISCMISC openvpn — openvpn OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration. 2021-07-12 5.8 CVE-2021-3547MISCMISC panasonic — fpwin_pro Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software. 2021-07-09 4.3 CVE-2021-32972MISC pbootcms — pbootcms Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php. 2021-07-09 4 CVE-2020-22535MISC pfsense — pfsense Netgate pfSense Community Edition 2.4.4 – p2 (arm64) is affected by: Cross Site Scripting (XSS). The impact is: Session Hijacking, Information Leakage (local). The component is: pfSense Dashboard, Work-on-LAN Service configuration. The attack vector is: Inject the malicious JavaScript code in Description text box or parameter. 2021-07-12 4.3 CVE-2020-19203MISCMISC plugin-planet — prismatic The Prismatic WordPress plugin before 2.8 does not escape the ‘tab’ GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator 2021-07-12 4.3 CVE-2021-24409CONFIRM pluginus — wordpress_meta_data_and_taxonomies_filter Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2021-07-14 6.8 CVE-2021-20781MISCMISCMISC putty — putty PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user). 2021-07-09 5.8 CVE-2021-36367MISCMISC qualcomm — apq8009_firmware Denial of service in SAP case due to improper handling of connections when association is rejected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-07-13 5 CVE-2021-1955CONFIRM qualcomm — apq8053_firmware Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2021-07-13 5 CVE-2021-1970CONFIRM qualcomm — apq8053_firmware Possible buffer overflow due to lack of length check in BA request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2021-07-13 5 CVE-2021-1907CONFIRM qualcomm — apq8053_firmware Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2021-07-13 5 CVE-2021-1964CONFIRM qualcomm — apq8053_firmware Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2021-07-13 5 CVE-2021-1943CONFIRM qualcomm — apq8053_firmware Possible buffer over read due to improper validation of data pointer while parsing FILS indication IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2021-07-13 5 CVE-2021-1954CONFIRM qualcomm — apq8053_firmware Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-07-13 5 CVE-2021-1945CONFIRM qualcomm — aqt1000_firmware Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-07-13 5 CVE-2021-1953CONFIRM qualcomm — aqt1000_firmware Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2021-07-13 5 CVE-2021-1938CONFIRM qualcomm — ar7420_firmware An assertion can be reached in the WLAN subsystem while using the Wi-Fi Fine Timing Measurement protocol in Snapdragon Wired Infrastructure and Networking 2021-07-13 5 CVE-2021-1887CONFIRM quickjs_project — quickjs Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service. This issue is resolved in the 2020-07-05 release. 2021-07-13 5 CVE-2020-22876MISC redhat — keycloak A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. 2021-07-09 5 CVE-2021-3637MISC restsharp — restsharp RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service. 2021-07-12 5 CVE-2021-27293MISCMISC retty — retty Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app. 2021-07-14 5 CVE-2021-20748MISCMISC retty — retty Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. 2021-07-14 4.3 CVE-2021-20747MISCMISC rockwellautomation — micrologix_1100_firmware Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. If successfully exploited, this vulnerability will cause the controller to fault whenever the controller is switched to RUN mode. 2021-07-09 5 CVE-2021-33012MISC salonbookingsystem — salon_booking_system The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The Payload will then be triggered when an admin visits the “Calendar” page and the malicious script is executed in the admin context. 2021-07-12 4.3 CVE-2021-24429CONFIRM sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the application. 2021-07-14 4.3 CVE-2021-33681MISCMISC sap — 3d_visual_enterprise_viewer SAP 3D Visual Enterprise Viewer, version – 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming temporarily unavailable until the user restarts the application. 2021-07-14 4.3 CVE-2021-33680MISCMISC sap — businessobjects_web_intelligence Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions – 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted. 2021-07-14 4 CVE-2021-33667MISCMISC sap — customer_relationship_management A missing authority check in SAP CRM, versions – 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system. 2021-07-14 6.5 CVE-2021-33676MISCMISC sap — netweaver_abap SAP NetWeaver ABAP Server and ABAP Platform, versions – 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. 2021-07-14 5 CVE-2021-33677MISCMISC sap — netweaver_application_server_java When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version – 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted. 2021-07-14 4 CVE-2021-33689MISCMISC sap — netweaver_application_server_java SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability. 2021-07-14 5 CVE-2021-33670MISCMISC sap — netweaver_application_server_java SAP NetWeaver AS JAVA (Enterprise Portal), versions – 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information. 2021-07-14 4 CVE-2021-33687MISCMISC sap — netweaver_guided_procedures SAP NetWeaver Guided Procedures (Administration Workset), versions – 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality restricted to a particular user group, and could allow unauthorized users to read, modify or delete restricted data. 2021-07-14 6.5 CVE-2021-33671MISCMISC segment — is-email A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU. 2021-07-14 5 CVE-2021-36716MISCCONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13404) 2021-07-13 6.8 CVE-2021-34319CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13442) 2021-07-13 6.8 CVE-2021-34331CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13430) 2021-07-13 6.8 CVE-2021-34330CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13427) 2021-07-13 6.8 CVE-2021-34329CONFIRMCONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13199) 2021-07-13 4.3 CVE-2021-34304CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13422) 2021-07-13 6.8 CVE-2021-34326CONFIRMCONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13420) 2021-07-13 6.8 CVE-2021-34324CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13419) 2021-07-13 6.8 CVE-2021-34323CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The DL180CoolType.dll library in affected applications lacks proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13380) 2021-07-13 6.8 CVE-2021-34316CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13423) 2021-07-13 6.8 CVE-2021-34327CONFIRMCONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13343) 2021-07-13 4.3 CVE-2021-34307CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13356) 2021-07-13 6.8 CVE-2021-34315CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13355) 2021-07-13 6.8 CVE-2021-34314CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13354) 2021-07-13 6.8 CVE-2021-34313CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13353) 2021-07-13 6.8 CVE-2021-34312CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Mono_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13352) 2021-07-13 6.8 CVE-2021-34311CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13192) 2021-07-13 4.3 CVE-2021-34299CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13197) 2021-07-13 4.3 CVE-2021-34302CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13198) 2021-07-13 4.3 CVE-2021-34303CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13403) 2021-07-13 6.8 CVE-2021-34318CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13424) 2021-07-13 6.8 CVE-2021-34328CONFIRMCONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCX files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13402) 2021-07-13 6.8 CVE-2021-34317CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12956) 2021-07-13 6.8 CVE-2021-34291CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13057) 2021-07-13 6.8 CVE-2021-34296CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12959) 2021-07-13 6.8 CVE-2021-34292CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The VisDraw.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13414) 2021-07-13 4.3 CVE-2021-34321CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406) 2021-07-13 4.3 CVE-2021-34320CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13421) 2021-07-13 4.3 CVE-2021-34325CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources. (CNVD-C-2021-79300) 2021-07-13 4.3 CVE-2021-34332CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in double free of an allocated buffer that leads to a crash. An attacker could leverage this vulnerability to cause denial of service condition. (CNVD-C-2021-79295) 2021-07-13 4.3 CVE-2021-34333CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13351) 2021-07-13 6.8 CVE-2021-34310CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13344) 2021-07-13 4.3 CVE-2021-34308CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The JPEG2K_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13416) 2021-07-13 4.3 CVE-2021-34322CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13350) 2021-07-13 6.8 CVE-2021-34309CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13024) 2021-07-13 6.8 CVE-2021-34295CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342) 2021-07-13 6.8 CVE-2021-34306CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13340) 2021-07-13 6.8 CVE-2021-34305CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13020) 2021-07-13 6.8 CVE-2021-34293CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13196) 2021-07-13 6.8 CVE-2021-34301CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13194) 2021-07-13 6.8 CVE-2021-34300CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13060) 2021-07-13 6.8 CVE-2021-34298CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13023 2021-07-13 6.8 CVE-2021-34294CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13059) 2021-07-13 6.8 CVE-2021-34297CONFIRM sonicwall — switch Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations. 2021-07-09 6.8 CVE-2021-20024CONFIRM stormshield — endpoint_security Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones. 2021-07-13 4.6 CVE-2021-35957MISCMISC stormshield — endpoint_security SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. 2021-07-13 4.3 CVE-2021-31225MISCMISC tipsandtricks-hq — software_license_manager Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2021-07-14 6.8 CVE-2021-20782MISCMISCMISC vmware — cloud_foundation SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request. 2021-07-13 6.8 CVE-2021-21994MISC vmware — cloud_foundation OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition. 2021-07-13 5 CVE-2021-21995MISC vmware — thinapp VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. A malicious actor with non-administrative privileges may exploit this vulnerability to elevate privileges to administrator level on the Windows operating system having VMware ThinApp installed on it. 2021-07-13 6.9 CVE-2021-22000MISCFULLDISC voidtools — everything HTTP header injection vulnerability in Everything all versions except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product via unspecified vectors. 2021-07-14 5.8 CVE-2021-20784MISCMISCMISC wayang-cms_project — wayang-cms A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information. 2021-07-14 5 CVE-2020-29147MISC wayang-cms_project — wayang-cms A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execute arbitrary web scripts or HTML via a constructed payload created by adding the X-Forwarded-For field to the header. 2021-07-14 4.3 CVE-2020-29146MISC wire — wire Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new websocket implementation is not configured to enforce certificate pinning when available. Certificate pinning for the new websocket is enforced in version 3.84 or above. 2021-07-13 4 CVE-2021-32755CONFIRM xen-orchestra — xo-server Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit, Users, and Groups. 2021-07-12 4 CVE-2021-36383MISC xml\ — \ It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used. 2021-07-09 5 CVE-2012-1102MISCMISC xmlsoft — libxml2 A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. 2021-07-09 4 CVE-2021-3541MISC yop-poll — yop_poll In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options “Allow other answers”, “Display other answers in the result list” and “Show results”, it can lead to Stored Cross-Site Scripting issues as the ‘Other’ answer is not sanitised before being output in the page. The execution of the XSS payload depends on the ‘Show results’ option selected, which could be before or after sending the vote for example. 2021-07-12 4.3 CVE-2021-24454MISCCONFIRM Back to top   Low Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info admincolumns — admin_columns The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type “Custom Field” allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of “Custom Field” columns. 2021-07-12 3.5 CVE-2021-24365CONFIRMMISC blackcat-cms — blackcat_cms A stored cross site scripting (XSS) vulnerability in the ‘Add Page’ feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Title’ parameter. 2021-07-09 3.5 CVE-2020-25877MISCMISC blackcat-cms — blackcat_cms A stored cross site scripting (XSS) vulnerability in the ‘Admin-Tools’ feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the ‘Output Filters’ and ‘Droplets’ modules. 2021-07-09 3.5 CVE-2020-25878MISCMISC boldgrid — w3_total_cache The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue 2021-07-12 3.5 CVE-2021-24427MISCCONFIRM codologic — codoforum A stored cross site scripting (XSS) vulnerability in the ‘Manage Users’ feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Username’ parameter. 2021-07-09 3.5 CVE-2020-25879MISCMISC codologic — codoforum A stored cross site scripting (XSS) vulnerability in the ‘Smileys’ feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the ‘Smiley Code’ parameter. 2021-07-09 3.5 CVE-2020-25875MISCMISC codologic — codoforum A stored cross site scripting (XSS) vulnerability in the ‘Pages’ feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the ‘Page Title’ parameter. 2021-07-09 3.5 CVE-2020-25876MISCMISC cszcms — csz_cms A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘New Pages’ field under the ‘Pages Content’ module. 2021-07-09 3.5 CVE-2020-25391MISC cszcms — csz_cms A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘New Article’ field under the ‘Article’ plugin. 2021-07-09 3.5 CVE-2020-25392MISC dotcms — dotcms A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. 2021-07-09 3.5 CVE-2021-35360MISC dotcms — dotcms A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. 2021-07-09 3.5 CVE-2021-35361MISC dotcms — dotcms A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Title’ and ‘Filename’ parameters. 2021-07-09 3.5 CVE-2021-35358MISC element-it — http_commander A Cross-site scripting (XSS) vulnerability in the “View in Browser” feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image. 2021-07-14 3.5 CVE-2021-33212MISCMISC emarketdegisn — request_a_quote The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the ‘All Quotes” table. 2021-07-12 3.5 CVE-2021-24420CONFIRM esri — arcgis_server A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory. 2021-07-11 3.5 CVE-2021-29105CONFIRM eyecix — jobsearch_wp_job_board The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue 2021-07-12 3.5 CVE-2021-24421CONFIRMMISC fetchdesigns — sign-up_sheets The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. The payloads will be triggered when viewing the ‘All Sheets’ page in the admin dashboard 2021-07-12 3.5 CVE-2021-24440CONFIRM flowdroid_project — flowdroid FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2.9.0 contained an XML external entity (XXE) vulnerability that allowed an attacker who had control over the source/sink definition file in XML format to read files from external locations. In order for this to occur, the XML-based format for sources and sinks had to be used and the attacker had to able control the source/sink definition file. The vulnerability was patched in version 2.9.0. As a workaround, do not allow untrusted entities to control the source/sink definition file. 2021-07-12 3.5 CVE-2021-32754CONFIRM google — android In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179910660 2021-07-14 1.9 CVE-2021-0604MISC halo — halo Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. 2021-07-12 3.5 CVE-2020-18982MISC huawei — mate_20_firmware There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. Affected product versions include:HUAWEI Mate 20 9.0.0.195(C01E195R2P1), 9.1.0.139(C00E133R3P1);HUAWEI Mate 20 Pro 9.0.0.187(C432E10R1P16), 9.0.0.188(C185E10R2P1), 9.0.0.245(C10E10R2P1), 9.0.0.266(C432E10R1P16), 9.0.0.267(C636E10R2P1), 9.0.0.268(C635E12R1P16), 9.0.0.278(C185E10R2P1); Hima-L29C 9.0.0.105(C10E9R1P16), 9.0.0.105(C185E9R1P16), 9.0.0.105(C636E9R1P16); Laya-AL00EP 9.1.0.139(C786E133R3P1); OxfordS-AN00A 10.1.0.223(C00E210R5P1); Tony-AL00B 9.1.0.257(C00E222R2P1). 2021-07-13 2.1 CVE-2021-22440MISC huawei — p30_firmware The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Affected product versions include: HUAWEI P30 10.0.0.195(C432E22R2P5), 10.0.0.200(C00E85R2P11), 10.0.0.200(C461E6R3P1), 10.0.0.201(C10E7R5P1), 10.0.0.201(C185E4R7P1), 10.0.0.206(C605E19R1P3), 10.0.0.209(C636E6R3P4), 10.0.0.210(C635E3R2P4), and versions earlier than 10.1.0.165(C01E165R2P11). 2021-07-13 2.1 CVE-2021-22399MISC ibm — cloud_pak_for_applications IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195035. 2021-07-13 3.5 CVE-2021-20364CONFIRMXF ibm — cloud_pak_for_applications IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195357. 2021-07-13 3.5 CVE-2021-20368XFCONFIRM ibm — cloud_pak_for_applications IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195037. 2021-07-13 3.5 CVE-2021-20366CONFIRMXF ibm — cloud_pak_for_applications IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195036. 2021-07-13 3.5 CVE-2021-20365XFCONFIRM ibm — cloud_pak_for_applications IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195034. 2021-07-13 3.5 CVE-2021-20363CONFIRMXF ibm — cloud_pak_for_applications IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195033. 2021-07-13 3.5 CVE-2021-20362XFCONFIRM ibm — cloud_pak_for_applications IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195032. 2021-07-13 3.5 CVE-2021-20361XFCONFIRM ibm — tivoli_netcool\/omnibus_gui IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204262. 2021-07-12 3.5 CVE-2021-29804XFCONFIRM ibm — tivoli_netcool\/omnibus_gui IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204263. 2021-07-12 3.5 CVE-2021-29805CONFIRMXF ibm — tivoli_netcool\/omnibus_gui IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204164. 2021-07-12 3.5 CVE-2021-29803CONFIRMXF ibm — tivoli_netcool\/omnibus_gui IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204349. 2021-07-12 3.5 CVE-2021-29822CONFIRMXF icinga — icinga Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the `doc` module of Icinga Web 2 allows to view documentation directly in the UI. It must be enabled manually by an administrator and users need explicit access permission to use it. Then, by visiting a certain route, it is possible to gain access to arbitrary files readable by the web-server user. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, an administrator may disable the `doc` module or revoke permission to use it from all users. 2021-07-12 3.5 CVE-2021-32746MISCCONFIRMMISCMISC kaseya — vsa Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7. 2021-07-09 3.5 CVE-2021-30119MISC microsoft — windows_10 Media Foundation Information Disclosure Vulnerability 2021-07-14 2.1 CVE-2021-33760MISC microsoft — windows_10 Windows Remote Access Connection Manager Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-34454, CVE-2021-34457. 2021-07-14 2.1 CVE-2021-33763MISC microsoft — windows_10 Windows Installer Spoofing Vulnerability 2021-07-14 2.1 CVE-2021-33765MISC microsoft — windows_10 Windows InstallService Elevation of Privilege Vulnerability 2021-07-14 3.6 CVE-2021-31961MISC mozilo — mozilocms A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Content” parameter. 2021-07-09 3.5 CVE-2020-25394MISC nextcloud — nextcloud_server Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn’t properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3. 2021-07-12 2.1 CVE-2021-32680CONFIRMMISCMISC pfsense — pfsense A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr (description) parameter on NAT rules. 2021-07-12 3.5 CVE-2020-19201MISCMISCMISC plugin-planet — prismatic The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher privilege users, such as editor could exploit this without the need of approval, and even when the blog disallows the unfiltered_html capability. 2021-07-12 3.5 CVE-2021-24408CONFIRM prothemedesign — browser_screenshots The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the browser-shot shortcode was not escaped. 2021-07-12 3.5 CVE-2021-24439CONFIRM publiccms — publiccms Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case. 2021-07-09 3.5 CVE-2020-21333MISC qualcomm — apq8009_firmware Possible buffer over-read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-07-13 2.1 CVE-2021-1901CONFIRM qualcomm — apq8009_firmware Possible Buffer Over-read due to lack of validation of boundary checks when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-07-13 2.1 CVE-2021-1897CONFIRM qualcomm — apq8009_firmware Possible buffer over-read due to incorrect overflow check when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2021-07-13 2.1 CVE-2021-1898CONFIRM qualcomm — apq8009w_firmware Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2021-07-13 2.1 CVE-2021-1899CONFIRM qualcomm — aqt1000_firmware Weak configuration in WLAN could cause forwarding of unencrypted packets from one client to another in Snapdragon Compute, Snapdragon Connectivity 2021-07-13 3.3 CVE-2021-1896CONFIRM rukovoditel — rukovoditel A stored cross site scripting (XSS) vulnerability in the ‘Users Access Groups’ feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Name’ parameter. 2021-07-09 3.5 CVE-2020-35986MISC rukovoditel — rukovoditel A stored cross site scripting (XSS) vulnerability in the ‘Entities List’ feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Name’ parameter. 2021-07-09 3.5 CVE-2020-35987MISC rukovoditel — rukovoditel A stored cross site scripting (XSS) vulnerability in the ‘Users Alerts’ feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Title’ parameter. 2021-07-09 3.5 CVE-2020-35984MISC rukovoditel — rukovoditel A stored cross site scripting (XSS) vulnerability in the ‘Global Lists” feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Name’ parameter. 2021-07-09 3.5 CVE-2020-35985MISC sap — lumira_server SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with basic level privileges to store a malicious script on SAP Lumira Server. The execution of the script content, by a victim registered on SAP Lumira Server, could compromise the confidentiality and integrity of SAP Lumira content. 2021-07-14 3.5 CVE-2021-33682MISCMISC smooth_scroll_page_up\/down_buttons_project — smooth_scroll_page_up\/down_buttons The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog 2021-07-12 3.5 CVE-2021-24418CONFIRMMISC stormshield — endpoint_security SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies. 2021-07-13 2.9 CVE-2021-31224MISCMISC stormshield — endpoint_security SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies. 2021-07-13 2.3 CVE-2021-31220MISCMISC stormshield — endpoint_security SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed. 2021-07-13 2.9 CVE-2021-31223MISCMISC stormshield — endpoint_security SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed. 2021-07-13 2.9 CVE-2021-31222MISCMISC stormshield — endpoint_security SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed. 2021-07-13 2.9 CVE-2021-31221MISCMISC web-dorado — backup-wd The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue 2021-07-12 3.5 CVE-2021-24426MISCCONFIRM webfactoryltd — wp_reset The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue 2021-07-12 3.5 CVE-2021-24424CONFIRMMISC wp_youtube_lyte_project — wp_youtube_lyte The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues. 2021-07-12 3.5 CVE-2021-24419CONFIRMMISC Back to top   Severity Not Yet Assigned Primary Vendor — Product Description Published CVSS Score Source & Patch Info 1password_connect — 1password_connect   1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation. Malicious users authorized to create Secrets Automation access tokens can create tokens that have access beyond what the user is authorized to access, but limited to the existing authorizations of the Secret Automation the token is created in. 2021-07-16 not yet calculated CVE-2021-36758MISC MdeModulePkg — MdeModulePkg   Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. 2021-07-14 not yet calculated CVE-2019-11098MISC acronis — true_image   Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions. 2021-07-15 not yet calculated CVE-2020-25593MISCMISC acronis — true_image   Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration. 2021-07-15 not yet calculated CVE-2020-25736MISCMISC acronis — true_image_2019   Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. 2021-07-15 not yet calculated CVE-2020-15496MISCMISC acronis — true_image_2019   Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration. 2021-07-15 not yet calculated CVE-2020-15495MISCMISC advantech — r-seenet A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability. 2021-07-16 not yet calculated CVE-2021-21804MISC advantech — r-seenet This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. 2021-07-16 not yet calculated CVE-2021-21801MISC advantech — r-seenet   This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. 2021-07-16 not yet calculated CVE-2021-21802MISC advantech — r-seenet   This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. 2021-07-16 not yet calculated CVE-2021-21803MISC advantech — r-seenet   Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability. 2021-07-16 not yet calculated CVE-2021-21800MISC advantech — r-seenet   Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability. 2021-07-16 not yet calculated CVE-2021-21799MISC apache — commons_compress When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress’ zip package. 2021-07-13 not yet calculated CVE-2021-36090MISCMISCMLISTMLISTMLISTMLISTMLISTMLIST apache — commons_compress   When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress’ sevenz package. 2021-07-13 not yet calculated CVE-2021-35515MISCMISCMLISTMLIST apache — commons_compress   When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress’ tar package. 2021-07-13 not yet calculated CVE-2021-35517MISCMISCMLISTMLISTMLISTMLISTMLIST apache — commons_compress   When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress’ sevenz package. 2021-07-13 not yet calculated CVE-2021-35516MISCMISCMLISTMLIST apache — mina_sshd   A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0 2021-07-12 not yet calculated CVE-2021-30129CONFIRMMLISTMLISTMLIST apache — tomcat   A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. 2021-07-12 not yet calculated CVE-2021-30640MISC booking_core — ultimate_booking_system_booking_core   Cross Site Scripting (XSS) vulnerability in Booking Core – Ultimate Booking System Booking Core 1.7.0 via the (1) “About Yourself” section under the “My Profile” page, ” (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section. 2021-07-14 not yet calculated CVE-2020-25444MISC broadcom — bcm4352_and_bcm43684   A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. Any wireless router using BCM4352 and BCM43684 will be affected, such as ASUS AX6100. An attacker may cause a Denial of Service (DoS) to any device connected to BCM4352 or BCM43684 routers via an association or reassociation frame. 2021-07-14 not yet calculated CVE-2021-34174MISCMISC cartadis — gespage   Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. 2021-07-12 not yet calculated CVE-2021-33807MISCCONFIRMMISC centreon — platform   An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in “Configuration > Users > Contacts / Users” allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters. 2021-07-16 not yet calculated CVE-2021-28053MISCMISCMISC centreon — platform   An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in “Configuration > Hosts” allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter. 2021-07-16 not yet calculated CVE-2021-28054MISCMISCMISC chatwoot — chatwoot   chatwoot is vulnerable to Inefficient Regular Expression Complexity 2021-07-16 not yet calculated CVE-2021-3649MISCCONFIRM cisco — adaptive_security_appliance   A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0. 2021-07-16 not yet calculated CVE-2021-1422CISCO d-link — dap-1330_routers   This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12028. 2021-07-15 not yet calculated CVE-2021-34830MISC d-link — dap-1330_routers   This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12029. 2021-07-15 not yet calculated CVE-2021-34827MISC d-link — dap-1330_routers   This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066. 2021-07-15 not yet calculated CVE-2021-34828MISC d-link — dap-1330_routers   This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065. 2021-07-15 not yet calculated CVE-2021-34829MISC d-link — dir-3040 A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of requests to trigger this vulnerability. 2021-07-16 not yet calculated CVE-2021-21818MISC d-link — dir-3040   An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. 2021-07-16 not yet calculated CVE-2021-21816MISC d-link — dir-3040   An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. 2021-07-16 not yet calculated CVE-2021-21817MISC d-link — dir-3040   A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. 2021-07-16 not yet calculated CVE-2021-21819MISC d-link — dir-3040   A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability. 2021-07-16 not yet calculated CVE-2021-21820MISC dell — emc_avamar_server   Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request. 2021-07-16 not yet calculated CVE-2019-3752MISC dell — wyse_management_suite Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system. 2021-07-15 not yet calculated CVE-2021-21586MISC dell — wyse_management_suite   Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders. 2021-07-15 not yet calculated CVE-2021-21587MISC depstech — wifi_digital_microscope_3   DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default settings. 2021-07-15 not yet calculated CVE-2020-12734MISCMISC depstech — wifi_digital_microscope_3   Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account. 2021-07-15 not yet calculated CVE-2020-12733MISCMISC depstech — wifi_digital_microscope_3   DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678. 2021-07-15 not yet calculated CVE-2020-12732MISCMISC discourse — discourse Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. The issue is patched in `stable` version 2.7.6, `beta` version 2.8.0.beta3, and `tests-passed` version 2.8.0.beta3. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. 2021-07-15 not yet calculated CVE-2021-32764CONFIRM dr.id — door_access_control_and_personnel_attendance_management_system   Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission. 2021-07-16 not yet calculated CVE-2021-35961MISCMISC dr.id — door_access_control_and_personnel_attendance_management_system   Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission. 2021-07-16 not yet calculated CVE-2021-35962MISCMISC eclipse — jetty   For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. 2021-07-15 not yet calculated CVE-2021-34429CONFIRM ecostructure — control_expert Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass the password protection and be able to view and modify a project file. 2021-07-14 not yet calculated CVE-2021-22780MISC ecostructure — control_expert   Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file. 2021-07-14 not yet calculated CVE-2021-22781MISC ecostructure — control_expert   Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions – part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions – part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller. 2021-07-14 not yet calculated CVE-2021-22779MISC ecostructure — control_expert   Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file. 2021-07-14 not yet calculated CVE-2021-22778MISC ecostructure — control_expert   Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file. 2021-07-14 not yet calculated CVE-2021-22782MISC ectouch — ectouch   SQL Injection Vulnerability in ECTouch v2 via the integral_min parameter in index.php. 2021-07-14 not yet calculated CVE-2020-18144MISC elfinder.net.core — elfinder.net.core   This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path. 2021-07-14 not yet calculated CVE-2021-23407MISCMISCMISC espressif — esp32   An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover. 2021-07-14 not yet calculated CVE-2021-34173MISCMISC fail2ban — fail2ban   fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if unescaped sequences (`\n~`) are available in “foreign” input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server. The issue is patched in versions 0.10.7 and 0.11.3. As a workaround, one may avoid the usage of action `mail-whois` or patch the vulnerability manually. 2021-07-16 not yet calculated CVE-2021-32749MISCMISCCONFIRM falco — falco   Falco through 0.28.1 has a Time-of-check Time-of-use (TOCTOU) Race Condition. Issue is fixed in Falco versions >= 0.29.1. 2021-07-15 not yet calculated CVE-2021-33505MISC fossil — fossil   Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. 2021-07-12 not yet calculated CVE-2021-36377MISC froala — wysiwyg   Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing. 2021-07-16 not yet calculated CVE-2021-28114MISCMISCMISC fsso — collector   An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets. 2021-07-12 not yet calculated CVE-2021-26088CONFIRM gatsby — gatsby   Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. A patch has been introduced in [email protected] and [email protected] which mitigates the issue by filtering all variables specified in the `auth: { }` section. Users that depend on this functionality are advised to upgrade to the latest release of gatsby-source-wordpress, run `gatsby clean` followed by a `gatsby build`. One may manually edit the app.js file post-build as a workaround. 2021-07-15 not yet calculated CVE-2021-32770CONFIRM github — enterprise_server   A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and was fixed in 3.1.3, 3.0.11, and 2.22.17. This vulnerability was reported via the GitHub Bug Bounty program. 2021-07-14 not yet calculated CVE-2021-22867MISCMISCMISC go — go   The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. 2021-07-15 not yet calculated CVE-2021-34558MISCMISCMISC google — android   In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check. This could lead to local information disclosure from locked profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168802517References: N/A 2021-07-14 not yet calculated CVE-2021-0654MISC hashicorp — consul HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated. 2021-07-17 not yet calculated CVE-2021-32574MISCCONFIRM hashicorp — consul   In HashiCorp Consul before 1.10.1 (and Consul Enterprise), xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action. 2021-07-17 not yet calculated CVE-2021-36213MISCCONFIRM hitachi — abb_power_grids_esoms   Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions. 2021-07-14 not yet calculated CVE-2021-35527CONFIRM ibm — infosphere_data_republican   IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834 2021-07-16 not yet calculated CVE-2020-4821CONFIRMCONFIRMXF ibm — infosphere_master_data_management_server   IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324. 2021-07-16 not yet calculated CVE-2020-4675CONFIRMXF ibm — qradar_siem   IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539. 2021-07-16 not yet calculated CVE-2020-4980CONFIRMXF ibm — secure_external_authentication_server   IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. 2021-07-15 not yet calculated CVE-2021-29725CONFIRMXFCONFIRM ibm — secure_external_authentication_server   IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777. 2021-07-15 not yet calculated CVE-2021-29749XFCONFIRMCONFIRM ibm — security_access_amanger   IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. 2021-07-15 not yet calculated CVE-2021-20439XFCONFIRM ibm — security_verify_access_docker IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660 2021-07-15 not yet calculated CVE-2021-20523XFCONFIRM ibm — security_verify_access_docker IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814 2021-07-15 not yet calculated CVE-2021-20534XFCONFIRM ibm — security_verify_access_docker IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300. 2021-07-15 not yet calculated CVE-2021-20511XFCONFIRM ibm — security_verify_access_docker IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661. 2021-07-15 not yet calculated CVE-2021-20524XFCONFIRM ibm — security_verify_access_docker IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. 2021-07-15 not yet calculated CVE-2021-20500XFCONFIRM ibm — security_verify_access_docker   IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969 2021-07-15 not yet calculated CVE-2021-20497XFCONFIRM ibm — security_verify_access_docker   IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. 2021-07-15 not yet calculated CVE-2021-20496XFCONFIRM ibm — security_verify_access_docker   IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813 2021-07-15 not yet calculated CVE-2021-20533XFCONFIRM ibm — security_verify_access_docker   IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973 2021-07-15 not yet calculated CVE-2021-20499XFCONFIRM ibm — security_verify_access_docker   IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483. 2021-07-15 not yet calculated CVE-2021-29742XFCONFIRM ibm — security_verify_access_docker   IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requets that could be used in further attacks against the system. IBM X-Force ID: 197972. 2021-07-15 not yet calculated CVE-2021-20498XFCONFIRM ibm — security_verify_access_docker   IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 2021-07-15 not yet calculated CVE-2021-20510XFCONFIRM ibm — security_verify_access_docker   IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600. 2021-07-15 not yet calculated CVE-2021-29699XFCONFIRM ibm — security_verify_access_docker   IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918 2021-07-15 not yet calculated CVE-2021-20537XFCONFIRM icinga — icinga Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule. 2021-07-15 not yet calculated CVE-2021-32743MISCCONFIRM icinga — icinga   Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user’s credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node’s certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. That certificate may in turn be used to steal an endpoint or API user’s identity. Versions 2.12.5 and 2.11.10 both contain a fix the vulnerability. As a workaround, one may either specify queryable types explicitly or filter out ApiListener objects. 2021-07-15 not yet calculated CVE-2021-32739MISCCONFIRM idrive — remotepc iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port. 2021-07-15 not yet calculated CVE-2021-34691MISCMISC idrive — remotepc   iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system’s Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker. 2021-07-15 not yet calculated CVE-2021-34688MISCMISC idrive — remotepc   iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system’s Personal Key in world-readable %PROGRAMDATA% log files. 2021-07-15 not yet calculated CVE-2021-34689MISCMISC idrive — remotepc   iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. A remote and unauthenticated attacker can bypass cloud authentication to connect and control a system via TCP port 5970 and 5980. 2021-07-15 not yet calculated CVE-2021-34690MISCMISC idrive — remotepc   iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges. 2021-07-15 not yet calculated CVE-2021-34692MISCMISC idrive — remotepc   iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system’s Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher. 2021-07-15 not yet calculated CVE-2021-34687MISCMISC intel — bssa_dft   Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access. 2021-07-14 not yet calculated CVE-2021-0144MISC intelliants — subrion_cms   SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection. 2021-07-14 not yet calculated CVE-2020-18155MISC jamf — pro   Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a customer’s Jamf Pro instance, but when clicked will forward a user to an arbitrary URL that may be malicious. This is tracked via Jamf with the following ID: PI-009822 2021-07-12 not yet calculated CVE-2021-35037MISCMISC jasper — image_coding_toolkit   A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c 2021-07-15 not yet calculated CVE-2021-27845MISC jfif_encode — jfif_encode   A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. 2021-07-15 not yet calculated CVE-2020-23705MISC jt — utilities A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a race condition could cause an object to be released before being operated on, leading to NULL pointer deference condition and causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. 2021-07-13 not yet calculated CVE-2021-33715CONFIRM jt — utilities A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a missing check for the validity of an iterator leads to NULL pointer deference condition, causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. 2021-07-13 not yet calculated CVE-2021-33714CONFIRM jt — utilities   A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. 2021-07-13 not yet calculated CVE-2021-33713CONFIRM juniper_networks — contrail_cloud   Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0. 2021-07-15 not yet calculated CVE-2021-0279CONFIRM juniper_networks — junos_os A vulnerability in the handling of exceptional conditions in Juniper Networks Junos OS Evolved (EVO) allows an attacker to send specially crafted packets to the device, causing the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) process to crash and restart, impacting all traffic going through the FPC, resulting in a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. Following messages will be logged prior to the crash: Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:32710470974358 label:1089551617 for session:18 probe:35 Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:19241453497049 label:1089551617 for session:18 probe:37 Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:19241453497049 label:1089551617 for session:18 probe:44 Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:32710470974358 label:1089551617 for session:18 probe:47 Feb 2 10:14:39 fpc0 audit[16263]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=16263 comm=”EvoAftManBt-mai” exe=”/usr/sbin/evo-aftmand-bt” sig=11 Feb 2 10:14:39 fpc0 kernel: audit: type=1701 audit(1612260879.272:17): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=16263 comm=”EvoAftManBt-mai” exe=”/usr/sbin/evo-aftmand-bt” sig=1 This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. 2021-07-15 not yet calculated CVE-2021-0286CONFIRM juniper_networks — junos_os An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. junos:18.3R3-S5 junos:18.4R3-S9 junos:19.1R3-S6 junos:19.3R2-S6 junos:19.3R3-S3 junos:19.4R1-S4 junos:19.4R3-S4 junos:20.1R2-S2 junos:20.1R3 junos:20.2R3-S1 junos:20.3X75-D20 junos:20.3X75-D30 junos:20.4R2-S1 junos:20.4R3 junos:21.1R1-S1 junos:21.1R2 junos:21.2R1 junos:21.3R1 This issue affects: Juniper Networks Junos OS 19.3 versions 19.3R1 and above prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1. 2021-07-15 not yet calculated CVE-2021-0278CONFIRM juniper_networks — junos_os On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this UPDATE message will create a sustained Denial of Service (DoS) condition. This BGP UPDATE message can propagate to other BGP peers with vulnerable Junos versions on which Multipath or add-path feature is enabled, and cause RPD to crash and restart. This issue affects both IBGP and EBGP deployments in IPv4 or IPv6 network. Junos OS devices that do not have the BGP Multipath or add-path feature enabled are not affected by this issue. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S3; 2021-07-15 not yet calculated CVE-2021-0282CONFIRM juniper_networks — junos_os Improper Handling of Exceptional Conditions in Ethernet interface frame processing of Juniper Networks Junos OS allows an attacker to send specially crafted frames over the local Ethernet segment, causing the interface to go into a down state, resulting in a Denial of Service (DoS) condition. The interface does not recover on its own and the FPC must be reset manually. Continued receipt and processing of these frames will create a sustained Denial of Service (DoS) condition. This issue is platform-specific and affects the following platforms and line cards: * MPC7E/8E/9E and MPC10E on MX240, MX480, MX960, MX2008, MX2010, and MX2020 * MX204, MX10003, MX10008, MX10016 * EX9200, EX9251 * SRX4600 No other products or platforms are affected by this vulnerability. An indication of this issue occurring can be seen in the system log messages, as shown below: [email protected]> show log messages | match “Failed to complete DFE tuning” fpc4 smic_phy_dfe_tuning_state: et-4/1/6 – Failed to complete DFE tuning (count 3) and interface will be in a permanently down state: [email protected]> show interfaces et-4/1/6 terse Interface Admin Link Proto Local Remote et-4/1/6 up down et-4/1/6.0 up down aenet –> ae101.0 This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S7 on MX Series; 17.1R1 and later versions prior to 17.2R3-S3 on MX Series; 17.3 versions prior to 17.3R3-S8 on MX Series; 17.4 versions prior to 17.4R2-S11, 17.4R3-S1 on MX Series, SRX4600; 18.1 versions prior to 18.1R3-S10 on MX Series, EX9200 Series, SRX4600; 18.2 versions prior to 18.2R3-S3 on MX Series, EX9200 Series, SRX4600; 18.3 versions prior to 18.3R3-S1 on MX Series, EX9200 Series, SRX4600; 18.4 versions prior to 18.4R2-S3, 18.4R3 on MX Series, EX9200 Series, SRX4600; 19.1 versions prior to 19.1R2-S1, 19.1R3 on MX Series, EX9200 Series, SRX4600; 19.2 versions prior to 19.2R1-S3, 19.2R2 on MX Series, EX9200 Series, SRX4600; 19.3 versions prior to 19.3R2 on MX Series, EX9200 Series, SRX4600. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1. 2021-07-15 not yet calculated CVE-2021-0290CONFIRM juniper_networks — junos_os When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command “show interfaces <> extensive” and review the output. See further details below. An example output is: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ <<< incorrect if user ARP Policer was applied on an AE interface and the default ARP Policer is displayed Policer: Input: jtac-arp-ae5.317-inet-arp <<< correct if user ARP Policer was applied on an AE interface For all platforms, except SRX Series: This issue affects Juniper Networks Junos OS: All versions 5.6R1 and all later versions prior to 18.4 versions prior to 18.4R2-S9, 18.4R3-S9 with the exception of 15.1 versions 15.1R7-S10 and later versions; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; This issue does not affect Juniper Networks Junos OS versions prior to 5.6R1. On SRX Series this issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.4 versions prior to 19.4R3-S4; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect 18.4 versions prior to 18.4R1 on SRX Series. This issue does not affect Junos OS Evolved. 2021-07-15 not yet calculated CVE-2021-0289CONFIRM juniper_networks — junos_os A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacker to trigger a packet forwarding loop, leading to a partial Denial of Service (DoS). The issue is caused by DVMRP packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured. DVMRP packets received on a multi-homed ESI are sent to the peer, and then incorrectly forwarded out the same ESI, violating the split horizon rule. This issue only affects QFX10K Series switches, including the QFX10002, QFX10008, and QFX10016. Other products and platforms are unaffected by this vulnerability. This issue affects Juniper Networks Junos OS on QFX10K Series: 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 version 18.2R1 and later versions; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S9, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. 2021-07-15 not yet calculated CVE-2021-0295CONFIRM juniper_networks — junos_os An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP port 705 on the internal routing instance. External connections destined to port 705 should not be allowed. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS Evolved versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 13.2R1. 2021-07-15 not yet calculated CVE-2021-0291CONFIRM juniper_networks — junos_os A vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lifetime leads to a memory leak each time the CLI command ‘show system connections extensive’ is executed. The amount of memory leaked on each execution depends on the number of TCP connections from and to the system. Repeated execution will cause more memory to leak and eventually daemons that need to allocate additionally memory and ultimately the kernel to crash, which will result in traffic loss. Continued execution of this command will cause a sustained Denial of Service (DoS) condition. An administrator can use the following CLI command to monitor for increase in memory consumption of the netstat process, if it exists: [email protected]> show system processes extensive | match “username|netstat” PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 21181 root 100 0 5458M 4913M CPU3 2 0:59 97.27% netstat The following log message might be observed if this issue happens: kernel: %KERN-3: pid 21181 (netstat), uid 0, was killed: out of swap space This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R2-S8, 18.2R3-S7. 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2; This issue does not affect Juniper Networks Junos OS versions prior to 18.2R1. 2021-07-15 not yet calculated CVE-2021-0293CONFIRM juniper_networks — junos_os   A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and if “storm-control enhanced” is configured, can lead to the enhanced storm control filter group not be installed. It will cause storm control not to work hence allowing an attacker to cause high CPU usage or packet loss issues by sending a large amount of broadcast or unknown unicast packets arriving the device. This issue affects Juniper Networks QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, EX4600, and EX4650, and QFX5100 with QFX 5e Series image installed. QFX5130 and QFX5220 are not affected from this issue. This issue affects Juniper Networks Junos OS 18.4R2-S5 on QFX5000 Series and EX4600 Series. No other product or platform is affected by this vulnerability. 2021-07-15 not yet calculated CVE-2021-0294CONFIRM juniper_networks — junos_os   An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS), or may lead to remote code execution (RCE). Continued receipt and processing of these frames, sent from the local broadcast domain, will repeatedly crash the l2cpd process and sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved versions prior to 20.4R2-EVO. 2021-07-15 not yet calculated CVE-2021-0277CONFIRM juniper_networks — junos_os   A vulnerability in the processing of specific MPLS packets in Juniper Networks Junos OS on MX Series and EX9200 Series devices with Trio-based MPCs (Modular Port Concentrators) may cause FPC to crash and lead to a Denial of Service (DoS) condition. Continued receipt of this packet will sustain the Denial of Service (DoS) condition. This issue only affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2; 2021-07-15 not yet calculated CVE-2021-0288CONFIRM juniper_networks — junos_os   In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Networks Junos OS and Junos OS Evolved devices, configured with ISIS Flexible Algorithm for Segment Routing and sensor-based statistics, a flap of a ISIS link in the network, can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued link flaps will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 19.4 versions prior to 19.4R1-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R2; Juniper Networks Junos OS Evolved: 20.3-EVO versions prior to 20.3R2-EVO; 20.4-EVO versions prior to 20.4R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO. 2021-07-15 not yet calculated CVE-2021-0287CONFIRM juniper_networks — junos_os   On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing process daemon (RPD) to crash and restart, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R2-S2-EVO. 2021-07-15 not yet calculated CVE-2021-0281CONFIRM juniper_networks — junos_os   An uncontrolled resource consumption vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series switches allows an attacker sending large amounts of legitimate traffic destined to the device to cause Interchassis Control Protocol (ICCP) interruptions, leading to an unstable control connection between the Multi-Chassis Link Aggregation Group (MC-LAG) nodes which can in turn lead to traffic loss. Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. An indication that the system could be impacted by this issue is the following log message: “DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for protocol/exception LOCALNH:aggregate exceeded its allowed bandwidth at fpc <fpc number> for <n> times, started at <timestamp>” This issue affects Juniper Networks Junos OS on QFX5000 Series and EX4600 Series: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S7; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R1-S1, 20.4R2. 2021-07-15 not yet calculated CVE-2021-0285CONFIRM juniper_networks — junos_os   A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut down as a result of these sent packets. A potential indicator of compromise will be the following message in the log files: “eventd[13955]: SYSTEM_ABNORMAL_SHUTDOWN: System abnormally shut down” These issue are only triggered by traffic destined to the device. Transit traffic will not trigger these issues. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 16.1 version 16.1R1 and later versions; 16.2 version 16.2R1 and later versions; 17.1 version 17.1R1 and later versions; 17.2 version 17.2R1 and later versions; 17.3 version 17.3R1 and later versions; 18.1 versions prior to 18.1R3-S13; 18.2 version 18.2R1 and later versions; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior ot 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; 21.2 versions prior to 21.2R2. 2021-07-15 not yet calculated CVE-2021-0283CONFIRM juniper_networks — junos_os   Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected beyond the default DDoS (Distributed Denial of Service) settings in the Packet Forwarding Engine (PFE). This may cause BFD sessions to flap when a high rate of specific packets are received. Flapping of BFD sessions in turn may impact routing protocols and network stability, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only the following platforms with Paradise (PE) chipset-based line cards: PTX1000, PTX3000 (NextGen), PTX5000, PTX10008, PTX10016 Series and QFX10002 Series. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R3-S5 on PTX Series, QFX10K Series; 18.2 versions prior to 18.2R3-S8 on PTX Series, QFX10K Series; 18.3 versions prior to 18.3R3-S5 on PTX Series, QFX10K Series; 18.4 versions prior to 18.4R2-S8 on PTX Series, QFX10K Series; 19.1 versions prior to 19.1R3-S5 on PTX Series, QFX10K Series; 19.2 versions prior to 19.2R3-S2 on PTX Series, QFX10K Series; 19.3 versions prior to 19.3R3-S2 on PTX Series, QFX10K Series; 19.4 versions prior to 19.4R3-S2 on PTX Series, QFX10K Series; 20.1 versions prior to 20.1R3 on PTX Series, QFX10K Series; 20.2 versions prior to 20.2R2-S3, 20.2R3 on PTX Series, QFX10K Series; 20.3 versions prior to 20.3R2 on PTX Series, QFX10K Series; 20.4 versions prior to 20.4R2 on PTX Series, QFX10K Series. 2021-07-15 not yet calculated CVE-2021-0280CONFIRM juniper_networks — junos_os   An Uncontrolled Resource Consumption vulnerability in the ARP daemon (arpd) and Network Discovery Protocol (ndp) process of Juniper Networks Junos OS Evolved allows a malicious attacker on the local network to consume memory resources, ultimately resulting in a Denial of Service (DoS) condition. Link-layer functions such as IPv4 and/or IPv6 address resolution may be impacted, leading to traffic loss. The processes do not recover on their own and must be manually restarted. Changes in memory usage can be monitored using the following shell commands (header shown for clarity): [email protected]:/var/log# ps aux | grep arpd USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 31418 59.0 0.7 *5702564* 247952 ? xxx /usr/sbin/arpd –app-name arpd -I object_select –shared-objects-mode 3 [email protected]:/var/log# ps aux | grep arpd USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 31418 49.1 1.0 *5813156* 351184 ? xxx /usr/sbin/arpd –app-name arpd -I object_select –shared-objects-mode 3 Memory usage can be monitored for the ndp process in a similar fashion: [email protected]:/var/log# ps aux | grep ndp USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 14935 0.0 0.1 *5614052* 27256 ? Ssl Jun15 0:17 /usr/sbin/ndp -I no_tab_chk,object_select –app-name ndp –shared-obje [email protected]:/var/log# ps aux | grep ndp USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 14935 0.0 0.1 *5725164* 27256 ? Ssl Jun15 0:17 /usr/sbin/ndp -I no_tab_chk,object_select –app-name ndp –shared-obje This issue affects Juniper Networks Junos OS Evolved: 19.4 versions prior to 19.4R2-S3-EVO; 20.1 versions prior to 20.1R2-S4-EVO; all versions of 20.2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.4R2-EVO. 2021-07-15 not yet calculated CVE-2021-0292CONFIRM juniper_networks — sbr_carrier   A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier with EAP (Extensible Authentication Protocol) authentication configured, allows an attacker sending specific packets causing the radius daemon to crash resulting with a Denial of Service (DoS) or leading to remote code execution (RCE). By continuously sending this specific packets, an attacker can repeatedly crash the radius daemon, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R19; 8.5.0 versions prior to 8.5.0R10; 8.6.0 versions prior to 8.6.0R4. 2021-07-15 not yet calculated CVE-2021-0276CONFIRM lenovo — multiple_products   Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage. 2021-07-16 not yet calculated CVE-2021-3453MISC lenovo — notebook   A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage. 2021-07-16 not yet calculated CVE-2021-3614MISC lenovo — pcmanager   A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation. 2021-07-16 not yet calculated CVE-2021-3550MISC lexmark — printer_software_installation_packages   The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path. 2021-07-14 not yet calculated CVE-2021-35469MISCMISC libvips — libvips   Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85. 2021-07-15 not yet calculated CVE-2021-27847MISC magicmotion — flamingo_2 The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications. 2021-07-15 not yet calculated CVE-2020-12731MISC magicmotion — flamingo_2   MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors. 2021-07-15 not yet calculated CVE-2020-12729MISC magicmotion — flamingo_2   MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. 2021-07-15 not yet calculated CVE-2020-12730MISC mendix — mendix   A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0). Write access checks of attributes of an object could be bypassed, if user has a write permissions to the first attribute of this object. 2021-07-13 not yet calculated CVE-2021-33718CONFIRM micronaut — micronaut   Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using “/../../” in the URL. This occurs because Micronaut does not restrict file access to configured paths. The vulnerability is patched in version 2.5.9. As a workaround, do not use `**` in mapping, use only `*`, which exposes only flat structure of a directory not allowing traversal. If using Linux, another workaround is to run micronaut in chroot. 2021-07-16 not yet calculated CVE-2021-32769CONFIRMMISC microsoft — defender   Microsoft Defender Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34464. 2021-07-14 not yet calculated CVE-2021-34522MISC microsoft — directwrite DirectWrite Remote Code Execution Vulnerability 2021-07-14 not yet calculated CVE-2021-34489MISC microsoft — dynamics   Dynamics Business Central Remote Code Execution Vulnerability 2021-07-14 not yet calculated CVE-2021-34474MISC microsoft — excel   Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34518. 2021-07-14 not yet calculated CVE-2021-34501MISC microsoft — excel   Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34501. 2021-07-14 not yet calculated CVE-2021-34518MISC microsoft — exchange   Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34523. 2021-07-14 not yet calculated CVE-2021-34470MISC microsoft — exchange   Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. 2021-07-14 not yet calculated CVE-2021-34473MISC microsoft — exhange   Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34470. 2021-07-14 not yet calculated CVE-2021-34523MISC microsoft — office   Microsoft Office Security Feature Bypass Vulnerability 2021-07-14 not yet calculated CVE-2021-34469MISC microsoft — office   Microsoft Office Online Server Spoofing Vulnerability 2021-07-16 not yet calculated CVE-2021-34451MISC microsoft — sharepoint   Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34467, CVE-2021-34468. 2021-07-14 not yet calculated CVE-2021-34520MISC microsoft — sharepoint   Microsoft SharePoint Server Information Disclosure Vulnerability 2021-07-14 not yet calculated CVE-2021-34519MISC microsoft — sharepoint   Microsoft SharePoint Server Spoofing Vulnerability 2021-07-14 not yet calculated CVE-2021-34517MISC microsoft — sharepoint   Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34467, CVE-2021-34520. 2021-07-14 not yet calculated CVE-2021-34468MISC microsoft — sharepoint   Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34468, CVE-2021-34520. 2021-07-16 not yet calculated CVE-2021-34467MISC microsoft — thinkpad   A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2021-07-16 not yet calculated CVE-2021-3452MISC microsoft — visual_studio Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability 2021-07-14 not yet calculated CVE-2021-34477MISC microsoft — visual_studio Microsoft Visual Studio Spoofing Vulnerability 2021-07-14 not yet calculated CVE-2021-34479MISC microsoft — visual_studio   Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34528. 2021-07-14 not yet calculated CVE-2021-34529MISC microsoft — visual_studio   Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34529. 2021-07-14 not yet calculated CVE-2021-34528MISC microsoft — win32k   Win32k Information Disclosure Vulnerability 2021-07-14 not yet calculated CVE-2021-34491MISC microsoft — win32k   Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34516. 2021-07-16 not yet calculated CVE-2021-34449MISC microsoft — win32k   Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34449. 2021-07-14 not yet calculated CVE-2021-34516MISC microsoft — windows Windows Remote Access Connection Manager Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-33763, CVE-2021-34457. 2021-07-16 not yet calculated CVE-2021-34454MISC microsoft — windows Windows Remote Access Connection Manager Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-33763, CVE-2021-34454. 2021-07-16 not yet calculated CVE-2021-34457MISC microsoft — windows Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34497. 2021-07-16 not yet calculated CVE-2021-34447MISC microsoft — windows Scripting Engine Memory Corruption Vulnerability 2021-07-16 not yet calculated CVE-2021-34448MISC microsoft — windows Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-33745, CVE-2021-34442, CVE-2021-34499. 2021-07-16 not yet calculated CVE-2021-34444MISC microsoft — windows Windows GDI Information Disclosure Vulnerability 2021-07-14 not yet calculated CVE-2021-34496MISC microsoft — windows Windows Certificate Spoofing Vulnerability 2021-07-14 not yet calculated CVE-2021-34492MISC microsoft — windows Windows Kernel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34508. 2021-07-16 not yet calculated CVE-2021-34458MISC microsoft — windows Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability 2021-07-16 not yet calculated CVE-2021-34461MISC microsoft — windows Microsoft Windows Media Foundation Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34439, CVE-2021-34503. 2021-07-16 not yet calculated CVE-2021-34441MISC microsoft — windows Microsoft Windows Media Foundation Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34441, CVE-2021-34503. 2021-07-16 not yet calculated CVE-2021-34439MISC microsoft — windows   Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33751, CVE-2021-34510, CVE-2021-34512, CVE-2021-34513. 2021-07-16 not yet calculated CVE-2021-34460MISC microsoft — windows   GDI+ Information Disclosure Vulnerability 2021-07-16 not yet calculated CVE-2021-34440MISC microsoft — windows   Windows HTML Platforms Security Feature Bypass Vulnerability 2021-07-16 not yet calculated CVE-2021-34446MISC microsoft — windows   Windows File History Service Elevation of Privilege Vulnerability 2021-07-16 not yet calculated CVE-2021-34455MISC microsoft — windows   Windows Remote Access Connection Manager Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33761, CVE-2021-33773, CVE-2021-34445. 2021-07-16 not yet calculated CVE-2021-34456MISC microsoft — windows   Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-33745, CVE-2021-34444, CVE-2021-34499. 2021-07-16 not yet calculated CVE-2021-34442MISC microsoft — windows   Microsoft Defender Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34522. 2021-07-16 not yet calculated CVE-2021-34464MISC microsoft — windows   Windows Print Spooler Elevation of Privilege Vulnerability 2021-07-16 not yet calculated CVE-2021-34481MISC microsoft — windows   Windows AppX Deployment Extensions Elevation of Privilege Vulnerability 2021-07-16 not yet calculated CVE-2021-34462MISC microsoft — windows   Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-31183, CVE-2021-33772. 2021-07-14 not yet calculated CVE-2021-34490MISC microsoft — windows   Windows Console Driver Elevation of Privilege Vulnerability 2021-07-14 not yet calculated CVE-2021-34488MISC microsoft — windows   Windows Partition Management Driver Elevation of Privilege Vulnerability 2021-07-14 not yet calculated CVE-2021-34493MISC microsoft — windows   Bowser.sys Denial of Service Vulnerability 2021-07-14 not yet calculated CVE-2021-34476MISC microsoft — windows   Windows AppContainer Elevation Of Privilege Vulnerability 2021-07-16 not yet calculated CVE-2021-34459MISC microsoft — windows   Windows Hello Security Feature Bypass Vulnerability 2021-07-16 not yet calculated CVE-2021-34466MISC microsoft — windows   Windows Font Driver Host Remote Code Execution Vulnerability 2021-07-16 not yet calculated CVE-2021-34438MISC microsoft — windows   Windows Remote Access Connection Manager Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33761, CVE-2021-33773, CVE-2021-34456. 2021-07-16 not yet calculated CVE-2021-34445MISC microsoft — windows   Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34525. 2021-07-14 not yet calculated CVE-2021-34494MISC microsoft — windows   Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33751, CVE-2021-34460, CVE-2021-34510, CVE-2021-34513. 2021-07-14 not yet calculated CVE-2021-34512MISC microsoft — windows   Windows GDI Elevation of Privilege Vulnerability 2021-07-14 not yet calculated CVE-2021-34498MISC microsoft — windows   Windows Hyper-V Remote Code Execution Vulnerability 2021-07-16 not yet calculated CVE-2021-34450MISC microsoft — windows   Windows MSHTML Platform Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34447. 2021-07-14 not yet calculated CVE-2021-34497MISC microsoft — windows   Windows Kernel Memory Information Disclosure Vulnerability 2021-07-14 not yet calculated CVE-2021-34500MISC microsoft — windows   Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33751, CVE-2021-34460, CVE-2021-34510, CVE-2021-34512. 2021-07-14 not yet calculated CVE-2021-34513MISC microsoft — windows   Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34494. 2021-07-14 not yet calculated CVE-2021-34525MISC microsoft — windows   Raw Image Extension Remote Code Execution Vulnerability 2021-07-14 not yet calculated CVE-2021-34521MISC microsoft — windows   Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-33745, CVE-2021-34442, CVE-2021-34444. 2021-07-14 not yet calculated CVE-2021-34499MISC microsoft — windows   Windows Address Book Remote Code Execution Vulnerability 2021-07-14 not yet calculated CVE-2021-34504MISC microsoft — windows   Windows Remote Assistance Information Disclosure Vulnerability 2021-07-14 not yet calculated CVE-2021-34507MISC microsoft — windows   Windows Kernel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34458. 2021-07-14 not yet calculated CVE-2021-34508MISC microsoft — windows   Storage Spaces Controller Information Disclosure Vulnerability 2021-07-14 not yet calculated CVE-2021-34509MISC microsoft — windows   Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33751, CVE-2021-34460, CVE-2021-34512, CVE-2021-34513. 2021-07-14 not yet calculated CVE-2021-34510MISC microsoft — windows   Windows Installer Elevation of Privilege Vulnerability 2021-07-14 not yet calculated CVE-2021-34511MISC microsoft — windows   Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31979, CVE-2021-33771. 2021-07-14 not yet calculated CVE-2021-34514MISC microsoft — windows   Microsoft Windows Media Foundation Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34439, CVE-2021-34441. 2021-07-14 not yet calculated CVE-2021-34503MISC microsoft — windows_server Windows LSA Denial of Service Vulnerability 2021-07-14 not yet calculated CVE-2021-33788MISC microsoft — windows_server   Windows LSA Security Feature Bypass Vulnerability 2021-07-14 not yet calculated CVE-2021-33786MISC microsoft — word Microsoft Word Remote Code Execution Vulnerability 2021-07-16 not yet calculated CVE-2021-34452MISC miktorik — routeros   Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). 2021-07-14 not yet calculated CVE-2020-20231MISCMISC mitsubishi — electric_air_conditioning_system   Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability. 2021-07-13 not yet calculated CVE-2021-20593MISCMISC mitsubishi — electric_air_conditioning_system   Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets. 2021-07-13 not yet calculated CVE-2021-20595MISCMISC nightscout — web_monitor Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via a crafted X-Forwarded-For header. 2021-07-16 not yet calculated CVE-2021-36755MISC ok-file-formats — ok-file-formats   A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. 2021-07-15 not yet calculated CVE-2020-23707MISC ok-file-formats — ok-file-formats   A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. 2021-07-15 not yet calculated CVE-2020-23706MISC palo_alto_networks — cortex_xdr   A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent. 2021-07-15 not yet calculated CVE-2021-3042MISC polipo — polipo   ** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1 allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-07-15 not yet calculated CVE-2020-36420MISCMISCMISC prisma — cloud_compute   A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552; Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439. 2021-07-15 not yet calculated CVE-2021-3043MISC radarorg — radare2-extras   A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks. 2021-07-14 not yet calculated CVE-2020-24133MISCMISCMISC rancher — rancher A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16. 2021-07-15 not yet calculated CVE-2021-25320CONFIRM rancher — rancher   A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16. 2021-07-15 not yet calculated CVE-2021-25318CONFIRM rancher — rancher   A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the “Impersonate-User” or “Impersonate-Group” headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16. 2021-07-15 not yet calculated CVE-2021-31999CONFIRM raonwiz — editor   An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted. 2021-07-14 not yet calculated CVE-2020-29157MISCMISC ruby — ruby   An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). 2021-07-13 not yet calculated CVE-2021-31810MISCMISC rust — sgx   In Rust SGX 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. 2021-07-14 not yet calculated CVE-2021-24117MISCMISCMISC rwg1.m12 — rwg1.m12   A vulnerability has been identified in RWG1.M12 (All versions < V1.16.16), RWG1.M12D (All versions < V1.16.16), RWG1.M8 (All versions < V1.16.16). Sending specially crafted ARP packets to an affected device could cause a partial denial-of-service, preventing the device to operate normally. A restart is needed to restore normal operations. 2021-07-13 not yet calculated CVE-2021-25671CONFIRM sap — netweaver   SAP NetWeaver AS ABAP and ABAP Platform, versions – KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low. 2021-07-14 not yet calculated CVE-2021-33684MISCMISC sap — web_dispatcher_and_internet_communication_manager   SAP Web Dispatcher and Internet Communication Manager (ICM), versions – KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc. 2021-07-14 not yet calculated CVE-2021-33683MISCMISC sharkdp — bat   sharkdp BAT before 0.18.2 executes less.exe from the current working directory. 2021-07-15 not yet calculated CVE-2021-36753MISCMISCMISCMISC siemens — multiple_products   A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), RUGGEDCOM RM1224 (All Versions < 6.4), SCALANCE M-800 (All Versions < 6.4), SCALANCE S615 (All Versions < 6.4), SCALANCE W1700 IEEE 802.11ac (All versions), SCALANCE W700 IEEE 802.11n (All versions), SCALANCE X200-4 P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT PRO (All Versions < V5.5.0), SCALANCE X202-2 IRT (All Versions < V5.5.0), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All Versions < V5.5.0), SCALANCE X202-2P IRT PRO (All Versions < V5.5.0), SCALANCE X204 IRT (All Versions < V5.5.0), SCALANCE X204 IRT PRO (All Versions < V5.5.0), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (incl. SIPLUS NET variant) (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE X302-7EEC (All versions), SCALANCE X304-2FE (All versions), SCALANCE X306-1LDFE (All versions), SCALANCE X307-2EEC (All versions), SCALANCE X307-3 (All versions), SCALANCE X307-3LD (All versions), SCALANCE X308-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X308-2LD (All versions), SCALANCE X308-2LH (All versions), SCALANCE X308-2LH+ (All versions), SCALANCE X308-2M (All versions), SCALANCE X308-2M POE (All versions), SCALANCE X308-2M TS (All versions), SCALANCE X310 (All versions), SCALANCE X310FE (All versions), SCALANCE X320-1FE (All versions), SCALANCE X320-3LDFE (All versions), SCALANCE XB-200 (All versions), SCALANCE XC-200 (All versions), SCALANCE XF-200BA (All versions), SCALANCE XF201-3P IRT (All Versions < V5.5.0), SCALANCE XF202-2P IRT (All Versions < V5.5.0), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All Versions < V5.5.0), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All Versions < V5.5.0), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions), SCALANCE XM400 (All versions < V6.3.1), SCALANCE XP-200 (All versions), SCALANCE XR-300WG (All versions), SCALANCE XR324-12M (All versions), SCALANCE XR324-12M TS (All versions), SCALANCE XR324-4M EEC (All versions), SCALANCE XR324-4M POE (All versions), SCALANCE XR324-4M POE TS (All versions), SCALANCE XR500 (All versions < V6.3.1), SIMATIC CFU PA (All versions), SIMATIC IE/PB-LINK V3 (All versions), SIMATIC MV500 family (All versions < V3.0), SIMATIC NET CM 1542-1 (All versions), SIMATIC NET CP1616/CP1604 (All Versions >= V2.7), SIMATIC NET CP1626 (All versions), SIMATIC NET DK-16xx PN IO (All Versions >= V2.7), SIMATIC PROFINET Driver (All versions), SIMATIC Power Line Booster PLB, Base Module (MLFB: 6ES7972-5AA10-0AB0) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All Versions < V4.5), SIMOCODE proV Ethernet/IP (All versions < V1.1.3), SIMOCODE proV PROFINET (All versions < V2.1.3), SOFTNET-IE PNIO (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device. 2021-07-13 not yet calculated CVE-2020-28400CONFIRM siemens — sinumerik   A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario. 2021-07-13 not yet calculated CVE-2021-31892CONFIRM siemens —  simatic_pcs A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions). A directory containing metafiles relevant to devices’ configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software. 2021-07-13 not yet calculated CVE-2021-31894CONFIRM siemens —  simatic_pcs   A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution. 2021-07-13 not yet calculated CVE-2021-31893CONFIRM siemens — multiple_ruggedcomros_products   A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 (All versions < V4.3.7), RUGGEDCOM ROS RMC30 (All versions < V4.3.7), RUGGEDCOM ROS RMC40 (All versions < V4.3.7), RUGGEDCOM ROS RMC41 (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RP110 (All versions < V4.3.7), RUGGEDCOM ROS RS400 (All versions < V4.3.7), RUGGEDCOM ROS RS401 (All versions < V4.3.7), RUGGEDCOM ROS RS416 (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM ROS RS8000 (All versions < V4.3.7), RUGGEDCOM ROS RS8000A (All versions < V4.3.7), RUGGEDCOM ROS RS8000H (All versions < V4.3.7), RUGGEDCOM ROS RS8000T (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900G (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900GP (All versions < V4.3.7), RUGGEDCOM ROS RS900L (All versions < V4.3.7), RUGGEDCOM ROS RS900W (All versions < V4.3.7), RUGGEDCOM ROS RS910 (All versions < V4.3.7), RUGGEDCOM ROS RS910L (All versions < V4.3.7), RUGGEDCOM ROS RS910W (All versions < V4.3.7), RUGGEDCOM ROS RS920L (All versions < V4.3.7), RUGGEDCOM ROS RS920W (All versions < V4.3.7), RUGGEDCOM ROS RS930L (All versions < V4.3.7), RUGGEDCOM ROS RS930W (All versions < V4.3.7), RUGGEDCOM ROS RS940G (All versions < V4.3.7), RUGGEDCOM ROS RS969 (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2100 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2200 (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900C (All versions < V5.5.4), RUGGEDCOM ROS RSG900G V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900G V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900R (All versions < V5.5.4), RUGGEDCOM ROS RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSL910 (All versions < V5.5.4), RUGGEDCOM ROS RST2228 (All versions < V5.5.4), RUGGEDCOM ROS RST916C (All versions < V5.5.4), RUGGEDCOM ROS RST916P (All versions < V5.5.4), RUGGEDCOM ROS i800 (All versions < V4.3.7), RUGGEDCOM ROS i801 (All versions < V4.3.7), RUGGEDCOM ROS i802 (All versions < V4.3.7), RUGGEDCOM ROS i803 (All versions < V4.3.7). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution. 2021-07-13 not yet calculated CVE-2021-31895CONFIRM solarwinds — serv-u   Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability. 2021-07-14 not yet calculated CVE-2021-35211MISCMISC teamcenter — active_workspace   A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). By sending malformed requests, a remote attacker could leak an application token due to an error not properly handled by the system. 2021-07-13 not yet calculated CVE-2021-33709CONFIRM teamcenter — active_workspace   A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected devices that could allow an attacker to execute malicious JavaScript code by tricking users into accessing a malicious link. 2021-07-13 not yet calculated CVE-2021-33710CONFIRM teamcenter — active_workspace   A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). The affected application allows verbose error messages which allow leaking of sensitive information, such as full paths. 2021-07-13 not yet calculated CVE-2021-33711CONFIRM telegram — telegram   A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client. 2021-07-17 not yet calculated CVE-2021-36769MISC thinkcmf — thinkcmf   Cross Site Request Forgerly (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account. 2021-07-14 not yet calculated CVE-2020-18151MISC trusted_firmware_mbed — tls   In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. 2021-07-14 not yet calculated CVE-2021-24119MISCMISC unisys — stealth   Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run. 2021-07-15 not yet calculated CVE-2021-35056MISCCONFIRM uri.js — uri.js   URI.js is vulnerable to URL Redirection to Untrusted Site 2021-07-16 not yet calculated CVE-2021-3647MISCCONFIRM varnish — cache   Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8. 2021-07-14 not yet calculated CVE-2021-36740MISCMISCMISCMISC wolfssl — wolfssl   In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. 2021-07-14 not yet calculated CVE-2021-24116MISCCONFIRM wuwire — wuwire   MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL with an HTML image tag and the MuWire client would try to fetch that image via clearnet, thus exposing the IP address of the user. The problem is fixed in MuWire 0.8.8. As a workaround, users can disable messaging functionality to prevent other users from sending them malicious messages. 2021-07-15 not yet calculated CVE-2021-32750CONFIRM ysoft — safeq   Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream. 2021-07-14 not yet calculated CVE-2021-31859MISCMISC zoho_manageengine — admanager_plus   Zoho ManageEngine ADManager Plus before 7110 allows remote code execution. 2021-07-17 not yet calculated CVE-2021-33911MISC zoho_manageengine — admanager_plus   Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. 2021-07-17 not yet calculated CVE-2021-36771MISC zoho_manageengine — admanager_plus   Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. 2021-07-17 not yet calculated CVE-2021-36772MISC zscaler — client_connector   The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges. 2021-07-15 not yet calculated CVE-2020-11633MISC zscaler — client_connector   The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. 2021-07-15 not yet calculated CVE-2020-11632MISC zscaler — client_connector   The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context. 2021-07-15 not yet calculated CVE-2020-11634MISC Back to top This product is provided subject to this Notification and this Privacy & Use policy.

  • Vulnerability Summary for the Week of July 5, 2021
    by CISA on July 12, 2021 at 12:18 pm

    Original release date: July 12, 2021  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info artware_cms_project — artware_cms ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly. 2021-07-07 7.5 CVE-2021-32538CONFIRM beardev — joomsport The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could, which might lead to more severe issues such as RCE 2021-07-06 7.5 CVE-2021-24384CONFIRM commscope — ruckus_iot_controller An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access. 2021-07-07 10 CVE-2021-33218MISCMISC commscope — ruckus_iot_controller An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root. 2021-07-07 9 CVE-2021-33217MISCMISC commscope — ruckus_iot_controller An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints. 2021-07-07 7.5 CVE-2021-33221MISCMISC commscope — ruckus_iot_controller An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts. 2021-07-07 7.5 CVE-2021-33219MISCMISC commscope — ruckus_iot_controller An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account. 2021-07-07 7.5 CVE-2021-33216MISCMISC djangoproject — django Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. 2021-07-02 7.5 CVE-2021-35042MISCCONFIRMMISCCONFIRM just-safe-set_project — just-safe-set Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution. 2021-07-07 7.5 CVE-2021-25952MISCMISC kaseya — vsa Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. 2021-07-09 7.5 CVE-2021-30116MISCMISCMISC mediawiki — mediawiki An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented. 2021-07-02 7.5 CVE-2021-36128MISCMISCMISC mediawiki — mediawiki An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This would result in a fatal error, and potentially fail to block or restrict a potentially nefarious user. 2021-07-02 7.5 CVE-2021-36126MISCMISC microsoft — windows_10 Windows Print Spooler Remote Code Execution Vulnerability 2021-07-02 9 CVE-2021-34527MISC ninjateam — video_downloader_for_tiktok Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hosts and execute command on services 2021-07-07 7.5 CVE-2020-24142MISC phplist — phplist Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution 2021-07-06 7.5 CVE-2020-22249MISC profilepress — wp-user-avatar A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 – 3.1.3. . 2021-07-07 7.5 CVE-2021-34624MISC profilepress — wp-user-avatar A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 – 3.1.3. . 2021-07-07 7.5 CVE-2021-34621MISC profilepress — wp-user-avatar A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 – 3.1.3. . 2021-07-07 7.5 CVE-2021-34623MISC qsan — sanos Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands. 2021-07-07 7.5 CVE-2021-32529CONFIRM qsan — sanos The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. 2021-07-07 7.5 CVE-2021-32533CONFIRM qsan — sanos QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. 2021-07-07 7.5 CVE-2021-32534CONFIRM qsan — sanos The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. 2021-07-07 7.5 CVE-2021-32535CONFIRM qsan — sanos Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. 2021-07-07 7.5 CVE-2021-32521CONFIRM qsan — storage_manager The same hard-coded password in QSAN Storage Manager’s in the firmware allows remote attackers to access the control interface with the administrator’s credential, entering the hard-coded password of the debug mode to execute the restricted system instructions. 2021-07-07 9 CVE-2021-32525CONFIRM qsan — storage_manager Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. 2021-07-07 7.5 CVE-2021-32520CONFIRM qsan — storage_manager QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. 2021-07-07 7.5 CVE-2021-32512CONFIRM qsan — storage_manager QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. 2021-07-07 7.5 CVE-2021-32513CONFIRM qsan — xevo OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter. 2021-07-07 7.5 CVE-2021-32530CONFIRM qsan — xevo OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands without permissions. 2021-07-07 7.5 CVE-2021-32531CONFIRM record-like-deep-assign_project — record-like-deep-assign All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. 2021-07-02 7.5 CVE-2021-23402CONFIRMCONFIRM splinterware — system_scheduler Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service ‘WindowsScheduler’ calls its executable. This allow a non-privileged user to execute arbitrary code with elevated privileges (system level privileges as “nt authority\system”) since the service runs as Local System. 2021-07-06 7.2 CVE-2021-31771MISCMISCMISC stockware — motor Lack of authentication or validation in motor_load_more, motor_gallery_load_more, motor_quick_view and motor_project_quick_view AJAX handlers of the Motor WordPress theme before 3.1.0 allows an unauthenticated attacker access to arbitrary files in the server file system, and to execute arbitrary php scripts found on the server file system. We found no vulnerability for uploading files with this theme, so any scripts to be executed must already be on the server file system. 2021-07-06 7.5 CVE-2021-24375MISCCONFIRM ts-nodash_project — ts-nodash All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input. 2021-07-02 7.5 CVE-2021-23403MISCMISC zyxel — usg1900_firmware An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device. 2021-07-02 7.5 CVE-2021-35029MISC Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info accusoft — imagegear An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2021-07-07 6.8 CVE-2021-21807MISC alpinelinux — aports In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used. 2021-07-05 4.3 CVE-2021-36158MISC apache — druid In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. 2021-07-02 4 CVE-2021-26920MISCMLISTMLIST apache — jena_fuseki A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive). 2021-07-05 4.3 CVE-2021-33192MISC chimpgroup — foodbakery The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability. 2021-07-06 4.3 CVE-2021-24389CONFIRM cminds — cm_download_manager Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action. 2021-07-07 4.3 CVE-2020-24145MISCMISC codemiq — wordpress_email_template_designer Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer – WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2021-07-07 6.8 CVE-2021-20779MISCMISCMISC commscope — ruckus_iot_controller An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal. 2021-07-07 4 CVE-2021-33215MISCMISC commscope — ruckus_iot_controller An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist. 2021-07-07 4.6 CVE-2021-33220MISCMISC contempothemes — real_estate_7 The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticated or authenticated user context 2021-07-06 4.3 CVE-2021-24387CONFIRMMISC deltaww — dopsoft Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. 2021-07-02 4.3 CVE-2021-27455MISC deltaww — dopsoft Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. 2021-07-02 6.8 CVE-2021-27412MISC elecom — wrc-300febk_firmware WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors. 2021-07-07 5.8 CVE-2021-20739MISCMISC export_users_with_meta_project — export_users_with_meta The Export Users With Meta WordPress plugin before 0.6.5 did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an authenticated SQL Injection. 2021-07-06 6.5 CVE-2021-24451CONFIRM flask-user_project — flask-user This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using ‘autocorrect_location_header=False. 2021-07-05 5.8 CVE-2021-23401MISCMISCMISC fluentforms — contact_form The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions 2021-07-07 6.8 CVE-2021-34620MISCMISC fortinet — fortiauthenticator Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key. 2021-07-06 5 CVE-2021-24005CONFIRM gitlab — gitlab A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim 2021-07-07 4.3 CVE-2021-22224MISCCONFIRMMISC gitlab — gitlab An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details 2021-07-07 4 CVE-2021-22233MISCCONFIRM gitlab — gitlab Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link 2021-07-06 4.3 CVE-2021-22223CONFIRMMISCMISC gitlab — gitlab A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it 2021-07-07 4.3 CVE-2021-22227MISCCONFIRMMISC gitlab — gitlab An issue has been discovered in GitLab affecting all versions. Improper access control allows unauthorised users to access project details using Graphql. 2021-07-06 4 CVE-2021-22228CONFIRMMISCMISC gitlab — gitlab Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2. 2021-07-07 6.5 CVE-2021-22230MISCCONFIRM gitlab — gitlab Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 2021-07-06 4.9 CVE-2021-22226MISCCONFIRM gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member. 2021-07-06 4.3 CVE-2021-22229MISCCONFIRM gitlab — gitlab A denial of service in user’s profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. 2021-07-07 4 CVE-2021-22231MISCMISCCONFIRM google — chrome Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-07-02 6.8 CVE-2021-30556MISCMISCGENTOO google — chrome Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-07-02 6.8 CVE-2021-30557MISCMISCGENTOO google — chrome Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture. 2021-07-02 6.8 CVE-2021-30555MISCMISCGENTOO google — chrome Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-07-02 6.8 CVE-2021-30554MISCMISCGENTOO gvectors — wpforo_forum The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands) 2021-07-06 5.8 CVE-2021-24406CONFIRM ibm — guardium_data_encryption IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711. 2021-07-07 5 CVE-2021-20379CONFIRMXF ibm — guardium_data_encryption IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217. 2021-07-07 5 CVE-2021-20415CONFIRMXF ibm — guardium_data_encryption IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218. 2021-07-07 5 CVE-2021-20416CONFIRMXF ibm — guardium_data_encryption IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219 2021-07-07 4 CVE-2021-20417CONFIRMXF ibm — guardium_data_encryption IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709. 2021-07-07 6.5 CVE-2021-20378CONFIRMXF icewarp — webclient Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the “p4” field. 2021-07-07 4.3 CVE-2020-25925MISC izsoft — easy_cookies_policy The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users can’t register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in all pages of the frontend and the backend settings one, leading to a Stored Cross-Site Scripting issue. 2021-07-06 4 CVE-2021-24405CONFIRM j2global — myfax myFax version 229 logs sensitive information in the export log module which allows any user to access critical information. 2021-07-07 4 CVE-2020-24038MISCMISC joomla — joomla\! An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability. 2021-07-07 4.3 CVE-2021-26035MISC joomla — joomla\! An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability. 2021-07-07 4.3 CVE-2021-26039MISC joomla — joomla\! An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table. 2021-07-07 5 CVE-2021-26036MISC joomla — joomla\! An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user’s password was changed or the user was blocked. 2021-07-07 5 CVE-2021-26037MISC joomla — joomla\! An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already. 2021-07-07 4.3 CVE-2021-26038MISC linux — acrn ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer. 2021-07-02 5 CVE-2021-36146MISC linux — acrn ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference. 2021-07-02 5 CVE-2021-36143MISC linux — acrn An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL pointer dereference for vq->used. 2021-07-02 5 CVE-2021-36147MISC linux — acrn The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/*.c. 2021-07-02 5 CVE-2021-36144MISC linux — acrn The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry. 2021-07-02 5 CVE-2021-36145MISC linux — acrn An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer overflow. 2021-07-02 6.8 CVE-2021-36148MISC linux — linux_kernel A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space 2021-07-07 4.6 CVE-2021-22555MISCMISCMISC media_file_organizer_project — media_file_organizer Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move operation. 2021-07-07 5 CVE-2020-24144MISCMISC mediawiki — mediawiki An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups’ metadata. 2021-07-02 4 CVE-2021-36129MISCMISC mediawiki — mediawiki An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user’s current username is beyond an arbitrary maximum configuration value (MaxNameChars). 2021-07-02 5 CVE-2021-36125MISCMISC mediawiki — mediawiki An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden). 2021-07-02 4 CVE-2021-36127MISCMISC mediawiki — mediawiki In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a “sitewide block” applied, it is able to still “purge” pages through the MediaWiki Action API (which a “sitewide block” should have prevented). 2021-07-02 5 CVE-2021-35197CONFIRMMISC mediawiki — mediawiki An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform. 2021-07-02 6 CVE-2021-36132MISCMISC mikrotik — routeros Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. 2021-07-07 4 CVE-2020-20225MISCFULLDISC mikrotik — routeros Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). 2021-07-07 4 CVE-2020-20216MISCMISC mikrotik — routeros Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. 2021-07-07 4 CVE-2020-20215MISCMISC mikrotik — routeros Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. 2021-07-07 4 CVE-2020-20213MISCMISC mikrotik — routeros Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). 2021-07-07 4 CVE-2020-20212MISCMISC mikrotik — routeros Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. 2021-07-07 4 CVE-2020-20211MISCMISC misp — misp app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. 2021-07-07 4.3 CVE-2021-36212MISCMISC mooveagency — import_xml_and_rss_feeds Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. 2021-07-07 6.4 CVE-2020-24148MISCMISC ninja — video_downloader_for_tiktok Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter. 2021-07-07 5 CVE-2020-24143MISC ninjarmm — ninjarmm The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. 2021-07-07 4.6 CVE-2021-26273MISCMISCMISC nsa — emissary Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDirectoryAction` endpoint are vulnerable to SSRF. This vulnerability may lead to credential leaks. Emissary version 7.0 contains a patch. As a workaround, disable network access to Emissary from untrusted sources. 2021-07-02 6.5 CVE-2021-32639CONFIRMMISCMISC openvpn — connect OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe). 2021-07-02 4.4 CVE-2021-3613MISC openvpn — openvpn OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe). 2021-07-02 4.4 CVE-2021-3606MISCMISC pexip — pexip_infinity Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service). 2021-07-07 5 CVE-2020-25868MISCCONFIRM pexip — pexip_infinity Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface. 2021-07-07 5 CVE-2021-31925MISCCONFIRM php-fusion — php-fusion An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user. 2021-07-02 5.5 CVE-2020-23178MISC php-fusion — php-fusion The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel. 2021-07-02 4.9 CVE-2020-23182MISC profilepress — wp-user-avatar A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 – 3.1.3. . 2021-07-07 6.5 CVE-2021-34622MISC pywin32_project — pywin32 An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process. 2021-07-06 4 CVE-2021-32559MISCMISC qsan — sanos Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. 2021-07-07 5 CVE-2021-32522CONFIRM qsan — sanos Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash. 2021-07-07 5 CVE-2021-32519CONFIRM qsan — storage_manager Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device. 2021-07-07 5 CVE-2021-32514CONFIRM qsan — storage_manager Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function. 2021-07-07 5 CVE-2021-32527CONFIRM qsan — storage_manager Observable behavioral discrepancy vulnerability in QSAN Storage Manager allows remote attackers to obtain the system information without permissions. 2021-07-07 5 CVE-2021-32528CONFIRM qsan — storage_manager Command injection vulnerability in QSAN Storage Manager allows remote privileged users to execute arbitrary commands. 2021-07-07 6.5 CVE-2021-32524CONFIRM qsan — storage_manager A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files. 2021-07-07 5 CVE-2021-32518CONFIRM qsan — storage_manager Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. 2021-07-07 4 CVE-2021-32507CONFIRM qsan — storage_manager Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function. 2021-07-07 5 CVE-2021-32517CONFIRM qsan — storage_manager Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. 2021-07-07 4 CVE-2021-32506CONFIRM qsan — storage_manager Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. 2021-07-07 4 CVE-2021-32508CONFIRM qsan — storage_manager Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. 2021-07-07 4 CVE-2021-32509CONFIRM qsan — storage_manager QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter. 2021-07-07 4 CVE-2021-32510CONFIRM qsan — storage_manager QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary directories via the file path parameter. 2021-07-07 4 CVE-2021-32511CONFIRM qsan — storage_manager Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attackers to access arbitrary password files. 2021-07-07 4 CVE-2021-32526CONFIRM qsan — storage_manager Path traversal vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files. 2021-07-07 5 CVE-2021-32516CONFIRM qsan — storage_manager Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information. 2021-07-07 5 CVE-2021-32515CONFIRM qsan — storage_manager Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. 2021-07-07 6.5 CVE-2021-32523CONFIRM qsan — xevo Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files without permissions. 2021-07-07 5 CVE-2021-32532CONFIRM rocket.chat — rocket.chat The Rocket.Chat desktop application 2.17.11 opens external links without user interaction. 2021-07-05 5 CVE-2020-26763MISC sitasoftware — azurcms A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA. 2021-07-02 6.5 CVE-2021-27950MISCMISCMISCMISC smashing_project — smashing Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim’s computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment (e.g. if re-using internal URL’s for deploying, or cookies that are very permissive) private information may be retrieved by the attacker. 2021-07-06 4.3 CVE-2021-35440MISCMISCMISC tcl — tcl ** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crated file. NOTE: multiple third parties dispute the significance of this finding. 2021-07-05 6.8 CVE-2021-35331MISCMISCMISCMISC teradici — pcoip_management_console In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application. 2021-07-07 4.3 CVE-2021-35451MISCMISC tielabs — jannah The Jannah WordPress theme before 5.4.5 did not properly sanitize the ‘query’ POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability. 2021-07-06 4.3 CVE-2021-24407CONFIRM webkitgtk — webkitgtk A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. 2021-07-07 6.8 CVE-2021-21775MISC wp-currency — wordpress_currency_switcher Cross-site request forgery (CSRF) vulnerability in WPCS – WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2021-07-07 6.8 CVE-2021-20780MISCMISCMISC wp-downloadmanager_project — wp-download_manager Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute command on services 2021-07-07 5 CVE-2020-24141MISC wp-upload-restriction_project — wp-upload-restriction A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affects versions 2.2.3 and prior. 2021-07-07 4 CVE-2021-34626MISC zimbra — collaboration An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL via isredirect=1&redirectURL= in conjunction with the token data (e.g., a valid authtoken= value). 2021-07-02 5.8 CVE-2021-34807MISCMISCMISCMISC zimbra — collaboration An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against the whitelist of hosts Zimbra is allowed to proxy to (the zimbraProxyAllowedDomains setting). 2021-07-02 5.8 CVE-2021-35209MISCMISCMISCMISC zimbra — collaboration An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url. 2021-07-02 4.3 CVE-2021-35207MISCMISCMISCMISC zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. 2021-07-02 4.3 CVE-2021-31874MISC Back to top   Low Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info cmsmadesimple — cms_made_simple A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Search Text” field under the “Admin Search” module. 2021-07-02 3.5 CVE-2020-36412MISC cmsmadesimple — cms_made_simple A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Create a new Design” parameter under the “Designs” module. 2021-07-02 3.5 CVE-2020-36416MISC cmsmadesimple — cms_made_simple A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “URL (slug)” or “Extra” fields under the “Add Article” feature. 2021-07-02 3.5 CVE-2020-36414MISC cmsmadesimple — cms_made_simple A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Exclude these IP addresses from the “Site Down” status” parameter under the “Maintenance Mode” module. 2021-07-02 3.5 CVE-2020-36413MISC cmsmadesimple — cms_made_simple A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Path for the {page_image} tag:” or “Path for thumbnail field:” parameters under the “Content Editing Settings” module. 2021-07-02 3.5 CVE-2020-36411MISC cmsmadesimple — cms_made_simple A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Email address to receive notification of news submission” parameter under the “Options” module. 2021-07-02 3.5 CVE-2020-36410MISC cmsmadesimple — cms_made_simple A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Add Category” parameter under the “Categories” module. 2021-07-02 3.5 CVE-2020-36409MISC cmsmadesimple — cms_made_simple A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Add Shortcut” parameter under the “Manage Shortcuts” module. 2021-07-02 3.5 CVE-2020-36408MISC cmsmadesimple — cms_made_simple A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Create a new Stylesheet” parameter under the “Stylesheets” module. 2021-07-02 3.5 CVE-2020-36415MISC deliciousbrains — wp_offload_ses_lite The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard, such as the email’s id, subject and recipient, which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields, like the subject when filling a contact form for example. The XSS will be executed in the context of a logged in admin viewing the Activity tab of the plugin. 2021-07-06 3.5 CVE-2021-24494CONFIRM e4j — vikrentcar_car_rental_management_system In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the order. However, the field name is not sanitised or escaped before being output back in the page, leading to a stored Cross-Site Scripting issue. There is also no CSRF check done before saving the setting, allowing attackers to make a logged in admin set arbitrary Custom Fields, including one with XSS payload in it. 2021-07-06 3.5 CVE-2021-24388CONFIRM getkirby — kirby Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel’s `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can escalate their privileges if they get access to the Panel session of an admin user. Visitors without Panel access can use the attack vector if the site allows changing site data from a frontend form. Kirby 3.5.7 patches the vulnerability. As a partial workaround, site administrators can protect against attacks from visitors without Panel access by validating or sanitizing provided data from the frontend form. 2021-07-02 3.5 CVE-2021-32735CONFIRMMISC gitlab — gitlab HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE 2021-07-06 3.5 CVE-2021-22232CONFIRMMISCMISC gitlab — gitlab Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown 2021-07-07 3.5 CVE-2021-22225MISCCONFIRM irislink — irisnext Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers (1-click RCE). 2021-07-06 3.5 CVE-2021-27930MISCMISC issabel — pbx A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Name” or “Prefix” fields under the “Create New Rate” module. 2021-07-06 3.5 CVE-2021-34190MISCMISC kubiq — wp_svg_images The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3.4, the plugin restricted such upload to editors and admin, with an option to also allow author to do so. The description of the plugin has also been updated with a security warning as upload of such content is intended. 2021-07-06 3.5 CVE-2021-24386CONFIRM lavalite — lavalite A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “New” parameter. 2021-07-02 3.5 CVE-2020-36395MISC lavalite — lavalite A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “New” parameter. 2021-07-02 3.5 CVE-2020-36397MISC lavalite — lavalite A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “New” parameter. 2021-07-02 3.5 CVE-2020-36396MISC mediawiki — mediawiki An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users. 2021-07-02 3.5 CVE-2021-36130MISCMISC mediawiki — mediawiki An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users. 2021-07-02 3.5 CVE-2021-36131MISCMISC monstra — monstra_cms Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php. 2021-07-06 3.5 CVE-2020-23697MISC ninjarmm — ninjarmm The Agent in NinjaRMM 5.0.909 has Insecure Permissions. 2021-07-07 3.6 CVE-2021-26274MISCMISCMISC openexr — openexr There’s a flaw in OpenEXR’s ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. 2021-07-06 2.1 CVE-2021-3598MISC php-fusion — php-fusion A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Registration” field. 2021-07-02 3.5 CVE-2020-23184MISC php-fusion — php-fusion A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. 2021-07-02 3.5 CVE-2020-23185MISC php-fusion — php-fusion A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Manage Theme” field. 2021-07-02 3.5 CVE-2020-23181MISC php-fusion — php-fusion A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Site footer” field. 2021-07-02 3.5 CVE-2020-23179MISC phplist — phplist Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin. 2021-07-06 3.5 CVE-2020-22251MISC phplist — phplist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the “rule1” parameter under the “Bounce Rules” module. 2021-07-02 3.5 CVE-2020-36399MISC phplist — phplist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the “Campaign” field under the “Send a campaign” module. 2021-07-02 3.5 CVE-2020-36398MISC phplist — phplist A stored cross site scripting (XSS) vulnerability in the “Import Subscribers” feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. 2021-07-02 3.5 CVE-2020-23194MISC phplist — phplist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the “admin” parameter under the “Manage administrators” module. 2021-07-02 3.5 CVE-2020-23192MISC phplist — phplist A stored cross site scripting (XSS) vulnerability in the “Import emails” module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. 2021-07-02 3.5 CVE-2020-23190MISC sulu — sulu Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating. 2021-07-02 3.5 CVE-2021-32737CONFIRMMISC wp-upload-restriction_project — wp-upload-restriction A vulnerability in the saveCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to inject arbitrary web scripts. This issue affects versions 2.2.3 and prior. 2021-07-07 3.5 CVE-2021-34625MISC wp-upload-restriction_project — wp-upload-restriction A vulnerability in the getSelectedMimeTypesByRole function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to view custom extensions added by administrators. This issue affects versions 2.2.3 and prior. 2021-07-07 3.5 CVE-2021-34627MISC zimbra — collaboration An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document. 2021-07-02 3.5 CVE-2021-35208MISCMISCMISCMISC Back to top   Severity Not Yet Assigned Primary Vendor — Product Description Published CVSS Score Source & Patch Info a-stage.inc — sct-40cm01sr_and_at-40cm01sr Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet. 2021-07-07 not yet calculated CVE-2021-20776MISC accusoft — imagegear   An out-of-bounds write vulnerability exists in the TIF bits_per_sample processing functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2021-07-08 not yet calculated CVE-2021-21794MISC accusoft — imagegear   A stack-based buffer overflow vulnerability exists in the PDF process_fontname functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2021-07-08 not yet calculated CVE-2021-21821MISC accusoft — imagegear   An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2021-07-08 not yet calculated CVE-2021-21793MISC arcgis — server_manager   A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application. 2021-07-10 not yet calculated CVE-2021-29107CONFIRM arcgis — server_manager   A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. 2021-07-10 not yet calculated CVE-2021-29106CONFIRM aruba — clearpass_policy_manager A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2021-07-08 not yet calculated CVE-2021-34616MISC aruba — clearpass_policy_manager A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2021-07-08 not yet calculated CVE-2021-34614MISC aruba — clearpass_policy_manager   A remote denial of service (DoS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2021-07-08 not yet calculated CVE-2021-29152MISC aruba — clearpass_policy_manager   A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2021-07-08 not yet calculated CVE-2021-29151MISC aruba — clearpass_policy_manager   A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2021-07-08 not yet calculated CVE-2021-29150MISC aruba — clearpass_policy_manager   A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2021-07-08 not yet calculated CVE-2021-34613MISC aruba — clearpass_policy_manager   A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2021-07-08 not yet calculated CVE-2021-34612MISC aruba — clearpass_policy_manager   A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2021-07-08 not yet calculated CVE-2021-34611MISC aruba — clearpass_policy_manager   A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2021-07-08 not yet calculated CVE-2021-34610MISC aruba — clearpass_policy_manager   A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2021-07-08 not yet calculated CVE-2021-34615MISC aruba — clearpass_policy_manager   A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. 2021-07-08 not yet calculated CVE-2021-34609MISC autodesk — autodesk A maliciously crafted TIFF file in Autodesk 2018, 2017, 2013, 2012, 2011 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code. 2021-07-09 not yet calculated CVE-2021-27039MISC autodesk — autodesk A maliciously crafted PNG, PDF or DWF file in Autodesk 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability can be exploited by remote attackers to execute arbitrary code. 2021-07-09 not yet calculated CVE-2021-27037MISC autodesk — autodesk A heap-based buffer overflow could occur while parsing PICT or TIFF files in Autodesk 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code. 2021-07-09 not yet calculated CVE-2021-27034MISC autodesk — autodesk   A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. An attacker can leverage this to execute arbitrary code. 2021-07-09 not yet calculated CVE-2021-27038MISC autodesk — autodesk   A maliciously crafted PDF, PICT or TIFF file can be used to write beyond the allocated buffer while parsing PDF, PICT or TIFF files in Autodesk 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code. 2021-07-09 not yet calculated CVE-2021-27036MISC autodesk — autodesk   A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PDF, PICT or DWF files. This vulnerability can be exploited to execute arbitrary code. 2021-07-09 not yet calculated CVE-2021-27035MISC autodesk — design_review   A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2021-07-09 not yet calculated CVE-2021-27033MISC baigo — cms   A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/. 2021-07-08 not yet calculated CVE-2020-20584MISCMISCMISCMISC blackcat_cms — blackcat_cms   A stored cross site scripting (XSS) vulnerability in the ‘Admin-Tools’ feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the ‘Output Filters’ and ‘Droplets’ modules. 2021-07-09 not yet calculated CVE-2020-25878MISCMISC blackcat_cms — blackcat_cms   A stored cross site scripting (XSS) vulnerability in the ‘Add Page’ feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Title’ parameter. 2021-07-09 not yet calculated CVE-2020-25877MISCMISC cisco — adaptive_security_device_manager   A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user’s operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrary code. A successful exploit could allow the attacker to execute arbitrary code on the user’s operating system with the level of privileges assigned to the ASDM Launcher. A successful exploit may require the attacker to perform a social engineering attack to persuade the user to initiate communication from the Launcher to the ASDM. 2021-07-08 not yet calculated CVE-2021-1585CISCO cisco — asyncos   A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the web interface. An attacker could exploit this vulnerability by uploading crafted XML configuration files that contain scripting code to a vulnerable device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. An attacker would need a valid user account with the rights to upload configuration files to exploit this vulnerability. 2021-07-08 not yet calculated CVE-2021-1359CISCO cisco — broadworks_application_server   A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. This vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the XSI-Actions interface. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to join a Call Center instance and have calls that they do not have permissions to access distributed to them from the Call Center queue. At the time of publication, Cisco had not released updates that address this vulnerability for Cisco BroadWorks Application Server. However, firmware patches are available. 2021-07-08 not yet calculated CVE-2021-1562CISCO cisco — business_process_automation   Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities either by submitting crafted HTTP messages to an affected system and performing unauthorized actions with the privileges of an administrator, or by retrieving sensitive data from the logs and using it to impersonate a legitimate privileged user. A successful exploit could allow the attacker to elevate privileges to Administrator. 2021-07-08 not yet calculated CVE-2021-1574CISCO cisco — business_process_automation   Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities either by submitting crafted HTTP messages to an affected system and performing unauthorized actions with the privileges of an administrator, or by retrieving sensitive data from the logs and using it to impersonate a legitimate privileged user. A successful exploit could allow the attacker to elevate privileges to Administrator. 2021-07-08 not yet calculated CVE-2021-1576CISCO cisco — identity_services_engine Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker would need valid administrative credentials. 2021-07-08 not yet calculated CVE-2021-1607CISCO cisco — identity_services_engine   Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker would need valid administrative credentials. 2021-07-08 not yet calculated CVE-2021-1606CISCO cisco — identity_services_engine   Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker would need valid administrative credentials. 2021-07-08 not yet calculated CVE-2021-1605CISCO cisco — identity_services_engine   Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker would need valid administrative credentials. 2021-07-08 not yet calculated CVE-2021-1604CISCO cisco — identity_services_engine   Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker would need valid administrative credentials. 2021-07-08 not yet calculated CVE-2021-1603CISCO cisco — video_surveillance_7000_ip_cameras Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2021-07-08 not yet calculated CVE-2021-1598CISCO cisco — video_surveillance_7000_series_ip_cameras   Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2021-07-08 not yet calculated CVE-2021-1597CISCO cisco — video_surveillance_7000_series_ip_cameras   Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2021-07-08 not yet calculated CVE-2021-1595CISCO cisco — video_surveillance_7000_series_ip_cameras   Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 2021-07-08 not yet calculated CVE-2021-1596CISCO cisco — virtualized_voice_browser   A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2021-07-08 not yet calculated CVE-2021-1575CISCO codoforum — codoforum A stored cross site scripting (XSS) vulnerability in the ‘Manage Users’ feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Username’ parameter. 2021-07-09 not yet calculated CVE-2020-25879MISCMISC codoforum — codoforum   A stored cross site scripting (XSS) vulnerability in the ‘Smileys’ feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the ‘Smiley Code’ parameter. 2021-07-09 not yet calculated CVE-2020-25875MISCMISC codoforum — codoforum   A stored cross site scripting (XSS) vulnerability in the ‘Pages’ feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the ‘Page Title’ parameter. 2021-07-09 not yet calculated CVE-2020-25876MISCMISC csz-cms — csz-cms A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘New Pages’ field under the ‘Pages Content’ module. 2021-07-09 not yet calculated CVE-2020-25391MISC csz-cms — csz-cms   A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘New Article’ field under the ‘Article’ plugin. 2021-07-09 not yet calculated CVE-2020-25392MISC dotAdmin/#/c/containers — dotAdmin/#/c/containers   A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Title’ and ‘Filename’ parameters. 2021-07-09 not yet calculated CVE-2021-35358MISC dotAdmin/#/c/containers — dotAdmin/#/c/containers   A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. 2021-07-09 not yet calculated CVE-2021-35360MISC dotAdmin/#/c/containers — dotAdmin/#/c/containers   A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. 2021-07-09 not yet calculated CVE-2021-35361MISC ecplise — tinydtls   Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic. 2021-07-08 not yet calculated CVE-2021-34430CONFIRM edgex — foundry   EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is created, the client_id and client_secret required to obtain an OAuth2 authentication token are set to the username of the proxy user. A remote network attacker can then perform a dictionary-based password attack on the OAuth2 token endpoint of the API gateway to obtain an OAuth2 authentication token and use that token to make authenticated calls to EdgeX microservices from an untrusted network. OAuth2 is the default authentication method in EdgeX Edinburgh release. The default authentication method was changed to JWT in Fuji and later releases. Users should upgrade to the EdgeX Ireland release to obtain the fix. The OAuth2 authentication method is disabled in Ireland release. If unable to upgrade and OAuth2 authentication is required, users should create OAuth2 users directly using the Kong admin API and forgo the use of the `security-proxy-setup` tool to create OAuth2 users. 2021-07-09 not yet calculated CVE-2021-32753MISCCONFIRM elecom — multiple_products   WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors. 2021-07-07 not yet calculated CVE-2021-20738MISCMISC emissary-ingress — emissary-ingress   Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend. 2021-07-09 not yet calculated CVE-2021-36371MISC ether_logs — ether_logs   Ether Logs is a package that allows one to check one’s logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access. 2021-07-09 not yet calculated CVE-2021-32752CONFIRMMISC fork — fork   Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel. 2021-07-07 not yet calculated CVE-2021-28931MISCMISC fortinet — fortiap   An improper neutralization of special elements used in an OS Command vulnerability in FortiAP’s console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments. 2021-07-09 not yet calculated CVE-2021-26106CONFIRM fortinet — fortimail   Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. 2021-07-09 not yet calculated CVE-2021-24007CONFIRM fortinet — fortimail   A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification. 2021-07-09 not yet calculated CVE-2021-24020CONFIRM fortinet — fortimail   A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible. 2021-07-09 not yet calculated CVE-2021-26100CONFIRM fortinet — fortimail   Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. 2021-07-09 not yet calculated CVE-2021-22129CONFIRM fortinet — fortisandbox   A concurrent execution using shared resource with improper synchronization (‘race condition’) in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands. 2021-07-09 not yet calculated CVE-2020-29014CONFIRM foxit — reader   Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled. 2021-07-09 not yet calculated CVE-2021-33795MISC foxit — reader   Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary. 2021-07-09 not yet calculated CVE-2021-33792MISC google — android   Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege. 2021-07-08 not yet calculated CVE-2021-25441MISC google — android   Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. 2021-07-07 not yet calculated CVE-2021-20777MISC hms — ewon_ecatcher   In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation. 2021-07-09 not yet calculated CVE-2021-33214MISCMISCMISCMISC ibm — app_connect_enterprise_certified_container   IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212. 2021-07-07 not yet calculated CVE-2021-29759XFCONFIRM ibm — guardium_data_encryption   IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. 2021-07-07 not yet calculated CVE-2021-20474CONFIRMXF ibm — infosphere_information_server   IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164. 2021-07-09 not yet calculated CVE-2021-29730XFCONFIRM ibm — infosphere_information_server   IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 200966. 2021-07-09 not yet calculated CVE-2021-29712CONFIRMXF ibm — urbancode_deploy   IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965. 2021-07-08 not yet calculated CVE-2021-29711CONFIRMXF iobit — advanced_systemcare_ultimate   A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0dc, the first dword passed in the input buffer is the device port to write to and the word at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users. A local attacker can send a malicious IRP to trigger this vulnerability. 2021-07-07 not yet calculated CVE-2021-21788MISC iobit — advanced_systemcare_ultimate   A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0d8, the first dword passed in the input buffer is the device port to write to and the byte at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users. 2021-07-07 not yet calculated CVE-2021-21787MISC iobit — advanced_systemcare_ultimate   A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0e0, the first dword passed in the input buffer is the device port to write to and the dword at offset 4 is the value to write via the OUT instruction. A local attacker can send a malicious IRP to trigger this vulnerability. 2021-07-07 not yet calculated CVE-2021-21789MISC iobit — advanced_systemcare_ultimate   A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. 2021-07-07 not yet calculated CVE-2021-21786MISC kaseya — vsa Local file inclusion exists in Kaseya VSA before 9.5.6. 2021-07-09 not yet calculated CVE-2021-30121MISC kaseya — vsa Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7. 2021-07-09 not yet calculated CVE-2021-30119MISC kaseya — vsa   Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requirement. 2021-07-09 not yet calculated CVE-2021-30120MISC kaseya — vsa   SQL injection exists in Kaseya VSA before 9.5.6. 2021-07-09 not yet calculated CVE-2021-30117MISC kaseya — vsa   Kaseya VSA before 9.5.5 allows remote code execution. 2021-07-09 not yet calculated CVE-2021-30118MISC kaseya — vsa   An XML External Entity (XXE) issue exists in Kaseya VSA before 9.5.6. 2021-07-09 not yet calculated CVE-2021-30201MISC keycloak — keycloak A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. 2021-07-09 not yet calculated CVE-2021-3637MISC lavalite-cms — lavalite-cms   Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature. 2021-07-07 not yet calculated CVE-2020-23700MISC libxml2 — libxlm2   A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. 2021-07-09 not yet calculated CVE-2021-3541MISC linux — linux_kernel   An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-07-09 not yet calculated CVE-2021-3612MISCMISC linux — linux_kernel   kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument. 2021-07-07 not yet calculated CVE-2021-35039MISCCONFIRMCONFIRMMLIST linuxptp — linuxptp   A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. 2021-07-09 not yet calculated CVE-2021-3570MISC linuxptp — linuxptp   A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1. 2021-07-09 not yet calculated CVE-2021-3571MISC ljcms — r60321   A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information. 2021-07-08 not yet calculated CVE-2020-20583MISC metinfo — metinfo   A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information. 2021-07-08 not yet calculated CVE-2020-20585MISCMISCMISC mikrotik — routeros   Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. 2021-07-08 not yet calculated CVE-2020-20217MISCMISC mipcms — mipcms   A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information. 2021-07-08 not yet calculated CVE-2020-20582MISC mozilocms — mozilocms   A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Content” parameter. 2021-07-09 not yet calculated CVE-2020-25394MISC octopus — server   When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. 2021-07-08 not yet calculated CVE-2021-31816MISC octopus — server   When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. 2021-07-08 not yet calculated CVE-2021-31817MISC panasonic — fpwin_pro   Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software. 2021-07-09 not yet calculated CVE-2021-32972MISC pbootcms — pbootcms   Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php. 2021-07-08 not yet calculated CVE-2020-20363MISCMISCMISC pbootcms — pbootcms   Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php. 2021-07-09 not yet calculated CVE-2020-22535MISC pbootcms — pbootcms   Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board. 2021-07-08 not yet calculated CVE-2020-23580MISC php-fusion — php-fusion   Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via ‘New Shout’ in /infusions/shoutbox_panel/shoutbox_admin.php. 2021-07-07 not yet calculated CVE-2020-23702MISCMISC pimcore — pimcore   This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class. 2021-07-09 not yet calculated CVE-2021-23405MISCMISC prusa_research — prusaslicer   An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2021-07-08 not yet calculated CVE-2020-28598MISC publiccms — publiccms   Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case. 2021-07-09 not yet calculated CVE-2020-21333MISC putty — putty   PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user). 2021-07-09 not yet calculated CVE-2021-36367MISCMISC qnap — hbs_3   An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS 3 v3.0.210507 and later QTS 4.3.4: HBS 3 v3.0.210506 and later QTS 4.3.3: HBS 3 v3.0.210506 and later 2021-07-08 not yet calculated CVE-2021-28809MISCMISC realtek — had   Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system crashed. A vulnerability in ____COMPONENT____ of Realtek HDA driver allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: Realtek HDA driver 8155 version 9150 and prior versions. 2021-07-07 not yet calculated CVE-2021-32537CONFIRM rockwell_automation — micrologix_1100   Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. If successfully exploited, this vulnerability will cause the controller to fault whenever the controller is switched to RUN mode. 2021-07-09 not yet calculated CVE-2021-33012MISC ruby — ruby   Addressable is an alternative implementation to the URI implementation that is part of Ruby’s standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking. 2021-07-06 not yet calculated CVE-2021-32740CONFIRMMISC rukovoditel — rukovoditel A stored cross site scripting (XSS) vulnerability in the ‘Entities List’ feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Name’ parameter. 2021-07-09 not yet calculated CVE-2020-35987MISC rukovoditel — rukovoditel   A stored cross site scripting (XSS) vulnerability in the ‘Global Lists” feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Name’ parameter. 2021-07-09 not yet calculated CVE-2020-35985MISC rukovoditel — rukovoditel   A stored cross site scripting (XSS) vulnerability in the ‘Users Access Groups’ feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Name’ parameter. 2021-07-09 not yet calculated CVE-2020-35986MISC rukovoditel — rukovoditel   A stored cross site scripting (XSS) vulnerability in the ‘Users Alerts’ feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Title’ parameter. 2021-07-09 not yet calculated CVE-2020-35984MISC rust — hyper   hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper’s HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes larger than hyper does, can result in “request smuggling” or “desync attacks.” The vulnerability is patched in version 0.14.10. Two possible workarounds exist. One may reject requests manually that contain a `Transfer-Encoding` header or ensure any upstream proxy rejects `Transfer-Encoding` chunk sizes greater than what fits in 64-bit unsigned integers. 2021-07-07 not yet calculated CVE-2021-32714CONFIRM rust — hyper   hyper is an HTTP library for rust. hyper’s HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn’t parse such `Content-Length` headers, but forwards them, can result in “request smuggling” or “desync attacks”. The flaw exists in all prior versions of hyper prior to 0.14.10, if built with `rustc` v1.5.0 or newer. The vulnerability is patched in hyper version 0.14.10. Two workarounds exist: One may reject requests manually that contain a plus sign prefix in the `Content-Length` header or ensure any upstream proxy handles `Content-Length` headers with a plus sign prefix. 2021-07-07 not yet calculated CVE-2021-32715MISCCONFIRM samsung — bluetooth Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. 2021-07-08 not yet calculated CVE-2021-25429MISC samsung — bluetooth   SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information 2021-07-08 not yet calculated CVE-2021-25427MISC samsung — bluetooth   Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. 2021-07-08 not yet calculated CVE-2021-25430MISC samsung — caeralyzer Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer. 2021-07-08 not yet calculated CVE-2021-25431MISC samsung — factorycamerafb   Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege. 2021-07-08 not yet calculated CVE-2021-25440MISC samsung — knox_manage   Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication. 2021-07-08 not yet calculated CVE-2021-25442MISC samsung — members   Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data. 2021-07-08 not yet calculated CVE-2021-25432MISC samsung — members   Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview. 2021-07-08 not yet calculated CVE-2021-25439MISC samsung — members   Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview. 2021-07-08 not yet calculated CVE-2021-25438MISC samsung — message   Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. 2021-07-08 not yet calculated CVE-2021-25426MISC samsung — packagemanager   Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances. 2021-07-08 not yet calculated CVE-2021-25428MISC samsung — tizen Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol. 2021-07-08 not yet calculated CVE-2021-25436MISC samsung — tizen Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file. 2021-07-08 not yet calculated CVE-2021-25437MISC samsung — tizen Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode. 2021-07-08 not yet calculated CVE-2021-25435MISC samsung — tizen   Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode. 2021-07-08 not yet calculated CVE-2021-25434MISC samsung — tizen   Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal. 2021-07-08 not yet calculated CVE-2021-25433MISC smartertools — smartermail   SmarterTools SmarterMail before Build 7776 allows XSS. 2021-07-06 not yet calculated CVE-2021-32233MISC sonicwall — switch   Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations. 2021-07-09 not yet calculated CVE-2021-20024CONFIRM suse — security_incidents golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. 2021-07-09 not yet calculated CVE-2012-2666MISCMISCMISCMISC suse — security_incidents   Avahi 0.8 allows a local denial of service (NULL pointer dereference and daemon crash) against avahi-daemon via the D-Bus interface or a “ping .local” command. 2021-07-07 not yet calculated CVE-2021-36217MISCMISC swift — swift LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service. 2021-07-09 not yet calculated CVE-2021-36155MISCMISCMISC swift — swift   Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests. 2021-07-09 not yet calculated CVE-2021-36153MISCMISCMISC swift — swift   HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption. 2021-07-09 not yet calculated CVE-2021-36154MISCMISCMISC thinksaas — thinksaas   Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user’s photo via the “photoid%5B%5D” and “photodesc%5B%5D” parameters in the component “index.php?app=photo.” 2021-07-08 not yet calculated CVE-2020-18741MISC trend_micro — password_manager Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is required to exploit this vulnerability. 2021-07-08 not yet calculated CVE-2021-32462MISCMISC trend_micro — password_manager Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2021-07-08 not yet calculated CVE-2021-32461MISCMISC ubuntu — atom_perl   It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used. 2021-07-09 not yet calculated CVE-2012-1102MISCMISC vapor — vapor Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the `Data.init(base32Encoded:)` function opens up the potential for exposing server memory and/or crashing the server (Denial of Service) for applications where untrusted data can end up in said function. Vapor does not currently use this function itself so this only impact applications that use the impacted function directly or through other dependencies. The vulnerability is patched in version 4.47.2. As a workaround, one may use an alternative to Vapor’s built-in `Data.init(base32Encoded:)`. 2021-07-09 not yet calculated CVE-2021-32742CONFIRMMISC webkit — graphicscontext   A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. 2021-07-08 not yet calculated CVE-2021-21779MISC webkitgtk — webkitgtk   An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. 2021-07-08 not yet calculated CVE-2021-21806MISC winwaste.net — winwaste.net   WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with “LocalSystem” privileges. 2021-07-08 not yet calculated CVE-2021-34110MISCMISCMISCMISCMISC wordpress — wordpress   Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action. 2021-07-07 not yet calculated CVE-2020-24146MISCMISC wordpress — wordpress   Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field. 2021-07-07 not yet calculated CVE-2020-24147MISCMISC wordpress — wordpress   Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action to the secondlinepodcastimport page. 2021-07-07 not yet calculated CVE-2020-24149MISCMISC xyhcms — xyhcms   A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password. 2021-07-08 not yet calculated CVE-2020-20586MISCMISCMISC Back to top This product is provided subject to this Notification and this Privacy & Use policy.

  • Vulnerability Summary for the Week of June 28, 2021
    by CISA on July 5, 2021 at 11:06 am

    Original release date: July 5, 2021  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — after_effects Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction. 2021-06-28 9.3 CVE-2021-28570MISC adobe — after_effects After Effects version 18.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-06-28 9.3 CVE-2021-28586MISC adobe — robohelp_server Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. 2021-06-28 9 CVE-2021-28588MISC chamilo — chamilo main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter. 2021-06-28 7.5 CVE-2021-34187MISCMISCMISCMISC cnesty — helpcom A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty Helpcom 10.0 versions prior to. 2021-06-29 7.5 CVE-2020-7871MISC eclipse — birt In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance. 2021-06-25 7.5 CVE-2021-34427CONFIRM fatek — winproladder FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code. 2021-06-29 7.5 CVE-2021-32992MISC fatek — winproladder FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. 2021-06-29 7.5 CVE-2021-32988MISC fatek — winproladder FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. 2021-06-29 7.5 CVE-2021-32990MISC fidelissecurity — deception Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability. 2021-06-25 9 CVE-2021-35047CONFIRM fidelissecurity — deception Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability. 2021-06-25 7.5 CVE-2021-35048CONFIRM helpu — helpu A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login. 2021-06-29 10 CVE-2020-7868MISC huawei — anyoffice There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device. 2021-06-29 9.3 CVE-2021-22439MISC inkdrop — inkdrop Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop. 2021-06-28 9.3 CVE-2021-20745MISCMISCMISC mastersoft — zook An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the “Tight file CMD” function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using “Tight file CMD” without authority. 2021-06-29 9 CVE-2020-7869MISC mcafee — mvision_edr A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality ‘execute reaction’. 2021-06-29 9 CVE-2021-31838CONFIRM miniaudio_project — miniaudio Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h. 2021-06-25 7.5 CVE-2021-34184CONFIRM misp — misp app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. 2021-06-25 7.5 CVE-2021-35502MISC narou_project — narou Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel. 2021-06-28 7.5 CVE-2021-35514MISCMISC naviwebs — navigate_cms SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php. 2021-06-28 7.5 CVE-2020-23711MISC online_pet_shop_web_application_project — online_pet_shop_web_application Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload 2021-06-28 7.5 CVE-2021-35456MISCMISC pandorafms — pandora_fms PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests. 2021-06-25 7.5 CVE-2021-34074MISC phoenixcontact — axl_f_bk_pn_tps_xc_firmware In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists. 2021-06-25 7.5 CVE-2021-33540CONFIRM phoenixcontact — fl_switch_smcs_16tx_firmware In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards. 2021-06-25 7.8 CVE-2021-21005CONFIRM phoenixcontact — ilc1x0_firmware Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of service on the PLC’s network communication module. A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected. 2021-06-25 7.8 CVE-2021-33541CONFIRM securepoint — openvpn-client Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under “%APPDATA%\Securepoint SSL VPN” and add a external script file that is executed as privileged user. 2021-06-28 7.2 CVE-2021-35523MISCMISCFULLDISCMISC tenable — nessus Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. 2021-06-29 7.2 CVE-2021-20079MISC weidmueller — ie-wl-bl-ap-cl-eu_firmware In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 9 CVE-2021-33531CONFIRM weidmueller — ie-wl-bl-ap-cl-eu_firmware In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 9 CVE-2021-33528CONFIRM weidmueller — ie-wl-bl-ap-cl-eu_firmware In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 9 CVE-2021-33530CONFIRM weidmueller — ie-wl-bl-ap-cl-eu_firmware In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various requests while authenticated as a high privilege user to trigger this vulnerability. 2021-06-25 9 CVE-2021-33534CONFIRM weidmueller — ie-wl-bl-ap-cl-eu_firmware In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 9 CVE-2021-33532CONFIRM weidmueller — ie-wl-bl-ap-cl-eu_firmware In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 9 CVE-2021-33533CONFIRM weidmueller — ie-wl-bl-ap-cl-eu_firmware In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 9 CVE-2021-33538CONFIRM wincred_project — wincred This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. 2021-06-28 7.5 CVE-2021-23399MISCMISC zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. 2021-06-25 7.5 CVE-2021-28958MISCMISC zohocorp — manageengine_servicedesk_plus_msp Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). 2021-06-29 7.5 CVE-2021-31531CONFIRMMISC Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — after_effects After Effects versions 18.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-06-28 4.3 CVE-2021-28587MISC adobe — animate Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-06-28 4.3 CVE-2021-28573MISC adobe — connect Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with ‘Learner’ permissions can leverage this scenario to access the list of event participants. 2021-06-28 4 CVE-2021-28579MISC adobe — experience_manager AEM’s Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by an Improper Access Control vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service in the context of the current user. 2021-06-28 5 CVE-2021-21083MISC adobe — experience_manager AEM’s Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2021-06-28 4.3 CVE-2021-21084MISC apache — traffic_server Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. 2021-06-30 5 CVE-2021-32567MISC apache — traffic_server Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. 2021-06-30 5 CVE-2021-32566MISC auth0 — nextjs-auth0 The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including `1.4.1` are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the `error` query parameter which is then processed by the callback handler as an error message. You are affected by this vulnerability if you are using `@auth0/nextjs-auth0` version `1.4.1` or lower **unless** you are using custom error handling that does not return the error message in an HTML response. Upgrade to version `1.4.1` to resolve. The fix adds basic HTML escaping to the error message and it should not impact your users. 2021-06-25 4.3 CVE-2021-32702MISCCONFIRMMISC autodesk — advance_steel A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code. 2021-06-25 6.8 CVE-2021-27040MISC autodesk — advance_steel A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code. 2021-06-25 6.8 CVE-2021-27041MISC autodesk — advance_steel A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code. 2021-06-25 6.8 CVE-2021-27042MISC autodesk — advance_steel An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application. 2021-06-25 4.3 CVE-2021-27043MISC avaya — aura_device_services An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services. 2021-06-25 4.6 CVE-2021-25654MISC cisco — dna_center A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network. 2021-06-29 5.8 CVE-2021-1134CISCO crmeb — crmeb SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php. 2021-06-29 6.5 CVE-2020-21394MISC dovecot — dovecot The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. 2021-06-28 4 CVE-2020-28200MISCCONFIRM dovecot — dovecot The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address. 2021-06-28 5.8 CVE-2021-33515MISCCONFIRM enhancesoft — osticket Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php. 2021-06-28 4.3 CVE-2020-22608CONFIRM enhancesoft — osticket Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php. 2021-06-28 4.3 CVE-2020-22609CONFIRM fidelissecurity — deception User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions. 2021-06-25 5 CVE-2021-35050CONFIRM fidelissecurity — deception Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability. 2021-06-25 6.5 CVE-2021-35049CONFIRM google — bindiff An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is recommended to upgrade BinDiff 7 2021-06-29 4.6 CVE-2021-22545MISC huawei — ecns280_firmware There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service. 2021-06-29 5 CVE-2021-22338MISC huawei — emui There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read. 2021-06-30 6.4 CVE-2021-22354MISC huawei — ips_module_firmware There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. This can lead to memory leak. Affected product versions include:IPS Module V500R005C00SPC100,V500R005C00SPC200;NGFW Module V500R005C00SPC100,V500R005C00SPC200;NIP6300 V500R005C00SPC100,V500R005C10SPC200;NIP6600 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6500 V500R005C00SPC100,V500R005C10SPC200;Secospace USG6600 V500R005C00SPC100,V500R005C00SPC200. 2021-06-29 4 CVE-2021-22341MISC ibm — business_automation_workflow IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203029. 2021-06-28 4.3 CVE-2021-29775CONFIRMCONFIRMXF ibm — guardium_data_encryption IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196212. 2021-06-28 5 CVE-2021-20413XFCONFIRM ibm — planning_analytics IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241. 2021-06-29 4.3 CVE-2021-20580CONFIRMXF ibm — security_identity_manager_adapter IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199249. 2021-06-28 4 CVE-2021-20573CONFIRMXF ibm — security_identity_manager_adapter IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199247. 2021-06-28 4 CVE-2021-20572CONFIRMXF ibm — security_identity_manager_adapter IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882. 2021-06-28 4 CVE-2021-20494CONFIRMXF ibm — security_verify IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. IBM X-Force ID: 199396. 2021-06-25 4 CVE-2021-20583XFCONFIRM ibm — security_verify IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking 2021-06-25 5.8 CVE-2021-29676XFCONFIRM ibm — security_verify_privilege_manager IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8.2 ) could allow a local user to execute code due to improper integrity checks. IBM X-Force ID: 184919. 2021-06-25 4.6 CVE-2020-4610XFCONFIRM ibm — security_verify_privilege_manager IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8.2) is vulnerable to a buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash. IBM X-Force ID: 184917. 2021-06-25 4.6 CVE-2020-4609XFCONFIRM imagemagick — imagemagick ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in semaphore.c and AcquireMagickMemory in memory.c. 2021-06-25 5 CVE-2021-34183CONFIRM infoblox — nios Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564. 2021-06-28 4 CVE-2020-15303MISCMISC ipfire — ipfire Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi. 2021-06-28 4.3 CVE-2020-21142MISC istio — istio Istio before 1.9.6 and 1.10.x before 1.10.2 has Incorrect Access Control. 2021-06-29 6.5 CVE-2021-34824MISCMISC limesurvey — limesurvey Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php. 2021-06-28 4.3 CVE-2020-22607CONFIRM machform — machform Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php. 2021-06-29 4.3 CVE-2021-20103MISC machform — machform Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized ‘ref’ parameter. 2021-06-29 5.8 CVE-2021-20105MISC machform — machform Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content. 2021-06-29 5.8 CVE-2021-20101MISC machform — machform Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place. 2021-06-29 6.8 CVE-2021-20102MISC machform — machform Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. 2021-06-29 6.8 CVE-2021-20104MISC magento — magento Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper Authorization vulnerability via the ‘Create Customer’ endpoint. Successful exploitation could lead to unauthorized modification of customer data by an unauthenticated attacker. Access to the admin console is required for successful exploitation. 2021-06-28 6.4 CVE-2021-28563MISC mermaid_project — mermaid Mermaid before 8.11.0 allows XSS when the antiscript feature is used. 2021-06-27 4.3 CVE-2021-35513MISCMISCMISC miniaudio_project — miniaudio Miniaudio 0.10.35 has an integer-based buffer overflow caused by an out-of-bounds left shift in drwav_bytes_to_u32 in miniaudio.h 2021-06-25 6.8 CVE-2021-34185CONFIRM miraheze — globalnewfiles GlobalNewFiles is a mediawiki extension. All existing versions of GlobalNewFiles are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load balancing and a lack of an appropriate index. No patches are currently available. As a workaround, one may avoid use of the extension unless additional rate limit at the MediaWiki level or via PoolCounter / MySQL is enabled. 2021-06-28 4 CVE-2021-32722CONFIRMMISC nvidia — geforce_experience NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability where, if a user clicks on a maliciously formatted link that opens the GeForce Experience login page in a new browser tab instead of the GeForce Experience application and enters their login information, the malicious site can get access to the token of the user login session. Such an attack may lead to these targeted users’ data being accessed, altered, or lost. 2021-06-25 6.8 CVE-2021-1073CONFIRM opentext — brava\!_desktop This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13679. 2021-06-29 6.8 CVE-2021-31514MISC opentext — brava\!_desktop This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12653. 2021-06-29 6.8 CVE-2021-31507MISC opentext — brava\!_desktop This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13674. 2021-06-29 4.3 CVE-2021-31506MISC opentext — brava\!_desktop This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13306. 2021-06-29 6.8 CVE-2021-31508MISC opentext — brava\!_desktop This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13678. 2021-06-29 6.8 CVE-2021-31513MISC opentext — brava\!_desktop This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13677. 2021-06-29 6.8 CVE-2021-31512MISC opentext — brava\!_desktop This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13309. 2021-06-29 6.8 CVE-2021-31509MISC opentext — brava\!_desktop This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13675. 2021-06-29 6.8 CVE-2021-31510MISC opentext — brava\!_desktop This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13676. 2021-06-29 6.8 CVE-2021-31511MISC oracle — glassfish_server ** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-06-25 4.3 CVE-2021-3314MISCMISC phoenixcontact — config\+ Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected. 2021-06-25 5.1 CVE-2021-33542CONFIRM phoenixcontact — fl_comserver_uni_232\/422\/485_firmware In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service. 2021-06-25 5 CVE-2021-21002CONFIRM phoenixcontact — fl_switch_smcs_16tx_firmware In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected. 2021-06-25 5 CVE-2021-21003CONFIRM phoenixcontact — fl_switch_smcs_16tx_firmware In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client. 2021-06-25 4.3 CVE-2021-21004CONFIRM postsrsd_project — postsrsd PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges “theoretically, this error should never occur … I’m not sure if there’s a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless.” 2021-06-28 5 CVE-2021-35525MISCMISCMISC poweriso — poweriso A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the current version. 2021-06-29 6.8 CVE-2021-21871MISC prismjs — prism Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fixed in Prism v1.24. As a workaround, do not use ASCIIDoc or ERB to highlight untrusted text. Other languages are not affected and can be used to highlight untrusted text. 2021-06-28 4.3 CVE-2021-32723CONFIRMMISCMISC python — urllib3 An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. 2021-06-29 5 CVE-2021-33503CONFIRMCONFIRM shopex — ecshop Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability. 2021-06-28 4.3 CVE-2020-20640MISC siemens — sinamics_sl150_firmware The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions). 2021-06-28 6.8 CVE-2021-31337MISC sylius — sylius Sylius is an Open Source eCommerce platform on top of Symfony. In versions of Sylius prior to 1.9.5 and 1.10.0-RC.1, part of the details (order ID, order number, items total, and token value) of all placed orders were exposed to unauthorized users. If exploited properly, a few additional information like the number of items in the cart and the date of the shipping may be fetched as well. This data seems to not be crucial nor is personal data, however, could be used for sociotechnical attacks or may expose a few details about shop condition to the third parties. The data possible to aggregate are the number of processed orders or their value in the moment of time. The problem has been patched at Sylius 1.9.5 and 1.10.0-RC.1. There are a few workarounds for the vulnerability. The first possible solution is to hide the problematic endpoints behind the firewall from not logged in users. This would put only the order list under the firewall and allow only authorized users to access it. Once a user is authorized, it will have access to theirs orders only. The second possible solution is to decorate the `\Sylius\Bundle\ApiBundle\Doctrine\QueryCollectionExtension\OrdersByLoggedInUserExtension` and throw `Symfony\Component\Security\Core\Exception\AccessDeniedException` if the class is executed for unauthorized user. 2021-06-28 5 CVE-2021-32720CONFIRMMISC tenable — nessus Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099. 2021-06-28 4.6 CVE-2021-20100MISC tenable — nessus Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100. 2021-06-28 4.6 CVE-2021-20099MISC umbraco — umbraco_cms Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx. 2021-06-28 5.8 CVE-2021-34254MISC unidocs — ezpdf_editor A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter. 2021-06-29 6.5 CVE-2020-7870MISC vector35 — binary_ninja This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BNDB files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13670. 2021-06-29 6.8 CVE-2021-31516MISCMISC vector35 — binary_ninja This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BNDB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13668. 2021-06-29 6.8 CVE-2021-31515MISCMISC vmware — spring_security Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions. 2021-06-29 5 CVE-2021-22119MISC webport_cms_project — webport_cms Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download. 2021-06-28 5 CVE-2020-23715MISC weidmueller — ie-wl-bl-ap-cl-eu_firmware In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability. 2021-06-25 5 CVE-2021-33536CONFIRM weidmueller — ie-wl-bl-ap-cl-eu_firmware In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 6.5 CVE-2021-33535CONFIRM weidmueller — ie-wl-bl-ap-cl-eu_firmware In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device. 2021-06-25 5 CVE-2021-33529CONFIRM weidmueller — ie-wl-bl-ap-cl-eu_firmware In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. 2021-06-25 6.5 CVE-2021-33539CONFIRM weidmueller — ie-wl-bl-ap-cl-eu_firmware In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. 2021-06-25 6.5 CVE-2021-33537CONFIRM zammad — zammad Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a ‘note’ field to store additional information. 2021-06-28 4.3 CVE-2021-35298CONFIRM zammad — zammad Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers’ page. 2021-06-28 4.3 CVE-2021-35300CONFIRM zammad — zammad Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute. 2021-06-28 4.3 CVE-2021-35303CONFIRM zammad — zammad Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information. 2021-06-28 5 CVE-2021-35302CONFIRM zammad — zammad Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information via the Ticket Article detail view. 2021-06-28 5 CVE-2021-35301CONFIRM zammad — zammad Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing. 2021-06-28 5 CVE-2021-35299CONFIRM zohocorp — manageengine_servicedesk_plus Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. 2021-06-29 5 CVE-2021-31160CONFIRMMISC zohocorp — manageengine_servicedesk_plus_msp Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure. 2021-06-29 5 CVE-2021-31530CONFIRM zrlog — zrlog Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment. 2021-06-29 4.3 CVE-2020-18066MISC Back to top   Low Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — photoshop_elements Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. 2021-06-28 2.1 CVE-2021-28597MISC adobe — premiere_elements Adobe Premiere Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. 2021-06-28 2.1 CVE-2021-28623MISC bluetooth — bluetooth_core_specification Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link. 2021-06-25 2.9 CVE-2021-31615MISCMISC cabrerahector — popular_posts Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. 2021-06-28 3.5 CVE-2021-20746MISCMISCMISCMISC dovecot — dovecot Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver. 2021-06-28 2.1 CVE-2021-29157MISCCONFIRM ibm — aix IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255. 2021-06-28 2.1 CVE-2021-29693XFCONFIRM ibm — business_automation_workflow IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779. 2021-06-28 3.5 CVE-2021-29751CONFIRMCONFIRMXF ibm — planning_analytics IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196949. 2021-06-29 3.5 CVE-2021-20477CONFIRMXF ibm — security_verify IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2021-06-25 3.5 CVE-2021-29677CONFIRMXF ibm — spectrum_protect_plus IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791. 2021-06-29 2.1 CVE-2021-20490CONFIRMXF limesurvey — limesurvey Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature. 2021-06-28 3.5 CVE-2020-23710MISC magento — magento Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by an unauthenticated attacker. User interaction is required for successful exploitation. 2021-06-28 3.5 CVE-2021-28556MISC pandorafms — pandora_fms PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed. 2021-06-25 3.5 CVE-2021-35501MISC plone — plone In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field. 2021-06-30 3.5 CVE-2021-35959MISCMLIST sas — environment_manager SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties. 2021-06-25 3.5 CVE-2021-35475MISCMISCMISC sick — visionary-s_cx_firmware SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks. 2021-06-28 3.5 CVE-2021-32496MISC tripplite — su2200rtxl2ua_firmware A stored cross-site scripting (XSS) vulnerability was discovered in /Forms/device_vars_1 on TrippLite SU2200RTXL2Ua with firmware version 12.04.0055. This vulnerability allows authenticated attackers to obtain other users’ information via a crafted POST request. 2021-06-25 3.5 CVE-2020-26801MISCMISCMISC vmware — rabbitmq RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user’s bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring. 2021-06-28 3.5 CVE-2021-32718CONFIRMMISC vmware — rabbitmq RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead. 2021-06-28 3.5 CVE-2021-32719MISCCONFIRMMISC Back to top   Severity Not Yet Assigned Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — acrobat_reader_dc Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability when executing search queries through Javascript. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-06-28 not yet calculated CVE-2021-28562MISC adobe — animate Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-06-28 not yet calculated CVE-2021-28575MISC adobe — animate Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-06-28 not yet calculated CVE-2021-28574MISC adobe — animate Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-06-28 not yet calculated CVE-2021-28576MISC adobe — illustrator   Adobe Illustrator version 25.2 (and earlier) is affected by a Path Traversal vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-06-28 not yet calculated CVE-2021-21102MISC adobe — illustrator   Adobe Illustrator version 25.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-06-28 not yet calculated CVE-2021-21101MISC adobe — incopy   Adobe InCopy version 16.0 (and earlier) is affected by an path traversal vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-06-28 not yet calculated CVE-2021-21090MISC adobe — indesign   Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-06-28 not yet calculated CVE-2021-21099MISC adobe — indesign   Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-06-28 not yet calculated CVE-2021-21098MISC adobe — magento Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources. 2021-06-28 not yet calculated CVE-2021-28583MISC adobe — magento Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required for successful exploitation. 2021-06-28 not yet calculated CVE-2021-28584MISC adobe — magento Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails. 2021-06-28 not yet calculated CVE-2021-28585MISC akcp — akcp   Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields. 2021-06-30 not yet calculated CVE-2021-35956MISCMISCMISC akkadian — provisioning_manager   An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories. 2021-07-01 not yet calculated CVE-2020-27361MISC akkadian — provisioning_manager   An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges. 2021-07-01 not yet calculated CVE-2020-27362MISC apache — druid In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. 2021-07-02 not yet calculated CVE-2021-26920MISCMLIST apache — traffic_server Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. 2021-06-29 not yet calculated CVE-2021-27577MISC apache — traffic_server   Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. 2021-06-29 not yet calculated CVE-2021-32565MISC apache — traffic_server   Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. 2021-06-30 not yet calculated CVE-2021-35474MISC arlo_q_plus — arlo_q_plus   This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mode where hard-coded credentials are accepted for SSH authentication. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-12890. 2021-06-29 not yet calculated CVE-2021-31505MISCMISC artica — pandora_fms   In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. 2021-06-30 not yet calculated CVE-2021-34075MISC chevereto — chevereto   Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage. 2021-06-30 not yet calculated CVE-2021-31721MISCMISC cms_made_simple — cms_made_simple   A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Search Text” field under the “Admin Search” module. 2021-07-02 not yet calculated CVE-2020-36412MISC cms_made_simple — cms_made_simple   A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Path for the {page_image} tag:” or “Path for thumbnail field:” parameters under the “Content Editing Settings” module. 2021-07-02 not yet calculated CVE-2020-36411MISC cms_made_simple — cms_made_simple   A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Email address to receive notification of news submission” parameter under the “Options” module. 2021-07-02 not yet calculated CVE-2020-36410MISC cms_made_simple — cms_made_simple   A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “URL (slug)” or “Extra” fields under the “Add Article” feature. 2021-07-02 not yet calculated CVE-2020-36414MISC cms_made_simple — cms_made_simple   A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Add Shortcut” parameter under the “Manage Shortcuts” module. 2021-07-02 not yet calculated CVE-2020-36408MISC cms_made_simple — cms_made_simple   A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Exclude these IP addresses from the “Site Down” status” parameter under the “Maintenance Mode” module. 2021-07-02 not yet calculated CVE-2020-36413MISC cms_made_simple — cms_made_simple   A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Create a new Stylesheet” parameter under the “Stylesheets” module. 2021-07-02 not yet calculated CVE-2020-36415MISC cms_made_simple — cms_made_simple   A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Create a new Design” parameter under the “Designs” module. 2021-07-02 not yet calculated CVE-2020-36416MISC cms_made_simple — cms_made_simple   A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Add Category” parameter under the “Categories” module. 2021-07-02 not yet calculated CVE-2020-36409MISC coral — coral   Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type. 2021-06-30 not yet calculated CVE-2021-35970MISCMISCMISCMISC craft_cms — craft_cms An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator’s session). 2021-06-30 not yet calculated CVE-2021-27903MISCMISCMISC craft_cms — craft_cms An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads. 2021-06-30 not yet calculated CVE-2021-27902MISCMISCMISC delta_electronics — dopsoft Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. 2021-07-02 not yet calculated CVE-2021-27455MISC delta_electronics — dopsoft Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. 2021-07-02 not yet calculated CVE-2021-27412MISC django — django   Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. 2021-07-02 not yet calculated CVE-2021-35042MISCCONFIRMMISCCONFIRM djvulibre — djvulibre   An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28. 2021-06-30 not yet calculated CVE-2021-3630MISC ec-cube — ec-cube   Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors. 2021-07-01 not yet calculated CVE-2021-20778MISCMISCJVN ec-cube — ec-cube   Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation. 2021-06-28 not yet calculated CVE-2021-20751MISCMISC ec-cube — ec-cube   Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation. 2021-06-28 not yet calculated CVE-2021-20750MISCMISCMISC emissary — emissary   Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDirectoryAction` endpoint are vulnerable to SSRF. This vulnerability may lead to credential leaks. Emissary version 7.0 contains a patch. As a workaround, disable network access to Emissary from untrusted sources. 2021-07-02 not yet calculated CVE-2021-32639CONFIRMMISCMISC ethereum — solidity   Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV “fixed” field but does not have a code change. 2021-07-01 not yet calculated CVE-2020-36402MISCMISCMISC fluent — fluent_bit   Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do). 2021-07-01 not yet calculated CVE-2021-36088MISCMISCMISCMISC fudousan_plugin_pro — fudousan_plugin_pro   Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. 2021-06-28 not yet calculated CVE-2021-20749MISCMISCMISC getkirby — kirby   Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel’s `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can escalate their privileges if they get access to the Panel session of an admin user. Visitors without Panel access can use the attack vector if the site allows changing site data from a frontend form. Kirby 3.5.7 patches the vulnerability. As a partial workaround, site administrators can protect against attacks from visitors without Panel access by validating or sanitizing provided data from the frontend form. 2021-07-02 not yet calculated CVE-2021-32735CONFIRMMISC google — chrome Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-07-02 not yet calculated CVE-2021-30554MISCMISC google — chrome Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture. 2021-07-02 not yet calculated CVE-2021-30555MISCMISC google — chrome Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-07-02 not yet calculated CVE-2021-30556MISCMISC google — chrome   Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-07-02 not yet calculated CVE-2021-30557MISCMISC grok — grok   Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour). 2021-07-01 not yet calculated CVE-2021-36089MISCMISCMISC hitachi — virtual_file_platform_versions   Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors. 2021-06-28 not yet calculated CVE-2021-20740MISCMISCMISC huawei — multiple_products   There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931 2021-06-29 not yet calculated CVE-2021-22340MISC huawei — multiple_products   There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect integrity of the device. Affected product versions include:S12700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S1700 V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S2700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S5700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S6700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S7700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S9700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10. 2021-06-29 not yet calculated CVE-2021-22329MISC huawei — smartphone There is an Improper Validation of Array Index Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause stability risks. 2021-06-30 not yet calculated CVE-2021-22374MISC huawei — smartphone There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the device to crash and restart. 2021-06-30 not yet calculated CVE-2021-22350MISC huawei — smartphone There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table,causing system exceptions. 2021-06-30 not yet calculated CVE-2021-22351MISC huawei — smartphone There is a Configuration Defect Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands. 2021-06-30 not yet calculated CVE-2021-22352MISC huawei — smartphone There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the kernel to restart. 2021-06-30 not yet calculated CVE-2021-22353MISC huawei — smartphone There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to authentication bypass. 2021-06-30 not yet calculated CVE-2021-22367MISC huawei — smartphone There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect normal use of the device. 2021-06-30 not yet calculated CVE-2021-22368MISC huawei — smartphone There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of insufficient input verification may cause the system to restart. 2021-06-30 not yet calculated CVE-2021-22349MISC huawei — smartphone There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability. 2021-06-30 not yet calculated CVE-2021-22373MISC huawei — smartphone There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. 2021-06-30 not yet calculated CVE-2021-22371MISC huawei — smartphone There is a Security Features Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. 2021-06-30 not yet calculated CVE-2021-22372MISC huawei — smartphone There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality,availability and integrity. 2021-06-30 not yet calculated CVE-2021-22375MISC huawei — smartphone There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality, availability and integrity. 2021-06-30 not yet calculated CVE-2021-22376MISC huawei — smartphone There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability. 2021-06-30 not yet calculated CVE-2021-22380MISC huawei — smartphone There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. 2021-06-30 not yet calculated CVE-2021-22370MISC huawei — smartphone There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user. 2021-06-30 not yet calculated CVE-2021-22369MISC huawei — smartphone   There is a Configuration Defect vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability. 2021-07-01 not yet calculated CVE-2021-22343MISC huawei — smartphone   There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS. 2021-07-01 not yet calculated CVE-2021-22344MISC huawei — smartphone   There is a Missing Cryptographic Step vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS of Samgr. 2021-07-01 not yet calculated CVE-2020-9158MISC huawei — smartphone   There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute. 2021-06-30 not yet calculated CVE-2021-22348MISC huawei — smartphone   There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to the disclosure of user habits. 2021-06-30 not yet calculated CVE-2021-22346MISC huawei — smartphone   There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds memory write. 2021-06-30 not yet calculated CVE-2021-22345MISC huawei — smartphone   There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS. 2021-07-01 not yet calculated CVE-2021-22347MISC huawei — smartphone   There is an Incorrect Privilege Assignment Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. 2021-06-30 not yet calculated CVE-2021-22326MISC huawei — smartphone   There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user. 2021-06-30 not yet calculated CVE-2021-22323MISC ibm — cognos_analytics   IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770. 2021-06-30 not yet calculated CVE-2021-20461XFCONFIRM ibm — datacap_fastdoc_capture   IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191753. 2021-07-01 not yet calculated CVE-2020-4935CONFIRMXF ibm — datacap_taskmaster_capture   IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191045. 2021-07-01 not yet calculated CVE-2020-4902XFCONFIRM ibm — security_identity_manager_adapters   IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and takeover other accounts. IBM X-Force ID: 199252. 2021-06-28 not yet calculated CVE-2021-20574CONFIRMXF jenkins — jenkins   A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests. 2021-06-30 not yet calculated CVE-2021-21674CONFIRMMLIST jenkins — jenkins   Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address. 2021-06-30 not yet calculated CVE-2021-21676CONFIRMMLIST jenkins — jenkins   Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. 2021-06-30 not yet calculated CVE-2021-21673CONFIRMMLIST jenkins — jenkins   Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2021-06-30 not yet calculated CVE-2021-21672CONFIRMMLIST jenkins — jenkins   Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login. 2021-06-30 not yet calculated CVE-2021-21671CONFIRMMLIST jenkins — jenkins   Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission. 2021-06-30 not yet calculated CVE-2021-21670CONFIRMMLIST jenkins — jenkins   A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. 2021-06-30 not yet calculated CVE-2021-21675CONFIRMMLIST johnson_controls — c-cure_9000 An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs. 2021-07-01 not yet calculated CVE-2021-27660CERTCONFIRM johnson_controls — facility_explorer Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to the F4-SNC. 2021-07-01 not yet calculated CVE-2021-27661CERTCONFIRM jtekt_corporation — toyopuc_plc When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame, the outside area of a receive buffer for FL-net are overwritten. As a result, the PLC CPU detects a system error, and the affected products stop. 2021-07-01 not yet calculated CVE-2021-27477MISC kde — kimageformats   KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. 2021-07-01 not yet calculated CVE-2021-36083MISCMISCMISC keystone_engine — keystone_engine   Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken. 2021-07-01 not yet calculated CVE-2020-36405MISCMISCMISC keystone_engine — keystone_engine   Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl. 2021-07-01 not yet calculated CVE-2020-36404MISCMISCMISC lavalite — cms   A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “New” parameter. 2021-07-02 not yet calculated CVE-2020-36395MISC lavalite — cms   A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “New” parameter. 2021-07-02 not yet calculated CVE-2020-36396MISC lavalite — cms   A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “New” parameter. 2021-07-02 not yet calculated CVE-2020-36397MISC libavif — libavif   libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid. 2021-07-01 not yet calculated CVE-2020-36407MISCMISCMISC libredgw — libredwg   GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object). 2021-07-01 not yet calculated CVE-2021-36080MISCMISCMISC libressl — libressl   LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print). 2021-07-01 not yet calculated CVE-2019-25048MISCMISCMISC libressl — libressl   LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx). 2021-07-01 not yet calculated CVE-2019-25049MISCMISCMISC lkalka_rss_reader — lkalka_rss_reader   Cross-site scripting vulnerability in IkaIka RSS Reader all versions allows a remote attacker to inject an arbitrary script via unspecified vectors. 2021-07-01 not yet calculated CVE-2021-20752MISC mediawiki — mediawiki An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden). 2021-07-02 not yet calculated CVE-2021-36127MISCMISC mediawiki — mediawiki   An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user’s current username is beyond an arbitrary maximum configuration value (MaxNameChars). 2021-07-02 not yet calculated CVE-2021-36125MISCMISC mediawiki — mediawiki   An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users. 2021-07-02 not yet calculated CVE-2021-36131MISCMISC mediawiki — mediawiki   An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This would result in a fatal error, and potentially fail to block or restrict a potentially nefarious user. 2021-07-02 not yet calculated CVE-2021-36126MISCMISC mediawiki — mediawiki   An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform. 2021-07-02 not yet calculated CVE-2021-36132MISCMISC mediawiki — mediawiki   An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users. 2021-07-02 not yet calculated CVE-2021-36130MISCMISC mediawiki — mediawiki   An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented. 2021-07-02 not yet calculated CVE-2021-36128MISCMISCMISC mediawiki — mediawiki   In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a “sitewide block” applied, it is able to still “purge” pages through the MediaWiki Action API (which a “sitewide block” should have prevented). 2021-07-02 not yet calculated CVE-2021-35197CONFIRMMISC mediawiki — mediawiki   An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups’ metadata. 2021-07-02 not yet calculated CVE-2021-36129MISCMISC microsoft — windows   Windows Print Spooler Remote Code Execution Vulnerability 2021-07-02 not yet calculated CVE-2021-34527MISC monstra_cms — monstra   Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the “Snippet content” field under the “Edit Snippet” module. 2021-07-01 not yet calculated CVE-2020-23219MISC monstra_cms — monstra   A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the “Site Name” field under the “Site Settings” module. 2021-07-01 not yet calculated CVE-2020-23205MISC mruby — mruby   mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free). 2021-07-01 not yet calculated CVE-2020-36401MISCMISCMISC netgear — wac104_devices   NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory). 2021-06-30 not yet calculated CVE-2021-35973MISCMISC nodemailer — nodemailer   The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. 2021-06-29 not yet calculated CVE-2021-23400MISCMISCMISCMISC ntop — ndpi   ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello. 2021-07-01 not yet calculated CVE-2021-36082MISCMISCMISC nvidia — mb2   Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which might lead to denial of service or code execution. 2021-06-30 not yet calculated CVE-2021-34384CONFIRM nvidia — mb2   Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges. 2021-06-30 not yet calculated CVE-2021-34383CONFIRM nvidia — mb2   Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot. 2021-06-30 not yet calculated CVE-2021-34380CONFIRM nvidia — trusty Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 11 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to information disclosure, denial of service, or escalation of privileges. 2021-06-30 not yet calculated CVE-2021-34378CONFIRM nvidia — trusty Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 9 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to escalation of privileges, information disclosure, and denial of service. 2021-06-30 not yet calculated CVE-2021-34377CONFIRM nvidia — trusty Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 5 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to denial of service, escalation of privileges, and information disclosure. 2021-06-30 not yet calculated CVE-2021-34376CONFIRM nvidia — trusty Trusty contains a vulnerability in all trusted applications (TAs) where the stack cookie was not randomized, which might result in stack-based buffer overflow, leading to denial of service, escalation of privileges, and information disclosure. 2021-06-30 not yet calculated CVE-2021-34375CONFIRM nvidia — trusty Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of privileges, and denial of service. 2021-06-30 not yet calculated CVE-2021-34374CONFIRM nvidia — trusty Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflows, which might lead to information disclosure and denial of service. 2021-06-30 not yet calculated CVE-2021-34373CONFIRM nvidia — trusty   Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow. 2021-06-30 not yet calculated CVE-2021-34385CONFIRM nvidia — trusty   Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. The length of an I/O buffer parameter is not checked, which might lead to memory corruption. 2021-06-30 not yet calculated CVE-2021-34379CONFIRM nvidia — trusty   Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function, which might lead to denial of service, information disclosure, or data tampering. 2021-06-30 not yet calculated CVE-2021-34381CONFIRM nvidia — trusty   Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s tz_map_shared_mem function where an integer overflow on the size parameter causes the request buffer and the logging buffer to overflow, allowing writes to arbitrary addresses within the kernel. 2021-06-30 not yet calculated CVE-2021-34382CONFIRM openthread — wpantund   OpenThread wpantund through 2021-07-02 has a stack-based Buffer Overflow because of an inconsistency in the integer data type for metric_len. 2021-07-02 not yet calculated CVE-2021-33889MISCMISCCONFIRM openvpn — openvpn   OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe). 2021-07-02 not yet calculated CVE-2021-3606MISCMISC openvpn — openvpn_connect   OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe). 2021-07-02 not yet calculated CVE-2021-3613MISC phpfusion — phpfusion   A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Registration” field. 2021-07-02 not yet calculated CVE-2020-23184MISC phpfusion — phpfusion   A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Site footer” field. 2021-07-02 not yet calculated CVE-2020-23179MISC phpfusion — phpfusion   An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user. 2021-07-02 not yet calculated CVE-2020-23178MISC phpfusion — phpfusion   The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel. 2021-07-02 not yet calculated CVE-2020-23182MISC phpfusion — phpfusion   A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Manage Theme” field. 2021-07-02 not yet calculated CVE-2020-23181MISC phpfusion — phpfusion   A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. 2021-07-02 not yet calculated CVE-2020-23185MISC phplist — phplist   A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Configure categories” field under the “Categorise Lists” module. 2021-07-01 not yet calculated CVE-2020-23214MISC phplist — phplist   A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “List Description” field under the “Edit A List” module. 2021-07-01 not yet calculated CVE-2020-23209MISC phplist — phplist   A stored cross site scripting (XSS) vulnerability in the “Import emails” module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. 2021-07-02 not yet calculated CVE-2020-23190MISC phplist — phplist   A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Edit Values” field under the “Configure Attributes” module. 2021-07-01 not yet calculated CVE-2020-23207MISC phplist — phplist   A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Add a list” field under the “Import Emails” module. 2021-07-01 not yet calculated CVE-2020-23217MISCMISC phplist — phplist   A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the “Campaign” field under the “Send a campaign” module. 2021-07-02 not yet calculated CVE-2020-36398MISC phplist — phplist   A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the “rule1” parameter under the “Bounce Rules” module. 2021-07-02 not yet calculated CVE-2020-36399MISC phplist — phplist   A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Send test” field under the “Start or continue campaign” module. 2021-07-01 not yet calculated CVE-2020-23208MISC phplist — phplist   A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the “admin” parameter under the “Manage administrators” module. 2021-07-02 not yet calculated CVE-2020-23192MISC phplist — phplist   A stored cross site scripting (XSS) vulnerability in the “Import Subscribers” feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. 2021-07-02 not yet calculated CVE-2020-23194MISC plizer — scrutinizer Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). 2021-06-30 not yet calculated CVE-2021-28993MISCMISC powermux — powermux   PowerMux is a drop-in replacement for Go’s http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link. The issue is resolved in v1.1.1. There are no existing workarounds. 2021-06-29 not yet calculated CVE-2021-32721CONFIRM project_acrn — acrn-hypervisor   ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer. 2021-07-02 not yet calculated CVE-2021-36146MISC project_acrn — acrn-hypervisor   ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference. 2021-07-02 not yet calculated CVE-2021-36143MISC project_acrn — acrn-hypervisor   An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL pointer dereference for vq->used. 2021-07-02 not yet calculated CVE-2021-36147MISC project_acrn — acrn-hypervisor   An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer overflow. 2021-07-02 not yet calculated CVE-2021-36148MISC project_acrn — acrn-hypervisor   The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry. 2021-07-02 not yet calculated CVE-2021-36145MISC project_acrn — acrn-hypervisor   The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/*.c. 2021-07-02 not yet calculated CVE-2021-36144MISC qnap – qts_and_quts_hero A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217. 2021-07-01 not yet calculated CVE-2021-28804CONFIRM qnap — nas_devices   A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0. 2021-07-01 not yet calculated CVE-2020-36196CONFIRM qnap — nas_devices   An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. 2021-07-01 not yet calculated CVE-2020-36194CONFIRM qnap — q’center This issue affects: QNAP Systems Inc. Q’center versions prior to 1.11.1004. 2021-07-01 not yet calculated CVE-2021-28803CONFIRM qnap — qts_and_quts_hero A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217. 2021-07-01 not yet calculated CVE-2021-28802CONFIRM rarlab — unrar   UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext. 2021-07-01 not yet calculated CVE-2018-25018MISCMISCMISC rarlab — unrar   UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile). 2021-07-01 not yet calculated CVE-2017-20006MISCMISCMISC ratpack — ratpack Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used (which is recommended, but is not on by default), the session data could be tampered with by someone with the ability to write cookies. The default configuration is unsuitable for production use as an application restart renders all sessions invalid and is not multi-host compatible, but its use is not actively prevented. As of Ratpack 1.9.0, the default value is a securely randomly generated value, generated at application startup time. As a workaround, supply an alternative signing key, as per the documentation’s recommendation. 2021-06-29 not yet calculated CVE-2021-29480MISCCONFIRM ratpack — ratpack Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if the cache key does not include the `X-Forwarded-Host` header as a cache key. Users are only vulnerable if they do not configure a custom `PublicAddress` instance. For versions prior to 1.9.0, by default, Ratpack utilizes an inferring version of `PublicAddress` which is vulnerable. This can be used to perform redirect cache poisoning where an attacker can force a cached redirect to redirect to their site instead of the intended redirect location. The vulnerability was patched in Ratpack 1.9.0. As a workaround, ensure that `ServerConfigBuilder::publicAddress` correctly configures the server in production. 2021-06-29 not yet calculated CVE-2021-29479MISCCONFIRM ratpack — ratpack Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. For this to be a vulnerability, some kind of sensitive data would need to be stored in the session and the session cookie would have to leak. For example, the cookies are not configured with httpOnly and an adjacent XSS vulnerability within the site allowed capture of the cookies. As of version 1.9.0, a securely randomly generated signing key is used. As a workaround, one may supply an encryption key, as per the documentation recommendation. 2021-06-29 not yet calculated CVE-2021-29481MISCCONFIRM ratpack — ratpack Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution (RCE) via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one’s application does not use Ratpack’s session mechanism, it is not vulnerable. Ratpack 1.9.0 introduces a strict allow-list mechanism that mitigates this vulnerability when used. Two possible workarounds exist. The simplest mitigation for users of earlier versions is to reduce the likelihood of attackers being able to write to the session data store. Alternatively or additionally, the allow-list mechanism could be manually back ported by providing an alternative implementation of `SessionSerializer` that uses an allow-list. 2021-06-29 not yet calculated CVE-2021-29485MISCCONFIRM rawspeed — rawspeed   RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in TableLookUp::setTable. 2021-07-01 not yet calculated CVE-2018-25017MISCMISCMISC record-like-deep-assign — record-like-deep-assign All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. 2021-07-02 not yet calculated CVE-2021-23402CONFIRMCONFIRM samtools — htslib   HTSlib 1.10 through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read). 2021-07-01 not yet calculated CVE-2020-36403MISCMISCMISC selinux_project — selinux The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). 2021-07-01 not yet calculated CVE-2021-36086MISCMISCMISC selinux_project — selinux The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). 2021-07-01 not yet calculated CVE-2021-36085MISCMISCMISC selinux_project — selinux The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). 2021-07-01 not yet calculated CVE-2021-36084MISCMISCMISC selinux_project — selinux   The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). NOTE: bad0a746e9f4cf260dedba5828d9645d50176aac is cited in the OSV “fixed” field but does not have a code change. 2021-07-01 not yet calculated CVE-2021-36087MISCMISCMISC seromq — libzmq   ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235. 2021-07-01 not yet calculated CVE-2020-36400MISCMISCMISC sita — azurcms A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA. 2021-07-02 not yet calculated CVE-2021-27950MISCMISCMISCMISC sloan — smartfaucets   There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. It is possible to use the Bluetooth Low Energy (BLE) connectivity to read and write to many BLE characteristics on the device. Some of these control the flow of water, the sensitivity of the sensors, and information about maintenance. 2021-06-30 not yet calculated CVE-2021-20107MISC sourcecodester — phone_shop_sales_managements_system   Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter. 2021-07-01 not yet calculated CVE-2021-35337MISC stellar — js-stellar-sdk   js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The `Utils.readChallengeTx` function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the `serverAccountID` has signed the transaction. In js-stellar-sdk before version 8.2.3, the function does not verify that the server has signed the transaction. Applications that also used `Utils.verifyChallengeTxThreshold` or `Utils.verifyChallengeTxSigners` to verify the signatures including the server signature on the challenge transaction are unaffected as those functions verify the server signed the transaction. Applications calling `Utils.readChallengeTx` should update to version 8.2.3, the first version with a patch for this vulnerability, to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction. 2021-07-02 not yet calculated CVE-2021-32738CONFIRMMISC stormshield — stormshield An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. 2021-07-01 not yet calculated CVE-2021-28127MISCMISC sulu — sulu   Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating. 2021-07-02 not yet calculated CVE-2021-32737CONFIRMMISC suse — linux_enterprise_server A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions. 2021-06-30 not yet calculated CVE-2021-25321CONFIRM suse — linux_enterprise_server   A Use of Password Hash Instead of Password for Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4. 2021-06-30 not yet calculated CVE-2019-18906CONFIRM symantec — advanced_secure_gateway   The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance. 2021-06-30 not yet calculated CVE-2021-30648MISC synacor — zimbra_collaboration_suite   An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against the whitelist of hosts Zimbra is allowed to proxy to (the zimbraProxyAllowedDomains setting). 2021-07-02 not yet calculated CVE-2021-35209MISCMISCMISCMISC synacor — zimbra_collaboration_suite   An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document. 2021-07-02 not yet calculated CVE-2021-35208MISCMISCMISCMISC synacor — zimbra_collaboration_suite   An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url. 2021-07-02 not yet calculated CVE-2021-35207MISCMISCMISCMISC synacor — zimbra_collaboration_suite   An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL via isredirect=1&redirectURL= in conjunction with the token data (e.g., a valid authtoken= value). 2021-07-02 not yet calculated CVE-2021-34807MISCMISCMISCMISC teachers_record_management_system — teachers_record_managemet_system Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the ‘editid’ GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the ‘searchdata’ POST parameter in search.php. 2021-07-01 not yet calculated CVE-2021-28423MISCMISCMISCMISC teachers_record_management_system — teachers_record_managemet_system A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the ’email’ POST parameter in adminprofile.php. 2021-07-01 not yet calculated CVE-2021-28424MISCMISCMISCMISC tensorflow — tensorflow   ** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor’s position is that tf.keras.utils.get_file is not intended for untrusted archives. 2021-06-30 not yet calculated CVE-2021-35958MISCMISCMISCMISCMISC tesseract_ocr — tesseract   Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call. 2021-07-01 not yet calculated CVE-2021-36081MISCMISCMISC think-js — think-helper   think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. The vulnerability is patched in version 1.1.3. 2021-06-30 not yet calculated CVE-2021-32736CONFIRM tibco — multiple products The Windows Installation component of TIBCO Software Inc.’s TIBCO Enterprise Runtime for R – Server Edition, TIBCO Enterprise Runtime for R – Server Edition, TIBCO Enterprise Runtime for R – Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO Enterprise Runtime for R – Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R – Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R – Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0. 2021-06-29 not yet calculated CVE-2021-23275CONFIRMCONFIRM tibco — multiple products The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.’s TIBCO Enterprise Runtime for R – Server Edition, TIBCO Enterprise Runtime for R – Server Edition, TIBCO Enterprise Runtime for R – Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.’s TIBCO Enterprise Runtime for R – Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R – Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R – Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0. 2021-06-29 not yet calculated CVE-2021-28830CONFIRMCONFIRM tieline — ip_audio_gateway   Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web Administrative Interface could allow an unauthenticated user to access a sensitive part of the system with a high privileged account. 2021-07-01 not yet calculated CVE-2021-35336MISC torproject — tor   An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor 2021-06-29 not yet calculated CVE-2021-34550MISCCONFIRM torproject — tor   An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency. 2021-06-29 not yet calculated CVE-2021-34549MISCCONFIRM torproject — tor   An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream. 2021-06-29 not yet calculated CVE-2021-34548MISCCONFIRM ts-nodash — ts-nodash All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input. 2021-07-02 not yet calculated CVE-2021-23403MISCMISC unetworking — uwebsockets   uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). 2021-07-01 not yet calculated CVE-2020-36406MISCMISCMISC veeam — veeam   Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. 2021-06-30 not yet calculated CVE-2021-35971MISCMISC western_digital — multiple_products   Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472. 2021-06-29 not yet calculated CVE-2021-35941MISCMISC xen — xen Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer. 2021-06-29 not yet calculated CVE-2021-28691MISC xen — xen x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn’t restored after S3 suspend. 2021-06-29 not yet calculated CVE-2021-28690MISC xen — xen xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs…) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must “scrub” them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm. 2021-06-30 not yet calculated CVE-2021-28693MISC xen — xen inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU spin-waits for the completion of the most recently issued command(s). Some of these waiting loops try to apply a timeout to fail overly-slow commands. The course of action upon a perceived timeout actually being detected is inappropriate: – on Intel hardware guests which did not originally cause the timeout may be marked as crashed, – on AMD hardware higher layer callers would not be notified of the issue, making them continue as if the IOMMU operation succeeded. 2021-06-30 not yet calculated CVE-2021-28692MISC xml2dict — xml2dict XXE vulnerability in ‘XML2Dict’ version 0.2.2 allows an attacker to cause a denial of service. 2021-06-30 not yet calculated CVE-2021-25951MISC xwiki — xwiki   XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions prior to 12.10.5, and in versions 13.0 through 13.1. It’s possible for forge an URL that, when accessed by an admin, will reset the password of any user in XWiki. The problem has been patched in XWiki 12.10.5 and 13.2RC1. As a workaround, it is possible to apply the patch manually by modifying the `register_macros.vm` template. 2021-07-01 not yet calculated CVE-2021-32730CONFIRMMISCMISC xwiki — xwiki   XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between (and including) versions 13.1RC1 and 13.1, the reset password form reveals the email address of users just by giving their username. The problem has been patched on XWiki 13.2RC1. As a workaround, it is possible to manually modify the `resetpasswordinline.vm` to perform the changes made to mitigate the vulnerability. 2021-07-01 not yet calculated CVE-2021-32731MISCCONFIRMMISC xwiki — xwiki   XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user with Script rights and does not require Programming rights. An attacher with script rights who is able to reset the authentication failure record might perform a brute force attack, since they would be able to virtually deactivate the mechanism introduced to mitigate those attacks. The problem has been patched in version 12.6.8, 12.10.4 and 13.0. There are no workarounds aside from upgrading. 2021-07-01 not yet calculated CVE-2021-32729CONFIRMMISC zoho — manageengine_adselfservice_plus   Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. 2021-07-02 not yet calculated CVE-2021-31874MISC zoho — manageengine_applications_manager   Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. 2021-07-01 not yet calculated CVE-2021-31813MISC zyxel — firmware   An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device. 2021-07-02 not yet calculated CVE-2021-35029MISC Back to top This product is provided subject to this Notification and this Privacy & Use policy.

  • Vulnerability Summary for the Week of June 21, 2021
    by CISA on June 28, 2021 at 12:23 pm

    Original release date: June 28, 2021 High VulnerabilitiesPrimary Vendor — ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache — nuttxApache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.2021-06-217.5CVE-2021-26461CONFIRMautoptimize — autoptimizeThe Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the “Import Settings” feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP file in it and then it is not removed from the disk. It is a bypass of CVE-2020-24948 which allows sending a PHP file via the “Import Settings” functionality to achieve Remote Code Execution.2021-06-217.5CVE-2021-24376CONFIRMayecode — location_managerIn the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues.2021-06-217.5CVE-2021-24361MISCCONFIRMcleo — lexicomAn issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.2021-06-187.5CVE-2021-33576MISCMISCcontiki-ng — contiki-ngContiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offset that is unvalidated. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround.2021-06-187.5CVE-2021-21281MISCCONFIRMcontiki-ng — contiki-ngContiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checked to be within the available space, thereby making it possible to write outside the buffer. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround.2021-06-187.5CVE-2021-21280MISCCONFIRMcontiki-ng — contiki-ngContiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of attack can effectively shut down the operation of the system because of the cooperative scheduling used for the main parts of Contiki-NG and its communication stack. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround.2021-06-187.8CVE-2021-21279CONFIRMcontiki-ng — contiki-ngContiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG’s two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround.2021-06-187.5CVE-2021-21282MISCCONFIRMgoogle — androidIn updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-1692557972021-06-217.2CVE-2021-0478MISCgoogle — androidIn handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-1818600422021-06-218.3CVE-2021-0507MISCgoogle — androidIn the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1799750482021-06-217.2CVE-2021-0505MISCgoogle — androidIn p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-1816604482021-06-217.5CVE-2021-0516MISCgreenbone — greenbone_security_assistantGreenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection.2021-06-217.5CVE-2018-25016MISCMISCjenkins — generic_webhook_triggerJenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2021-06-187.5CVE-2021-21669CONFIRMMLISTjoomla — joomla\!Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.2021-06-217.5CVE-2010-1435MISCMISCjoomla — joomla\!Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.2021-06-217.5CVE-2010-1433MISCMISCprimion-digitek — secure_8Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.2021-06-187.5CVE-2021-3604CONFIRMCONFIRMradykal — fancy_product_designerThe Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.2021-06-217.5CVE-2021-24370MISCCONFIRMserenityos — serenityosSerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.2021-06-187.5CVE-2021-31272MISCMISCMISCCONFIRMtextpattern — textpatternTextpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.2021-06-217.5CVE-2020-19510MISCtxjia — imcatSQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.2021-06-237.5CVE-2020-20392MISCwhite_shark_systems_project — white_shark_systemsWhite Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user.2021-06-217.5CVE-2020-20466MISCwhite_shark_systems_project — white_shark_systemsWhite Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.2021-06-219CVE-2020-20471MISCBack to top Medium VulnerabilitiesPrimary Vendor — ProductDescriptionPublishedCVSS ScoreSource & Patch Info5none — nonecmsInformation Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component “/nonecms/vendor”.2021-06-225CVE-2020-18647MISC5none — nonecmsInformation Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component “/public/index.php”.2021-06-225CVE-2020-18646MISCaccellion — kiteworksAccellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access.2021-06-234.6CVE-2021-31585CONFIRMMISCaccellion — kiteworksAccellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search.2021-06-236.5CVE-2021-31586MISCCONFIRMadvantech — webaccess\/scadaAdvantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.2021-06-186.8CVE-2021-32954MISCadvantech — webaccess\/scadaAdvantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.2021-06-185.8CVE-2021-32956MISCakaunting — akauntingAkaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened.2021-06-216.8CVE-2020-22390MISCautomattic — jetpackThe Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a “carousel” type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.2021-06-215CVE-2021-24374CONFIRMMISCautoptimize — autoptimizeThe Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the ‘Import Settings’ feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948.2021-06-216.8CVE-2021-24377CONFIRMbosch — b426_firmwareThis vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.2021-06-186.8CVE-2021-23845CONFIRMbosch — b426_firmwareWhen using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021.2021-06-184.3CVE-2021-23846CONFIRMcleo — lexicomAn issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain.2021-06-185CVE-2021-33577MISCMISCcollne — welcartCross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.2021-06-224.3CVE-2021-20734MISCMISCcolor-string_project — color-stringA Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string.2021-06-215CVE-2021-29060MISCMISCMISCMISCcontiki-ng — contiki-ngContiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it possible for an attacker to cause out-of-bounds writes with packets injected into the network stack. Specifically, the problem lies in the rpl_ext_header_srh_update function in the two rpl-ext-header.c modules for RPL-Classic and RPL-Lite respectively. The addr_ptr variable is calculated using an unvalidated CMPR field value from the source routing header. An out-of-bounds write can be triggered on line 151 in os/net/routing/rpl-lite/rpl-ext-header.c and line 261 in os/net/routing/rpl-classic/rpl-ext-header.c, which contain the following memcpy call with addr_ptr as destination. The problem has been patched in Contiki-NG 4.6. Users can apply a patch out-of-band as a workaround.2021-06-185CVE-2021-21257MISCCONFIRMcontiki-ng — contiki-ngContiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not perform proper boundary checks when reading from the packet buffer. Hence, it is possible to construct a compressed 6LoWPAN packet that will read more bytes than what is available from the packet buffer. As of time of publication, there is not a release with a patch available. Users can apply the patch for this vulnerability out-of-band as a workaround.2021-06-186.4CVE-2021-21410CONFIRMMISCec-cube — business_form_outputCross-site scripting vulnerability in EC-CUBE Category contents plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.2021-06-224.3CVE-2021-20744MISCMISCec-cube — business_form_outputCross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector.2021-06-224.3CVE-2021-20742MISCMISCec-cube — email_newsletters_managementCross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation.2021-06-224.3CVE-2021-20743MISCMISCexpresstech — quiz_and_survey_masterThe Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link2021-06-204.3CVE-2021-24368CONFIRMget-simple — getsimplecmsCross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.2021-06-234.3CVE-2020-18658MISCMISCMISCget-simple — getsimplecmsCross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php2021-06-234.3CVE-2020-18659MISCMISCMISCgetastra — wp_hardeningThe WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER[‘REQUEST_URI’] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue.2021-06-214.3CVE-2021-24372CONFIRMgetastra — wp_hardeningThe WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue.2021-06-214.3CVE-2021-24373CONFIRMgitpod — gitpodGitpod before 0.6.0 allows unvalidated redirects.2021-06-225.8CVE-2021-35206MISCMISCMISCMISCMISCMISCMISCMISCgoogle — androidIn archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1804196732021-06-224.6CVE-2021-0539MISCgoogle — androidIn dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1767566912021-06-224.6CVE-2021-0536MISCgoogle — androidIn wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1683147412021-06-224.6CVE-2021-0535MISCgoogle — androidIn halWrapperDataCallback of hal_wrapper.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1693285172021-06-224.6CVE-2021-0540MISCgoogle — androidIn RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1791617112021-06-225CVE-2021-0555MISCgoogle — androidIn ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-1741821392021-06-215CVE-2021-0522MISCgoogle — androidIn ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-1819623112021-06-216.9CVE-2021-0506MISCgoogle — androidIn permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1706395432021-06-224.6CVE-2021-0534MISCgoogle — androidIn memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1851952722021-06-214.6CVE-2021-0531MISCgoogle — androidIn memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1851961752021-06-214.6CVE-2021-0530MISCgoogle — androidIn memory management driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1851952682021-06-214.6CVE-2021-0529MISCgoogle — androidIn memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1851952662021-06-214.6CVE-2021-0528MISCgoogle — androidIn memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1851939312021-06-214.6CVE-2021-0527MISCgoogle — androidIn phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1692587432021-06-224.6CVE-2021-0543MISCgoogle — androidIn memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1851952642021-06-214.6CVE-2021-0526MISCgoogle — androidIn memory management driver, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1851939292021-06-214.6CVE-2021-0525MISCgoogle — androidIn deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-1560908092021-06-214.6CVE-2021-0513MISCgoogle — androidIn __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel2021-06-214.6CVE-2021-0512MISCgoogle — androidIn Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-1780557952021-06-214.6CVE-2021-0511MISCgoogle — androidIn pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1103734762021-06-224.9CVE-2021-0605MISCgoogle — androidIn updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1790538232021-06-215CVE-2021-0517MISCgoogle — androidIn sendBugreportNotification of BugreportProgressService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1788038452021-06-224.6CVE-2021-0570MISCgoogle — androidIn phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1692577102021-06-224.6CVE-2021-0544MISCgoogle — androidIn onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-1740474922021-06-214.4CVE-2021-0523MISCgoogle — androidIn bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1805180392021-06-224.3CVE-2021-0551MISCgoogle — androidIn setRange of ABuffer.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1790461292021-06-226.8CVE-2021-0557MISCgoogle — androidIn fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1734739062021-06-224.3CVE-2021-0558MISCgoogle — androidIn Lag_max of p_ol_wgh.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1723127302021-06-224.3CVE-2021-0559MISCgoogle — androidIn wrapUserThread of AudioStream.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1748019702021-06-224.4CVE-2021-0565MISCgoogle — androidIn decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1764956652021-06-224.4CVE-2021-0564MISCgoogle — androidIn onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1699360382021-06-224.4CVE-2021-0553MISCgoogle — androidIn onCreate of EmergencyCallbackModeExitDialog.java, there is a possible exit of emergency callback mode due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1788214912021-06-224.4CVE-2021-0538MISCgoogle — androidIn onCreate of WiFiInstaller.java, there is a possible way to install a malicious Hotspot 2.0 configuration due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1767561412021-06-224.4CVE-2021-0537MISCgoogle — androidIn memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1851939322021-06-214.4CVE-2021-0533MISCgoogle — androidIn memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1851961772021-06-214.4CVE-2021-0532MISCgoogle — androidIn several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-1762375952021-06-214.4CVE-2021-0520MISCgoogle — androidIn phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1692588842021-06-224.6CVE-2021-0545MISCgoogle — androidIn various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-1764441612021-06-214.4CVE-2021-0509MISCgoogle — androidIn handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1748707042021-06-224.6CVE-2021-0608MISCgoogle — androidIn iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware port write with user controlled data due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1809502092021-06-224.6CVE-2021-0607MISCgoogle — androidIn drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1680344872021-06-224.6CVE-2021-0606MISCgoogle — androidIn ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1373959362021-06-224.6CVE-2021-0571MISCgoogle — androidIn decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-1764446222021-06-214.6CVE-2021-0510MISCgoogle — androidIn onReceive of DevicePolicyManagerService.java, there is a possible enabling of disabled profiles due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1701212382021-06-224.6CVE-2021-0568MISCgoogle — androidIn isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1794618122021-06-224.6CVE-2021-0567MISCgoogle — androidIn onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1796886732021-06-224.6CVE-2021-0550MISCgoogle — androidIn rw_i93_send_to_lower of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1576503572021-06-224.6CVE-2021-0548MISCgoogle — androidIn onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1741510482021-06-224.6CVE-2021-0547MISCgoogle — androidIn phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1692587332021-06-224.6CVE-2021-0546MISCgoogle — androidIn various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-1764441542021-06-216.9CVE-2021-0508MISCgreenbone — greenbone_security_assistantGreenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad.2021-06-214.3CVE-2019-25047MISCMISCMISChisiphp — hisiphpCross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the group name in addgroup.html.2021-06-214.3CVE-2020-21130MISCicehrm — icehrmA cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users’ passwords.2021-06-226.8CVE-2021-34244MISCicehrm — icehrmA session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.2021-06-225.8CVE-2021-35046MISCicehrm — icehrmCross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint.2021-06-224.3CVE-2021-35045MISCincrements — qiita_markdownIncrements Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796.2021-06-214.3CVE-2021-28833MISCMISCis-svg_project — is-svgA vulnerability was discovered in IS-SVG version 4.3.1 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string.2021-06-215CVE-2021-29059MISCMISCMISCMISCjoomla — joomla\!Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.2021-06-215CVE-2010-1434MISCMISCjoomla — joomla\!Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.2021-06-215CVE-2010-1432MISCMISCjuqingcms — juqingcmsCross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote attackers to gain local privileges via the component “JuQingCMS_v1.0/admin/index.php?c=administrator&a=add”.2021-06-226.8CVE-2020-18648MISCmcusystem — mcusystemThe login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks.2021-06-184.3CVE-2021-32536MISCmetinfo — metinfoCross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php.2021-06-214.3CVE-2020-21517MISCMISCMISCmoxa — mgate_mb3180_firmwareAn issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.2021-06-185CVE-2021-33824MISCMISCMISCmoxa — mgate_mb3180_firmwareAn issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service’s resource exhausted. Then the web server is denial-of-service.2021-06-185CVE-2021-33823MISCMISCmozilla — firefoxFirefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.2021-06-244.3CVE-2021-29962MISCMISCmozilla — firefoxWhen drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.0.1.2021-06-245.8CVE-2021-29968MISCMISCmozilla — firefoxMozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89.2021-06-246.8CVE-2021-29966MISCMISCmozilla — firefoxWhen Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.2021-06-245.1CVE-2021-29952MISCMISCmozilla — firefoxMozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.2021-06-246.8CVE-2021-29947MISCMISCmozilla — firefoxPorts that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.2021-06-246.8CVE-2021-29946MISCMISCMISCMISCmozilla — firefoxWhen a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS < 34.2021-06-244.3CVE-2021-29958MISCMISCmozilla — firefoxMozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.2021-06-246.8CVE-2021-29967MISCMISCMISCMISCmozilla — thunderbirdThunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1.2021-06-245CVE-2021-29950MISCMISCmpmath — mpmathA Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called.2021-06-215CVE-2021-29063MISCMISCMISCMISCnvidia — jetson_linuxBootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might allow an attacker to control all the RAM after the heap block, leading to denial of service or code execution.2021-06-214.6CVE-2021-34388CONFIRMopenbsd — openbsdIt was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.2021-06-225CVE-2010-4816MISCMISCMISCowasp — enterprise_security_api_for_javaIt was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.2021-06-224.3CVE-2010-3300MISCMISCphpgurukul — hospital_management_system_in_phpPHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.2021-06-225CVE-2020-22164MISCphpgurukul — hospital_management_system_in_phpPHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.2021-06-225CVE-2020-22166MISCphpgurukul — hospital_management_system_in_phpPHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.2021-06-225CVE-2020-22165MISCphpgurukul — hospital_management_system_in_phpPHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.2021-06-225CVE-2020-22173MISCphpgurukul — hospital_management_system_in_phpPHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.2021-06-225CVE-2020-22175MISCphpgurukul — hospital_management_system_in_phpPHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.2021-06-225CVE-2020-22174MISCphpgurukul — hospital_management_system_in_phpPHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.2021-06-225CVE-2020-22176MISCphpgurukul — hospital_management_system_in_phpPHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.2021-06-225CVE-2020-22172MISCphpgurukul — hospital_management_system_in_phpPHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.2021-06-225CVE-2020-22171MISCphpgurukul — hospital_management_system_in_phpPHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.2021-06-225CVE-2020-22169MISCphpgurukul — hospital_management_system_in_phpPHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.2021-06-225CVE-2020-22168MISCMISCphpgurukul — hospital_management_system_in_phpPHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.2021-06-225CVE-2020-22170MISCphpipam — phpipamphpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator.2021-06-234.3CVE-2021-35438MISCpowerarchiver — powerarchiverThe XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack).2021-06-214.3CVE-2021-28684MISCMISCprototypejs — prototypeAn issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 version 1.6 and below where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags.2021-06-215CVE-2020-27511MISCMISCMISCriot-os — riotRIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.2021-06-185CVE-2021-31660MISCCONFIRMriot-os — riotRIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to obtain sensitive information.2021-06-185CVE-2021-31661MISCCONFIRMriot-os — riotRIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information.2021-06-185CVE-2021-31662CONFIRMMISCriot-os — riotRIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information.2021-06-185CVE-2021-31663MISCMISCCONFIRMriot-os — riotRIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.2021-06-185CVE-2021-31664MISCCONFIRMserenityos — serenityosSerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.2021-06-185CVE-2021-33185CONFIRMserenityos — serenityosSerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.2021-06-185CVE-2021-33186CONFIRMsing4g — 4gee_router_hh70vb_firmwareAn issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.2021-06-185CVE-2021-33822MISCMISCMISCsonatype — nexus_repository_managerSonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.2021-06-184CVE-2021-34553CONFIRMstriptags_project — striptagsThe npm package “striptags” is an implementation of PHP’s strip_tags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function. This can lead to a XSS.2021-06-185CVE-2021-32696MISCMISCCONFIRMMISCsynology — calendarUse of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.2021-06-185CVE-2021-34812CONFIRMsynology — download_stationServer-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.2021-06-184CVE-2021-34811CONFIRMsynology — download_stationImproper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.2021-06-186.5CVE-2021-34810CONFIRMsynology — download_stationImproper neutralization of special elements used in a command (‘Command Injection’) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.2021-06-186.5CVE-2021-34809CONFIRMsynology — media_serverServer-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.2021-06-185CVE-2021-34808CONFIRMtheologeek — manuskript** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor’s position is that the product is not intended for opening an untrusted project file.2021-06-216.8CVE-2021-35196MISCMISCtielabs — jannahThe Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.2021-06-214.3CVE-2021-24364CONFIRMtypesettercms — typesetterCross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes,2021-06-214.3CVE-2020-19511MISCMISCui — camera_g3_flex_firmwareAn issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service’s resource exhausted. Then the web server is denial-of-service.2021-06-185CVE-2021-33820MISCMISCMISCui — camera_g3_flex_firmwareAn issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.2021-06-185CVE-2021-33818MISCMISCMISCvanillaforums — vanilla_forumsIt was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.2021-06-224.3CVE-2010-4264MISCMISCvanillaforums — vanilla_forumsIt was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.2021-06-225.8CVE-2010-4266MISCvfsjfilechooser2_project — vfsjfilechooser2A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs.2021-06-215CVE-2021-29061MISCMISCMISCMISCMISCvmware — toolsVMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system.2021-06-184.9CVE-2021-21997MISCwhite_shark_systems_project — white_shark_systemsWhite Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information.2021-06-215CVE-2020-20469MISCwhite_shark_systems_project — white_shark_systemsWhite Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task.2021-06-216.4CVE-2020-20467MISCwhite_shark_systems_project — white_shark_systemsWhite Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password.2021-06-214.3CVE-2020-20468MISCwhite_shark_systems_project — white_shark_systemsWhite Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability.2021-06-215CVE-2020-20470MISCwhite_shark_systems_project — white_shark_systemsWhite Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site.2021-06-215CVE-2020-20472MISCwhite_shark_systems_project — white_shark_systemsWhite Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.2021-06-215CVE-2020-20474MISCwhite_shark_systems_project — white_shark_systemsWhite Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.2021-06-215CVE-2020-20473MISCwuzhicms — wuzhicmsCross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the “Title” parameter in the component “/coreframe/app/guestbook/myissue.php”.2021-06-224.3CVE-2020-18654MISCzettlr — zettlrNo filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file.2021-06-184.3CVE-2021-26835MISCMISCzziplib_project — zziplibInfinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value “zzip_file_read” in the function “unzzip_cat_file”.2021-06-184.3CVE-2020-18442MISCBack to top Low VulnerabilitiesPrimary Vendor — ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadmincolumns — admin_columnsThe Admin Columns Free WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1, rendered input on the posted pages with improper input validation on the value passed into the field ‘Label’ parameter, by taking this as an advantage an authenticated attacker can supply a crafted arbitrary script and execute it.2021-06-213.5CVE-2021-24366CONFIRMMISCautoptimize — autoptimizeThe Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the ‘Import Settings’ feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execute when a victim visits index.html inside the plugin directory.2021-06-213.5CVE-2021-24378CONFIRMayecode — getpaidIn the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is triggered when the form will be edited, for example when an admin reviews it and could lead to privilege escalation.2021-06-213.5CVE-2021-24369CONFIRMchecksec — canopyCheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter.2021-06-183.5CVE-2021-34815MISCMISCMISCcodecabin — wp_google_mapsThe WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue2021-06-213.5CVE-2021-24383CONFIRMMISCget-simple — getsimplecmsCross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.2021-06-233.5CVE-2020-20391MISCget-simple — getsimplecmsCross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,2021-06-233.5CVE-2021-28977MISCget-simple — getsimplecmsCross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php.2021-06-233.5CVE-2020-20389MISCgoogle — androidIn onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1740458702021-06-221.9CVE-2021-0569MISCgoogle — androidIn sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1839618962021-06-222.1CVE-2021-0549MISCgoogle — androidIn doNotification of AccountManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1779313552021-06-222.1CVE-2021-0572MISCgoogle — androidIn accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1758944362021-06-222.1CVE-2021-0566MISCgoogle — androidIn ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1729083582021-06-222.1CVE-2021-0563MISCgoogle — androidIn RasterIntraUpdate of motion_est.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1760846482021-06-222.1CVE-2021-0562MISCgoogle — androidIn append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1743026832021-06-222.1CVE-2021-0561MISCgoogle — androidIn getBlockSum of fastcodemb.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1727169412021-06-222.1CVE-2021-0556MISCgoogle — androidIn isBackupServiceActive of BackupManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1584821622021-06-222.1CVE-2021-0554MISCgoogle — androidIn getEndItemSliceAction of MediaOutputSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1751248202021-06-222.1CVE-2021-0552MISCgoogle — androidIn updateNotification of BeamTransferManager.java, there is a missing permission check. This could lead to local information disclosure of paired Bluetooth addresses with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1687128902021-06-222.1CVE-2021-0542MISCgoogle — androidIn phNxpNciHal_ext_process_nfc_init_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1692584552021-06-222.1CVE-2021-0541MISCgoogle — androidIn getAllPackages of PackageManagerService, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of cross-user permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-1746619552021-06-212.1CVE-2021-0521MISCgoogle — androidIn avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1791626652021-06-213.3CVE-2021-0504MISCicehrm — icehrmA stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file.2021-06-223.5CVE-2021-34243MISCjpress — jpressAn issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur.2021-06-183.5CVE-2021-33347MISCMISCphpgurukul — hospital_management_system_in_phpPHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.2021-06-223.5CVE-2020-22167MISCpodsfoundation — podsThe Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the ‘Menu Label’ field parameter.2021-06-213.5CVE-2021-24339MISCCONFIRMpodsfoundation — podsThe Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the ‘Singular Label’ field parameter.2021-06-213.5CVE-2021-24338CONFIRMMISCwp_config_file_editor_project — wp_config_file_editorThe WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability.2021-06-213.5CVE-2021-24367CONFIRMznote — znoteA cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode.2021-06-183.5CVE-2021-26834MISCMISCBack to top Severity Not Yet AssignedPrimary Vendor — ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadvantech — webaccess_hmi_designer  Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior).2021-06-24not yet calculatedCVE-2021-33002MISCadvantech — webaccess_hmi_designer  Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).2021-06-24not yet calculatedCVE-2021-33000MISCadvantech — webaccess_hmi_designer  The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).2021-06-24not yet calculatedCVE-2021-33004MISCampache — ampache  Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3.2021-06-22not yet calculatedCVE-2021-32644CONFIRMMISCauth0 — auth0  The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including `1.4.1` are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the `error` query parameter which is then processed by the callback handler as an error message. You are affected by this vulnerability if you are using `@auth0/nextjs-auth0` version `1.4.1` or lower **unless** you are using custom error handling that does not return the error message in an HTML response. Upgrade to version `1.4.1` to resolve. The fix adds basic HTML escaping to the error message and it should not impact your users.2021-06-25not yet calculatedCVE-2021-32702MISCCONFIRMMISCautodesk — autodesk_dwg  An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.2021-06-25not yet calculatedCVE-2021-27043MISCautodesk — dwg  A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code.2021-06-25not yet calculatedCVE-2021-27041MISCautodesk — dwg  A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.2021-06-25not yet calculatedCVE-2021-27042MISCautodesk — dwg  A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.2021-06-25not yet calculatedCVE-2021-27040MISCavaya — aura_appliance_virtualization_platform_utilities  A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU.2021-06-24not yet calculatedCVE-2021-25653MISCavaya — aura_appliance_virtualization_platform_utilities  An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.2021-06-24not yet calculatedCVE-2021-25652MISCavaya — aura_device_services  An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.2021-06-25not yet calculatedCVE-2021-25654MISCavaya — aura_experience_portal  A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).2021-06-24not yet calculatedCVE-2021-25655MISCavaya — aura_experience_portal_web  Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).2021-06-24not yet calculatedCVE-2021-25656MISCavaya — aura_utility_services  ** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services.2021-06-24not yet calculatedCVE-2021-25649MISCavaya — aura_utility_services  ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services.2021-06-24not yet calculatedCVE-2021-25650MISCavaya — aura_utility_services  ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services.2021-06-24not yet calculatedCVE-2021-25651MISCballerina-platform — ballerina-lang  Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate checking was ignored. The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables. This has been patched in Ballerina 1.2.14 and Ballerina SwanLake alpha4.2021-06-22not yet calculatedCVE-2021-32700CONFIRMMISCbitdefender — bitdefender_total_security  Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.2021-06-22not yet calculatedCVE-2020-15732MISCbluetooth — bluetooth_core_specifications  Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.2021-06-25not yet calculatedCVE-2021-31615MISCMISCcatfish_cms — catfish_cms  A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “announcement_gonggao” parameter.2021-06-23not yet calculatedCVE-2020-23962MISCconnectwise_automate — connectwise_automate  An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132.2021-06-21not yet calculatedCVE-2021-35066MISCMISCcontao — contao  Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.2021-06-23not yet calculatedCVE-2021-35210CONFIRMCONFIRMcrmeb — crmeb  CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.2021-06-24not yet calculatedCVE-2020-21787MISCcrmeb — crmeb  In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php.2021-06-24not yet calculatedCVE-2020-21788MISCd-link — router  There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization.2021-06-24not yet calculatedCVE-2021-33346MISCMISCdell — biosconnect  Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.2021-06-24not yet calculatedCVE-2021-21573CONFIRMdell — biosconnect  Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.2021-06-24not yet calculatedCVE-2021-21574CONFIRMdell — biosconnect  Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.2021-06-24not yet calculatedCVE-2021-21572CONFIRMdell — uefi_bios  Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering.2021-06-24not yet calculatedCVE-2021-21571CONFIRMdhis2 — dhis2_core  DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the /api/trackedEntityInstances API endpoint in DHIS2 versions 2.34.4, 2.35.2, 2.35.3, 2.35.4, and 2.36.0. Earlier versions, such as 2.34.3 and 2.35.1 and all versions 2.33 and older are unaffected. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance. There are no known exploits of the security vulnerabilities addressed by these patch releases. However, we strongly recommend that all DHIS2 implementations using versions 2.34, 2.35 and 2.36 install these patches as soon as possible. There is no straightforward known workaround for DHIS2 instances using the Tracker functionality other than upgrading the affected DHIS2 server to one of the patches in which this vulnerability has been fixed. For implementations which do NOT use Tracker functionality, it may be possible to block all network access to POST to the /api/trackedEntityInstance endpoint as a temporary workaround while waiting to upgrade.2021-06-24not yet calculatedCVE-2021-32704CONFIRMdjvulibre — djvulibre  A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.2021-06-24not yet calculatedCVE-2021-32490MISCdjvulibre — djvulibre  A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.2021-06-24not yet calculatedCVE-2021-32493MISCdjvulibre — djvulibre  A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.2021-06-24not yet calculatedCVE-2021-32492MISCdjvulibre — djvulibre  A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences.2021-06-24not yet calculatedCVE-2021-3500MISCdjvulibre — djvulibre  A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.2021-06-24not yet calculatedCVE-2021-32491MISCeclipse — birt  In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.2021-06-25not yet calculatedCVE-2021-34427CONFIRMeclipse — jetty  For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.2021-06-22not yet calculatedCVE-2021-34428CONFIRMMLISTelabftw — elabftw  eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is “blind” because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0.2021-06-21not yet calculatedCVE-2021-32698MISCCONFIRMemote — interactive_remote_mouse  Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections.2021-06-24not yet calculatedCVE-2021-35448MISCMISCethereum — ethereum  An issue was discovered in function addMeByRC in the smart contract implementation for RC, an Ethereum token, allows attackers to transfer an arbitrary amount of tokens to an arbitrary address.2021-06-24not yet calculatedCVE-2020-17753MISCMISCMISCMISCMISCMISCMISCethereum — ethereum  Integer overflow vulnerability in payable function of a smart contract implementation for an Ethereum token, as demonstrated by the smart contract implemented at address 0xB49E984A83d7A638E7F2889fc8328952BA951AbE, an implementation for MillionCoin (MON).2021-06-24not yet calculatedCVE-2020-17752MISCMISCetinet — backbox  ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure (USER_AUTHENTICATE_) used for verifying the Password returns 0 (no error). The reason is that the user is not running the XYGate application. Hence, BBSV assumes the Password is correct. For H4.09, the affected version isT0954V04^AAO. For E4.09, the affected version is 22SEP2020.2021-06-25not yet calculatedCVE-2021-33895MISCMISCetuna — ec-cube  Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE.2021-06-22not yet calculatedCVE-2021-20735MISCMISCMISCMISCevernote — evernote  An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941.2021-06-24not yet calculatedCVE-2020-17759MISCf-secure — f-secure  A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.2021-06-21not yet calculatedCVE-2021-33572MISCMISCfidelis_network_and_deception — fidelis_network_and_deception_commandpost  Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.2021-06-25not yet calculatedCVE-2021-35049CONFIRMfidelis_network_and_deception — fidelis_network_and_deception_commandpost  User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions.2021-06-25not yet calculatedCVE-2021-35050CONFIRMfidelis_network_and_deception — fidelis_network_and_deception_commandpost  Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.2021-06-25not yet calculatedCVE-2021-35047CONFIRMfidelis_network_and_deception — fidelis_network_and_deception_commandpost  Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.2021-06-25not yet calculatedCVE-2021-35048CONFIRMfisco-bcos — fisco-bcos  The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably and crash. More details are shown at: https://github.com/FISCO-BCOS/FISCO-BCOS/issues/19512021-06-24not yet calculatedCVE-2021-35041MISCgetsimplecms — getsimplecms  Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.2021-06-23not yet calculatedCVE-2021-28976MISCgetsimplecms — getsimplecms  Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.2021-06-23not yet calculatedCVE-2020-18657MISCMISCMISCgetsimplecms — getsimplecms  GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.2021-06-23not yet calculatedCVE-2020-18660MISCMISCMISCgnuboard5 — gnuboard5  SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.2021-06-24not yet calculatedCVE-2020-18662MISCMISCMISCgnuboard5 — gnuboard5  Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_update.php.2021-06-24not yet calculatedCVE-2020-18663MISCMISCMISCgnuboard5 — gnuboard5  Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php.2021-06-24not yet calculatedCVE-2020-18661MISCMISCMISCgoogle — android  Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.2021-06-22not yet calculatedCVE-2021-20733MISCMISChelpu — helpu  A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input sanitization when communicating customer process.2021-06-24not yet calculatedCVE-2020-7862MISCMISChitachi — application_server_help_server  Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) version 10-11-01 and earlier) allows a remote attacker to inject an arbitrary script via unspecified vectors.2021-06-22not yet calculatedCVE-2021-20741MISCMISChpe — oneview_global_dashboard  A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32.2021-06-24not yet calculatedCVE-2021-26585MISChuawei — multiple products  There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service.2021-06-22not yet calculatedCVE-2021-22361MISChuawei — multiple products  There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include: IPS Module versions V500R005C00, V500R005C10, V500R005C20; NGFW Module versions V500R005C00,V500R005C10, V500R005C20; SeMG9811 versions V500R005C00; USG9500 versions V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, V500R001C80, V500R005C00, V500R005C10, V500R005C20.2021-06-22not yet calculatedCVE-2021-22342MISChuawei — multiple products  There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a Denial of Service (DoS).2021-06-22not yet calculatedCVE-2021-22383MISChuawei — multiple products  Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00.2021-06-22not yet calculatedCVE-2021-22382MISChuawei — multiple products  There is a race condition vulnerability in eCNS280_TD V100R005C00 and V100R005C10. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal.2021-06-22not yet calculatedCVE-2021-22378MISChuawei — multiple products  There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service.2021-06-22not yet calculatedCVE-2021-22377MISChuawei — multiple products  There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a function that handles an internal message contains an out-of-bounds read vulnerability. An attacker could crafted messages between system process, successful exploit could cause Denial of Service (DoS).2021-06-22not yet calculatedCVE-2021-22366MISChuawei — multiple products  There is an out of bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of internal message, successful exploit may cause the process and the service abnormal.2021-06-22not yet calculatedCVE-2021-22365MISChuawei — multiple products  There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices.2021-06-22not yet calculatedCVE-2021-22363MISCibm — db2  IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909.2021-06-24not yet calculatedCVE-2020-4885CONFIRMXFibm — db2  IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of service IBM X-Force ID: 203031.2021-06-24not yet calculatedCVE-2021-29777XFCONFIRMibm — db2  Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659.2021-06-24not yet calculatedCVE-2021-29703CONFIRMXFibm — db2  IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.2021-06-24not yet calculatedCVE-2021-20579XFCONFIRMibm — db2  IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbitrary files due to improper group permissions. IBM X-Force ID: 191945.2021-06-24not yet calculatedCVE-2020-4945XFCONFIRMibm — security_sevret_server  IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8.2) is vulnerable to a buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash. IBM X-Force ID: 184917.2021-06-25not yet calculatedCVE-2020-4609XFCONFIRMibm — security_sevret_server  IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8.2 ) could allow a local user to execute code due to improper integrity checks. IBM X-Force ID: 184919.2021-06-25not yet calculatedCVE-2020-4610XFCONFIRMibm — security_verify  IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking2021-06-25not yet calculatedCVE-2021-29676XFCONFIRMibm — security_verify  IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.2021-06-25not yet calculatedCVE-2021-29677CONFIRMXFibm — security_verify  IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. IBM X-Force ID: 199396.2021-06-25not yet calculatedCVE-2021-20583XFCONFIRMibos — ibos  In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php.2021-06-24not yet calculatedCVE-2020-21786MISCibos — ibos  In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter.2021-06-24not yet calculatedCVE-2020-21783MISCibos– ibos  In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability.2021-06-24not yet calculatedCVE-2020-21785MISCimagemagick — imagemagick  ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in semaphore.c and AcquireMagickMemory in memory.c.2021-06-25not yet calculatedCVE-2021-34183CONFIRMjfinal — jfinal  In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute2021-06-24not yet calculatedCVE-2021-31649MISCMISCjfinal — jfinal  An issue was discovered in JFinal framework v4.9.10 and below. The “set” method of the “Controller” class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.2021-06-24not yet calculatedCVE-2021-33348MISCjohnson_controls — exacqvision_enterprise_manager  exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.2021-06-24not yet calculatedCVE-2021-27658CERTCONFIRMjohnson_controls — exacqvision_web_service  exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.2021-06-24not yet calculatedCVE-2021-27659CERTCONFIRMleague — flysystem  Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.2021-06-24not yet calculatedCVE-2021-32708MISCMISCCONFIRMMISClinux — linux_kernel  In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.2021-06-23not yet calculatedCVE-2021-33624MISCCONFIRMCONFIRMlinux — linux_kernel  The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.2021-06-24not yet calculatedCVE-2020-28097MISCMISCMISCMISCmackron — miniaudio  Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h.2021-06-25not yet calculatedCVE-2021-34184CONFIRMmackron — miniaudio  Miniaudio 0.10.35 has an integer-based buffer overflow caused by an out-of-bounds left shift in drwav_bytes_to_u32 in miniaudio.h2021-06-25not yet calculatedCVE-2021-34185CONFIRMmisp — misp  app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.2021-06-25not yet calculatedCVE-2021-35502MISCmongo-express — mongo-express  mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, however this needs admin interaction on cell. 2: Data cells identified as media will be rendered as media, without being sanitized. Example of different renders: image, audio, video, etc. As an example of type 1 attack, an unauthorized user who only can send a large amount of data in a field of a document may use a payload with embedded javascript. This could send an export of a collection to the attacker without even an admin knowing. Other types of attacks such as dropping a database\collection are possible.2021-06-21not yet calculatedCVE-2021-21422MISCCONFIRMMISCmoodle — moodle  A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.2021-06-23not yet calculatedCVE-2021-21809MISCmozilla — firefoxA compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88.2021-06-24not yet calculatedCVE-2021-24001MISCMISCmozilla — firefoxA race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as &lt;input type=”file”&gt;) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88.2021-06-24not yet calculatedCVE-2021-24000MISCMISCmozilla — firefox  By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage’s viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox < 88.2021-06-24not yet calculatedCVE-2021-23996MISCMISCmozilla — firefox  Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.2021-06-24not yet calculatedCVE-2021-29963MISCMISCmozilla — firefox  Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.2021-06-24not yet calculatedCVE-2021-23997MISCMISCmozilla — firefox  When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89.2021-06-24not yet calculatedCVE-2021-29961MISCMISCmozilla — firefox  Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89.2021-06-24not yet calculatedCVE-2021-29960MISCMISCmozilla — firefox  Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 88.2021-06-24not yet calculatedCVE-2021-29944MISCMISCmozilla — firefox  When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89.2021-06-24not yet calculatedCVE-2021-29959MISCMISCmozilla — firefox  A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.2021-06-24not yet calculatedCVE-2021-29955MISCMISCMISCmozilla — firefox  A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.2021-06-24not yet calculatedCVE-2021-29965MISCMISCmozilla — firefox_esr_thunderbird_and_firefoxIf a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.2021-06-24not yet calculatedCVE-2021-23999MISCMISCMISCMISCmozilla — firefox_esr_thunderbird_and_firefoxA WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.2021-06-24not yet calculatedCVE-2021-23994MISCMISCMISCMISCmozilla — firefox_esr_thunderbird_and_firefoxWhen a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.2021-06-24not yet calculatedCVE-2021-24002MISCMISCMISCMISCmozilla — firefox_esr_thunderbird_and_firefoxWhen Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.2021-06-24not yet calculatedCVE-2021-23995MISCMISCMISCMISCmozilla — firefox_esr_thunderbird_and_firefox  Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.2021-06-24not yet calculatedCVE-2021-23998MISCMISCMISCMISCmozilla — firefox_esr_thunderbird_and_firefox  The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.2021-06-24not yet calculatedCVE-2021-29945MISCMISCMISCMISCmozilla — firefox_for_android  A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.*. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.2021-06-24not yet calculatedCVE-2021-29953MISCMISCmozilla — hubs_cloud  Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210428201255.2021-06-24not yet calculatedCVE-2021-29954MISCMISCmozilla — thunderbirdAn attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1.2021-06-24not yet calculatedCVE-2021-23993MISCMISCmozilla — thunderbirdThunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbird user may falsely conclude that the false user ID belongs to the correspondent. This vulnerability affects Thunderbird < 78.9.1.2021-06-24not yet calculatedCVE-2021-23992MISCMISCmozilla — thunderbird  Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10.2021-06-24not yet calculatedCVE-2021-29948MISCMISCmozilla — thunderbird  OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user’s local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2.2021-06-24not yet calculatedCVE-2021-29956MISCMISCmozilla — thunderbird  If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2.2021-06-24not yet calculatedCVE-2021-29957MISCMISCmozilla — thunderbird  If a Thunderbird user has previously imported Alice’s OpenPGP key, and Alice has extended the validity period of her key, but Alice’s updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice’s key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1.2021-06-24not yet calculatedCVE-2021-23991MISCMISCmozilla — thunderbird  When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn’t distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1.2021-06-24not yet calculatedCVE-2021-29949MISCMISCmozilla — thunderbird_ firefox_and_firefox_esr  A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.2021-06-24not yet calculatedCVE-2021-29964MISCMISCMISCMISCmozilla — thunderbird_firefox_and_firefox_esr  The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the ‘Stop’ command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1.2021-06-24not yet calculatedCVE-2021-29951MISCMISCMISCMISCmsi_dragon_center — msi_dragon_center  MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. This IOCTL provides the MmMapIoSpace feature for mapping physical memory.2021-06-21not yet calculatedCVE-2021-29337MISCmyq_x_smart — myq_server  MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The “Select server file” feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component.2021-06-21not yet calculatedCVE-2021-31769MISCneos — form  neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form Finishers cause side effects even if no form values have been sent. Form Finishers can be adjusted in a way that they only execute an action if the submitted form contains some expected data. Alternatively a custom Finisher can be added as first finisher. This regression was introduced with https://github.com/neos/form/commit/049d415295be8d4a0478ccba97dba1bb816495672021-06-21not yet calculatedCVE-2021-32697MISCMISCMISCCONFIRMMISCnvidia — geforce_experience  NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability where, if a user clicks on a maliciously formatted link that opens the GeForce Experience login page in a new browser tab instead of the GeForce Experience application and enters their login information, the malicious site can get access to the token of the user login session. Such an attack may lead to these targeted users’ data being accessed, altered, or lost.2021-06-25not yet calculatedCVE-2021-1073CONFIRMnvidia — nvidia_mb2  Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.2021-06-22not yet calculatedCVE-2021-34397CONFIRMnvidia — nvidia_mb2  Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service.2021-06-22not yet calculatedCVE-2021-34396CONFIRMnvidia — trusty  Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.2021-06-22not yet calculatedCVE-2021-34372CONFIRMnvidia — trusty  Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.2021-06-22not yet calculatedCVE-2021-34390CONFIRMnvidia — trusty  Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.2021-06-22not yet calculatedCVE-2021-34391CONFIRMnvidia — trusty  Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.2021-06-22not yet calculatedCVE-2021-34392CONFIRMnvidia — trusty  Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.2021-06-22not yet calculatedCVE-2021-34393CONFIRMnvidia — trusty  Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calloc size calculation can cause the multiplication of count and size can overflow, which might lead to heap overflows.2021-06-21not yet calculatedCVE-2021-34386CONFIRMnvidia — trusty  Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure and limited denial of service.2021-06-22not yet calculatedCVE-2021-34395CONFIRMnvidia — trusty  The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only.2021-06-21not yet calculatedCVE-2021-34387CONFIRMnvidia — trusty  Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.2021-06-22not yet calculatedCVE-2021-34394CONFIRMnvidia — trusty  Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. An incorrect bounds check leads to a memory leak of a portion of the heap situated after a stream buffer.2021-06-21not yet calculatedCVE-2021-34389CONFIRMopenemer — openemr  In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.2021-06-24not yet calculatedCVE-2021-25923MISCMISCopengrok — opengrok  Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).2021-06-23not yet calculatedCVE-2021-2322MISCoracle — glassfish_server  ** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2021-06-25not yet calculatedCVE-2021-3314MISCory — oathkeeper  ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope `foo` using an access token granted with that `foo` scope, introspection will be valid and that token will be cached. The problem comes when a second requests to an endpoint that requires the scope `bar` is made before the cache has expired. Whether the token is granted or not to the `bar` scope, introspection will be valid. A patch will be released with `v0.38.12-beta.1`. Per default, caching is disabled for the `oauth2_introspection` authenticator. When caching is disabled, this vulnerability does not exist. The cache is checked in [`func (a *AuthenticatorOAuth2Introspection) Authenticate(…)`](https://github.com/ory/oathkeeper/blob/6a31df1c3779425e05db1c2a381166b087cb29a4/pipeline/authn/authenticator_oauth2_introspection.go#L152). From [`tokenFromCache()`](https://github.com/ory/oathkeeper/blob/6a31df1c3779425e05db1c2a381166b087cb29a4/pipeline/authn/authenticator_oauth2_introspection.go#L97) it seems that it only validates the token expiration date, but ignores whether the token has or not the proper scopes. The vulnerability was introduced in PR #424. During review, we failed to require appropriate test coverage by the submitter which is the primary reason that the vulnerability passed the review process.2021-06-22not yet calculatedCVE-2021-32701MISCMISCCONFIRMpalot_alto_networks — cortex_xsoar  An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.2021-06-22not yet calculatedCVE-2021-3044MISCpam_setquota.c — pam_setquota.c  pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker’s home directory is a FUSE filesystem mounted under /home.2021-06-22not yet calculatedCVE-2020-36394MISCpandorafms — pandorafms  PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.2021-06-25not yet calculatedCVE-2021-35501MISCpandorafms — pandorafms  PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.2021-06-25not yet calculatedCVE-2021-34074MISCphoenix_contact — axl_f_bk_and_il__bk_products  In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.2021-06-25not yet calculatedCVE-2021-33540CONFIRMphoenix_contact — classic_automation_worx_software_suite  Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.2021-06-25not yet calculatedCVE-2021-33542CONFIRMphoenix_contact — classic_line_controllers  Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of service on the PLC’s network communication module. A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected.2021-06-25not yet calculatedCVE-2021-33541CONFIRMphoenix_contact — fl_comserver_uni  In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service.2021-06-25not yet calculatedCVE-2021-21002CONFIRMphoenix_contact — fl_switch_smcs  In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected.2021-06-25not yet calculatedCVE-2021-21003CONFIRMphoenix_contact — fl_switch_smcs  In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client.2021-06-25not yet calculatedCVE-2021-21004CONFIRMphoenix_contact — fl_switch_smcs  In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards.2021-06-25not yet calculatedCVE-2021-21005CONFIRMphpwcms — phpwcms  phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php.2021-06-24not yet calculatedCVE-2020-21784MISCpterodactyl — wings  Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-code based workaround for impacted versions of the software. Users running customized versions of this software can manually set a PID limit for containers created.2021-06-22not yet calculatedCVE-2021-32699MISCCONFIRMqnap — qnap_nas  A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.3.6.1663 Build 20210504; versions prior to 4.3.3.1624 Build 20210416. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. QNAP Systems Inc. QuTS hero h4.5.3. QNAP Systems Inc. QuTScloud c4.5.5.2021-06-24not yet calculatedCVE-2021-28800MISCreact-bootstrap-table — react-bootstrap-table  All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.2021-06-24not yet calculatedCVE-2021-23398CONFIRMCONFIRMCONFIRMCONFIRMreport_portal — report_portal  Report portal is an open source reporting and analysis framework. Starting from version 3.1.0 of the service-api XML parsing was introduced. Unfortunately the XML parser was not configured properly to prevent XML external entity (XXE) attacks. This allows a user to import a specifically-crafted XML file which imports external Document Type Definition (DTD) file with external entities for extraction of secrets from Report Portal service-api module or server-side request forgery. This will be resolved in the 5.4.0 release.2021-06-23not yet calculatedCVE-2021-29620MISCCONFIRMMISCroundcube — roundcube_mail  Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.2021-06-24not yet calculatedCVE-2020-18670MISCMISCMISCroundcube — roundcube_mail  Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.2021-06-24not yet calculatedCVE-2020-18671MISCMISCMISCruby_on_rails — ruby_on_rails  In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers.2021-06-24not yet calculatedCVE-2021-32823MISCMISCCONFIRMMISCMISCsas — environment_manager  SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties.2021-06-25not yet calculatedCVE-2021-35475MISCMISCshopware — shopware  Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.2021-06-24not yet calculatedCVE-2021-32716MISCMISCCONFIRMshopware — shopware  Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.2021-06-24not yet calculatedCVE-2021-32712MISCMISCCONFIRMshopware — shopware  Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. We recommend to update to the current version 6.3.5.1. You can get the update to 6.3.5.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/#shopware-6 The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected by this change. Please check your plugins if you have it in use. Detailed technical information can be found in the upgrade information. https://github.com/shopware/platform/blob/v6.3.5.1/UPGRADE-6.3.md#6351 ### Workarounds For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659 ### For more information https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-20212021-06-24not yet calculatedCVE-2021-32711MISCMISCCONFIRMshopware — shopware  Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.2021-06-24not yet calculatedCVE-2021-32710CONFIRMMISCshopware — shopware  Shopware is an open source eCommerce platform. Creation of order credits was not validated by ACL in admin orders. Users are recommend to update to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.2021-06-24not yet calculatedCVE-2021-32709CONFIRMshopware — shopware  Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The visibility must be at the same level as `type`. When the Storage is saved on Amazon AWS we recommending disabling public access to the bucket containing the private files: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html. Otherwise, update to Shopware 6.4.1.1 or install or update the Security plugin (https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659) and run the command `./bin/console s3:set-visibility` to correct your cloud file visibilities.2021-06-24not yet calculatedCVE-2021-32717MISCCONFIRMMISCshopware — shopware  Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.2021-06-24not yet calculatedCVE-2021-32713CONFIRMMISCMISCsonicwall — sonicos  A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.2021-06-23not yet calculatedCVE-2021-20019CONFIRMsynology — disktation_manager  Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.2021-06-23not yet calculatedCVE-2021-27649CONFIRMsynology — synology_diskstation_manager  Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.2021-06-23not yet calculatedCVE-2021-29087CONFIRMsynology — synology_diskstation_manager  Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.2021-06-23not yet calculatedCVE-2021-29086CONFIRMsynology — synology_diskstation_manager  Improper neutralization of special elements in output used by a downstream component (‘Injection’) vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.2021-06-23not yet calculatedCVE-2021-29085CONFIRMsynology — synology_diskstation_manager  Improper neutralization of special elements in output used by a downstream component (‘Injection’) vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.2021-06-23not yet calculatedCVE-2021-29084CONFIRMtripplite — tripplite_su2200rtxl2ua  A stored cross-site scripting (XSS) vulnerability was discovered in /Forms/device_vars_1 on TrippLite SU2200RTXL2Ua with firmware version 12.04.0055. This vulnerability allows authenticated attackers to obtain other users’ information via a crafted POST request.2021-06-25not yet calculatedCVE-2020-26801MISCMISCMISCtsmuxer — tsmuxer  Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.2021-06-23not yet calculatedCVE-2021-34067MISCCONFIRMtsmuxer — tsmuxer  Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.2021-06-23not yet calculatedCVE-2021-34068CONFIRMMISCtsmuxer — tsmuxer  Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.2021-06-23not yet calculatedCVE-2021-34069MISCCONFIRMtsmuxer — tsmuxer  Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.2021-06-23not yet calculatedCVE-2021-34070CONFIRMMISCtsmuxer — tsmuxer  Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.2021-06-23not yet calculatedCVE-2021-34071CONFIRMubuntu — gfs2  A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system.2021-06-22not yet calculatedCVE-2010-2525MISCMISCvaadin — flow  URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.2021-06-24not yet calculatedCVE-2021-33604CONFIRMCONFIRMvaadin — flow  Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for NotFoundException is provided.2021-06-24not yet calculatedCVE-2021-31412CONFIRMCONFIRMvmware — carbon_black_app_control  VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.2021-06-23not yet calculatedCVE-2021-21998MISCvmware — multiple_products  VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf’ in an unrestricted directory which would allow code to be executed with elevated privileges.2021-06-23not yet calculatedCVE-2021-21999MISCMISCwebport — webport  Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the connection name parameter in type-conn.2021-06-24not yet calculatedCVE-2020-18664MISCMISCwebport — webport  Directory Traversal vulnerability in WebPort <=1.19.1 in tags of system settings.2021-06-24not yet calculatedCVE-2020-18665MISCMISCwebport — webport  SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn.2021-06-24not yet calculatedCVE-2020-18667MISCMISCwebport– webport  Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls.2021-06-24not yet calculatedCVE-2020-18668MISCMISCweidmueller — industrial_wlan_devicesIn Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.2021-06-25not yet calculatedCVE-2021-33528CONFIRMweidmueller — industrial_wlan_devices  In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.2021-06-25not yet calculatedCVE-2021-33532CONFIRMweidmueller — industrial_wlan_devices  In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.2021-06-25not yet calculatedCVE-2021-33536CONFIRMweidmueller — industrial_wlan_devices  In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.2021-06-25not yet calculatedCVE-2021-33533CONFIRMweidmueller — industrial_wlan_devices  In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability.2021-06-25not yet calculatedCVE-2021-33534CONFIRMweidmueller — industrial_wlan_devices  In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.2021-06-25not yet calculatedCVE-2021-33535CONFIRMweidmueller — industrial_wlan_devices  In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.2021-06-25not yet calculatedCVE-2021-33530CONFIRMweidmueller — industrial_wlan_devices  In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.2021-06-25not yet calculatedCVE-2021-33537CONFIRMweidmueller — industrial_wlan_devices  In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.2021-06-25not yet calculatedCVE-2021-33538CONFIRMweidmueller — industrial_wlan_devices  In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability.2021-06-25not yet calculatedCVE-2021-33539CONFIRMweidmueller — industrial_wlan_devices  In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device.2021-06-25not yet calculatedCVE-2021-33529CONFIRMweidmueller — industrial_wlan_devices  In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability.2021-06-25not yet calculatedCVE-2021-33531CONFIRMweseek — growi  NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.2021-06-22not yet calculatedCVE-2021-20736MISCMISCweseek — growi  Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors.2021-06-22not yet calculatedCVE-2021-20737MISCMISCwordpress — wordpress  The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side2021-06-21not yet calculatedCVE-2021-24379CONFIRMzoho — manageengine_adselfservice_plus  Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.2021-06-25not yet calculatedCVE-2021-28958MISCMISCzte — smart_stb_product  A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.00162021-06-24not yet calculatedCVE-2021-21737MISCBack to top This product is provided subject to this Notification and this Privacy & Use policy.

  • Vulnerability Summary for the Week of June 14, 2021
    by CISA on June 21, 2021 at 11:16 am

    Original release date: June 21, 2021  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info bloofox — bloofoxcms bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files). 2021-06-16 7.5 CVE-2020-35760MISC google — android In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-177611958 2021-06-11 10 CVE-2021-0474MISC google — android In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183464866 2021-06-11 7.2 CVE-2021-0489MISC google — android In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461321 2021-06-11 7.2 CVE-2021-0498MISC google — android In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461320 2021-06-11 7.2 CVE-2021-0497MISC google — android In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183467912 2021-06-11 7.2 CVE-2021-0496MISC google — android In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459083 2021-06-11 7.2 CVE-2021-0495MISC google — android In memory management driver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461318 2021-06-11 7.2 CVE-2021-0494MISC google — android In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461317 2021-06-11 7.2 CVE-2021-0493MISC google — android In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459078 2021-06-11 7.2 CVE-2021-0492MISC google — android In memory management driver, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461315 2021-06-11 7.2 CVE-2021-0491MISC google — android In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183464868 2021-06-11 7.2 CVE-2021-0490MISC google — android In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174046397 2021-06-11 7.2 CVE-2021-0487MISC google — android In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-172939189 2021-06-11 9.3 CVE-2021-0481MISC google — android In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302616 2021-06-11 7.2 CVE-2021-0485MISC google — android In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-178189250 2021-06-11 7.2 CVE-2021-0477MISC google — android An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. 2021-06-11 7.5 CVE-2021-25387MISC google — android An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. 2021-06-11 7.5 CVE-2021-25386MISC google — android An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. 2021-06-11 7.5 CVE-2021-25385MISC google — android An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. 2021-06-11 7.5 CVE-2021-25384MISC google — android An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. 2021-06-11 7.5 CVE-2021-25383MISC google — android In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-175686168 2021-06-11 8.3 CVE-2021-0475MISC google — android In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179687208 2021-06-11 8.3 CVE-2021-0473MISC google — android An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications. 2021-06-11 7.2 CVE-2021-25412MISC Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info bestwebsoft — visitors_online The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user’s user agent string without validation or encoding within the WordPress admin panel. 2021-06-14 4.3 CVE-2021-24350CONFIRM bloofox — bloofoxcms bloofoxCMS 0.5.2.1 is infected with Path traversal in the ‘fileurl’ parameter that allows attackers to read local files. 2021-06-16 4 CVE-2020-35762MISC bloofox — bloofoxcms bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely). 2021-06-16 4.3 CVE-2020-35759MISC google — android In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-169252501 2021-06-11 6.9 CVE-2021-0476MISC google — android An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution. 2021-06-11 4.6 CVE-2021-25396MISC google — android In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173791720 2021-06-11 6.9 CVE-2021-0482MISC google — android In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154114734 2021-06-11 5 CVE-2021-0466MISC google — android Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. 2021-06-11 5 CVE-2021-25417MISC google — android In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-176801033 2021-06-11 4.6 CVE-2021-0472MISC google — android Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege. 2021-06-11 4.6 CVE-2021-25414MISC google — android A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write. 2021-06-11 4.6 CVE-2021-25407MISCMISC google — android A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution. 2021-06-11 4.6 CVE-2021-25408MISC google — android A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. 2021-06-11 4.4 CVE-2021-25394MISC google — android A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. 2021-06-11 4.4 CVE-2021-25395MISC google — android In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-174493336 2021-06-11 4.3 CVE-2021-0480MISC google — chrome Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 6.8 CVE-2021-30551MISCMISC google — chrome Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 6.8 CVE-2021-30552MISCMISC google — chrome Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 6.8 CVE-2021-30553MISCMISC google — chrome Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 6.8 CVE-2021-30549MISCMISC google — chrome Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 6.8 CVE-2021-30548MISCMISC google — chrome Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. 2021-06-15 6.8 CVE-2021-30547MISCMISC kohsei-works — yes\/no_chart The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users (contributor+) to perform Blind SQL Injection attacks 2021-06-14 4 CVE-2021-24360CONFIRM phpcms — phpcms Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword. 2021-06-16 5 CVE-2020-22200MISC posimyth — the_plus_addons_for_elementor The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect (CVE-2021-24358) in version below 4.1.10, to include a crafted password reset link in the email, which would lead to an account takeover. 2021-06-14 5 CVE-2021-24359MISCCONFIRM posimyth — the_plus_addons_for_elementor The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue. 2021-06-14 5.8 CVE-2021-24358MISCCONFIRM samsung — galaxy_watch_active_2_firmware Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user’s bluetooth device without user awareness. 2021-06-11 5.8 CVE-2021-25424MISC samsung — health Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component. 2021-06-11 5 CVE-2021-25425MISC samsung — internet Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. 2021-06-11 4.4 CVE-2021-25418MISC schneider-electric — interactive_graphical_scada_system A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack of proper validation of user-supplied data, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22754MISC schneider-electric — interactive_graphical_scada_system A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22750MISC schneider-electric — interactive_graphical_scada_system A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of input validation, when a malicious CGF (Configuration Group File) file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22751MISC schneider-electric — interactive_graphical_scada_system A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition. 2021-06-11 6.8 CVE-2021-22752MISC schneider-electric — interactive_graphical_scada_system A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition. 2021-06-11 6.8 CVE-2021-22753MISC schneider-electric — interactive_graphical_scada_system A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22757MISC schneider-electric — interactive_graphical_scada_system A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied data, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22755MISC schneider-electric — interactive_graphical_scada_system A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-supplied data validation, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22756MISC schneider-electric — interactive_graphical_scada_system A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22758MISC schneider-electric — interactive_graphical_scada_system A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22760MISC schneider-electric — interactive_graphical_scada_system A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22761MISC schneider-electric — interactive_graphical_scada_system A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition. 2021-06-11 6.8 CVE-2021-22762MISC schneider-electric — interactive_graphical_scada_system A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition. 2021-06-11 6.8 CVE-2021-22759MISC Back to top   Low Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info bloofox — bloofoxcms bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code. 2021-06-16 3.5 CVE-2020-35761MISC canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32555MISC canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32554MISC canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32553MISC canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32552MISC canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32551MISC canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32550MISC canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32549MISC canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32548MISC canonical — ubuntu_linux It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users. 2021-06-12 2.1 CVE-2021-32547MISC fooplugins — foogallery In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue. 2021-06-14 3.5 CVE-2021-24357CONFIRM google — android Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app. 2021-06-11 3.6 CVE-2021-25388MISCMISC google — android Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. 2021-06-11 3.6 CVE-2021-25389MISC google — android Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area. 2021-06-11 2.1 CVE-2021-25416MISC google — android Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable. 2021-06-11 2.1 CVE-2021-25415MISC google — android Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege. 2021-06-11 2.1 CVE-2021-25413MISC google — android Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data. 2021-06-11 2.1 CVE-2021-25393MISCMISC google — android Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. 2021-06-11 3.6 CVE-2021-25410MISC google — android In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-9496886 2021-06-11 2.1 CVE-2019-9475MISC google — android In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-173720767 2021-06-11 2.1 CVE-2021-0484MISC google — android Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. 2021-06-11 2.1 CVE-2021-25391MISCMISC google — android Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. 2021-06-11 2.1 CVE-2021-25392MISCMISC google — android An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications. 2021-06-11 2.1 CVE-2021-25397MISCMISC google — android Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory. 2021-06-11 2.1 CVE-2021-25411MISC google — android Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device. 2021-06-11 2.1 CVE-2021-25409MISC google — android Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. 2021-06-11 1.9 CVE-2021-25390MISCMISC samsung — bixby_voice Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts. 2021-06-11 2.1 CVE-2021-25398MISC samsung — galaxy_watch_3_plugin Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. 2021-06-11 2.1 CVE-2021-25421MISC samsung — galaxy_watch_plugin Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. 2021-06-11 2.1 CVE-2021-25420MISC samsung — gear_s Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. 2021-06-11 3.3 CVE-2021-25406MISC samsung — watch_active2_plugin Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log. 2021-06-11 2.1 CVE-2021-25423MISC samsung — watch_active_plugin Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. 2021-06-11 2.1 CVE-2021-25422MISC Back to top   Severity Not Yet Assigned Primary Vendor — Product Description Published CVSS Score Source & Patch Info ubuntu — ubuntu It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. 2021-06-12 not yet calculated CVE-2021-32557MISC 74cms — 74cms SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php. 2021-06-16 not yet calculated CVE-2020-22211MISC 74cms — 74cms SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php. 2021-06-16 not yet calculated CVE-2020-22209MISC 74cms — 74cms   SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php. 2021-06-16 not yet calculated CVE-2020-22212MISC 74cms — 74cms   SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php. 2021-06-16 not yet calculated CVE-2020-22208MISC 74cms — 74cms   SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php. 2021-06-16 not yet calculated CVE-2020-22210MISC advantech — webaccess/scada   Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. 2021-06-18 not yet calculated CVE-2021-32956MISC advantech — webaccess/scada   Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. 2021-06-18 not yet calculated CVE-2021-32954MISC apache — chainsaw   A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution. 2021-06-16 not yet calculated CVE-2020-9493MISCMLISTMLIST apache — cxf   A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11. 2021-06-16 not yet calculated CVE-2021-30468CONFIRMMLISTMLISTMLISTMLIST apache — http_server   Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released. 2021-06-15 not yet calculated CVE-2021-31618MISCMISCMLISTMLISTMLISTFEDORAFEDORA apache — pdfbox   In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. 2021-06-12 not yet calculated CVE-2021-31812MISCMLISTMLISTMLISTMLISTMLISTMLISTMLISTMLISTMLISTMLIST apache — pdfbox   In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. 2021-06-12 not yet calculated CVE-2021-31811MISCMLISTMLISTMLISTMLISTMLISTMLISTMLISTMLISTMLISTMLIST apollos_apps — apollos_apps   Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone’s account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within the app, as well as any authenticated links to Rock-based webpages (such as giving and events). There is a patch in version 2.20.0. As a workaround, one can patch one’s server by overriding the `create` data source method on the `People` class. 2021-06-16 not yet calculated CVE-2021-32691MISCMISCCONFIRM bandai — namco_fromsoftware_dark_souls_iii   Bandai Namco FromSoftware Dark Souls III allows remote attackers to execute arbitrary code. 2021-06-15 not yet calculated CVE-2021-34170MISC bosch — multiple_products   A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. 2021-06-15 not yet calculated CVE-2021-24037CONFIRMCONFIRM bosch — multiple_products   When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021. 2021-06-18 not yet calculated CVE-2021-23846CONFIRM bosch — multiple_products   This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019. 2021-06-18 not yet calculated CVE-2021-23845CONFIRM captive_portal — captive_portal   An authenticated Stored XSS (Cross-site Scripting) exists in the “captive.cgi” Captive Portal via the “Title of Login Page” text box or “TITLE” parameter in IPFire 2.21 (x86_64) – Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the Captive Portal page. 2021-06-17 not yet calculated CVE-2020-19202MISCMISC checksec — canopy   CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter. 2021-06-18 not yet calculated CVE-2021-34815MISCMISCMISC cisco — advanced_malware_protection   A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests. 2021-06-16 not yet calculated CVE-2021-1566CISCO cisco — anyconnect_secure_mobility_client   A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for DLL files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. 2021-06-16 not yet calculated CVE-2021-1567CISCO cisco — anyconnect_secure_mobility_client   A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable to all users of the system. To exploit this vulnerability, the attacker must have valid credentials on a multiuser Windows system. 2021-06-16 not yet calculated CVE-2021-1568CISCO cisco — jabber   Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 2021-06-16 not yet calculated CVE-2021-1570CISCO cisco — jabber   Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 2021-06-16 not yet calculated CVE-2021-1569CISCO cisco — meeting_server   A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this vulnerability by sending a malicious request to the API. A successful exploit could allow the attacker to cause all participants on a call to be disconnected, resulting in a DoS condition. 2021-06-16 not yet calculated CVE-2021-1524CISCO cisco — small_business_220_series_smart_switches   Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. 2021-06-16 not yet calculated CVE-2021-1543CISCO cisco — small_business_220_series_smart_switches   Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. 2021-06-16 not yet calculated CVE-2021-1542CISCO cisco — small_business_220_series_smart_switches   Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. 2021-06-16 not yet calculated CVE-2021-1571CISCO cisco — small_business_220_series_smart_switches   Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. 2021-06-16 not yet calculated CVE-2021-1541CISCO cisco — unified_intelligence_center   A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2021-06-16 not yet calculated CVE-2021-1395CISCO citrix — adc_and_netscaler_gateway   Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance. 2021-06-16 not yet calculated CVE-2020-8299MISC citrix — adc_and_netscaler_gateway   Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible. 2021-06-16 not yet calculated CVE-2020-8300MISC citrix — cloud_connector   Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer. 2021-06-16 not yet calculated CVE-2021-22914MISC civicrm — civicrm   In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. 2021-06-17 not yet calculated CVE-2020-36388MISC civicrm — civicrm   In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. 2021-06-17 not yet calculated CVE-2020-36389MISC cleo — lexicom   An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain. 2021-06-18 not yet calculated CVE-2021-33577MISCMISC cleo — lexicom   An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk. 2021-06-18 not yet calculated CVE-2021-33576MISCMISC connectwise — automate   An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database information or administrative credentials from an instance via crafted monitor status responses. 2021-06-17 not yet calculated CVE-2021-32582MISCMISCMISC contiki-ng — contiki-ng Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offset that is unvalidated. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. 2021-06-18 not yet calculated CVE-2021-21281MISCCONFIRM contiki-ng — contiki-ng Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG’s two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround. 2021-06-18 not yet calculated CVE-2021-21282MISCCONFIRM contiki-ng — contiki-ng   Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checked to be within the available space, thereby making it possible to write outside the buffer. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. 2021-06-18 not yet calculated CVE-2021-21280MISCCONFIRM contiki-ng — contiki-ng   Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of attack can effectively shut down the operation of the system because of the cooperative scheduling used for the main parts of Contiki-NG and its communication stack. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. 2021-06-18 not yet calculated CVE-2021-21279CONFIRM contiki-ng — contiki-ng   Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it possible for an attacker to cause out-of-bounds writes with packets injected into the network stack. Specifically, the problem lies in the rpl_ext_header_srh_update function in the two rpl-ext-header.c modules for RPL-Classic and RPL-Lite respectively. The addr_ptr variable is calculated using an unvalidated CMPR field value from the source routing header. An out-of-bounds write can be triggered on line 151 in os/net/routing/rpl-lite/rpl-ext-header.c and line 261 in os/net/routing/rpl-classic/rpl-ext-header.c, which contain the following memcpy call with addr_ptr as destination. The problem has been patched in Contiki-NG 4.6. Users can apply a patch out-of-band as a workaround. 2021-06-18 not yet calculated CVE-2021-21257MISCCONFIRM contiki-ng — contiki-ng   Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not perform proper boundary checks when reading from the packet buffer. Hence, it is possible to construct a compressed 6LoWPAN packet that will read more bytes than what is available from the packet buffer. As of time of publication, there is not a release with a patch available. Users can apply the patch for this vulnerability out-of-band as a workaround. 2021-06-18 not yet calculated CVE-2021-21410CONFIRMMISC curl — curl   curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. 2021-06-11 not yet calculated CVE-2021-22898MISCMISCMISCMLIST d-link — dir-2640-us D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes. 2021-06-16 not yet calculated CVE-2021-34201MISCMISCMISCMISC d-link — dir-2640-us   D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed. 2021-06-16 not yet calculated CVE-2021-34203MISCMISCMISCMISC d-link — dir-2640-us   There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution. 2021-06-16 not yet calculated CVE-2021-34202MISCMISCMISCMISC d-link — dir-2640-us   D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges. 2021-06-16 not yet calculated CVE-2021-34204MISCMISCMISCMISC db2 — db2   Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658. 2021-06-16 not yet calculated CVE-2021-29702XFCONFIRM dedecms — dedecms   SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php. 2021-06-16 not yet calculated CVE-2020-22198MISCMISC dell — poweredge Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment. 2021-06-14 not yet calculated CVE-2021-21556CONFIRM dell — poweredge Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment. 2021-06-14 not yet calculated CVE-2021-21555CONFIRM dell — poweredge   Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment. 2021-06-14 not yet calculated CVE-2021-21554CONFIRM dell — poweredge_server_bios_andPrecision_rack_bios   Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode. 2021-06-14 not yet calculated CVE-2021-21557CONFIRM ecshop — ecshop SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php. 2021-06-16 not yet calculated CVE-2020-22205MISC ecshop — ecshop SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php. 2021-06-16 not yet calculated CVE-2020-22206MISC ecshop — ecshop   SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. . 2021-06-16 not yet calculated CVE-2020-22204MISC eip — stack_group_opener   An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read. 2021-06-17 not yet calculated CVE-2021-21777MISC elemin — elemin   Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. 2021-06-17 not yet calculated CVE-2013-20002MISCMISCMISCMISC elfinder — elfinder   elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication. 2021-06-14 not yet calculated CVE-2021-32682MISCCONFIRM enphase — envoy An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Attempts to change the user password via passwd or other tools have no effect. 2021-06-16 not yet calculated CVE-2020-25754MISCMISCMISC enphase — envoy   An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. 2021-06-16 not yet calculated CVE-2020-25753MISCMISCMISC enphase — envoy   An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. The serial number can be retrieved by an unauthenticated user at /info.xml. These passwords can be easily calculated by an attacker; users are unable to change these passwords. 2021-06-16 not yet calculated CVE-2020-25752MISCMISCMISC enphase — envoy   An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter. 2021-06-16 not yet calculated CVE-2020-25755MISCMISCMISC excellent_infotek_corporation — e-document_system   An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp to obtain the contact information (name and e-mail address) of everyone in the entire organization. This information can allow remote attackers to perform social engineering or brute force attacks against the system login page. 2021-06-16 not yet calculated CVE-2021-34683MISCMISC fiyo — cms   In Fiyo CMS 2.0.6.1, the ‘tag’ parameter results in an unauthenticated XSS attack. 2021-06-17 not yet calculated CVE-2020-35373MISC fogproject — fogproject   FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). 2021-06-16 not yet calculated CVE-2021-32243MISC foxit — phantompdf   This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13531. 2021-06-16 not yet calculated CVE-2021-31476MISCMISC ge — reason_rpv311   This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852. 2021-06-16 not yet calculated CVE-2021-31477MISCMISC google — android   In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-174490700 2021-06-14 not yet calculated CVE-2021-0467MISC google — android   Product: AndroidVersions: Android SoCAndroid ID: A-175402462 2021-06-14 not yet calculated CVE-2021-0324MISC google — chrome   Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 not yet calculated CVE-2021-30546MISCMISC google — chrome   Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 not yet calculated CVE-2021-30544MISCMISC google — chrome   Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 not yet calculated CVE-2021-30545MISCMISC google — chrome   Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-06-15 not yet calculated CVE-2021-30550MISCMISC hasicorp — nomad_and_nomad_enterprise   HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1. 2021-06-17 not yet calculated CVE-2021-32575MISCMISC helm — helm   Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This issue has been resolved in 3.6.1. There is a workaround through which one may check for improperly passed credentials. One may use a username and password for a Helm repository and may audit the Helm repository in order to check for another domain being used that could have received the credentials. In the `index.yaml` file for that repository, one may look for another domain in the `urls` list for the chart versions. If there is another domain found and that chart version was pulled or installed, the credentials would be passed on. 2021-06-16 not yet calculated CVE-2021-32690MISCCONFIRM hitachi — abb_power_grids_ellipse Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids Ellipse APM 5.3 version 5.3.0.1 and prior versions; 5.2 version 5.2.0.3 and prior versions; 5.1 version 5.1.0.6 and prior versions. 2021-06-14 not yet calculated CVE-2021-27887CONFIRM hitachi — abb_power_grids_esoms   Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. 2021-06-14 not yet calculated CVE-2021-26845CONFIRM hitachi — multiple_products   Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1. 2021-06-14 not yet calculated CVE-2021-27196CONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRM ibm — aix IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. IBM X-Force ID: 200663. 2021-06-17 not yet calculated CVE-2021-29706XFCONFIRM ibm — financial_transaction_manager   IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952. 2021-06-15 not yet calculated CVE-2020-5000XFCONFIRM ibm — resilient_soar   IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238. 2021-06-16 not yet calculated CVE-2021-20566CONFIRMXF ibm — resilient_soar   IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239. 2021-06-16 not yet calculated CVE-2021-20567CONFIRMXF ibm — security_identity_manager IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789. 2021-06-16 not yet calculated CVE-2021-20488XFCONFIRM ibm — security_identity_manager   IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591. 2021-06-16 not yet calculated CVE-2021-20483XFCONFIRM insyde — insydeh2o An issue was discovered in IdeBusDxe in Insyde InsydeH2O 5.x. Code in system management mode calls a function outside of SMRAM in response to a crafted software SMI, aka Inclusion of Functionality from an Untrusted Control Sphere. Modifying the well-known address of this function allows an attacker to gain control of the system with the privileges of system management mode. 2021-06-16 not yet calculated CVE-2020-27339MISCMISC intel — brand_verification_tool   Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-06-17 not yet calculated CVE-2021-0143MISC jact — openclinic   Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected ‘file’ GET parameter in ‘/shared/view_source.php’ which “could” lead to RCE vulnerability . 2021-06-16 not yet calculated CVE-2020-20444CONFIRM jdom — saxbuilder   An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. 2021-06-16 not yet calculated CVE-2021-33813MISCMISCMISC jenkins — generic_webhook_trigger_plugin   Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2021-06-18 not yet calculated CVE-2021-21669CONFIRMMLIST jenkins — scriptler Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. 2021-06-16 not yet calculated CVE-2021-21667CONFIRMMLIST jenkins — scriptler   Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. 2021-06-16 not yet calculated CVE-2021-21668CONFIRMMLIST jpress — jpress   An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur. 2021-06-18 not yet calculated CVE-2021-33347MISCMISC kuaifancms — kuaifancms   KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file. 2021-06-11 not yet calculated CVE-2021-3256MISC laiketui — laiketui   LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter. 2021-06-15 not yet calculated CVE-2021-34129MISC laiketui — laiketui   LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname. 2021-06-15 not yet calculated CVE-2021-34128MISC linux — linux_kernel   net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. 2021-06-14 not yet calculated CVE-2021-34693MISCMLIST linux — linux_kernel   An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn’t be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. 2021-06-17 not yet calculated CVE-2021-32078CONFIRMCONFIRMMISC lutils — lutils   All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function. 2021-06-17 not yet calculated CVE-2021-23396MISC magento — magento   magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn’t implemented handler in the start, stop, exec, and logs commands, effectively making them unusable. Version 1.5.3 contains patches for the problems. 2021-06-14 not yet calculated CVE-2021-32684MISCCONFIRM mantisbt — mantisbt   An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. 2021-06-17 not yet calculated CVE-2021-33557MISCCONFIRM matrix — appservice-bridge   Matrix-appservice-bridge is the bridging service for the Matrix communication program’s application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge` instance.), any `m.room.tombstone` event it encounters will be used to unbridge the current room and bridge into the target room. However, the target room `m.room.create` event is not checked to verify if the `predecessor` field contains the previous room. This means that any malicious admin of a bridged room can repoint the traffic to a different room without the new room being aware. Versions 2.6.1 and greater are patched. As a workaround, disabling the automatic room upgrade handling can be done by removing the `roomUpgradeOpts` key from the `Bridge` class options. 2021-06-16 not yet calculated CVE-2021-32659MISCMISCCONFIRM matrix — libolm   Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations. 2021-06-16 not yet calculated CVE-2021-34813MISCMISCMISC mcusystem — mcusystem   The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks. 2021-06-18 not yet calculated CVE-2021-32536MISC monstra — monstra   A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code. 2021-06-17 not yet calculated CVE-2020-25414MISC moodle — moodle   Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the “Description” field. 2021-06-16 not yet calculated CVE-2021-32244MISC moxa — mgate_mb3180   An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service’s resource exhausted. Then the web server is denial-of-service. 2021-06-18 not yet calculated CVE-2021-33823MISCMISC moxa — mgate_mb3180   An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. 2021-06-18 not yet calculated CVE-2021-33824MISCMISCMISC nedb — nedb   This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor.prototype payload. 2021-06-15 not yet calculated CVE-2021-23395MISC nextcloud — android_app   Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1. 2021-06-17 not yet calculated CVE-2021-32694CONFIRMMISCMISC nextcloud — android_app   Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choose the malicious app. The shared preferences contain some limited private data such as push tokens and the account name. The vulnerability is patched in version 3.16.1. 2021-06-17 not yet calculated CVE-2021-32695MISCMISCCONFIRM nextcloud — talk   Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded to 9.0.10, 10.0.8 or 11.2.2. No workarounds for this vulnerability are known to exist. 2021-06-16 not yet calculated CVE-2021-32676CONFIRMMISC octopus — server   Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables. 2021-06-17 not yet calculated CVE-2021-31818MISC open_design_alliance — drawings_sdk An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. 2021-06-17 not yet calculated CVE-2021-32948MISC open_design_alliance — drawings_sdk An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations. 2021-06-17 not yet calculated CVE-2021-32940MISC open_design_alliance — drawings_sdk An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations. 2021-06-17 not yet calculated CVE-2021-32950MISC open_design_alliance — drawings_sdk   A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process. 2021-06-17 not yet calculated CVE-2021-32944MISC open_design_alliance — drawings_sdk   Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory. 2021-06-17 not yet calculated CVE-2021-32938MISC open_design_alliance — drawings_sdk   An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. 2021-06-17 not yet calculated CVE-2021-32946MISC open_design_alliance — drawings_sdk   An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. 2021-06-17 not yet calculated CVE-2021-32952MISC open_design_alliance — drawings_sdk   An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. 2021-06-17 not yet calculated CVE-2021-32936MISC opencast — opencast   Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially taking down Opencast using a single HTTP request. To exploit this, users need to have ingest privileges, limiting the group of potential attackers The problem has been fixed in Opencast 9.6. There is no known workaround for this issue. 2021-06-16 not yet calculated CVE-2021-32623MISCCONFIRM opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12719. 2021-06-15 not yet calculated CVE-2021-31491N/A opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13673. 2021-06-15 not yet calculated CVE-2021-31502N/A opentext — brava! This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13310. 2021-06-15 not yet calculated CVE-2021-31501N/A opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311. 2021-06-15 not yet calculated CVE-2021-31497N/A opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13308. 2021-06-15 not yet calculated CVE-2021-31496N/A opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13307. 2021-06-15 not yet calculated CVE-2021-31495N/A opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13304. 2021-06-15 not yet calculated CVE-2021-31493N/A opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12720. 2021-06-15 not yet calculated CVE-2021-31492N/A opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13305. 2021-06-15 not yet calculated CVE-2021-31494N/A opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SLDPRT files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12659. 2021-06-15 not yet calculated CVE-2021-31481N/A opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12715. 2021-06-15 not yet calculated CVE-2021-31487N/A opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12711. 2021-06-15 not yet calculated CVE-2021-31485N/A opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12710. 2021-06-15 not yet calculated CVE-2021-31484N/A opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12709. 2021-06-15 not yet calculated CVE-2021-31483N/A opentext — brava! This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12708. 2021-06-15 not yet calculated CVE-2021-31482N/A opentext — brava!   This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12746. 2021-06-15 not yet calculated CVE-2021-31500N/A opentext — brava!   This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12633. 2021-06-15 not yet calculated CVE-2021-31478N/A opentext — brava!   This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12634. 2021-06-15 not yet calculated CVE-2021-31479N/A opentext — brava!   This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12654. 2021-06-15 not yet calculated CVE-2021-31480N/A opentext — brava!   This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12716. 2021-06-15 not yet calculated CVE-2021-31488N/A opentext — brava!   This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12745. 2021-06-15 not yet calculated CVE-2021-31499N/A opentext — brava!   This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12744. 2021-06-15 not yet calculated CVE-2021-31498N/A opentext — brava!   This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12717. 2021-06-15 not yet calculated CVE-2021-31489N/A opentext — brava!   This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12712. 2021-06-15 not yet calculated CVE-2021-31486N/A opentext — brava!   This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12718. 2021-06-15 not yet calculated CVE-2021-31490N/A otrs — ag_community_edition   DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions. 2021-06-14 not yet calculated CVE-2021-21439MISC otrs — ag_community_edition   There is a XSS vulnerability in the ticket overview screens. It’s possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn’t require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions. 2021-06-16 not yet calculated CVE-2021-21441MISC pagekit — pagekit   In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to “/storage/exp.svg” that will point to http://localhost/pagekit/storage/exp.svg. When a user comes along to click that link, it will trigger a XSS attack. 2021-06-16 not yet calculated CVE-2021-32245MISC peloton — ttr01   Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader. 2021-06-15 not yet calculated CVE-2021-33887MISCMISCMISC phpcms — phpcms phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. 2021-06-16 not yet calculated CVE-2020-22201MISC phpcms — phpcms   SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php. 2021-06-16 not yet calculated CVE-2020-22203MISC phpcms — phpcms   SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php. 2021-06-16 not yet calculated CVE-2020-22199MISC phpmailer — phpmailer   PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. 2021-06-16 not yet calculated CVE-2021-34551CONFIRM phpmailer — phpmailer   PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project’s scope by other means). If the $patternselect parameter to validateAddress() is set to ‘php’ (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names. 2021-06-17 not yet calculated CVE-2021-3603MISCCONFIRM qemu — qemu An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the ‘udphdr’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. 2021-06-15 not yet calculated CVE-2021-3593MISC qemu — qemu An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the ‘bootp_t’ structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. 2021-06-15 not yet calculated CVE-2021-3592MISC qemu — qemu   An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the ‘udphdr’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. 2021-06-15 not yet calculated CVE-2021-3594MISC qemu — qemu   An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the ‘tftp_t’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. 2021-06-15 not yet calculated CVE-2021-3595MISC qnap — nas   Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4. 2021-06-16 not yet calculated CVE-2021-28815CONFIRM quassel — quassel   Quassel through 0.13.1, when –require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system. 2021-06-17 not yet calculated CVE-2021-34825MISC rapid7 — nexpose   Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console’s Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. This issue affects version 6.6.80 and prior, and is fixed in 6.6.81. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest version. 2021-06-16 not yet calculated CVE-2021-3535CONFIRM receita — federal_irpf   Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature. 2021-06-12 not yet calculated CVE-2021-34682MISC restund — restund   Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship (https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43) the `status` interface of restund is enabled and is listening on `127.0.0.1`.The `status` interface allows users to issue administrative commands to `restund` like listing open relays or draining connections. It would be possible for an attacker to contact the status interface and issue administrative commands by setting `XOR-PEER-ADDRESS` to `127.0.0.1:{{restund_udp_status_port}}` when opening a TURN channel. We now explicitly disallow relaying to loopback addresses, ‘any’ addresses, link local addresses, and the broadcast address. As a workaround disable the `status` module in your restund configuration. However there might still be other services running on `127.0.0.0/8` that you do not want to have exposed. The `turn` module can be disabled. Restund will still perform STUN and this might already be enough for initiating calls in your environments. TURN is only used as a last resort when other NAT traversal options do not work. One should also make sure that the TURN server is set up with firewall rules so that it cannot relay to other addresses that you don’t want the TURN server to relay to. For example other services in the same VPC where the TURN server is running. Ideally TURN servers should be deployed in an isolated fashion where they can only reach what they need to reach to perform their task of assisting NAT-traversal. 2021-06-11 not yet calculated CVE-2021-21382MISCCONFIRMMISCMISCMISCMISCMISC riot — riot-os RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information. 2021-06-18 not yet calculated CVE-2021-31663MISCMISCCONFIRM riot — riot-os   RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information. 2021-06-18 not yet calculated CVE-2021-31662CONFIRMMISC riot — riot-os   RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to obtain sensitive information. 2021-06-18 not yet calculated CVE-2021-31661MISCCONFIRM riot — riot-os   RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information. 2021-06-18 not yet calculated CVE-2021-31660MISCCONFIRM riot — riot-os   RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information. 2021-06-18 not yet calculated CVE-2021-31664MISCCONFIRM roanwiz — dext5editor   Parameter manipulation can bypass authentication to cause file upload and execution. This will execute the remote code. This issue affects: Raonwiz DEXT5Editor versions prior to 3.5.1405747.1100.03. 2021-06-15 not yet calculated CVE-2020-7864MISC safenet — keysource_management_console   SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. 2021-06-16 not yet calculated CVE-2021-28979MISCMISCMISC sap — netweaver_abap_server   SAP NetWeaver ABAP Server and ABAP Platform, versions – 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. 2021-06-16 not yet calculated CVE-2021-27610MISCMISC secure_8 — secure_8   Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database. 2021-06-18 not yet calculated CVE-2021-3604CONFIRMCONFIRM sentinel — ldk_run-time_environment   The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947. 2021-06-16 not yet calculated CVE-2021-32928MISC serenityos — serenityos   SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. 2021-06-18 not yet calculated CVE-2021-31272MISCMISCMISCCONFIRM serenityos — test-crypto.cpp   SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information. 2021-06-18 not yet calculated CVE-2021-33186CONFIRM serenityos — testbitmap   SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information. 2021-06-18 not yet calculated CVE-2021-33185CONFIRM sinamics — [email protected]   SINAMICS medium voltage routable products are affected by a vulnerability in the [email protected] component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions). 2021-06-15 not yet calculated CVE-2021-27388MISC sing4g — 4gee_router_hh70vb_version_hh70_e1_02.00_22   An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. 2021-06-18 not yet calculated CVE-2021-33822MISCMISCMISC slim — nfc_70_10.01_devices   Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from the used seed value for generating time-based one-time passwords, without authentication. Thus, an attacker with short-time physical access to a device can set the internal real-time clock (RTC) to the future, generate one-time passwords, and reset the clock to the current time. This allows the generation of valid future time-based one-time passwords without having further access to the hardware token. 2021-06-16 not yet calculated CVE-2021-32033MISCFULLDISC sonatype — nexus_repository_manager   Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access. 2021-06-18 not yet calculated CVE-2021-34553CONFIRM sonicos — sonicos   A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls. 2021-06-14 not yet calculated CVE-2021-20027CONFIRM sourcecodester — alumni_management_system   SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php. 2021-06-15 not yet calculated CVE-2020-29214EXPLOIT-DB sourcecodester — alumni_management_system   A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account. 2021-06-15 not yet calculated CVE-2020-29215EXPLOIT-DB stampit — supermixer   Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation. 2021-06-16 not yet calculated CVE-2020-24939CONFIRMCONFIRMMISC striptags — striptags   The npm package “striptags” is an implementation of PHP’s strip_tags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function. This can lead to a XSS. 2021-06-18 not yet calculated CVE-2021-32696MISCMISCCONFIRMMISC studio-42 — elfinder   The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP. 2021-06-13 not yet calculated CVE-2021-23394CONFIRMCONFIRMCONFIRMCONFIRM sylabs — singularity   Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function’s Return Value. 2021-06-15 not yet calculated CVE-2021-33622MISCMISC symfony — symfony   Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the firewalls was available for all other firewalls. This could be abused when the application defines different providers for each part of the application, in such a situation, a user authenticated on a part of the application could be considered authenticated on the rest of the application. Starting in version 5.3.2, a patch ensures that the authenticated token is only available for the firewall that generates it. 2021-06-17 not yet calculated CVE-2021-32693MISCCONFIRMMISCMISC synology — calendar   Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors. 2021-06-18 not yet calculated CVE-2021-34812CONFIRM synology — download_station Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. 2021-06-18 not yet calculated CVE-2021-34811CONFIRM synology — download_station   Improper neutralization of special elements used in a command (‘Command Injection’) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. 2021-06-18 not yet calculated CVE-2021-34809CONFIRM synology — download_station   Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. 2021-06-18 not yet calculated CVE-2021-34810CONFIRM synology — media_server   Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. 2021-06-18 not yet calculated CVE-2021-34808CONFIRM teamviewer — teamviewer   TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations. 2021-06-16 not yet calculated CVE-2021-34803MISC tenvoy — tenvoy   tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-512 hash matching the SHA-512 hash of the message even if the signature was invalid. This issue is patched in version 7.0.3. As a workaround: In `tenvoy.js` under the `verifyWithMessage` method definition within the `tEnvoyNaClSigningKey` class, ensure that the return statement call to `this.verify` ends in `.verified`. 2021-06-16 not yet calculated CVE-2021-32685MISCMISCCONFIRM thycotic — password_reset_server   Thycotic Password Reset Server before 5.3.0 allows credential disclosure. 2021-06-11 not yet calculated CVE-2021-34679MISC tp-link — tl-wpa4220 TP-Link’s TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. 2021-06-15 not yet calculated CVE-2021-28858MISC tp-link — tl-wpa4220   TP-Link’s TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. 2021-06-15 not yet calculated CVE-2021-28857MISC trend_micro — interscan_web_security_virtual_appliance   Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product’s Captive Portal. 2021-06-17 not yet calculated CVE-2021-31521MISC trendnet — tw100-s4w1ca   In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router. 2021-06-17 not yet calculated CVE-2021-32424MISC trendnet — tw100-s4w1ca   In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router’s web interface via the “echo” command. 2021-06-17 not yet calculated CVE-2021-32426MISC ubuntu — ubuntu It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. 2021-06-12 not yet calculated CVE-2021-32556MISC unegg — unegg   UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by UnEGG. Attackers could exploit this and arbitrary code execution. This issue affects: Estsoft UnEGG 0.5 versions prior to 1.0 on linux. 2021-06-11 not yet calculated CVE-2020-7860MISC unifi_protect — g3_flex_camera_version   An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. 2021-06-18 not yet calculated CVE-2021-33818MISCMISCMISC unifi_protect — g3_flex_camera_version   An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service’s resource exhausted. Then the web server is denial-of-service. 2021-06-18 not yet calculated CVE-2021-33820MISCMISCMISC valine — valine   Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version. 2021-06-16 not yet calculated CVE-2021-34801MISC veryfitpro — veryfitpro   The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing. 2021-06-16 not yet calculated CVE-2021-32612MISCMISCMISCFULLDISC vmware — tools   VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system. 2021-06-18 not yet calculated CVE-2021-21997MISC wagtail — wagtail   Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is used to output the value of a plain-text StreamField block (`CharBlock`, `TextBlock` or a similar user-defined block derived from `FieldBlock`), and that block does not specify a template for rendering, the tag output is not properly escaped as HTML. This could allow users to insert arbitrary HTML or scripting. This vulnerability is only exploitable by users with the ability to author StreamField content (i.e. users with ‘editor’ access to the Wagtail admin). Patched versions have been released as Wagtail 2.11.8 (for the LTS 2.11 branch), Wagtail 2.12.5, and Wagtail 2.13.2 (for the current 2.13 branch). As a workaround, site implementors who are unable to upgrade to a current supported version should audit their use of `{% include_block %}` to ensure it is not used to output `CharBlock` / `TextBlock` values with no associated template. Note that this only applies where `{% include_block %}` is used directly on that block (uses of `include_block` on a block _containing_ a CharBlock / TextBlock, such as a StructBlock, are unaffected). In these cases, the tag can be replaced with Django’s `{{ … }}` syntax – e.g. `{% include_block my_title_block %}` becomes `{{ my_title_block }}`. 2021-06-17 not yet calculated CVE-2021-32681MISCMISCCONFIRMMISC wbu-systems — codemeter   A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server. 2021-06-16 not yet calculated CVE-2021-20093MISCMISC wbu-systems — codemeter   A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server. 2021-06-16 not yet calculated CVE-2021-20094MISCMISC wire — wire   wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab (right click -> open in new tab, or copy the URL and paste it in the URL bar), an the image payload is executed on the domain hosting the app (app.wire.com). In particular, if an image contains malicious code in addition to the actual picture, this code is executed on app.wire.com. This allows the attacker to fully control the user account. The vulnerability was patched in version 2021-06-01-production.0. As a workaround, users should not try to open image URLs. 2021-06-15 not yet calculated CVE-2021-32683MISCCONFIRM wordpress — wordpress This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector. 2021-06-14 not yet calculated CVE-2021-24349CONFIRM wordpress — wordpress The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension’s case, for example, from “php” to “pHP”. 2021-06-14 not yet calculated CVE-2021-24347CONFIRM wordpress — wordpress The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue 2021-06-14 not yet calculated CVE-2021-24346CONFIRMMISC wordpress — wordpress In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects. 2021-06-14 not yet calculated CVE-2021-24355CONFIRMMISC wordpress — wordpress   The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects. 2021-06-14 not yet calculated CVE-2021-24353CONFIRMMISC wordpress — wordpress   In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites. 2021-06-14 not yet calculated CVE-2021-24356CONFIRMMISC wordpress — wordpress   The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site’s redirects. 2021-06-14 not yet calculated CVE-2021-24352CONFIRMMISC wordpress — wordpress   The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesser privileged users to access the plugin’s functionality, in which case, privilege escalation could be performed. 2021-06-14 not yet calculated CVE-2021-24382CONFIRMMISC wordpress — wordpress   When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the year_number and month_number POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection. 2021-06-14 not yet calculated CVE-2021-24341CONFIRMMISC wordpress — wordpress   The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue 2021-06-14 not yet calculated CVE-2021-24348CONFIRMMISC wordpress — wordpress   The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users) 2021-06-14 not yet calculated CVE-2021-24351MISCCONFIRM wordpress — wordpress   A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites. 2021-06-14 not yet calculated CVE-2021-24354CONFIRMMISC wordpress — wordpress   The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the id_lista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection. 2021-06-14 not yet calculated CVE-2021-24345CONFIRMMISC wowonder — wowonder   In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day. 2021-06-11 not yet calculated CVE-2021-27200MISCMISCMISC zettlr — zettlr   No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file. 2021-06-18 not yet calculated CVE-2021-26835MISCMISC znote — znote   A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode. 2021-06-18 not yet calculated CVE-2021-26834MISCMISC zoho — manageengine_password_manager_pro   In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. 2021-06-16 not yet calculated CVE-2021-31857MISCCONFIRM zoho — manageengine_servicedesk_plus   Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732. 2021-06-16 not yet calculated CVE-2021-31159CONFIRMMISCMISC zoll — defibrillator_dashboard ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information. 2021-06-16 not yet calculated CVE-2021-27487MISC zoll — defibrillator_dashboard   ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users. 2021-06-16 not yet calculated CVE-2021-27479MISC zoll — defibrillator_dashboard   ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information. 2021-06-16 not yet calculated CVE-2021-27481MISC zoll — defibrillator_dashboard   ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user. 2021-06-16 not yet calculated CVE-2021-27483MISC zoll — defibrillator_dashboard   ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser. 2021-06-16 not yet calculated CVE-2021-27485MISC zoll — defibrillator_dashboard   ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands. 2021-06-16 not yet calculated CVE-2021-27489MISC zrlog — zrlog   A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel. 2021-06-15 not yet calculated CVE-2020-21316MISCMISCMISC zzipblib — zziplib   Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value “zzip_file_read” in the function “unzzip_cat_file”. 2021-06-18 not yet calculated CVE-2020-18442MISC Back to top This product is provided subject to this Notification and this Privacy & Use policy.

Share This Information.

16 thoughts on “US National Cyber Awareness System Bulletins

  1. If some one wants to be updated with latest technologies then he must be pay a
    quick visit this website and be up to date
    all the time.

  2. It’s a pity you don’t have a donate button! I’d most certainly donate to
    this fantastic blog! I guess for now i’ll settle for book-marking and adding your RSS feed to my Google account.

    I look forward to new updates and will talk about this blog with my Facebook group.
    Talk soon!

  3. Hello there, You have done an excellent job. I will certainly digg it and
    personally suggest to my friends. I’m sure they’ll
    be benefited from this website.

  4. I like the helpful information you provide in your articles.

    I will bookmark your blog and check again here frequently.
    I’m quite sure I’ll learn plenty of new stuff right here!
    Best of luck 🙂

  5. Hi there, just became aware of your blog through Google, and found that it is really informative.
    I will appreciate if you continue this in future. Numerous people will benefit from your writing.
    Cheers!

  6. I simply could not leave your site before saying that I extremely loved the high standard of information you supply to your visitors? I am going to be back ceaselessly in order to check out new posts.

  7. This is very interesting, You’re a very skilled blogger.
    I’ve joined your feed and look forward to seeing more of your fantastic posts.
    Also, I’ve shared websitecyber in my social networks!

  8. We stumbled over here by a different web page and thought
    I may as well check things out. I like what I
    see so I am now following you. Look forward to looking at websitecyber yet again.

  9. Very nice post. I just stumbled upon websitecyber.com and wished to mention that
    I’ve truly enjoyed surfing around your blog posts. In any case I will be subscribing on your rss feed
    and I’m hoping you write again very soon!

  10. Hurrah! After all I got a web site at websitecyber.com from where I know how to actually obtain valuable facts concerning my study and knowledge in cyber security.

Leave a Reply

Your email address will not be published. Required fields are marked *