US National Cyber Awareness System Bulletins

CISA Bulletins Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

  • Vulnerability Summary for the Week of January 3, 2022
    by CISA on January 10, 2022 at 4:30 pm

    Original release date: January 10, 2022  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info beyondtrust — appliance_base_software BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full admin access to the appliance, by tricking the administrator into creating a new admin account through an XSS/CSRF attack involving a crafted request to the /appliance/users?action=edit endpoint. This cross-site-scripting (XSS) vulnerability occurs when it does not properly sanitize an unauthenticated crafted web request to the server 2022-01-05 9.3 CVE-2021-31589MISCMISCMISC sun_moon_jingyao — network_computer_terminal_protection_system_firmware The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service. 2022-01-03 7.7 CVE-2021-45917CONFIRM transloadit — uppy uppy is vulnerable to Server-Side Request Forgery (SSRF) 2022-01-04 7.5 CVE-2022-0086MISCCONFIRM Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info artifex — ghostscript Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). 2022-01-01 4.3 CVE-2021-45944MISCMISCDEBIAN artifex — ghostscript Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). 2022-01-01 4.3 CVE-2021-45949MISCMISCMISCDEBIAN assimp — assimp Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper). 2022-01-01 4.3 CVE-2021-45948MISCMISC asus — rt-ac52u_b1_firmware Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack. 2022-01-03 4.3 CVE-2021-46109MISC atlassian — jira_server_and_data_center Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (XSS) vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting a malicious website. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. 2022-01-04 4.3 CVE-2021-43942MISC booking_calendar_project — booking_calendar The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting 2022-01-03 4.3 CVE-2021-25040MISC daybydaycrm — daybyday_crm In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’ passwords with minimal to no computational effort. 2022-01-05 4 CVE-2022-22110CONFIRMMISC daybydaycrm — daybyday_crm In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allows the attacker to gain access to the highest privileged user in the application. 2022-01-05 6.5 CVE-2022-22111CONFIRMMISC daybydaycrm — daybyday_crm In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of information. 2022-01-05 4 CVE-2022-22108CONFIRMMISC daybydaycrm — daybyday_crm In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account (employee type user), can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the calendar at all. 2022-01-05 4 CVE-2022-22107CONFIRMMISC dhrystone_project — dhrystone A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS). 2022-01-03 5 CVE-2020-23026MISC dmproadmap_project — dmproadmap DMP Roadmap before 3.0.4 allows XSS. 2022-01-01 4.3 CVE-2021-44896MISCMISCMISC fluxbb — fluxbb Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability. 2022-01-04 4.3 CVE-2021-43677MISCMISC geminilabs — site_reviews The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsr_action AJAX action (available to unauthenticated and any authenticated users), allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the plugin 2022-01-03 4.3 CVE-2021-24973CONFIRMMISC github_readme_stats_project — github_readme_stats Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError. 2022-01-06 4.3 CVE-2020-23986MISC gpac — gpac A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service. 2022-01-05 4.3 CVE-2021-45831MISC gpac — gpac A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial of Service (context-dependent). 2022-01-05 4.3 CVE-2021-46038MISC ideabox — powerpack_addons_for_elementor The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue 2022-01-03 4.3 CVE-2021-25027CONFIRMMISC premio — chaty The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-01-03 4.3 CVE-2021-25016MISC updraftplus — updraftplus The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues 2022-01-03 4.3 CVE-2021-25022CONFIRMCONFIRMMISC uwebsockets_project — uwebsockets uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds write in std::__1::pair<unsigned int, void*> uWS::HttpParser::fenceAndConsumePostPadded<0 (called from uWS::HttpParser::consumePostPadded and std::__1::__function::__func<LLVMFuzzerTestOneInput::$_0, std::__1::allocator<LL). 2022-01-01 4.3 CVE-2021-45945MISCMISCMISC vim — vim vim is vulnerable to Use After Free 2021-12-31 6.8 CVE-2021-4192CONFIRMMISC vim — vim vim is vulnerable to Out-of-bounds Read 2021-12-31 4.3 CVE-2021-4193MISCCONFIRM vmware — cloud_foundation VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. 2022-01-04 6.9 CVE-2021-22045MISCMISCMISC wasm3_project — wasm3 Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from CompileElseBlock and Compile_If). 2022-01-01 4.3 CVE-2021-45929MISCMISC wasm3_project — wasm3 Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Compile_LoopOrBlock and CompileBlockStatements). 2022-01-01 4.3 CVE-2021-45946MISCMISC wasm3_project — wasm3 Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from EvaluateExpression and InitDataSegments). 2022-01-01 4.3 CVE-2021-45947MISCMISC Back to top   Low Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info bludit — bludit A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. 2022-01-06 3.5 CVE-2021-45745MISCMISC bludit — bludit A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. 2022-01-06 3.5 CVE-2021-45744MISCMISC booster — booster_for_woocommerce The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue 2022-01-03 2.6 CVE-2021-25001MISC booster — booster_for_woocommerce The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delete_role parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue 2022-01-03 2.6 CVE-2021-25000MISC booster — booster_for_woocommerce The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notice parameter before outputting it back in the admin dashboard when the Pdf Invoicing module is enabled, leading to a Reflected Cross-Site Scripting 2022-01-03 2.6 CVE-2021-24999MISC convos — convos Convos is an open source multi-user chat that runs in a web browser. Characters starting with “https://” in the chat window create an <a> tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for “<” or “>” but escaping for double quotes does not exist. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible. 2022-01-04 3.5 CVE-2022-21649CONFIRMMISCMISCMISC daybydaycrm — daybyday_crm In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks. 2022-01-05 3.5 CVE-2022-22109MISCCONFIRM litespeedtech — litespeed_cache The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting 2022-01-03 3.5 CVE-2021-24963CONFIRMMISC litespeedtech — litespeed_cache The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then be output in some pages without being sanitised and escaped. Combining those two issues, an unauthenticated attacker could put Cross-Site Scripting payloads in pages visited by users. 2022-01-03 2.6 CVE-2021-24964MISC mlcalc — mortgage_calculator\/loan_calculator The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks 2022-01-03 3.5 CVE-2021-24828MISC oroinc — oroplatform OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview a vulnerable email template. There are no workarounds that address this vulnerability. Users are advised to upgrade as soon as is possible. 2022-01-04 3.5 CVE-2021-41236CONFIRMMISC vehicle_service_management_system_project — vehicle_service_management_system A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel. 2022-01-06 3.5 CVE-2021-46069MISCMISC vehicle_service_management_system_project — vehicle_service_management_system A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel. 2022-01-06 3.5 CVE-2021-46072MISCMISC vehicle_service_management_system_project — vehicle_service_management_system A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel. 2022-01-06 3.5 CVE-2021-46070MISCMISC vehicle_service_management_system_project — vehicle_service_management_system A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel. 2022-01-06 3.5 CVE-2021-46068MISCMISC wpovernight — woocommerce_pdf_invoices\&_packing_slips The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard 2022-01-03 3.5 CVE-2021-24991MISC wptravelengine — wp_travel_engine The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as editor to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed 2022-01-03 3.5 CVE-2021-24680MISC Back to top   Severity Not Yet Assigned Primary Vendor — Product Description Published CVSS Score Source & Patch Info harmonyos — mobile_devices HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file. 2022-01-03 not yet calculated CVE-2021-37128MISC alpine — linux   The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration. 2022-01-06 not yet calculated CVE-2022-22704MISC apache — avro   A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue. 2022-01-06 not yet calculated CVE-2021-43045CONFIRMMLIST apache — geode   Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix “sysprop-“, “javax.net.ssl”, or “security-“. This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0. 2022-01-04 not yet calculated CVE-2021-34797MISCMISC apache — james   Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted. 2022-01-04 not yet calculated CVE-2021-40525MISCMLIST apache — james   In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user needs to be authenticated to exploit this vulnerability. This affected Apache James prior to version 3.6.1. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. 2022-01-04 not yet calculated CVE-2021-40111MISCMLIST apache — james   In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking. 2022-01-04 not yet calculated CVE-2021-40110MISCMLIST apache — james   Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information. 2022-01-04 not yet calculated CVE-2021-38542MISCMLIST apache — kylin In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. 2022-01-06 not yet calculated CVE-2021-45457MISCMLIST apache — kylin   All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. For endpoints accepting node details in HTTP message body, unauthenticated (but limited) server-side request forgery (SSRF) can be achieved. This issue affects Apache Kylin Apache Kylin 3 versions prior to 3.1.2. 2022-01-06 not yet calculated CVE-2021-27738MISCMLIST apache — kylin   Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal project name to pass the check and perform the following steps, resulting in a command injection vulnerability. This issue affects Apache Kylin 4.0.0. 2022-01-06 not yet calculated CVE-2021-45456MISCMLIST apache — kylin   Kylin can receive user input and load any class through Class.forName(…). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. 2022-01-06 not yet calculated CVE-2021-31522MISCMLIST apache — kylin   Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin’s configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. 2022-01-06 not yet calculated CVE-2021-45458MISCMLISTMLIST apache — kylin   Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions. 2022-01-06 not yet calculated CVE-2021-36774MISCMLIST apache — pluto   The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact 2022-01-06 not yet calculated CVE-2021-36737MISC apache — pluto   The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact 2022-01-06 not yet calculated CVE-2021-36738MISC apache — pluto   The “first name” and “last name” fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks. 2022-01-06 not yet calculated CVE-2021-36739MISC asus — rt-ax56u_wi-fi_router   ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service. 2022-01-03 not yet calculated CVE-2021-44158CONFIRM atalegacysmm — atalegacysmm   An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check. 2022-01-06 not yet calculated CVE-2021-41842MISC atlassian — jira_server   Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. 2022-01-06 not yet calculated CVE-2021-43947N/A atlassian — jira_server   Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.21.0. 2022-01-05 not yet calculated CVE-2021-43946MISC bidriectional — unicode   Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways. 2022-01-05 not yet calculated CVE-2021-22567MISCMISC bios — bios   A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system. 2022-01-03 not yet calculated CVE-2021-38576MISC bluetooth — bluetooth   In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198608; Issue ID: ALPS06198608. 2022-01-04 not yet calculated CVE-2022-20023MISC bluetooth — bluetooth   In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198578; Issue ID: ALPS06198578. 2022-01-04 not yet calculated CVE-2022-20022MISC bluetooth — bluetooth   In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198513; Issue ID: ALPS06198513. 2022-01-04 not yet calculated CVE-2022-20021MISC bookstack — bookstack   bookstack is vulnerable to Improper Access Control 2022-01-06 not yet calculated CVE-2021-4194CONFIRMMISC changlain — blocklist   Changlian Blocklist has a Business Logic Errors vulnerability .Successful exploitation of this vulnerability may expand the attack surface of the message class. 2022-01-03 not yet calculated CVE-2021-39968MISC codeigniter — codeigniter   CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL injection. Users are advised to upgrade to v4.1.6 or later. Users unable to upgrade as advised to not use the `old()` function and form_helper nor `RedirectResponse::withInput()` and `redirect()->withInput()`. 2022-01-04 not yet calculated CVE-2022-21647MISCCONFIRM containerd — containerd   containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible. 2022-01-05 not yet calculated CVE-2021-43816CONFIRMMISCMISCMISC controlup — real-time_agent   An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method. 2022-01-04 not yet calculated CVE-2021-45912MISCMISC controlup — real-time_agent   A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel. 2022-01-04 not yet calculated CVE-2021-45913MISCMISC convos — convos   Convos is an open source multi-user chat that runs in a web browser. You can’t use SVG extension in Convos’ chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after uploading a file the XSS attack is triggered upon a user viewing the file. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible. 2022-01-04 not yet calculated CVE-2022-21650CONFIRMMISCMISCMISC discourse — discourse   Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. No workarounds for this issue exist. 2022-01-04 not yet calculated CVE-2021-43850MISCCONFIRM discourse — discourse   Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade. 2022-01-05 not yet calculated CVE-2022-21642MISCCONFIRM django — django   An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language’s variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. 2022-01-05 not yet calculated CVE-2021-45116MISCMISCCONFIRM django — django   Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. 2022-01-05 not yet calculated CVE-2021-45452MISCMISCCONFIRM django — django   An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. 2022-01-05 not yet calculated CVE-2021-45115MISCMISCCONFIRM dolibarr — dolibarr   admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. 2022-01-02 not yet calculated CVE-2022-22293MISC doprolog — doprolog   In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. 2022-01-06 not yet calculated CVE-2021-46143MISCMISC enc — datavault   ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does not know the secret key) can make ciphertext modifications that are reflected in modified plaintext. There is no data integrity mechanism. (This behavior occurs across USB drives sold under multiple brand names.) 2022-01-02 not yet calculated CVE-2021-36751MISCMISC expat — expat   In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). 2022-01-01 not yet calculated CVE-2021-45960MISCMISCMISC forge — forge   forge is vulnerable to URL Redirection to Untrusted Site 2022-01-06 not yet calculated CVE-2022-0122MISCCONFIRM fortinet — fortimail   A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection. 2022-01-05 not yet calculated CVE-2020-15933CONFIRM fortinet — fortios   A download of code without integrity check vulnerability in the “execute restore src-vis” command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages. 2022-01-04 not yet calculated CVE-2021-44168CONFIRM foxit — pdf_reader Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API. 2022-01-04 not yet calculated CVE-2021-45980MISCMISCMISC foxit — pdf_reader   Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API. 2022-01-04 not yet calculated CVE-2021-45978MISCMISCMISC foxit — pdf_reader   Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API. 2022-01-04 not yet calculated CVE-2021-45979MISCMISCMISC giftrans — giftrans   The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data. 2022-01-01 not yet calculated CVE-2021-45972MISCMISCMISC glpi — glpi   GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server’s underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin. 2022-01-05 not yet calculated CVE-2021-43779MISCCONFIRM gpac — gpac A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets function, which causes a Denial of Servie (context-dependent). 2022-01-06 not yet calculated CVE-2021-46040MISC gpac — gpac A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a Denial of Service. 2022-01-06 not yet calculated CVE-2021-46042MISC gpac — gpac   A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Denial of Service (context-dependent). 2022-01-06 not yet calculated CVE-2021-46044MISC gpac — gpac   A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service. 2022-01-06 not yet calculated CVE-2021-46041MISC gpac — gpac   A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, which causes a Denial of Service (context-dependent). 2022-01-06 not yet calculated CVE-2021-46039MISC gpac — gpac   A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes a Denial of Service. 2022-01-06 not yet calculated CVE-2021-46043MISC harmonyos — mobile_devices HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission. 2022-01-03 not yet calculated CVE-2021-39970MISC harmonyos — mobile_devices There is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. 2022-01-03 not yet calculated CVE-2021-39966MISCMISC harmonyos — mobile_devices Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call. 2022-01-03 not yet calculated CVE-2021-39981MISC harmonyos — mobile_devices The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart. 2022-01-03 not yet calculated CVE-2021-39988MISC harmonyos — mobile_devices   Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected. 2022-01-03 not yet calculated CVE-2021-37125MISC harmonyos — mobile_devices   There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission. 2022-01-03 not yet calculated CVE-2021-37121MISC harmonyos — mobile_devices   There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. 2022-01-03 not yet calculated CVE-2021-37114MISCMISC harmonyos — mobile_devices   Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed. 2022-01-03 not yet calculated CVE-2021-37126MISC harmonyos — mobile_devices   There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion. 2022-01-03 not yet calculated CVE-2021-37111MISCMISC harmonyos — mobile_devices   PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed. 2022-01-03 not yet calculated CVE-2021-37116MISC harmonyos — mobile_devices   There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. 2022-01-03 not yet calculated CVE-2021-39967MISCMISC harmonyos — mobile_devices   There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. 2022-01-03 not yet calculated CVE-2021-39969MISCMISC harmonyos — mobile_devices   The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitation of this vulnerability may cause a process to restart. 2022-01-03 not yet calculated CVE-2021-39985MISC harmonyos — mobile_devices   There is a Null pointer dereference in Smartphones.Successful exploitation of this vulnerability may cause the kernel to break down. 2022-01-03 not yet calculated CVE-2021-39973MISCMISC harmonyos — mobile_devices   Password vault has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability could compromise confidentiality. 2022-01-03 not yet calculated CVE-2021-39971MISC harmonyos — mobile_devices   There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. 2022-01-03 not yet calculated CVE-2021-39974MISCMISC harmonyos — mobile_devices   The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience. 2022-01-03 not yet calculated CVE-2021-39990MISC harmonyos — mobile_devices   The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart. 2022-01-03 not yet calculated CVE-2021-39977MISC harmonyos — mobile_devices   The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability may cause a process to restart. 2022-01-03 not yet calculated CVE-2021-39989MISC harmonyos — mobile_devices   HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity. 2022-01-03 not yet calculated CVE-2021-39979MISC harmonyos — mobile_devices   Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure. 2022-01-03 not yet calculated CVE-2021-39980MISC harmonyos — mobile_devices   Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation of this vulnerability may read and write arbitrary files by tampering with Phone Manager notifications. 2022-01-03 not yet calculated CVE-2021-39982MISC harmonyos — mobile_devices   The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart. 2022-01-03 not yet calculated CVE-2021-39983MISC harmonyos — mobile_devices   Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerability may cause privacy and security issues. 2022-01-03 not yet calculated CVE-2021-39978MISC harmonyos — mobile_devices   There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation. 2022-01-03 not yet calculated CVE-2021-37120MISC harmonyos — mobile_devices   Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerability may use Higher Permissions for invoking the interface of location-related components. 2022-01-03 not yet calculated CVE-2021-37134MISC harmonyos — mobile_devices   There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. 2022-01-03 not yet calculated CVE-2021-37119MISCMISC harmonyos — mobile_devices   There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. 2022-01-03 not yet calculated CVE-2021-37133MISCMISC harmonyos — mobile_devices   There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. 2022-01-03 not yet calculated CVE-2021-37110MISCMISC harmonyos — mobile_devices   Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak. 2022-01-03 not yet calculated CVE-2021-37112MISC harmonyos — mobile_devices   There is a Privilege escalation vulnerability with the file system component in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. 2022-01-03 not yet calculated CVE-2021-37113MISCMISC harmonyos — mobile_devices   There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. 2022-01-03 not yet calculated CVE-2021-37117MISCMISC harmonyos — mobile_devices   The HwNearbyMain module has a Improper Handling of Exceptional Conditions vulnerability.Successful exploitation of this vulnerability may lead to message leak. 2022-01-03 not yet calculated CVE-2021-37118MISC harmonyos — mobile_devices   The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart. 2022-01-03 not yet calculated CVE-2021-39987MISC harmonyos — mobile_devices   PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission. 2022-01-03 not yet calculated CVE-2021-37132MISC hdf5 — hdf5 A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service. 2022-01-05 not yet calculated CVE-2021-45830MISC hdf5 — hdf5   A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent). 2022-01-05 not yet calculated CVE-2021-45833MISC hdf5 — hdf5   A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent). 2022-01-05 not yet calculated CVE-2021-45832MISC hdf5 — hdf5   HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service. 2022-01-03 not yet calculated CVE-2021-45829MISC hilinksvc — hilinksvc   Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks. 2022-01-03 not yet calculated CVE-2021-39975MISC hilinksvc — hilinksvc   Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash. 2022-01-03 not yet calculated CVE-2021-37098MISC honda — civic_2012   The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization. 2022-01-06 not yet calculated CVE-2021-46145MISCMISCMISCMISC hoppscotch — hoppscotch   hoppscotch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor 2022-01-06 not yet calculated CVE-2022-0121CONFIRMMISC huawei — idap   Huawei idap module has a Out-of-bounds Read vulnerability.Successful exploitation of this vulnerability may cause Denial of Service. 2022-01-03 not yet calculated CVE-2021-39984MISC huawei — myhuawei_app   MyHuawei-App has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could compromise confidentiality. 2022-01-03 not yet calculated CVE-2021-39972MISC ibm — powervm_hypervisor   IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019. 2022-01-05 not yet calculated CVE-2021-38918CONFIRMXF index.php — index.php   Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter. 2022-01-06 not yet calculated CVE-2021-44584MISCMISC insta_hms — insta_hms   Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. 2022-01-06 not yet calculated CVE-2021-42841MISC insyde — insydeh20 An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (CommBufferData). 2022-01-06 not yet calculated CVE-2021-45971MISC insyde — insydeh20   An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer. 2022-01-05 not yet calculated CVE-2020-5956MISC insyde — insydeh20   An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the CommBuffer+8 location). 2022-01-05 not yet calculated CVE-2021-45969MISC insyde — insydeh20   An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the status code saved at the CommBuffer+4 location). 2022-01-05 not yet calculated CVE-2021-45970MISC jawn — jawn   Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don’t override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection. 2022-01-05 not yet calculated CVE-2022-21653MISCCONFIRM kd_camera — hw_driver   In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862966; Issue ID: ALPS05862966. 2022-01-04 not yet calculated CVE-2022-20015MISC konica_minolta — bizhub Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier, bizhub C3850/C3350/3850FS, bizhub 4750/4050, bizhub C3110, bizhub C3100P) allows a physical attacker to obtain unsent scanned image data when scanned data transmission is stopped due to the network error by ejecting a HDD before the scan job times out. 2022-01-04 not yet calculated CVE-2021-20870MISCMISCMISCMISC konica_minolta — bizhub Protection mechanism failure vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier) allows a physical attacker to bypass the firmware integrity verification and to install malicious firmware. 2022-01-04 not yet calculated CVE-2021-20872MISCMISCMISCMISC konica_minolta — bizhub   Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain the credentials if the destination information including credentials are registered in the address book via a specific SOAP message. 2022-01-04 not yet calculated CVE-2021-20871MISCMISCMISCMISC konica_minolta — bizhub   Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain some of user credentials if LDAP server authentication is enabled via a specific SOAP message. 2022-01-04 not yet calculated CVE-2021-20869MISCMISCMISCMISC konica_minolta — bizhub   Incorrect authorization vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain user credentials if external server authentication is enabled via a specific SOAP message sent by an administrative user. 2022-01-04 not yet calculated CVE-2021-20868MISCMISCMISCMISC kubectl — kubectl   kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events. 2022-01-07 not yet calculated CVE-2021-25743CONFIRM latte — latte   Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8. Users unable to upgrade should not accept template input from untrusted sources. 2022-01-04 not yet calculated CVE-2022-21648MISCCONFIRM libcodecdrv — libcodecdrv   In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05943906; Issue ID: ALPS05943906. 2022-01-04 not yet calculated CVE-2022-20020MISC libming — libming   In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file. 2022-01-06 not yet calculated CVE-2021-44591MISCMISC libming — libming   In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability. 2022-01-06 not yet calculated CVE-2021-44590MISCMISC libmtkomxgsmdec — libmtkomxgsmdec   In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917620; Issue ID: ALPS05917620. 2022-01-04 not yet calculated CVE-2022-20019MISC lighttpd — lighttpd   In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes), as demonstrated by remote denial of service (daemon crash). 2022-01-06 not yet calculated CVE-2022-22707MISC linux — linux_kernel   Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel’s netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) 2022-01-06 not yet calculated CVE-2021-28715MISC linux — linux_kernel   Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel’s netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) 2022-01-06 not yet calculated CVE-2021-28714MISC livehelperchat — livehelperchat   livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information 2022-01-04 not yet calculated CVE-2022-0083CONFIRMMISC manageengine — adselfservice_plus   ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists. 2022-01-03 not yet calculated CVE-2021-20147MISC manageengine — adselfservice_plus   ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain. 2022-01-03 not yet calculated CVE-2021-20148MISC mcafee — application_and_change_control   Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run. 2022-01-04 not yet calculated CVE-2021-31833CONFIRM mdp_driver — mdp_driver   In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478. 2022-01-04 not yet calculated CVE-2022-20012MISC mediatek — wifi_driver   In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN20190426015. 2022-01-04 not yet calculated CVE-2021-41789MISC modem_emm — moden_emm   In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933. 2022-01-04 not yet calculated CVE-2021-40148MISC mruby — mrruby   mruby is vulnerable to Heap-based Buffer Overflow 2022-01-02 not yet calculated CVE-2022-0080CONFIRMMISC navigatecms — navigatecms   An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter. 2022-01-06 not yet calculated CVE-2021-44351MISC netskope — client   Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level. 2022-01-04 not yet calculated CVE-2021-41388CONFIRM nltk — nltk   nltk is vulnerable to Inefficient Regular Expression Complexity 2022-01-04 not yet calculated CVE-2021-3842CONFIRMMISC openexr — openexr   OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable. 2022-01-01 not yet calculated CVE-2021-45942MISCMISCMISCMISCCONFIRM openwhyd — openwhyd   openwhyd is vulnerable to Improper Authorization 2022-01-03 not yet calculated CVE-2021-3837CONFIRMMISC opmantek — open-audit   An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory. 2022-01-03 not yet calculated CVE-2021-44674MISCMISCMISCMISC oroplatform — oroplatform   OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are vulnerable to Prototype Pollution. This issue has been patched in version 4.2.8. Users unable to upgrade may configure a firewall to drop requests containing next strings: `__proto__` , `constructor[prototype]`, and `constructor.prototype` to mitigate this issue. 2022-01-04 not yet calculated CVE-2021-43852MISCCONFIRM pac4j — pac4j   Pac4j v5.1 and earlier allows (by default) clients to accept and successfully validate ID Tokens with “none” algorithm (i.e., tokens with no signature) which is not secure and violates the OpenID Core Specification. The “none” algorithm does not require any signature verification when validating the ID tokens, which allows the attacker to bypass the token validation by injecting a malformed ID token using “none” as the value of “alg” key in the header with an empty signature value. 2022-01-06 not yet calculated CVE-2021-44878MISCMISC pjsip — pjsip   PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch. 2022-01-04 not yet calculated CVE-2021-41141CONFIRMMISC qualcomm — bluecore   Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore 2022-01-03 not yet calculated CVE-2021-35093CONFIRM qualcomm — multiple_snapdragon_products Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-30274CONFIRM qualcomm — multiple_snapdragon_products Possible buffer overflow due to lack of range check while processing a DIAG command for COEX management in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-01-03 not yet calculated CVE-2021-30289CONFIRM qualcomm — multiple_snapdragon_products Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-30275CONFIRM qualcomm — multiple_snapdragon_products Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables 2022-01-03 not yet calculated CVE-2021-30273CONFIRM qualcomm — multiple_snapdragon_products Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-30272CONFIRM qualcomm — multiple_snapdragon_products Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-30278CONFIRM qualcomm — multiple_snapdragon_products Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-30282CONFIRM qualcomm — multiple_snapdragon_products Possible denial of service due to improper handling of debug register trap from user applications in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2022-01-03 not yet calculated CVE-2021-30283CONFIRM qualcomm — multiple_snapdragon_products Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-30335CONFIRM qualcomm — multiple_snapdragon_products Possible assertion due to lack of input validation in PUSCH configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT 2022-01-03 not yet calculated CVE-2021-30293CONFIRM qualcomm — multiple_snapdragon_products Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-30303CONFIRM qualcomm — multiple_snapdragon_products Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-30270CONFIRM qualcomm — multiple_snapdragon_products Possible out of bound read due to lack of domain input validation while processing APK close session request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables 2022-01-03 not yet calculated CVE-2021-30336CONFIRM qualcomm — multiple_snapdragon_products Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-30337CONFIRM qualcomm — multiple_snapdragon_products Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2022-01-03 not yet calculated CVE-2021-30348CONFIRM qualcomm — multiple_snapdragon_products An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-30351CONFIRM qualcomm — multiple_snapdragon_products Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2022-01-03 not yet calculated CVE-2021-1918CONFIRM qualcomm — multiple_snapdragon_products Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-1894CONFIRM qualcomm — multiple_snapdragon_products Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-30269CONFIRM qualcomm — multiple_snapdragon_products   Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-01-03 not yet calculated CVE-2021-30262CONFIRM qualcomm — multiple_snapdragon_products   Possible integer overflow to buffer overflow due to improper input validation in FTM ARA commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 2022-01-03 not yet calculated CVE-2021-30267CONFIRM qualcomm — multiple_snapdragon_products   Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-01-03 not yet calculated CVE-2021-30268CONFIRM qualcomm — multiple_snapdragon_products   An integer overflow due to improper check performed after the address and size passed are aligned in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2020-11263CONFIRM qualcomm — multiple_snapdragon_products   Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-30271CONFIRM qualcomm — multiple_snapdragon_products   Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-30279CONFIRM qualcomm — multiple_snapdragon_products   Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-30298CONFIRM qualcomm — multiple_snapdragon_products   Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wired Infrastructure and Networking 2022-01-03 not yet calculated CVE-2021-30276CONFIRM qutscloud — multiple_devices   A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later 2022-01-07 not yet calculated CVE-2021-38674MISC roundcube — roundcube   Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. 2022-01-06 not yet calculated CVE-2021-46144MISCMISCMISCMISCMISCDEBIAN scratch-svg-renderer — scratch-svg-renderer   A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file. 2022-01-06 not yet calculated CVE-2020-27428MISC seninf — driver   In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863018; Issue ID: ALPS05863018. 2022-01-04 not yet calculated CVE-2022-20018MISC shockwall — shockwall   The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially. 2022-01-03 not yet calculated CVE-2021-45916CONFIRM shopware — shopware   Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account can’t be used to login with said account. This also means, that upon a password change, all existing sessions for a given customer account are automatically considered invalid. There is no workaround for this issue. 2022-01-05 not yet calculated CVE-2022-21652MISCCONFIRMMISC shopware — shopware   Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible. 2022-01-05 not yet calculated CVE-2022-21651MISCCONFIRMMISC showdoc — showdoc   showdoc is vulnerable to Generation of Error Message Containing Sensitive Information 2022-01-03 not yet calculated CVE-2022-0079CONFIRMMISC sourcecodester — vehicle_service_managemant_system In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover. 2022-01-06 not yet calculated CVE-2021-46067MISCMISC sourcecodester — vehicle_service_managemant_system   A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel. 2022-01-06 not yet calculated CVE-2021-46071MISCMISC sourcecodester — vehicle_service_managemant_system   A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel. 2022-01-06 not yet calculated CVE-2021-46074MISCMISC sourcecodester — vehicle_service_management_system A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel. 2022-01-06 not yet calculated CVE-2021-46073MISCMISC sourcecodester — vehicle_service_management_system   Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution. 2022-01-06 not yet calculated CVE-2021-46076MISCMISC sourcecodester — vehicle_service_management_system   A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability. 2022-01-06 not yet calculated CVE-2021-46080MISCMISC sourcecodester — vehicle_service_management_system   An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection. 2022-01-06 not yet calculated CVE-2021-46079MISCMISC sourcecodester — vehicle_service_management_system   A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations. 2022-01-06 not yet calculated CVE-2021-46075MISCMISC sourcecodester — vehicle_service_management_system   An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability. 2022-01-06 not yet calculated CVE-2021-46078MISCMISC spinnaker — spinnaker   Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation & execution. This lets an arbitrary user with access to the gate endpoint to create a pipeline and execute it without authentication. If users haven’t setup Role-based access control (RBAC) with-in spinnaker, this enables remote execution and access to deploy almost any resources on any account. Patches are available on the latest releases of the supported branches and users are advised to upgrade as soon as possible. Users unable to upgrade should enable RBAC on ALL accounts and applications. This mitigates the ability of a pipeline to affect any accounts. Block application access unless permission are enabled. Users should make sure ALL application creation is restricted via appropriate wildcards. 2022-01-04 not yet calculated CVE-2021-43832CONFIRM spinnaker — spinnaker   Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don’t override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs. 2022-01-04 not yet calculated CVE-2021-39143CONFIRM starwind — san_&_nas_build_1578   StarWind SAN & NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to bypass authentication resulting in escalation of privileges. 2022-01-04 not yet calculated CVE-2021-45389MISC sync — sync2101   A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products). 2022-01-06 not yet calculated CVE-2021-44564MISCMISC talkyard — talkyard   In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks) 2022-01-03 not yet calculated CVE-2021-25981MISCMISCMISC tcpslice — tcpslice   Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact. 2022-01-05 not yet calculated CVE-2021-41043MISC tlr — 2005ksh   TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats. 2022-01-03 not yet calculated CVE-2021-45428MISC totolink — ex200   The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution. 2022-01-04 not yet calculated CVE-2021-43711MISC uriparser — uriparser An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. 2022-01-06 not yet calculated CVE-2021-46142MISCMISCCONFIRM uriparser — uriparser An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. 2022-01-06 not yet calculated CVE-2021-46141MISCMISCCONFIRM userfrosting — userfrosting   In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account. 2022-01-03 not yet calculated CVE-2021-25994MISCMISC usoc — usoc USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue. 2022-01-04 not yet calculated CVE-2022-21644CONFIRMMISC usoc — usoc   USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue. 2022-01-04 not yet calculated CVE-2022-21643MISCCONFIRM vim — vim   vim is vulnerable to Out-of-bounds Read 2022-01-06 not yet calculated CVE-2022-0128MISCCONFIRM vow_driver — vow_driver   In vow driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862986; Issue ID: ALPS05862986. 2022-01-04 not yet calculated CVE-2022-20016MISC vow_driver — vow_driver   In vow driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05837742. 2022-01-04 not yet calculated CVE-2022-20013MISC vow_driver — vow_driver   In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05857308; Issue ID: ALPS05857308. 2022-01-04 not yet calculated CVE-2022-20014MISC whatsapp — whatsapp   The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor. 2022-01-04 not yet calculated CVE-2021-24042CONFIRM wordpress — wordpress The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin 2022-01-03 not yet calculated CVE-2021-25020MISC wordpress — wordpress The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated. 2022-01-03 not yet calculated CVE-2021-24893MISC wordpress — wordpress The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text parameter before using it in a SQL statement via the eme_searchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL injection attacks 2022-01-03 not yet calculated CVE-2021-25030MISC wordpress — wordpress   WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability. 2022-01-06 not yet calculated CVE-2022-21661CONFIRMMISCMISC wordpress — wordpress   WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there’s potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. 2022-01-06 not yet calculated CVE-2022-21664MISCCONFIRMMISC wordpress — wordpress   WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. 2022-01-06 not yet calculated CVE-2022-21663MISCCONFIRM wordpress — wordpress   WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. 2022-01-06 not yet calculated CVE-2022-21662MISCCONFIRM wordpress — wordpress   All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs. 2022-01-03 not yet calculated CVE-2021-24831MISC wordpress — wordpress   The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the “orderby” GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue 2022-01-03 not yet calculated CVE-2021-24786MISC wordpress — wordpress   The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbp_convert_table_name parameter before using it in a SQL statement to convert the related table, leading to an SQL injection 2022-01-03 not yet calculated CVE-2021-25023MISC wordpress — wordpress   The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin 2022-01-03 not yet calculated CVE-2021-25021MISC ws-scrcpy — ws-scrcpy   ws-scrcpy is vulnerable to External Control of File Name or Path 2022-01-04 not yet calculated CVE-2021-3845MISCCONFIRM xen — xen   Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as “driver domains”. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn’t have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 2022-01-05 not yet calculated CVE-2021-28713MISC xen — xen   Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as “driver domains”. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn’t have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 2022-01-05 not yet calculated CVE-2021-28711MISC xen — xen   Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as “driver domains”. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn’t have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 2022-01-05 not yet calculated CVE-2021-28712MISC Back to top This product is provided subject to this Notification and this Privacy & Use policy.

  • Vulnerability Summary for the Week of December 27, 2021
    by CISA on January 4, 2022 at 12:48 pm

    Original release date: January 4, 2022&#xA0; High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info There were no high vulnerabilities recorded this week. Back to top &#xA0; Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — log4j Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. 2021-12-28 6 CVE-2021-44832MISCMISCMLISTCONFIRMMLIST livehelperchat — live_helper_chat livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-26 4.3 CVE-2021-4169MISCCONFIRM mediawiki — mediawiki In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. 2021-12-24 5 CVE-2021-45471MISCMISCMISC mediawiki — mediawiki In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. 2021-12-24 4.3 CVE-2021-45472MISCMISC mediawiki — mediawiki In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar). 2021-12-24 4.3 CVE-2021-45473MISCMISC mediawiki — mediawiki In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. 2021-12-24 4.3 CVE-2021-45474MISCMISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 5.2 CVE-2021-45584MISC Back to top &#xA0; Low Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info invoiceninja — invoice_ninja invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-24 3.5 CVE-2021-3977MISCCONFIRM Back to top &#xA0; Severity Not Yet Assigned Primary Vendor — Product Description Published CVSS Score Source & Patch Info netgear — ac2600_firmware Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88. 2021-12-26 not yet calculated CVE-2021-45644MISC netgear — d7000v2_firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R8000 before 1.0.4.62, XR300 before 1.0.3.56, R7000P before 1.3.2.132, R8500 before 1.0.2.144, R6900P before 1.3.2.132, and R8300 before 1.0.2.144. 2021-12-26 not yet calculated CVE-2021-45624MISC 4nb — videooffice   An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check. 2021-12-28 not yet calculated CVE-2020-7878MISC actix — actix-web   An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption. 2021-12-27 not yet calculated CVE-2018-25025MISCMISC actix — actix-web   An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption. 2021-12-27 not yet calculated CVE-2018-25024MISCMISC actix — actix-web   An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption. 2021-12-27 not yet calculated CVE-2018-25026MISCMISC apache — apisix_dashboard   In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication. 2021-12-27 not yet calculated CVE-2021-45232CONFIRMMLIST archivy — archivy   archivy is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-25 not yet calculated CVE-2021-4162CONFIRMMISC asus — rt-n53_devices   ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp. 2021-12-28 not yet calculated CVE-2019-20082MISCMISC attendance_management_system — attendance_management_system   Attendance Management System 1.0 is affected by a Cross Site Scripting (XSS) vulnerability. The value of the FirstRecord request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The attacker can access the system, by using the XSS-reflected method, and then can store information by injecting the admin account on this system. 2021-12-26 not yet calculated CVE-2021-44598MISC authguard — authguard   basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier. 2021-12-27 not yet calculated CVE-2021-45890MISCMISCMISCMISC avast — antivirus Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by “hollowing” trusted process which could lead to the bypassing of Avast self-defense. 2021-12-27 not yet calculated CVE-2021-45339MISCMISC avast — antivirus   Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges. 2021-12-27 not yet calculated CVE-2021-45336MISCMISC avast — antivirus   Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by “hollowing” process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection. 2021-12-27 not yet calculated CVE-2021-45337MISCMISC avast — antivirus   Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security. 2021-12-27 not yet calculated CVE-2021-45338MISCMISCMISCMISC avast — antivirus   Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files. 2021-12-27 not yet calculated CVE-2021-45335MISCMISC biostar — racing_gt_evo   An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver’s device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000. 2022-01-01 not yet calculated CVE-2021-44852MISC bitmask — riseup   Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. When the software is installed with a non-default installation directory off of the system root, the installer fails to properly set ACLs. This allows lower privileged users to replace the VPN executable with a malicious one. When a higher privileged user such as an Administrator launches that executable, it is possible for the lower privileged user to escalate to Administrator privileges. 2021-12-30 not yet calculated CVE-2021-44466MISC brave — brave_desktop   In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system’s DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916. 2021-12-27 not yet calculated CVE-2021-45884MISCMISCMISCMISC carinal — tien_hospital_health_report_system   Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user. 2021-12-29 not yet calculated CVE-2021-44160MISC celery — celery   This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. 2021-12-29 not yet calculated CVE-2021-23727MISCMISC cscms — cscms   An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks. 2021-12-27 not yet calculated CVE-2020-21238MISC damicms — damicms   A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user’s session cookie. 2021-12-27 not yet calculated CVE-2020-21236MISC dl-axist — devices   The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings. 2022-01-01 not yet calculated CVE-2021-43333MISCCONFIRM dmp — roadmap   DMP Roadmap before 3.0.4 allows XSS. 2022-01-01 not yet calculated CVE-2021-44896MISCMISCMISC dnsmasq — dnsmasq   Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). 2022-01-01 not yet calculated CVE-2021-45957MISCMISC dnsmasq — dnsmasq   Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard). 2022-01-01 not yet calculated CVE-2021-45951MISCMISC dnsmasq — dnsmasq   Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). 2022-01-01 not yet calculated CVE-2021-45956MISCMISC dnsmasq — dnsmasq   Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). 2022-01-01 not yet calculated CVE-2021-45952MISCMISC dnsmasq — dnsmasq Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). 2022-01-01 not yet calculated CVE-2021-45953MISCMISC dnsmasq — dnsmasq   Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). 2022-01-01 not yet calculated CVE-2021-45954MISCMISC dnsmasq — dnsmasq   Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c). 2022-01-01 not yet calculated CVE-2021-45955MISCMISC elgg — elgg   elgg is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-24 not yet calculated CVE-2021-4072MISCCONFIRM emerson — xweb_300d_evo   Emerson XWEB 300D EVO 3.0.7–3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal. 2021-12-30 not yet calculated CVE-2021-45427MISCMISCMISC emuse — eservices_and_envoice   Emuse – eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx code and the webroot location , information an attacker can leverage to further compromise the host. 2021-12-29 not yet calculated CVE-2021-36722CONFIRM emuse — eservices_and_envoice   Emuse – eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service. 2021-12-29 not yet calculated CVE-2021-36723CONFIRM evga — precision_xoc   The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data. 2021-12-28 not yet calculated CVE-2020-22057MISC expat — expat   In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). 2022-01-01 not yet calculated CVE-2021-45960MISCMISCMISC fatek — winproladder   FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. 2021-12-28 not yet calculated CVE-2021-43556MISC fatek — winproladder   FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. 2021-12-28 not yet calculated CVE-2021-43554MISC forescout — secureconnector_local_service   ForeScout – SecureConnector Local Service DoS – A low privilaged user which doesn’t have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash. 2021-12-29 not yet calculated CVE-2021-36724CONFIRM gdal — gdal   GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). 2022-01-01 not yet calculated CVE-2021-45943MISCMISCMISCMISC gerapy — gerapy   Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8. 2021-12-27 not yet calculated CVE-2021-43857CONFIRMMISCMISC ghostscript — ghostpdl Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). 2022-01-01 not yet calculated CVE-2021-45944MISCMISC ghostscript — ghostpdl   Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). 2022-01-01 not yet calculated CVE-2021-45949MISCMISCMISC gif2apng — gif2apng An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written. 2021-12-28 not yet calculated CVE-2021-45910MISC gif2apng — gif2apng An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer. 2021-12-28 not yet calculated CVE-2021-45909MISC gif2apng — gif2apng An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a for loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted. 2021-12-28 not yet calculated CVE-2021-45907MISC gif2apng — gif2apng An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted. 2021-12-28 not yet calculated CVE-2021-45908MISC gif2apng — gif2apng   An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer. 2021-12-28 not yet calculated CVE-2021-45911MISC giftrans — giftrans   The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data. 2022-01-01 not yet calculated CVE-2021-45972MISCMISCMISC glewlwyd — glewlwyd   Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password. 2021-12-30 not yet calculated CVE-2021-45379MISCMISC go — go   net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. 2022-01-01 not yet calculated CVE-2021-44716CONFIRM go — go   Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. 2022-01-01 not yet calculated CVE-2021-44717CONFIRM google — android   An improper authentication vulnerability has been reported to affect Android App Qfile. If exploited, this vulnerability allows attackers to compromise app and access information We have already fixed this vulnerability in the following versions of Qfile: Qfile 3.0.0.1105 and later 2021-12-29 not yet calculated CVE-2021-38688CONFIRM grok — grok   Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K::decompress (called from std::__1::__packaged_task_func<std::__1::__bind<grk::T1DecompressScheduler::deco and std::__1::packaged_task<int). 2022-01-01 not yet calculated CVE-2021-45935MISCMISCMISC groupsession — bycloud_and_zion   Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on the published site’s server via unspecified vectors. 2021-12-24 not yet calculated CVE-2021-20876MISCMISC groupsession — bycloud_and_zion   Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to access arbitrary files on the server and obtain sensitive information via unspecified vectors. 2021-12-24 not yet calculated CVE-2021-20874MISCMISC groupsession — bycloud_and_zion Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to access a specially crafted URL. 2021-12-24 not yet calculated CVE-2021-20875MISCMISC harfbuzz– harfbuzz HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy). 2022-01-01 not yet calculated CVE-2021-45931MISCMISCMISC iball — wrd12en   iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabling DNS settings or modifying the range for IP addresses. 2021-12-30 not yet calculated CVE-2020-29292MISCMISC ibm — x-force   IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212049. 2021-12-27 not yet calculated CVE-2021-38961CONFIRMXF ibm — x-force   IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404. 2021-12-30 not yet calculated CVE-2021-38876CONFIRMXF idec — idec   Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from the communication between the PLC and the software. As a result, the complete access privileges to the PLC Web server may be obtained, and manipulation of the PLC output and/or suspension of the PLC may be conducted. 2021-12-24 not yet calculated CVE-2021-20826MISCMISC idec — idec   Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the attacker may access the PLC Web server and hijack the PLC, and manipulation of the PLC output and/or suspension of the PLC may be conducted. 2021-12-24 not yet calculated CVE-2021-20827MISCMISC idec — multiple_products An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded. 2021-12-28 not yet calculated CVE-2021-37401MISCMISCMISCMISC idec — multiple_products An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded. 2021-12-28 not yet calculated CVE-2021-37400MISCMISCMISCMISC ifme — ifme In &#x201C;ifme&#x201D;, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them. 2021-12-29 not yet calculated CVE-2021-25989MISCCONFIRM ifme — ifme   In &#x201C;ifme&#x201D;, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe. 2021-12-29 not yet calculated CVE-2021-25990MISCCONFIRM ifme — ifme   In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme. 2021-12-29 not yet calculated CVE-2021-25991MISCCONFIRM ifme — ifme   In &#x201C;ifme&#x201D;, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin. 2021-12-29 not yet calculated CVE-2021-25988CONFIRMMISC intellibridge — ec_40_and_60_hub The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication. 2021-12-27 not yet calculated CVE-2021-33017MISC intellibridge — ec_40_and_60_hub   IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. 2021-12-27 not yet calculated CVE-2021-32993MISC iris — iris This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder. 2021-12-24 not yet calculated CVE-2021-23772CONFIRMCONFIRMCONFIRM jeecg — jeecg   An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the “localPath” variable. 2021-12-27 not yet calculated CVE-2020-20948MISC jquery — terminal_emulator   jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code the victim sees. If the application uses the `execHash` option and executes code from URL, the attacker can use this URL to execute their code. The scope is limited because the javascript attribute used is added to span tag, so no automatic execution like with `onerror` on images is possible. This issue is fixed in version 2.31.1. As a workaround, the user can use formatting that wrap whole user input and its no op. The code for this workaround is available in the GitHub Security Advisory. The fix will only work when user of the library is not using different formatters (e.g. to highlight code in different way). 2021-12-30 not yet calculated CVE-2021-43862CONFIRMMISCMISCMISC js-data — js-data   All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-1023655). 2021-12-24 not yet calculated CVE-2021-23574CONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRM kubernetes — minio   MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version `RELEASE.2021-12-27T07-23-18Z` changes the accepted request body type and removes the ability to apply policy changes through this API. There is a workaround for this vulnerability: Changing passwords can be disabled by adding an explicit `Deny` rule to disable the API for users. 2021-12-27 not yet calculated CVE-2021-43858MISCMISCMISCCONFIRMMISC libbpf — libbpf   libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c). 2022-01-01 not yet calculated CVE-2021-45941MISCMISC libbpf — libbpf   libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c). 2022-01-01 not yet calculated CVE-2021-45940MISCMISC libjxl — libjxl   libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState<jxl::FrameDecoder::ProcessSections). 2022-01-01 not yet calculated CVE-2021-45928MISCMISCMISCMISCMISC libredwg — libredwg   LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object). 2022-01-01 not yet calculated CVE-2021-45950MISCMISC linux — linux_kernel   In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn’t properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. 2021-12-25 not yet calculated CVE-2021-45485MISCMISCMISC linux — linux_kernel   An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances. 2021-12-24 not yet calculated CVE-2021-45480MISCMISC linux — linux_kernel   In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. 2021-12-25 not yet calculated CVE-2021-45486MISCMISCMISC livehelperchat — livehelperchat livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-29 not yet calculated CVE-2021-4175MISCCONFIRM livehelperchat — livehelperchat livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-29 not yet calculated CVE-2021-4176CONFIRMMISC livehelperchat — livehelperchat livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information 2021-12-28 not yet calculated CVE-2021-4177MISCCONFIRM livehelperchat — livehelperchat livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-28 not yet calculated CVE-2021-4179MISCCONFIRM ljcms — ljcms   An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks. 2021-12-27 not yet calculated CVE-2020-21237MISC max_mazurov — maddy   A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information. 2021-12-28 not yet calculated CVE-2021-42583MISCMISC mdbtools — mdbtools MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd0c689be0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind). 2022-01-01 not yet calculated CVE-2021-45926MISCMISCMISC mdbtools — mdbtools   MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd6e029ee0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind). 2022-01-01 not yet calculated CVE-2021-45927MISCMISCMISC mermaid — mermaid   Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers’ machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading. 2021-12-30 not yet calculated CVE-2021-43861MISCMISCCONFIRM microsoft — sharepoint   Microsoft SharePoint Elevation of Privilege Vulnerability. 2021-12-29 not yet calculated CVE-2021-43876MISC motp — motp   Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication. 2021-12-29 not yet calculated CVE-2021-44161MISC moxa — multiple_mgate_products   The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server. 2021-12-27 not yet calculated CVE-2021-4161MISC mruby — mruby   mruby is vulnerable to NULL Pointer Dereference 2021-12-30 not yet calculated CVE-2021-4188MISCCONFIRM netbsd — netbsd   In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures. 2021-12-25 not yet calculated CVE-2021-45487MISCMISC netbsd — netbsd   In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG. 2021-12-25 not yet calculated CVE-2021-45484MISCMISC netbsd — netbsd   In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG. 2021-12-25 not yet calculated CVE-2021-45489MISCMISC netbsd — netbsd   In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm. 2021-12-25 not yet calculated CVE-2021-45488MISCMISC netgear — ac2100_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88. 2021-12-26 not yet calculated CVE-2021-45534MISCMISC netgear — ac2100_firmware   Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before 2021-08-27, R6700v2 before 2021-08-27, R6800 before 2021-08-27, R6850 before 2021-08-27, R6900v2 before 2021-08-27, R7200 before 2021-08-27, R7350 before 2021-08-27, R7400 before 2021-08-27, and R7450 before 2021-08-27. 2021-12-26 not yet calculated CVE-2021-45511MISC netgear — ac2400_firmware   Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.1.0.84, R6800 before 1.1.0.84, R6850 before 1.1.0.84, R6900v2 before 1.1.0.84, R7200 before 1.1.0.84, R7350 before 1.1.0.84, R7400 before 1.1.0.84, and R7450 before 1.1.0.84. 2021-12-26 not yet calculated CVE-2021-45501MISC netgear — cbr40_firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R6400 before 1.0.1.68, R6900P before 1.3.2.132, R7000 before 1.0.11.116, R7000P before 1.3.2.132, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, MK62 before 1.0.6.110, MR60 before 1.0.6.110, R6400v2 before 1.0.4.106, R8000P before 1.4.1.66, RAX20 before 1.0.2.64, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, R6700v3 before 1.0.4.106, R7900P before 1.4.1.66, RAX15 before 1.0.2.64, RAX50 before 1.0.2.82, RAX75 before 1.0.3.106, RBR750 before 3.2.16.22, RBR850 before 3.2.16.22, RBS750 before 3.2.16.22, RBS850 before 3.2.16.22, RBK752 before 3.2.16.22, and RBK852 before 3.2.16.22. 2021-12-26 not yet calculated CVE-2021-45617MISC netgear — cbr40_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45598MISC netgear — cbr40_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45597MISC netgear — cbr40_firmware Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.72, R7000 before 1.0.11.110, R7900 before 1.0.4.30, R7960P before 1.4.1.66, R8000 before 1.0.4.62, RAX200 before 1.0.2.102, XR300 before 1.0.3.50, EX3700 before 1.0.0.90, MR60 before 1.0.5.102, R7000P before 1.3.2.126, R8000P before 1.4.1.66, RAX20 before 1.0.1.64, RAX50 before 1.0.2.28, RAX80 before 1.0.3.102, EX3800 before 1.0.0.90, MS60 before 1.0.5.102, R6900P before 1.3.2.126, R7900P before 1.4.1.66, RAX15 before 1.0.1.64, RAX45 before 1.0.2.28, RAX75 before 1.0.3.102, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45639MISC netgear — cbr40_firmware   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45615MISC netgear — cbr40_firmware   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400 before 1.0.1.70, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68. 2021-12-26 not yet calculated CVE-2021-45622MISC netgear — cbr40_firmware   Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R8000P before 1.4.1.66, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45667MISC netgear — cbr40_firmware   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBS40V before 2.6.2.4, and RBW30 before 2.6.2.2. 2021-12-26 not yet calculated CVE-2021-45628MISC netgear — cbr40_firmware   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45631MISC netgear — cbr40_firmware   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45630MISC netgear — cbr40_firmware   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68. 2021-12-26 not yet calculated CVE-2021-45612MISC netgear — cbr40_firmware Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.62, EX7500 before 1.0.0.72, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.4.120, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.4.120, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.4.120, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45671MISC netgear — cbr40_firmware   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before 1.1.2.20, MS80 before 1.1.2.20, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58. 2021-12-26 not yet calculated CVE-2021-45613MISC netgear — cbr40_firmware   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.1.2.20, MS60 before 1.0.6.116, MS80 before 1.1.2.20, MK62 before 1.0.6.116, MK83 before 1.1.2.20, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68. 2021-12-26 not yet calculated CVE-2021-45620MISC netgear — cbr40_firmware   Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects CBR40 before 2.3.5.12, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.30, R8000 before 1.0.4.52, and WNR3500Lv2 before 1.2.0.62. 2021-12-26 not yet calculated CVE-2021-45529MISC netgear — cbr40_firmware   Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBW30 before 2.6.2.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBS40V before 2.6.2.8. 2021-12-26 not yet calculated CVE-2021-45507MISC netgear — cbr40_firmware Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4. 2021-12-26 not yet calculated CVE-2021-45666MISC netgear — cbr40_firmware   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68. 2021-12-26 not yet calculated CVE-2021-45621MISC netgear — cbr40_firmware Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45504MISC netgear — cbr40_firmware Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7000 before 1.0.11.116, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R7000P before 1.3.2.126, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R6900P before 1.3.2.126, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45670MISC netgear — cbr40_firmware   Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, and RBR850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45508MISC netgear — cbr40_firmware Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45509MISC netgear — cbr40_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45601MISC netgear — cbr40_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45599MISC netgear — cbr750_firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45627MISC netgear — cbr750_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45600MISC netgear — cbr750_firmware Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45506MISC netgear — cbr750_firmware   Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45503MISC netgear — cbr750_firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45633MISC netgear — cbr750_firmware   Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58. 2021-12-26 not yet calculated CVE-2021-45604MISC netgear — cbr750_firmware   Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45505MISC netgear — cbr750_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45596MISC netgear — cbr750_firmware   Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45502MISC netgear — cbr750_firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45632MISC netgear — cbr750_firmware   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45634MISC netgear — cbr750_firmware   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45635MISC netgear — cbr750_firmware   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58. 2021-12-26 not yet calculated CVE-2021-45616MISC netgear — cbr750_firmware   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45629MISC netgear — d3600_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6100 before 1.0.0.63, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300 before 1.0.0.70, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, WNDR3400v3 before 1.0.1.24, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.56. 2021-12-26 not yet calculated CVE-2021-45550MISC netgear — d3600_firmware Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBK40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR20 before 2.3.0.28, RBR40 before 2.3.0.28, RBR50 before 2.3.0.32, RBS20 before 2.3.0.28, RBS40 before 2.3.0.28, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.56, and XR500 before 2.3.2.56. 2021-12-26 not yet calculated CVE-2021-45640MISC netgear — d3600_firmware   Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700 before 1.0.2.6, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.56. 2021-12-26 not yet calculated CVE-2021-45641MISC netgear — d6200_firmware   Certain NETGEAR devices are affected by Stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62. 2021-12-26 not yet calculated CVE-2021-45672MISC netgear — d6200_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.64, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, and WNR2020 before 1.1.0.62. 2021-12-26 not yet calculated CVE-2021-45551MISC netgear — d6200_firmware Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40. 2021-12-26 not yet calculated CVE-2021-45656MISC netgear — d6200_firmware   Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, and WNR2020 before 1.1.0.62. 2021-12-26 not yet calculated CVE-2021-45657MISC netgear — d6220_firmware NETGEAR D6220 devices before 1.0.0.76 are affected by command injection by an authenticated user. 2021-12-26 not yet calculated CVE-2021-45531MISC netgear — d6220_firmware   Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D6400 before 1.0.0.100, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.52, DGN2200v4 before 1.0.0.118, EAX80 before 1.0.1.64, R6250 before 1.0.4.48, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R7960P before 1.4.1.64, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, R6400v2 before 1.0.4.106, R7000P before 1.3.2.132, R8000P before 1.4.1.64, RAX20 before 1.0.2.82, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, R6700v3 before 1.0.4.106, R6900P before 1.3.2.132, R7900P before 1.4.1.64, RAX15 before 1.0.2.82, RAX50 before 1.0.2.82, and RAX75 before 1.0.3.106. 2021-12-26 not yet calculated CVE-2021-45610MISC netgear — d6220_firmware   Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.74, D8500 before 1.0.3.60, DC112A before 1.0.0.56, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R7000 before 1.0.11.116, R7100LG before 1.0.0.70, RBS40V before 2.6.2.8, RBW30 before 2.6.2.2, RS400 before 1.5.1.80, R7000P before 1.3.2.132, and R6900P before 1.3.2.132. 2021-12-26 not yet calculated CVE-2021-45638MISC netgear — d6220_firmware   Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.54, EX7000 before 1.0.1.94, EX7500 before 1.0.0.72, R6250 before 1.0.4.48, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.102, R6700v3 before 1.0.4.102, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7850 before 1.0.5.68, R7900 before 1.0.4.30, R7960P before 1.4.1.68, R8000 before 1.0.4.52, RAX200 before 1.0.2.88, RBS40V before 2.6.2.4, RS400 before 1.5.1.80, XR300 before 1.0.3.56, R7000P before 1.3.2.124, R8000P before 1.4.1.68, R8500 before 1.0.2.144, RAX80 before 1.0.3.102, R6900P before 1.3.2.124, R7900P before 1.4.1.68, R8300 before 1.0.2.144, RAX75 before 1.0.3.102, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45527MISC netgear — d7000_firmware NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass. 2021-12-26 not yet calculated CVE-2021-45497MISC netgear — d7000_firmware NETGEAR D7000 devices before 1.0.1.68 are affected by authentication bypass. 2021-12-26 not yet calculated CVE-2021-45495MISC netgear — d7000_firmware NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass. 2021-12-26 not yet calculated CVE-2021-45496MISC netgear — d7000_firmware NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based buffer overflow by an unauthenticated attacker. 2021-12-26 not yet calculated CVE-2021-45636MISC netgear — d7000v2_firmware Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400 before 1.5.0.48, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50. 2021-12-26 not yet calculated CVE-2021-45512MISC netgear — d7000v2_firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58. 2021-12-26 not yet calculated CVE-2021-45614MISC netgear — d7800_firmware   Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6100v2 before 1.0.1.86, EX6200v2 before 1.0.1.78, EX6250 before 1.0.0.110, EX6410 before 1.0.0.110, EX6420 before 1.0.0.110, EX6400v2 before 1.0.0.110, EX7300 before 1.0.2.144, EX6400 before 1.0.2.144, EX7320 before 1.0.0.110, EX7300v2 before 1.0.0.110, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.90, RBK40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.72, XR500 before 2.3.2.56, and XR700 before 1.0.1.20. 2021-12-26 not yet calculated CVE-2021-45658MISC netgear — d7800_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. 2021-12-26 not yet calculated CVE-2021-45602MISCMISC netgear — d7800_firmware Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device’s serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. 2021-12-26 not yet calculated CVE-2021-45603MISCMISC netgear — d7800_firmware   Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22. 2021-12-26 not yet calculated CVE-2021-45642MISC netgear — d7800_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.108, and XR700 before 1.0.1.20. 2021-12-26 not yet calculated CVE-2021-45552MISC netgear — d7800_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.60, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.128, EX6400 before 1.0.2.144, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6420 before 1.0.0.128, EX7300 before 1.0.2.144, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.26, R9000 before 1.0.5.2, RAX120 before 1.0.1.128, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.74, XR500 before 2.3.2.66, RBK20 before 2.7.3.22, RBR20 before 2.7.3.22, RBS20 before 2.7.3.22, RBK40 before 2.7.3.22, RBR40 before 2.7.3.22, and RBS40 before 2.7.3.22. 2021-12-26 not yet calculated CVE-2021-45548MISC netgear — d7800_firmware   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102. 2021-12-26 not yet calculated CVE-2021-45618MISC netgear — d7800_firmware Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.68, R6400v2 before 1.0.4.122, and R6700v3 before 1.0.4.122. 2021-12-26 not yet calculated CVE-2021-45608MISC netgear — d8500_firmware   Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6250 before 1.0.4.48, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7900 before 1.0.4.38, R8300 before 1.0.2.144, R8500 before 1.0.2.144, XR300 before 1.0.3.68, R7000P before 1.3.2.132, and R6900P before 1.3.2.132. 2021-12-26 not yet calculated CVE-2021-45609MISC netgear — dc112a_firmware Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects DC112A before 1.0.0.52, R6400 before 1.0.1.68, RAX200 before 1.0.3.106, WNDR3400v3 before 1.0.1.38, XR300 before 1.0.3.68, R8500 before 1.0.2.144, RAX75 before 1.0.3.106, R8300 before 1.0.2.144, and RAX80 before 1.0.3.106. 2021-12-26 not yet calculated CVE-2021-45611MISC netgear — eax20_firmware   Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4. 2021-12-26 not yet calculated CVE-2021-45665MISC netgear — eax20_firmware Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. 2021-12-26 not yet calculated CVE-2021-45668MISC netgear — eax80_firmware Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. 2021-12-26 not yet calculated CVE-2021-45647MISC netgear — ex6000_firmware Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects EX6000 before 1.0.0.38, EX6120 before 1.0.0.48, EX6130 before 1.0.0.30, R6300v2 before 1.0.4.52, R6400 before 1.0.1.52, R7000 before 1.0.11.126, R7900 before 1.0.4.30, R8000 before 1.0.4.52, R7000P before 1.3.2.124, R8000P before 1.4.1.50, RAX80 before 1.0.3.88, R6900P before 1.3.2.124, R7900P before 1.4.1.50, and RAX75 before 1.0.3.88. 2021-12-26 not yet calculated CVE-2021-45526MISC netgear — ex6100v2_firmware   Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7. 2021-12-26 not yet calculated CVE-2021-45648MISC netgear — ex6120_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects EX6120 before 1.0.0.66, EX6130 before 1.0.0.46, EX7000 before 1.0.1.106, EX7500 before 1.0.1.76, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, RBR850 before 4.6.3.9, RBS850 before 4.6.3.9, and RBK852 before 4.6.3.9. 2021-12-26 not yet calculated CVE-2021-45533MISC netgear — ex6200v2_firmware   Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR2000v5 before 1.0.0.76, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, RAX10 before 1.0.2.88, RAX120 before 1.2.0.16, RAX70 before 1.0.2.88, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, R6700AX before 1.0.2.88, RAX120v2 before 1.2.0.16, RAX78 before 1.0.2.88, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR350 before 4.3.4.7, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS350 before 4.3.4.7, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK352 before 4.3.4.7, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22. 2021-12-26 not yet calculated CVE-2021-45619MISC netgear — ex7000_firmware Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects EX7000 before 1.0.1.80, R6400 before 1.0.1.50, R6400v2 before 1.0.4.118, R6700 before 1.0.2.8, R6700v3 before 1.0.4.118, R6900 before 1.0.2.8, R6900P before 1.3.2.124, R7000 before 1.0.9.88, R7000P before 1.3.2.124, R7900 before 1.0.3.18, R7900P before 1.4.1.50, R8000 before 1.0.4.46, R8000P before 1.4.1.50, RAX80 before 1.0.1.56, and WNR3500Lv2 before 1.2.0.62. 2021-12-26 not yet calculated CVE-2021-45525MISC netgear — ex7500_firmware   Certain NETGEAR devices are affected by denial of service. This affects EX7500 before 1.0.0.72, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, RBRE960 before 6.0.3.68, RBSE960 before 6.0.3.68, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45515MISC netgear — gc108p_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TUP before 1.0.5.3, GS710TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS724TPP before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS750E before 1.0.1.10, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. 2021-12-26 not yet calculated CVE-2021-45557MISC netgear — genie_installer   All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which the software is going to be installed may overwrite certain files to obtain privilege escalation to root. 2021-12-30 not yet calculated CVE-2021-20172MISC netgear — gs108tv2_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GS108Tv2 before 5.4.2.36, GS110TPP before 7.0.7.2, GS110TPv2 before 5.4.2.36., GS110TPv3 before 7.0.7.2, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. 2021-12-26 not yet calculated CVE-2021-45556MISC netgear — gs108tv2_firmware Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36. 2021-12-26 not yet calculated CVE-2021-45677MISC netgear — lax20_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58. 2021-12-26 not yet calculated CVE-2021-45549MISC netgear — lbr20_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22. 2021-12-26 not yet calculated CVE-2021-45595MISC netgear — mediatek   MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. 2021-12-26 not yet calculated CVE-2021-32469MISC netgear — mediatek   MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. 2021-12-26 not yet calculated CVE-2021-32468MISC netgear — mediatek   MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. 2021-12-26 not yet calculated CVE-2021-32467MISC netgear — mediatek_microchips MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle attempts at Wi-Fi authentication flooding. 2021-12-26 not yet calculated CVE-2021-41788MISC netgear — multiple_devices MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. 2021-12-26 not yet calculated CVE-2021-37571MISC netgear — multiple_devices MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. 2021-12-26 not yet calculated CVE-2021-37570MISC netgear — multiple_devices MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. 2021-12-26 not yet calculated CVE-2021-37584MISC netgear — multiple_devices MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. 2021-12-26 not yet calculated CVE-2021-37566MISC netgear — multiple_devices MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. 2021-12-26 not yet calculated CVE-2021-37563MISC netgear — multiple_devices MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. 2021-12-26 not yet calculated CVE-2021-37562MISC netgear — multiple_devices   MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. 2021-12-26 not yet calculated CVE-2021-37565MISC netgear — multiple_devices   MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. 2021-12-26 not yet calculated CVE-2021-37572MISC netgear — multiple_devices MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. 2021-12-26 not yet calculated CVE-2021-37561MISC netgear — multiple_devices   MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. 2021-12-26 not yet calculated CVE-2021-35055MISC netgear — multiple_devices MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. 2021-12-26 not yet calculated CVE-2021-37569MISC netgear — multiple_devices   MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. 2021-12-26 not yet calculated CVE-2021-37583MISC netgear — multiple_devices MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. 2021-12-26 not yet calculated CVE-2021-37568MISC netgear — multiple_devices   MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. 2021-12-26 not yet calculated CVE-2021-37564MISC netgear — multiple_devices MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. 2021-12-26 not yet calculated CVE-2021-37560MISC netgear — multiple_devices   MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. 2021-12-26 not yet calculated CVE-2021-37567MISC netgear — nighthawk Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed. 2021-12-30 not yet calculated CVE-2021-45732MISC netgear — nighthawk_r6700 Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. By default, all communication to/from the device’s web interface is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext. 2021-12-30 not yet calculated CVE-2021-20174MISC netgear — nighthawk_r6700 Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device’s SOAP Interface (port 5000) is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext 2021-12-30 not yet calculated CVE-2021-20175MISC netgear — nighthawk_r6700 Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection and execute commands as the root user without authentication. 2021-12-30 not yet calculated CVE-2021-23147MISC netgear — nighthawk_r6700 Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device’s associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. 2021-12-30 not yet calculated CVE-2021-45077MISC netgear — nighthawk_r6700 Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values. 2021-12-30 not yet calculated CVE-2021-20173MISC netgear — r6120_firmware Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6700v2 before 1.2.0.76, R6900v2 before 1.2.0.76, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, and AC2600 before 1.2.0.76. 2021-12-26 not yet calculated CVE-2021-45675MISC netgear — r6260_firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6260 before 1.1.0.76, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, and AC2600 before 1.2.0.62. 2021-12-26 not yet calculated CVE-2021-45573MISC netgear — r6260_firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6260 before 1.1.0.76, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, and AC2600 before 1.2.0.62. 2021-12-26 not yet calculated CVE-2021-45637MISC netgear — r6300v2_firmware Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6300v2 before 1.0.4.52, R6400 before 1.0.1.52, R6900 before 1.0.2.8, R7000 before 1.0.9.88, R7900 before 1.0.3.18, R8000 before 1.0.4.46, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX75 before 1.0.3.88, RAX80 before 1.0.3.88, and WNR3500Lv2 before 1.2.0.62. 2021-12-26 not yet calculated CVE-2021-45528MISC netgear — r6400_firmware Certain NETGEAR devices are affected by denial of service. This affects R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R8000 before 1.0.4.74, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. 2021-12-26 not yet calculated CVE-2021-45516MISC netgear — r6400_firmware NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection. 2021-12-26 not yet calculated CVE-2021-45655MISC netgear — r6400_firmware   Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400 before 1.0.1.70, R7000 before 1.0.11.126, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RS400 before 1.5.1.80, R6400v2 before 1.0.4.118, R7000P before 1.3.3.140, RAX80 before 1.0.4.120, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, and RAX75 before 1.0.4.120. 2021-12-26 not yet calculated CVE-2021-45606MISC netgear — r6400_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.74, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R7000 before 1.0.11.126, R6900P before 1.3.3.140, R7000P before 1.3.3.140, and R8000 before 1.0.4.74. 2021-12-26 not yet calculated CVE-2021-45554MISC netgear — r6400_firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400 before 1.0.1.68, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900 before 1.0.4.38, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, and XR300 before 1.0.3.50. 2021-12-26 not yet calculated CVE-2021-45605MISC netgear — r6400v2_firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, RAX200 before 1.0.5.126, RAX75 before 1.0.5.126, and RAX80 before 1.0.5.126. 2021-12-26 not yet calculated CVE-2021-45607MISC netgear — r6400v2_firmware Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, and XR1000 before 1.0.0.58. 2021-12-26 not yet calculated CVE-2021-45643MISC netgear — r6400v2_firmware Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R7000 before 1.0.11.126, R6900P before 1.3.2.126, and R7000P before 1.3.2.126. 2021-12-26 not yet calculated CVE-2021-45649MISC netgear — r6700v2_firmware NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass. 2021-12-26 not yet calculated CVE-2021-45498MISC netgear — r6900p_firmware   Certain NETGEAR devices are affected by privilege escalation. This affects R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, and RS400 before 1.5.1.80. 2021-12-26 not yet calculated CVE-2021-45679MISC netgear — r6900p_firmware   Certain NETGEAR devices are affected by authentication bypass. This affects R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. 2021-12-26 not yet calculated CVE-2021-45499MISC netgear — r7000_firmware Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7000 before 1.0.11.126, R7960P before 1.4.2.84, R8000 before 1.0.4.74, RAX200 before 1.0.4.120, R8000P before 1.4.2.84, RAX20 before 1.0.2.82, RAX45 before 1.0.2.82, RAX80 before 1.0.4.120, R7900P before 1.4.2.84, RAX15 before 1.0.2.82, RAX50 before 1.0.2.82, and RAX75 before 1.0.4.120. 2021-12-26 not yet calculated CVE-2021-45530MISC netgear — r7000_firmware NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of sensitive information. 2021-12-26 not yet calculated CVE-2021-45646MISC netgear — r7000_firmware NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS. 2021-12-26 not yet calculated CVE-2021-45662MISC netgear — r7000_firmware NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user. 2021-12-26 not yet calculated CVE-2021-45523MISC netgear — r7000_firmware NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. 2021-12-26 not yet calculated CVE-2021-45664MISC netgear — r7000_firmware NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. 2021-12-26 not yet calculated CVE-2021-45663MISC netgear — r7000_firmware   Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. 2021-12-26 not yet calculated CVE-2021-45674MISC netgear — r7000_firmware   Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, R7000P before 1.3.3.140, RAX80 before 1.0.3.106, R6900P before 1.3.3.140, and RAX75 before 1.0.3.106. 2021-12-26 not yet calculated CVE-2021-45673MISC netgear — r7000_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7000 before 1.0.11.126, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX45 before 1.0.2.66, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX50 before 1.0.2.66, and RAX75 before 1.0.3.106. 2021-12-26 not yet calculated CVE-2021-45540MISC netgear — r7000_firmware Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RS400 before 1.5.1.80, R6400v2 before 1.0.4.102, R7000P before 1.3.2.126, R6700v3 before 1.0.4.102, and R6900P before 1.3.2.126. 2021-12-26 not yet calculated CVE-2021-45650MISC netgear — r7000p_firmware Certain NETGEAR devices are affected by authentication bypass. This affects R7000P before 1.3.3.140 and R8000 before 1.0.4.68. 2021-12-26 not yet calculated CVE-2021-45500MISC netgear — r7800_firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R7800 before 1.0.2.74, R9000 before 1.0.5.2, and XR500 before 2.3.2.66. 2021-12-26 not yet calculated CVE-2021-45623MISC netgear — r7850_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45544MISC netgear — r7850_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45546MISC netgear — r7850_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45545MISC netgear — r7850_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45547MISC netgear — r7900_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900 before 1.0.4.38, R7900P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45541MISC netgear — r7900p_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.28, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.28, and RAX75 before 1.0.3.106. 2021-12-26 not yet calculated CVE-2021-45539MISC netgear — r7900p_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900P before 1.4.2.84, R7960P before 1.4.2.84, and R8000P before 1.4.2.84. 2021-12-26 not yet calculated CVE-2021-45555MISC netgear — r8000_firmware NETGEAR R8000 devices before 1.0.4.62 are affected by a buffer overflow by an authenticated user. 2021-12-26 not yet calculated CVE-2021-45524MISC netgear — r8000_firmware NETGEAR R8000 devices before 1.0.4.76 are affected by command injection by an authenticated user. 2021-12-26 not yet calculated CVE-2021-45532MISC netgear — r8000_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R8000 before 1.0.4.74, RAX200 before 1.0.4.120, R8000P before 1.4.2.84, R7900P before 1.4.2.84, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBK852 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45543MISC netgear — rax200_firmware NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code. 2021-12-26 not yet calculated CVE-2021-45678MISC netgear — rax200_firmware Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126. 2021-12-26 not yet calculated CVE-2021-45676MISC netgear — rax200_firmware Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45669MISC netgear — rax200_firmware Certain NETGEAR devices are affected by command injection by an authenticated user . This affects RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45537MISC netgear — rax200_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. 2021-12-26 not yet calculated CVE-2021-45542MISC netgear — rax200_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.3.106, RAX80 before 1.0.3.106, RAX75 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45535MISC netgear — rax35_firmware Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102. 2021-12-26 not yet calculated CVE-2021-45493MISC netgear — rax43_firmware Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. 2021-12-30 not yet calculated CVE-2021-20167MISC netgear — rax43_firmware Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default credentials are admin:admin. 2021-12-30 not yet calculated CVE-2021-20168MISC netgear — rax43_firmware Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext. 2021-12-30 not yet calculated CVE-2021-20169MISC netgear — rax43_firmware Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed. 2021-12-30 not yet calculated CVE-2021-20170MISC netgear — rax43_firmware Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device’s associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. 2021-12-30 not yet calculated CVE-2021-20171MISC netgear — rax43_firmware Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton. 2021-12-30 not yet calculated CVE-2021-20166MISC netgear — rax75_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45538MISC netgear — rax75_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45536MISC netgear — rbk20_firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK20 before 2.6.1.36, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, and RBS50Y before 2.6.1.40. 2021-12-26 not yet calculated CVE-2021-45626MISC netgear — rbk352_firmware Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. 2021-12-26 not yet calculated CVE-2021-45521MISC netgear — rbk352_firmware Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. 2021-12-26 not yet calculated CVE-2021-45653MISC netgear — rbk352_firmware Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. 2021-12-26 not yet calculated CVE-2021-45652MISC netgear — rbk352_firmware Certain NETGEAR devices are affected by an attacker’s ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. 2021-12-26 not yet calculated CVE-2021-45494MISC netgear — rbk352_firmware Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. 2021-12-26 not yet calculated CVE-2021-45520MISC netgear — rbk40_firmware Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40. 2021-12-26 not yet calculated CVE-2021-45660MISC netgear — rbk40_firmware Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40. 2021-12-26 not yet calculated CVE-2021-45659MISC netgear — rbk40_firmware Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40. 2021-12-26 not yet calculated CVE-2021-45661MISC netgear — rbk50_firmware Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK50 before 2.7.3.22, RBR50 before 2.7.3.22, and RBS50 before 2.7.3.22. 2021-12-26 not yet calculated CVE-2021-45651MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45569MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45588MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45574MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45570MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7000 before 1.0.11.126, R6900P before 1.3.2.126, and R7000P before 1.3.2.126. 2021-12-26 not yet calculated CVE-2021-45553MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45562MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45561MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45559MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45571MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45568MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45590MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45589MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45591MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45587MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45576MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45585MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45583MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45582MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45575MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45581MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45580MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45586MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45579MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45578MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45577MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45566MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45560MISC netgear — rbk752_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45565MISC netgear — rbk752_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45564MISC netgear — rbk752_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45563MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45572MISC netgear — rbk752_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45592MISC netgear — rbk752_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45567MISC netgear — rbk752_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. 2021-12-26 not yet calculated CVE-2021-45558MISC netgear — rbr20_firmware   Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.2.102, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBR50 before 2.7.2.102, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.2.102. 2021-12-26 not yet calculated CVE-2021-45593MISC netgear — rbs50y_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS50Y before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22. 2021-12-26 not yet calculated CVE-2021-45594MISC netgear — rbs50y_firmware   Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects RBS50Y before 2.7.0.122, SRK60 before 2.7.0.122, SRR60 before 2.7.0.122, SRS60 before 2.7.0.122, SXK30 before 3.2.33.108, SXR30 before 3.2.33.108, SXS30 before 3.2.33.108, and SRC60 before 2.7.0.122. 2021-12-26 not yet calculated CVE-2021-45645MISC netgear — xr1000_firmware NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. 2021-12-26 not yet calculated CVE-2021-45519MISC netgear — xr1000_firmware NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker. 2021-12-26 not yet calculated CVE-2021-45513MISC netgear — xr1000_firmware NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information. 2021-12-26 not yet calculated CVE-2021-45654MISC netgear — xr1000_firmware NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. 2021-12-26 not yet calculated CVE-2021-45518MISC netgear — xr1000_firmware NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass. 2021-12-26 not yet calculated CVE-2021-45510MISC netgear — xr1000_firmware NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. 2021-12-26 not yet calculated CVE-2021-45517MISC netgear — xr1000_firmware NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker. 2021-12-26 not yet calculated CVE-2021-45514MISC netgear — xr1000_firmware &#xA0; NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded password. 2021-12-26 not yet calculated CVE-2021-45522MISC netgear — xr300_firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects XR300 before 1.0.3.68, R7000P before 1.3.3.140, and R6900P before 1.3.3.140. 2021-12-26 not yet calculated CVE-2021-45625MISC netgen — tags_bundle   Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface. 2021-12-27 not yet calculated CVE-2021-45895MISCMISC nettmp — nettmp Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account. 2021-12-28 not yet calculated CVE-2021-45814MISCMISC nokia — fastmile Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File. 2021-12-27 not yet calculated CVE-2021-45896MISCMISC nuuo — network_video_recorder NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user’s session by injecting malicious JavaScript codes which leads to session hijacking. 2021-12-28 not yet calculated CVE-2021-45812MISC open_asset — import_library   Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper). 2022-01-01 not yet calculated CVE-2021-45948MISCMISC openexr — openexr   OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). 2022-01-01 not yet calculated CVE-2021-45942MISCMISCMISC openwrt — openwrt OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. 2021-12-27 not yet calculated CVE-2021-45905MISC openwrt — openwrt OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. 2021-12-27 not yet calculated CVE-2021-45904MISC openwrt — openwrt OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. 2021-12-27 not yet calculated CVE-2021-45906MISC oppo — oppo ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission. 2021-12-27 not yet calculated CVE-2021-23244MISC parse-link-header — parse-link-header   The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function. 2021-12-24 not yet calculated CVE-2021-23490CONFIRMCONFIRMCONFIRM philips — patient_information_center_ix   Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. 2021-12-27 not yet calculated CVE-2021-43548MISC philips — patient_information_center_ix   The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0. 2021-12-27 not yet calculated CVE-2021-43550MISC philips — patient_information_center_ix   The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03. 2021-12-27 not yet calculated CVE-2021-43552MISC pjsip — pjsip   PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size. 2021-12-27 not yet calculated CVE-2021-43845MISCCONFIRMMISC poly — poly_trio_8800 A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors. 2021-12-28 not yet calculated CVE-2018-17875MISCMISC qibosoft — qibosoft   A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts. 2021-12-27 not yet calculated CVE-2020-20945MISCMISC qibosoft — qibosoft   A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL. 2021-12-27 not yet calculated CVE-2020-20943MISC qibosoft — qibosoft   Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add. 2021-12-27 not yet calculated CVE-2020-20946MISCMISC qibosoft — qibosoft   An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files. 2021-12-27 not yet calculated CVE-2020-20944MISCMISC qt_svg– qt_svg Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). 2022-01-01 not yet calculated CVE-2021-45930MISCMISCMISCMISCMISCMISC quectel — uc20 Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Scripting (XSS) vulnerability. 2021-12-30 not yet calculated CVE-2021-45815MISC requarks — wiki.js In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim. 2021-12-29 not yet calculated CVE-2021-25993MISCMISC requarks — wiki.js Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser (e.g. XML files), a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the file is viewed directly by other users. The file must be opened directly by the user and will not trigger directly in a normal Wiki.js page. A patch in version 2.5.264 fixes this vulnerability by adding an optional (enabled by default) force download flag to all non-image file types, preventing the file from being viewed inline in the browser. As a workaround, disable file upload for all non-trusted users. — Thanks to @Haxatron for reporting this vulnerability. Initially reported via https://huntr.dev/bounties/266bff09-00d9-43ca-a4bb-bb540642811f/ 2021-12-27 not yet calculated CVE-2021-43856CONFIRMMISCMISC requarks — wiki.js Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `<img>` tags. The malicious SVG can only be uploaded by crafting a custom request to the server with a fake MIME type. A patch in version 2.5.264 fixes this vulnerability by adding an additional file extension verification check to the optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users. 2021-12-27 not yet calculated CVE-2021-43855MISCCONFIRMMISC ruby — ruby   CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. 2022-01-01 not yet calculated CVE-2021-41819MISCCONFIRM ruby — ruby   Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. 2022-01-01 not yet calculated CVE-2021-41817MISCCONFIRM rust — rust   An issue was discovered in the binjs_io crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2021-45683MISCMISC rust — rust An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preamble_skipcount may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2021-45686MISCMISC rust — rust   An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::read_typed_vec may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2021-45685MISCMISC rust — rust   An issue was discovered in the flumedb crate through 2021-01-07 for Rust. read_entry may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2021-45684MISCMISC rust — rust An issue was discovered in the vec-const crate before 2.0.0 for Rust. It tries to construct a Vec from a pointer to a const slice, leading to memory corruption. 2021-12-27 not yet calculated CVE-2021-45680MISCMISC rust — rust   An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer. 2021-12-27 not yet calculated CVE-2021-45705MISCMISC rust — rust   An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. ReadKVExt may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2021-45682MISCMISC rust — rust   An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket<T> unconditionally implements the Send and Sync traits. 2021-12-27 not yet calculated CVE-2021-45704MISCMISC rust — rust   An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap. 2021-12-27 not yet calculated CVE-2021-45699MISCMISC rust — rust   An issue was discovered in the derive-com-impl crate before 0.1.2 for Rust. An invalid reference (and memory corruption) can occur because AddRef might not be called before returning a pointer. 2021-12-27 not yet calculated CVE-2021-45681MISCMISC rust — rust An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic. 2021-12-27 not yet calculated CVE-2021-45687MISCMISC rust — rust An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2021-45691MISCMISC rust — rust An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfx_auxil::read_spirv may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2021-45689MISCMISC rust — rust   An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup. 2021-12-27 not yet calculated CVE-2021-45700MISCMISC rust — rust   An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass. 2021-12-27 not yet calculated CVE-2021-45708MISCMISC rust — rust An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2021-45690MISCMISC rust — rust   An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2021-45692MISCMISC rust — rust   An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2021-45693MISCMISC rust — rust An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2021-45694MISCMISC rust — rust An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass. 2021-12-27 not yet calculated CVE-2021-45695MISCMISC rust — rust   An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used. 2021-12-27 not yet calculated CVE-2021-45696MISCMISC rust — rust   An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result. 2021-12-27 not yet calculated CVE-2021-45697MISCMISC rust — rust   An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction. 2021-12-27 not yet calculated CVE-2021-45698MISCMISC rust — rust   An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2021-45688MISCMISC rust — rust   An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2020-36513MISCMISC rust — rust   An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum. 2021-12-27 not yet calculated CVE-2021-45706MISCMISC rust — rust   An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f. 2021-12-27 not yet calculated CVE-2021-45711MISCMISC rust — rust An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault (upon attempted dereference of an uninitialized descriptor) because of an erroneous IcmpTransportChannelIterator compiler optimization. 2021-12-27 not yet calculated CVE-2019-25054MISCMISC rust — rust An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2020-36512MISCMISC rust — rust   An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::read_framed_max may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2020-36511MISCMISC rust — rust   An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic that crosses a Foreign Function Interface (FFI) boundary. 2021-12-27 not yet calculated CVE-2019-25055MISCMISC rust — rust   An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur. 2021-12-27 not yet calculated CVE-2021-45709MISCMISC rust — rust   An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free. 2021-12-27 not yet calculated CVE-2018-25028MISCMISC rust — rust   An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free. 2021-12-27 not yet calculated CVE-2018-25027MISCMISC rust — rust   An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption. 2021-12-27 not yet calculated CVE-2021-45710MISCMISC rust — rust An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2020-36514MISCMISC rust — rust An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free. 2021-12-26 not yet calculated CVE-2021-45715MISCMISC rust — rust   An issue was discovered in the nix crate before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups. 2021-12-27 not yet calculated CVE-2021-45707MISCMISC rust — rust   An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free. 2021-12-27 not yet calculated CVE-2021-45702MISCMISC rust — rust An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free. 2021-12-27 not yet calculated CVE-2021-45701MISCMISC rust — rust An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation. 2021-12-26 not yet calculated CVE-2021-45720MISCMISC rust — rust   An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory locations. 2021-12-27 not yet calculated CVE-2021-45703MISCMISC rust — rust   An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode. 2021-12-26 not yet calculated CVE-2021-45712MISCMISC rust — rust   An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free. 2021-12-26 not yet calculated CVE-2021-45713MISCMISC rust — rust   An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_aggregate_function has a use-after-free. 2021-12-26 not yet calculated CVE-2021-45714MISCMISC rust — rust   An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free. 2021-12-26 not yet calculated CVE-2021-45716MISCMISC rust — rust   An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free. 2021-12-26 not yet calculated CVE-2021-45717MISCMISC rust — rust   An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. rollback_hook has a use-after-free. 2021-12-26 not yet calculated CVE-2021-45718MISCMISC rust — rust   An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free. 2021-12-26 not yet calculated CVE-2021-45719MISCMISC safari — montage   Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes. 2021-12-28 not yet calculated CVE-2021-45425MISCMISC safari_montage — safari_montage SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to can lead to HTTP response splitting. 2021-12-30 not yet calculated CVE-2021-45818MISC servo — rust-smallvec An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type. 2021-12-27 not yet calculated CVE-2018-25023MISCMISC showdoc — showdoc showdoc is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-26 not yet calculated CVE-2021-4168CONFIRMMISC slican — webcti SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user’s session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user’s credentials theft. 2021-12-28 not yet calculated CVE-2021-45813MISC snapdragon — qnap_devices   A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later 2021-12-29 not yet calculated CVE-2021-38687CONFIRM snapdragon — qnap_devices   A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Kazoo Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.20 and later 2021-12-29 not yet calculated CVE-2021-38680CONFIRM solarwinds — web_help_desk Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database. 2021-12-27 not yet calculated CVE-2021-35232MISCMISC sourcecodester — online_enrollment_management_system   https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges (remote). 2021-12-28 not yet calculated CVE-2021-40579MISCMISC stormshield — stormshield_network_security   An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password. 2021-12-29 not yet calculated CVE-2021-45885CONFIRMMISC suitecrm — suitecrm   A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268. 2021-12-28 not yet calculated CVE-2021-45903MISCMISCMISC superantispyware — superantispyware   SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the component saskutil64.sys. This issue allows attackers to arbitrarily write data to the device via IOCTL 0x9C402140. 2021-12-28 not yet calculated CVE-2020-22061MISC tenable — d-link   Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the “admin” user, UID 0). 2021-12-30 not yet calculated CVE-2021-20132MISC tenable — d-link Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the “message of the day” banner to any file on the system, allowing them to read all or some of the contents of those files. Such sensitive information as hashed credentials, hardcoded plaintext passwords for other services, configuration files, and private keys can be disclosed in this fashion. Improper handling of filenames that identify virtual resources, such as “/dev/urandom” allows an attacker to effect a denial of service attack against the command line interfaces of the Quagga services (zebra and ripd). 2021-12-30 not yet calculated CVE-2021-20133MISC tenable — trendnet_ac2600 It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command. 2021-12-30 not yet calculated CVE-2021-20157MISC tenable — trendnet_ac2600 Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/ 2021-12-30 not yet calculated CVE-2021-20152MISC tenable — trendnet_ac2600 Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page. 2021-12-30 not yet calculated CVE-2021-20150MISC tenable — trendnet_ac2600 Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default. 2021-12-30 not yet calculated CVE-2021-20149MISC tenable — trendnet_ac2600 Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router’s filesystem as the log file used by either Quagga service (zebra or ripd). Subsequent log messages will be appended to the file, prefixed by a timestamp and some logging metadata. Remote code execution can be achieved by using this vulnerability to append to a shell script on the router’s filesystem, and then awaiting or triggering the execution of that script. A remote, unauthenticated root shell can easily be obtained on the device in this fashion. 2021-12-30 not yet calculated CVE-2021-20134MISC tenable — trendnet_ac2600 Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible). 2021-12-30 not yet calculated CVE-2021-20165MISC tenable — trendnet_ac2600 Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page. 2021-12-30 not yet calculated CVE-2021-20164MISC tenable — trendnet_ac2600 Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page. 2021-12-30 not yet calculated CVE-2021-20163MISC tenable — trendnet_ac2600   Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done to determine if it is from a known and trusted source. This includes firmware updates that are done via the automated “check for updates” in the admin interface. If an attacker is able to masquerade as the update server, the device will not verify that the firmware updates downloaded are legitimate. 2021-12-30 not yet calculated CVE-2021-20156MISC tenable — trendnet_ac2600   Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of “12345678”. 2021-12-30 not yet calculated CVE-2021-20155MISC tenable — trendnet_ac2600   Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root. 2021-12-30 not yet calculated CVE-2021-20160MISC tenable — trendnet_ac2600 Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious symlink on it that the bittorrent client can write downloads to, then a user is able to download arbitrary files to any desired location on the devices filesystem, which could lead to remote code execution. Example directories vulnerable to this include “config”, “downloads”, and “torrents”, though it should be noted that “downloads” is the only vector that allows for arbitrary files to be downloaded to arbitrary locations. 2021-12-30 not yet calculated CVE-2021-20153MISC tenable — trendnet_ac2600   Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords. 2021-12-30 not yet calculated CVE-2021-20154MISC tenable — trendnet_ac2600   Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router’s management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a different computer, different web browser on the same machine, etc.) to take over an existing session. This does require the attacker to be able to spoof or take over original IP address of the original user’s session. 2021-12-30 not yet calculated CVE-2021-20151MISC tenable — trendnet_ac2600 Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with full control of the device. 2021-12-30 not yet calculated CVE-2021-20161MISC tenable — trendnet_ac2600   Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command. 2021-12-30 not yet calculated CVE-2021-20158MISC tenable — trendnet_ac2600   Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter. 2021-12-30 not yet calculated CVE-2021-20159MISC tenable — trendnet_ac2600   Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext. 2021-12-30 not yet calculated CVE-2021-20162MISC ultrajson — ultrajson UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). 2022-01-01 not yet calculated CVE-2021-45958MISCMISC unicorn — engine   An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw exists within the virtual memory manager. The issue results from the faulty comparison of GVA and GPA while calling uc_mem_map_ptr to free part of a claimed memory block. An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code on the host machine. 2021-12-26 not yet calculated CVE-2021-44078MISCCONFIRMMISCMISCMISC uwebsockets — uwebsockets   uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds write in std::__1::pair<unsigned int, void*> uWS::HttpParser::fenceAndConsumePostPadded<0 (called from uWS::HttpParser::consumePostPadded and std::__1::__function::__func<LLVMFuzzerTestOneInput::$_0, std::__1::allocator<LL). 2022-01-01 not yet calculated CVE-2021-45945MISCMISCMISC vim — vim vim is vulnerable to Use After Free 2021-12-29 not yet calculated CVE-2021-4187MISCCONFIRM vim — vim vim is vulnerable to Out-of-bounds Read 2021-12-25 not yet calculated CVE-2021-4166CONFIRMMISC vim — vim vim is vulnerable to Use After Free 2021-12-31 not yet calculated CVE-2021-4192CONFIRMMISC vim — vim vim is vulnerable to Use After Free 2021-12-27 not yet calculated CVE-2021-4173CONFIRMMISC vim — vim vim is vulnerable to Out-of-bounds Read 2021-12-31 not yet calculated CVE-2021-4193MISCCONFIRM wasm3 — wasm3 Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from EvaluateExpression and InitDataSegments). 2022-01-01 not yet calculated CVE-2021-45947MISCMISC wasm3 — wasm3 Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from CompileElseBlock and Compile_If). 2022-01-01 not yet calculated CVE-2021-45929MISCMISC wasm3 — wasm3 Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Compile_LoopOrBlock and CompileBlockStatements). 2022-01-01 not yet calculated CVE-2021-45946MISCMISC webkitgtk — webkitgtk In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889. 2021-12-25 not yet calculated CVE-2021-45483MISC webkitgtk — webkitgtk In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889. 2021-12-25 not yet calculated CVE-2021-45482MISC webkitgtk — webkitgtk In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889. 2021-12-25 not yet calculated CVE-2021-45481MISC wireshark — wireshark Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30 not yet calculated CVE-2021-4184MISCCONFIRMMISC wireshark — wireshark Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file 2021-12-30 not yet calculated CVE-2021-4183CONFIRMMISCMISC wireshark — wireshark Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30 not yet calculated CVE-2021-4181CONFIRMMISCMISC wireshark — wireshark Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30 not yet calculated CVE-2021-4185MISCCONFIRMMISC wireshark — wireshark Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30 not yet calculated CVE-2021-4186CONFIRMMISCMISC wireshark — wireshark Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file 2021-12-30 not yet calculated CVE-2021-4190CONFIRMMISCMISC wireshark — wireshark Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30 not yet calculated CVE-2021-4182MISCCONFIRMMISC wolfssl — wolfssl wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Disconnect (called from MqttClient_DecodePacket and MqttClient_WaitType). 2022-01-01 not yet calculated CVE-2021-45936MISCMISCMISC wolfssl — wolfssl wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe). 2022-01-01 not yet calculated CVE-2021-45938MISCMISCMISC wolfssl — wolfssl wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket). 2022-01-01 not yet calculated CVE-2021-45933MISCMISCMISC wolfssl — wolfssl wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_HandlePacket and MqttClient_WaitType). 2022-01-01 not yet calculated CVE-2021-45934MISCMISCMISC wolfssl — wolfssl wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Connect). 2022-01-01 not yet calculated CVE-2021-45937MISCMISCMISC wolfssl — wolfssl wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket). 2022-01-01 not yet calculated CVE-2021-45932MISCMISCMISC wolfssl — wolfssl wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe). 2022-01-01 not yet calculated CVE-2021-45939MISCMISCMISC wordpress — wordpress The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-12-27 not yet calculated CVE-2021-24992MISC wordpress — wordpress The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that “does not generate cryptographically secure values, and should not be used for cryptographic purposes” according to PHP’s documentation. 2021-12-27 not yet calculated CVE-2021-24998MISCCONFIRM wordpress — wordpress The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting 2021-12-27 not yet calculated CVE-2021-24979CONFIRMMISC wordpress — wordpress The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue 2021-12-27 not yet calculated CVE-2021-24753MISCCONFIRM wordpress — wordpress The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins. 2021-12-27 not yet calculated CVE-2021-24797MISC wordpress — wordpress The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attacks 2021-12-27 not yet calculated CVE-2021-24969MISC wordpress — wordpress The Typebot | Build beautiful conversational forms WordPress plugin before 1.4.3 does not sanitise and escape the Publish ID setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-12-27 not yet calculated CVE-2021-24902MISC wordpress — wordpress The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads 2021-12-27 not yet calculated CVE-2021-24967MISC wordpress — wordpress The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise and escape the gwolle_gb_user_email parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in an admin page 2021-12-27 not yet calculated CVE-2021-24980MISC wordpress — wordpress The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user 2021-12-27 not yet calculated CVE-2021-24997MISCMISC wordpress — wordpress The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting 2021-12-27 not yet calculated CVE-2021-24984MISC wordpress — wordpress The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and set a malicious payload in the addon parameter. 2021-12-27 not yet calculated CVE-2021-24988MISC wowsoft — printchaser_activex Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. 2021-12-28 not yet calculated CVE-2020-7883MISC yappli — yappli Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. When Android apps are developed with Yappli versions since v7.3.6 and prior to v9.30.0, they are vulnerable to improper authorization in Custom URL Scheme handler, and may be directed to unintended sites via a specially crafted URL. 2021-12-28 not yet calculated CVE-2021-20873MISCMISC zte — bigvideo_analysis ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access. 2021-12-27 not yet calculated CVE-2021-21750MISC zte — bigvideo_analysis ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception. 2021-12-27 not yet calculated CVE-2021-21751MISC zyxel — gs1900_firmware   A vulnerability in the ‘libsal.so’ of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. 2021-12-28 not yet calculated CVE-2021-35032CONFIRM zyxel — multiple_products A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. 2021-12-28 not yet calculated CVE-2021-35031CONFIRM zyxel — nbg6604_firmware A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file. 2021-12-29 not yet calculated CVE-2021-35035CONFIRM zyxel — nbg6604_firmware   An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted. 2021-12-29 not yet calculated CVE-2021-35034CONFIRM Back to top This product is provided subject to this Notification and this Privacy & Use policy.

  • Vulnerability Summary for the Week of December 20, 2021
    by CISA on December 27, 2021 at 11:39 am

    Original release date: December 27, 2021  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — dimension Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-12-20 9.3 CVE-2021-44179MISCMISC adobe — dimension Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file. 2021-12-20 9.3 CVE-2021-44180MISCMISC adobe — dimension Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file. 2021-12-20 9.3 CVE-2021-44181MISCMISC adobe — premiere_rush Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EXR file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-12-20 9.3 CVE-2021-43021MISC adobe — premiere_rush Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PNG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-12-20 9.3 CVE-2021-43022MISC adobe — premiere_rush Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EPS/TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-12-20 9.3 CVE-2021-43023MISC adobe — premiere_rush Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-12-20 9.3 CVE-2021-43024MISC adobe — premiere_rush Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-12-20 9.3 CVE-2021-43025MISC adobe — premiere_rush Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-12-20 9.3 CVE-2021-43026MISC adobe — premiere_rush Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-12-20 9.3 CVE-2021-43028MISC adobe — premiere_rush Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-12-20 9.3 CVE-2021-43029MISC adobe — premiere_rush Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-12-20 9.3 CVE-2021-43747MISC apache — http_server A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. 2021-12-20 7.5 CVE-2021-44790MISCMLISTFEDORACONFIRM iresturant_project — iresturant RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely 2021-12-20 10 CVE-2021-43439MISCMISC numpy — numpy Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects. 2021-12-17 7.5 CVE-2021-34141MISC tcman — gim TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx. 2021-12-17 7.5 CVE-2021-40850CONFIRM Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — audition Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file. 2021-12-20 4.3 CVE-2021-44698MISCMISC adobe — audition Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file. 2021-12-20 4.3 CVE-2021-44699MISCMISC adobe — audition Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MOV file. 2021-12-20 4.3 CVE-2021-44697MISCMISC adobe — dimension Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file. 2021-12-20 4.3 CVE-2021-44182MISCMISC adobe — dimension Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. 2021-12-20 4.3 CVE-2021-43763MISCMISC adobe — dimension Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. 2021-12-20 4.3 CVE-2021-44183MISCMISC adobe — premiere_rush Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-12-20 4.3 CVE-2021-43748MISC adobe — premiere_rush Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-12-20 4.3 CVE-2021-43749MISC adobe — premiere_rush Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-12-20 4.3 CVE-2021-43750MISC adobe — premiere_rush Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it. 2021-12-20 4.3 CVE-2021-43746MISCMISC adobe — premiere_rush Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it. 2021-12-20 4.3 CVE-2021-43030MISCMISC adobe — premiere_rush Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-12-20 6.8 CVE-2021-40784MISC adobe — premiere_rush Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-12-20 6.8 CVE-2021-40783MISC advantech — r-seenet A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘health_filter’ parameter. 2021-12-22 4 CVE-2021-21926MISC apache — http_server A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). 2021-12-20 6.4 CVE-2021-44224MISCMLISTFEDORACONFIRM apache — log4j Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3. 2021-12-18 5 CVE-2021-45105MISCCONFIRMMLISTDEBIANMISCCISCOCONFIRMCERT-VNCONFIRMCONFIRMMLISTFEDORAFEDORA ciphercoin — contact_form_7_database_addon_-_cfdb7 Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1). 2021-12-22 4.3 CVE-2021-36885CONFIRMCONFIRM ciphercoin — contact_form_7_database_addon_-_cfdb7 Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9). 2021-12-22 6.8 CVE-2021-36886CONFIRMMISC ftpshell — ftpshell_server A buffer overflow vulnerability in the Virtual Path Mapping component of FTPShell v6.83 allows attackers to cause a denial of service (DoS). 2021-12-17 5 CVE-2020-18077MISC google — android In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672059. 2021-12-17 4.6 CVE-2021-0899MISC google — android In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672038. 2021-12-17 4.6 CVE-2021-0894MISC google — android In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05670549. 2021-12-17 4.6 CVE-2021-0897MISC google — android In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05671206. 2021-12-17 4.6 CVE-2021-0896MISC google — android In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672003. 2021-12-17 4.6 CVE-2021-0895MISC google — android In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672071. 2021-12-17 4.6 CVE-2021-0898MISC google — android In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474. 2021-12-17 4.6 CVE-2021-0893MISC google — android In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781. 2021-12-17 4.6 CVE-2021-0679MISC google — android In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05722511. 2021-12-17 4.6 CVE-2021-0678MISC google — android In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326. 2021-12-17 4.6 CVE-2021-0673MISC google — android In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656488. 2021-12-17 4.6 CVE-2021-0903MISC google — android In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618. 2021-12-17 4.6 CVE-2021-0901MISC gpac — gpac A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash. 2021-12-22 5 CVE-2021-45266MISC iorder_project — iorder Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field. 2021-12-20 4.3 CVE-2021-43440MISCMISC laravel — framework OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17. 2021-12-20 6.8 CVE-2020-19316MISCMISC livehelperchat — live_helper_chat livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-18 6.8 CVE-2021-4131CONFIRMMISC mediawiki — mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn’t have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead. 2021-12-17 4 CVE-2021-44857CONFIRMMISC mediawiki — mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents. 2021-12-17 5 CVE-2021-45038CONFIRMMISC mossle — lemon A cross-site scripting (XSS) vulnerability in the potrtalItemName parameter in \web\PortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML. 2021-12-22 4.3 CVE-2020-20597MISC mossle — lemon A cross-site scripting (XSS) vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML. 2021-12-22 4.3 CVE-2020-20598MISC numpy — numpy Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. 2021-12-17 5 CVE-2021-41495MISC numpy — numpy A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. 2021-12-17 5 CVE-2021-33430MISC open-emr — openemr An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI. 2021-12-17 6.8 CVE-2021-41843MISCMISCMISCFULLDISC opms_project — opms A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add. 2021-12-22 4.3 CVE-2020-20595MISC personal_blog_cms_project — personal_blog_cms Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in the /controller/CommentAdminController.java component. 2021-12-22 4.3 CVE-2020-20605MISC s-cms — s-cms S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. 2021-12-22 4.3 CVE-2020-20426MISCMISCMISC s-cms — s-cms S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. 2021-12-22 4.3 CVE-2020-20425MISCMISCMISC salesagility — suitecrm SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection. 2021-12-19 6.5 CVE-2021-45041CONFIRMCONFIRM sem-cms — semcms The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query. 2021-12-17 5 CVE-2020-18081MISC sem-cms — semcms A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account’s password. 2021-12-17 5 CVE-2020-18078MISC snipeitapp — snipe-it snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-18 6.8 CVE-2021-4130CONFIRMMISC tcman — gim TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information. 2021-12-17 5.8 CVE-2021-40852CONFIRM tcman — gim TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information. 2021-12-17 5 CVE-2021-40851CONFIRM tcman — gim TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information. 2021-12-17 6.4 CVE-2021-40853CONFIRM vmware — workspace_one_uem_console VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. 2021-12-17 5 CVE-2021-22054MISC wechat-php-sdk_project — wechat-php-sdk Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php. 2021-12-17 4.3 CVE-2021-43678MISCMISC wolterskluwer — teammate_audit_management Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files. 2021-12-17 6.8 CVE-2021-44035MISCMISC x.org — x_server A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-12-17 4.6 CVE-2021-4009MISCMISCFEDORAFEDORAMISCDEBIAN x.org — x_server A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-12-17 4.6 CVE-2021-4011MISCMISCFEDORAFEDORAMISCDEBIAN x.org — x_server A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-12-17 4.6 CVE-2021-4010MISCMISCFEDORAFEDORAMISCDEBIAN x.org — x_server A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-12-17 4.6 CVE-2021-4008MISCMISCFEDORAFEDORAMISCDEBIAN Back to top   Low Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info convos — convos A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before 6.32. 2021-12-17 3.5 CVE-2021-42584MISCMISCMISC google — android In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237. 2021-12-17 2.1 CVE-2021-0674MISC google — android In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009. 2021-12-17 2.1 CVE-2021-0676MISC google — android In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827154; Issue ID: ALPS05827154. 2021-12-17 2.1 CVE-2021-0677MISC google — android In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672055. 2021-12-17 2.1 CVE-2021-0900MISC google — android In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656484. 2021-12-17 2.1 CVE-2021-0902MISC ibm — business_automation_workflow IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209165. 2021-12-17 3.5 CVE-2021-38883CONFIRMXF ibm — cloud_pak_for_automation IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212357. 2021-12-21 3.5 CVE-2021-38966XFCONFIRM iresturant_project — iresturant Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field 2021-12-20 3.5 CVE-2021-43438MISCMISC livehelperchat — live_helper_chat livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-17 3.5 CVE-2021-4132CONFIRMMISC mattermost — mattermost_server Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post. 2021-12-17 3.5 CVE-2021-37863MISCMISC metinfo — metinfo MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn. 2021-12-22 3.5 CVE-2020-20600MISC tarteaucitron.js_-_cookies_legislation_\&_gdpr_project — tarteaucitron.js_-_cookies_legislation_\&_gdpr Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6). 2021-12-20 3.5 CVE-2021-36889MISCCONFIRM Back to top   Severity Not Yet Assigned Primary Vendor — Product Description Published CVSS Score Source & Patch Info requarks — wiki.js Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `<img>` tags. Commit 5d3e81496fba1f0fbd64eeb855f30f69a9040718 fixes this vulnerability by adding an optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users. Wiki.js version 2.5.260 is the first production version to contain a patch. Version 2.5.258 is the first development build to contain a patch and is available only as a Docker image as requarks/wiki:canary-2.5.258. 2021-12-20 not yet calculated CVE-2021-43842MISCMISCCONFIRM 4mosan_gcb_doctor — 4mosan_gcb_doctor   4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack. 2021-12-20 not yet calculated CVE-2021-44159CONFIRM abode_iota — all-in-one_security_kit   OS Command Injection vulnerability in the wirelessConnect handler of Abode iota All-In-One Security Kit allows an attacker to inject commands and gain root access. This issue affects: Abode iota All-In-One Security Kit versions prior to 1.0.2.23_6.9V_dev_t2_homekit_RF_2.0.19_s2_kvsABODE oz. 2021-12-20 not yet calculated CVE-2020-8105MISC acclaim — usaherds   Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. 2021-12-21 not yet calculated CVE-2021-44207MISCMISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21928MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21937MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21936MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21935MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21934MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21933MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21932MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21931MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21922MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21929MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter with the administrative account or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21921MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter. 2021-12-22 not yet calculated CVE-2021-21927MISC advantech — r-seenet   An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘description_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21916MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21920MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack. 2021-12-22 not yet calculated CVE-2021-21919MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack. 2021-12-22 not yet calculated CVE-2021-21918MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter. 2021-12-22 not yet calculated CVE-2021-21925MISC advantech — r-seenet   An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21917MISC advantech — r-seenet   An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21915MISC advantech — r-seenet   A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21912MISC advantech — r-seenet   A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21911MISC advantech — r-seenet   A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21910MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21923MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘desc_filter’ parameter. 2021-12-22 not yet calculated CVE-2021-21924MISC advantech — r-seenet   A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. 2021-12-22 not yet calculated CVE-2021-21930MISC ajax — ajax.net_professional   Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation when parsing json input. Releases before version 21.12.22.1 are affected. A workaround exists that replaces one of the core JavaScript files embedded in the library. See the GHSA-5q7q-qqw2-hjq7 for workaround details. 2021-12-22 not yet calculated CVE-2021-43853CONFIRMMISCMISC anker_eufy — homeba An authentication bypass vulnerability exists in the process_msg() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted man-in-the-middle attack can lead to increased privileges. 2021-12-22 not yet calculated CVE-2021-21953MISC anker_eufy — homebase   An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges. 2021-12-22 not yet calculated CVE-2021-21952MISC anuko — time_tracker    Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the “group” and “status” parameters in POST requests. Group parameter is posted along when navigating between organizational subgroups (groups.php file). Status parameter is used in multiple files to change a status of an entity such as making a project, task, or user inactive. This issue has been patched in version 1.19.33.5607. An upgrade is highly recommended. If an upgrade is not practical, introduce ttValidStatus function as in the latest version and start using it user input check blocks wherever status field is used. For groups.php fix, introduce ttValidInteger function as in the latest version and use it in the access check block in the file. 2021-12-22 not yet calculated CVE-2021-43851CONFIRMMISCMISC apache — cordova   cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. This vulnerability occurred because the activity didn’t handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. Version 5.0.1 of the cordova-plugin-fingerprint-aio doesn’t export the activity anymore and is no longer vulnerable. If you want to fix older versions change the attribute android:exported in plugin.xml to false. Please upgrade to version 5.0.1 as soon as possible. 2021-12-23 not yet calculated CVE-2021-43849CONFIRMMISCMISC apache — parquet   Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions. 2021-12-20 not yet calculated CVE-2021-41561MISCMLIST apache — plc   Apache PLC4X – PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a mallicious device which could send a response with invalid content. Currently we consider the probability of this being exploited as quite minimal, however this could change in the future, especially with the industrial networks growing more and more together. 2021-12-19 not yet calculated CVE-2021-43083MISCMLIST apache — solr   An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows. 2021-12-23 not yet calculated CVE-2021-44548MISC apple — ios   An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud. 2021-12-23 not yet calculated CVE-2017-2375MISC apple — ios_and_watchos   A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 11.2, watchOS 4.2. An application may be able to execute arbitrary code with kernel privilege. 2021-12-23 not yet calculated CVE-2017-13880MISCMISC apple — macos_high_sierra   A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges. 2021-12-23 not yet calculated CVE-2018-4478MISC apple — macos_high_sierra   A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges. 2021-12-23 not yet calculated CVE-2017-13835MISC apple — macos_high_sierra   An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing. 2021-12-23 not yet calculated CVE-2017-13892MISC apple — macos_mojave   CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management.. 2021-12-23 not yet calculated CVE-2019-8643MISC apple — multiple_products   A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges. 2021-12-23 not yet calculated CVE-2020-3886MISC apple — multiple_products   This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to overwrite arbitrary files. 2021-12-23 not yet calculated CVE-2020-3896MISC apple — multiple_products   This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier. 2021-12-23 not yet calculated CVE-2019-8702MISCMISCMISC apple — multiple_products   This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges. 2021-12-23 not yet calculated CVE-2019-8703MISCMISCMISCMISC apple — multiple_products   A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution. 2021-12-23 not yet calculated CVE-2018-4302MISCMISCMISCMISCMISC apple — multiple_products   A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system. 2021-12-23 not yet calculated CVE-2021-30767MISCMISCMISCMISCMISC apple — remote_desktop   A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in Apple Remote Desktop 3.9. An attacker may be able to capture cleartext passwords. 2021-12-23 not yet calculated CVE-2017-2488MISC apple –multiple_products   A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges. 2021-12-23 not yet calculated CVE-2017-13905MISCMISCMISCMISC apple  — macos_high_sierra   A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A malicious application may be able to elevate privileges. 2021-12-23 not yet calculated CVE-2017-13906MISCMISC apple  — macos_high_sierra   An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A local attacker may be able to execute non-executable text files via an SMB share. 2021-12-23 not yet calculated CVE-2017-13908MISCMISC apple  — macos_high_sierra   An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens. 2021-12-23 not yet calculated CVE-2017-13909MISC apple  — macos_high_sierra   An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files. 2021-12-23 not yet calculated CVE-2017-13910MISC apple  — macos_high_sierra   A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked. 2021-12-23 not yet calculated CVE-2017-13907MISC archivy — archivy   archivy is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-25 not yet calculated CVE-2021-4162CONFIRMMISC armmbed — mbed_tls   In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. 2021-12-21 not yet calculated CVE-2021-45451MISC armmbed — mbed_tls   In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. 2021-12-21 not yet calculated CVE-2021-45450MISCMISC armmbed — mbed_tls   Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. 2021-12-20 not yet calculated CVE-2021-44732CONFIRMMISCCONFIRMCONFIRMCONFIRMCONFIRM autodesk — pdftron A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDF earlier than 9.0.7 version. 2021-12-23 not yet calculated CVE-2021-40161MISC autodesk — pdftron   A maliciously crafted PDF file prior to 9.0.7 may be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code. 2021-12-23 not yet calculated CVE-2021-40160MISC blackmagic_design — davinci_resolve   When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application. 2021-12-22 not yet calculated CVE-2021-40418MISC blackmagic_design — davinci_resolve   When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer overflow with regards to this calculation, this can result in an undersized heap buffer being allocated. When this heap buffer is written to, a heap-based buffer overflow will occur. This can result in code execution under the context of the application. 2021-12-22 not yet calculated CVE-2021-40417MISC chain_sea_ — ai_chatbot_system   Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication. 2021-12-20 not yet calculated CVE-2021-44163CONFIRM chain_sea_ — ai_chatbot_system   Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service. 2021-12-20 not yet calculated CVE-2021-44164CONFIRM chain_sea_ — ai_chatbot_system   Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authentication. 2021-12-20 not yet calculated CVE-2021-44162CONFIRM crypto-org-chain — cronos   Cronos is a commercial implementation of a blockchain. In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK’s FeeCollector for the current block by sending a custom crafted MsgEthereumTx. This problem has been patched in Cronos v0.6.5. There are no tested workarounds. All validator node operators are recommended to upgrade to Cronos v0.6.5 at their earliest possible convenience. 2021-12-21 not yet calculated CVE-2021-43839MISCCONFIRMMISC cve-search — cve-search   lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts. 2021-12-23 not yet calculated CVE-2021-45470MISCMISCMISC dalmark — system_systeams   Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. The bi report module exposes direct SQL commands via POST data in order to select data for report generation. A malicious actor can use the bi report endpoint as a direct SQL prompt under the authenticated user. 2021-12-21 not yet calculated CVE-2021-44874MISC dalmark — system_systeams   Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the password recovery procedure for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users. 2021-12-21 not yet calculated CVE-2021-44875MISC dalmark — system_systeams   Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the identification of the correct tenant for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users. 2021-12-21 not yet calculated CVE-2021-44876MISC dalmark — system_systeams   Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability has been found while using a temporary generated token in order to consume api resources. The vulnerability allows an unauthenticated attacker to use an api endpoint to generate a temporary JWT token that is designed to reference the correct tenant prior to authentication, to request system configuration parameters using direct api requests. The correct exploitation of this vulnerability causes sensitive information exposure. In case the tenant has an smtp credential set, the full credential information is disclosed. 2021-12-21 not yet calculated CVE-2021-44877MISC dell — emc_avamar_server   Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI. 2021-12-21 not yet calculated CVE-2021-36316CONFIRM dell — emc_avamar_server   Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 2021-12-21 not yet calculated CVE-2021-36317CONFIRM dell — emc_avamar_server   Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage. 2021-12-21 not yet calculated CVE-2021-36318CONFIRM dell — powerpath_management_applicance   Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges. 2021-12-21 not yet calculated CVE-2021-43587CONFIRM dell — powerscale_onefs   Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication. 2021-12-21 not yet calculated CVE-2021-36350CONFIRM dell — wyse_device_agent   Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information. 2021-12-21 not yet calculated CVE-2021-36341CONFIRM dell — wyse_management_suite Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. 2021-12-21 not yet calculated CVE-2021-36337CONFIRM dell — wyse_management_suite   Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system. 2021-12-21 not yet calculated CVE-2021-36336CONFIRM delta_electronics — diaenergie   DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. 2021-12-22 not yet calculated CVE-2021-44544MISC delta_electronics — diaenergie   DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”. 2021-12-22 not yet calculated CVE-2021-31558MISC delta_electronics — diaenergie   DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. 2021-12-22 not yet calculated CVE-2021-44471MISC delta_electronics — diaenergie   DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. 2021-12-22 not yet calculated CVE-2021-23228MISC e2guardian — e2guardian   e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks. 2021-12-23 not yet calculated CVE-2021-44273MISCMISCMLIST eap — eap   The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage. 2021-12-23 not yet calculated CVE-2021-20318MISC elgg — elgg   elgg is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-24 not yet calculated CVE-2021-4072MISCCONFIRM enc_security — deltavault   ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other applications, mishandles key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names). 2021-12-22 not yet calculated CVE-2021-36750MISCMISC f-secure — antivirus_engine   A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. 2021-12-22 not yet calculated CVE-2021-40836MISC freepbx — freepbx   FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19. 2021-12-22 not yet calculated CVE-2021-45461CONFIRMCONFIRMMISC fuji_electric — v-server_lite_and_tellus_lite_v-simulator   Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service. 2021-12-20 not yet calculated CVE-2021-38409MISC fuji_electric — v-server_lite_and_tellus_lite_v-simulator   Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution. 2021-12-20 not yet calculated CVE-2021-38413MISC fuji_electric — v-server_lite_and_tellus_lite_v-simulator   Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash. 2021-12-20 not yet calculated CVE-2021-38401MISC fuji_electric — v-server_lite_and_tellus_lite_v-simulator   Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code. 2021-12-20 not yet calculated CVE-2021-38415MISC fuji_electric — v-server_lite_and_tellus_lite_v-simulator   Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution. 2021-12-20 not yet calculated CVE-2021-38419MISC fuji_electric — v-server_lite_and_tellus_lite_v-simulator   Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash. 2021-12-20 not yet calculated CVE-2021-38421MISC garrett — metal_detectors   Specially-crafted command line arguments can lead to arbitrary file deletion. The handle_delete function does not attempt to sanitize or otherwise validate the contents of the [file] parameter (passed to the function as argv[1]), allowing an authenticated attacker to supply directory traversal primitives and delete semi-arbitrary files. 2021-12-22 not yet calculated CVE-2021-21908MISC garrett — metal_detectors   Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. An attacker can provide malicious inputs to trigger this vulnerability 2021-12-22 not yet calculated CVE-2021-21909MISC garrett — metal_detectors   A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21907MISC garrett — metal_detectors   Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. Every time a user submits a password to the CLI password prompt, the buffer containing their input is passed as the password parameter to the checkPassword function. 2021-12-22 not yet calculated CVE-2021-21906MISC garrett — metal_detectors   Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. After a client successfully authenticates, they can send plaintext commands to manipulate the device. 2021-12-22 not yet calculated CVE-2021-21905MISC garrett — metal_detectors   A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerability 2021-12-22 not yet calculated CVE-2021-21904MISC garrett — metal_detectors   A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send a malicious packet to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21903MISC garrett — metal_detectors   An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21902MISC garrett — metal_detectors   A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21901MISC gerbv_project — gerbv   An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-40394MISC gerbv_project — gerbv   An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-40393MISC gnome — gimp   GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. 2021-12-23 not yet calculated CVE-2021-45463MISCMISCMISCMISC gnu — gnu   An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. 2021-12-22 not yet calculated CVE-2021-45261MISC gnuplot — gnuplot   A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash. 2021-12-21 not yet calculated CVE-2021-44917MISC go — gocd_server   Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF) 2021-12-22 not yet calculated CVE-2021-44659MISCMISCMISCMISC google — chrome   Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38019MISCMISC google — chrome   Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38020MISCMISC google — chrome   Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38018MISCMISC google — chrome   Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38022MISCMISC google — chrome   Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38017MISCMISC google — chrome   Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38016MISCMISC google — chrome   Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. 2021-12-23 not yet calculated CVE-2021-38015MISCMISC google — chrome   Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38014MISCMISC google — chrome   Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38021MISCMISC google — chrome   Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-4068MISCMISC google — chrome   Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38011MISCMISC google — chrome   Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-4061MISCMISC google — chrome   Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-4067MISCMISC google — chrome   Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-4066MISCMISC google — chrome   Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-4065MISCMISC google — chrome   Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-4064MISCMISC google — chrome   Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-4063MISCMISC google — chrome   Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-4062MISCMISC google — chrome   Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-4078MISCMISC google — chrome   Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-4059MISCMISC google — chrome   Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets. 2021-12-23 not yet calculated CVE-2021-4079MISCMISC google — chrome   Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-4058MISCMISC google — chrome   Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-4057MISCMISC google — chrome   Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-4056MISCMISC google — chrome   Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. 2021-12-23 not yet calculated CVE-2021-4055MISCMISC google — chrome   Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-4054MISCMISC google — chrome   Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-4053MISCMISC google — chrome   Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. 2021-12-23 not yet calculated CVE-2021-4052MISCMISC google — chrome   Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38012MISCMISC google — chrome   Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38013MISCMISC google — chrome   Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38010MISCMISC google — chrome   Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38006MISCMISC google — chrome   Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38005MISCMISC google — chrome   Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38009MISCMISC google — chrome   Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38007MISCMISC google — chrome   Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-12-23 not yet calculated CVE-2021-38008MISCMISC gpac — gpac   An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service. 2021-12-21 not yet calculated CVE-2021-44924MISC gpac — gpac   A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash. 2021-12-21 not yet calculated CVE-2021-44925MISC gpac — gpac   A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash. 2021-12-21 not yet calculated CVE-2021-44921MISC gpac — gpac   A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash. 2021-12-22 not yet calculated CVE-2021-45260MISC gpac — gpac   A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash. 2021-12-21 not yet calculated CVE-2021-44927MISC gpac — gpac   An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size. 2021-12-21 not yet calculated CVE-2021-45297MISC gpac — gpac   The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. 2021-12-21 not yet calculated CVE-2021-45292MISC gpac — gpac   The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. 2021-12-21 not yet calculated CVE-2021-45291MISC gpac — gpac   An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash. 2021-12-22 not yet calculated CVE-2021-45262MISC gpac — gpac   A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. The program terminates with signal SIGKILL. 2021-12-21 not yet calculated CVE-2021-45289MISC gpac — gpac   A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command. 2021-12-21 not yet calculated CVE-2021-45288MISC gpac — gpac   A null pointer dereference vulnerability exists in the gpac in the gf_node_get_tag function, which causes a segmentation fault and application crash. 2021-12-21 not yet calculated CVE-2021-44926MISC gpac — gpac   An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash. 2021-12-21 not yet calculated CVE-2021-44920MISC gpac — gpac   A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash. 2021-12-21 not yet calculated CVE-2021-44922MISC gpac — gpac   A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function, which causes a segmentation fault and application crash. 2021-12-21 not yet calculated CVE-2021-44919MISC gpac — gpac   A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash. 2021-12-21 not yet calculated CVE-2021-44918MISC gpac — gpac   An Invalid pointer reference vulnerability exists in gpac 1.1.0 via the gf_svg_node_del function, which causes a segmentation fault and application crash. 2021-12-22 not yet calculated CVE-2021-45259MISC gpac — gpac   An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash. 2021-12-22 not yet calculated CVE-2021-45263MISC gpac — gpac   A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash. 2021-12-21 not yet calculated CVE-2021-44923MISC gpac — gpac   A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash. 2021-12-22 not yet calculated CVE-2021-45258MISC gpac — gpac   An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash. 2021-12-22 not yet calculated CVE-2021-45267MISC groupsession — multiple_products   Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to access arbitrary files on the server and obtain sensitive information via unspecified vectors. 2021-12-24 not yet calculated CVE-2021-20874MISCMISC groupsession — multiple_products   Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on the published site’s server via unspecified vectors. 2021-12-24 not yet calculated CVE-2021-20876MISCMISC groupsession — multiple_products   Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to access a specially crafted URL. 2021-12-24 not yet calculated CVE-2021-20875MISCMISC gurock — testrail   Gurock TestRail before 7.2.4 mishandles HTML escaping. 2021-12-20 not yet calculated CVE-2021-44263CONFIRM hivex — hivex   A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability. 2021-12-23 not yet calculated CVE-2021-3622MISCFEDORAFEDORAMISCMISC humhub — humhub   HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue. 2021-12-20 not yet calculated CVE-2021-43847MISCMISCMISCMISCCONFIRM ibm — business_process_manager   IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209512. 2021-12-21 not yet calculated CVE-2021-38893XFCONFIRMCONFIRM ibm — business_process_manager   IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607. 2021-12-21 not yet calculated CVE-2021-38900CONFIRMCONFIRMXF ibm — cloud_pak_for_security   IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651. 2021-12-22 not yet calculated CVE-2021-39013XFCONFIRM idec_plcs — idec_plcs   Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the attacker may access the PLC Web server and hijack the PLC, and manipulation of the PLC output and/or suspension of the PLC may be conducted. 2021-12-24 not yet calculated CVE-2021-20827MISCMISC idec_plcs — idec_plcs   Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from the communication between the PLC and the software. As a result, the complete access privileges to the PLC Web server may be obtained, and manipulation of the PLC output and/or suspension of the PLC may be conducted. 2021-12-24 not yet calculated CVE-2021-20826MISCMISC invoiceninja — invoiceninja   invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-24 not yet calculated CVE-2021-3977MISCCONFIRM jfrog_artifactory — jfrog_artifactory   JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. 2021-12-20 not yet calculated CVE-2021-3860MISC js-data — js-data   All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-1023655). 2021-12-24 not yet calculated CVE-2021-23574CONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRM jsx-slack — jsx-slack   jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service (ReDoS) attack. If an attacker can put a lot of JSX elements into `<blockquote>` tag _with including multibyte characters_, an internal regular expression for escaping characters may consume an excessive amount of computing resources. v4.5.1 passes the test against ASCII characters but misses the case of multibyte characters. jsx-slack v4.5.2 has updated regular expressions for escaping blockquote characters to prevent catastrophic backtracking. It is also including an updated test case to confirm rendering multiple tags in `<blockquote>` with multibyte characters. 2021-12-20 not yet calculated CVE-2021-43843CONFIRMMISCMISCMISC kataras — iris   This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder. 2021-12-24 not yet calculated CVE-2021-23772CONFIRMCONFIRMCONFIRM lantronix — premierwave   A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21875MISC lantronix — premierwave   An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21872MISC lantronix — premierwave   Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker can make authenticated HTTP requests to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21876MISC lantronix — premierwave   Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can make authenticated HTTP requests to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21877MISC lantronix — premierwave   A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21874MISC lantronix — premierwave   A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21873MISC lantronix — premierwave   An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21881MISC lantronix — premierwave   A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21887MISC lantronix — premierwave   An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21884MISC lantronix — premierwave   A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21892MISC lantronix — premierwave   An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21888MISC lantronix — premierwave   A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of the branch (deletefile). An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21891MISC lantronix — premierwave   A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21878MISC lantronix — premierwave   A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21885MISC lantronix — premierwave   A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to information disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21886MISC lantronix — premierwave   A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21889MISC lantronix — premierwave   An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21883MISC lantronix — premierwave   A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of the branch (deletedir). An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21890MISC lantronix — premierwave   A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21894MISC lantronix — premierwave   An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21882MISC lantronix — premierwave   A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21895MISC lantronix — premierwave   A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21880MISC lantronix — premierwave   A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file deletion. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21896MISC lantronix — premierwave   A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. 2021-12-22 not yet calculated CVE-2021-21879MISC lib/cmd.js — lib/cmd.js   lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter. 2021-12-22 not yet calculated CVE-2021-45459MISCMISC linux — linux_kernel   In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. 2021-12-25 not yet calculated CVE-2021-45486MISCMISCMISC linux — linux_kernel   A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. 2021-12-22 not yet calculated CVE-2021-44733MISCMISC linux — linux_kernel   In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. 2021-12-23 not yet calculated CVE-2021-45469MISCMISCMLIST linux — linux_kernel   In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn’t properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. 2021-12-25 not yet calculated CVE-2021-45485MISCMISCMISC linux — linux_kernel   An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances. 2021-12-24 not yet calculated CVE-2021-45480MISCMISC mart_developers_inc — iorder   An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form 2021-12-20 not yet calculated CVE-2021-43441MISCMISC mediawiki — mediawiki   In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. 2021-12-24 not yet calculated CVE-2021-45472MISCMISC mediawiki — mediawiki   In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. 2021-12-24 not yet calculated CVE-2021-45474MISCMISC mediawiki — mediawiki   In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar). 2021-12-24 not yet calculated CVE-2021-45473MISCMISC mediawiki — mediawiki   An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead. 2021-12-20 not yet calculated CVE-2021-44858CONFIRMMISC mediawiki — mediawiki   In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. 2021-12-24 not yet calculated CVE-2021-45471MISCMISCMISC mesa_labs — amegaview Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication to the web application, which may allow an attacker to gain access. 2021-12-21 not yet calculated CVE-2021-27453CONFIRM mesa_labs — amegaview   Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device. 2021-12-21 not yet calculated CVE-2021-27451CONFIRM mesa_labs — amegaview   Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code. 2021-12-21 not yet calculated CVE-2021-27447MISC mesa_labs — amegaview   Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device. 2021-12-21 not yet calculated CVE-2021-27445CONFIRM mesa_labs — amegaview   Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server. 2021-12-21 not yet calculated CVE-2021-27449CONFIRM msedgeredirect — msedgeredirect   MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user’s default browser. MSEdgeRedirect versions before 0.5.0.1 are vulnerable to Remote Code Execution via specifically crafted URLs. This vulnerability requires user interaction and the acceptance of a prompt. With how MSEdgeRedirect is coded, parameters are impossible to pass to any launched file. However, there are two possible scenarios in which an attacker can do more than a minor annoyance. In Scenario 1 (confirmed), a user visits an attacker controlled webpage; the user is prompted with, and downloads, an executable payload; the user is prompted with, and accepts, the aforementioned crafted URL prompt; and RCE executes the payload the user previously downloaded, if the download path is successfully guessed. In Scenario 2 (not yet confirmed), a user visits an attacked controlled webpage; the user is prompted with, and accepts, the aforementioned crafted URL prompt; and a payload on a remote, attacker controlled, SMB server is executed. The issue was found in the _DecodeAndRun() function, in which I incorrectly assumed _WinAPI_UrlIs() would only accept web resources. Unfortunately, file:/// passes the default _WinAPI_UrlIs check(). File paths are now directly checked for and must fail. There is no currently known exploitation of this vulnerability in the wild. A patched version, 0.5.0.1, has been released that checks for and denies these crafted URLs. There are no workarounds for this issue. Users are advised not to accept any unexpected prompts from web pages. 2021-12-20 not yet calculated CVE-2021-43844CONFIRMMISC myscada — mypro mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. 2021-12-23 not yet calculated CVE-2021-23198MISC myscada — mypro   An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. 2021-12-23 not yet calculated CVE-2021-43987MISC myscada — mypro   mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands. 2021-12-23 not yet calculated CVE-2021-44453MISC myscada — mypro   mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. 2021-12-23 not yet calculated CVE-2021-43989MISC myscada — mypro   mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. 2021-12-23 not yet calculated CVE-2021-43981MISC myscada — mypro   An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. 2021-12-23 not yet calculated CVE-2021-43985MISC myscada — mypro   mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. 2021-12-23 not yet calculated CVE-2021-43984MISC myscada — mypro   mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. 2021-12-23 not yet calculated CVE-2021-22657MISC nasm — nasm   A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c. 2021-12-22 not yet calculated CVE-2021-45256MISC nasm — nasm   An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function. 2021-12-22 not yet calculated CVE-2021-45257MISC netapp — storagegrid   StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager. 2021-12-23 not yet calculated CVE-2021-27006MISC netapp — virtual_desktop_service   NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session. 2021-12-23 not yet calculated CVE-2021-27007MISC netbsd — netbsd   In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures. 2021-12-25 not yet calculated CVE-2021-45487MISCMISC netbsd — netbsd   In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG. 2021-12-25 not yet calculated CVE-2021-45489MISCMISC netbsd — netbsd   In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm. 2021-12-25 not yet calculated CVE-2021-45488MISCMISC netbsd — netbsd   In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG. 2021-12-25 not yet calculated CVE-2021-45484MISCMISC nltk — nltk   NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability is present in PunktSentenceTokenizer, sent_tokenize and word_tokenize. Any users of this class, or these two functions, are vulnerable to the ReDoS attack. In short, a specifically crafted long input to any of these vulnerable functions will cause them to take a significant amount of execution time. If your program relies on any of the vulnerable functions for tokenizing unpredictable user input, then we would strongly recommend upgrading to a version of NLTK without the vulnerability. For users unable to upgrade the execution time can be bounded by limiting the maximum length of an input to any of the vulnerable functions. Our recommendation is to implement such a limit. 2021-12-23 not yet calculated CVE-2021-43854MISCMISCCONFIRMMISC nvidia — geforce   NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream. 2021-12-23 not yet calculated CVE-2021-23175CONFIRM online_enrollment_management_system — online_enrollment_management_system   The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL’s load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system. 2021-12-23 not yet calculated CVE-2021-44599MISC open5gs — open5gs   In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. 2021-12-23 not yet calculated CVE-2021-45462MISC open_design_alliance — drawings_explorer   An out-of-bounds read vulnerability exists when reading a BMP file using Open Design Alliance (ODA) Drawings Explorer before 2022.12. The specific issue exists after loading BMP files. Unchecked input data from a crafted BMP file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-12-21 not yet calculated CVE-2021-44423MISC open_design_alliance — drawings_sdk    An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-12-21 not yet calculated CVE-2021-44422MISC opendesign — drawings_sdk   An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-12-21 not yet calculated CVE-2021-44859MISC opendesign — drawings_sdk   An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-12-21 not yet calculated CVE-2021-44860MISC opmantak — open-audit   An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes. 2021-12-22 not yet calculated CVE-2021-40612MISCMISC opmantek — open-auditit_community   Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim’s browser. 2021-12-20 not yet calculated CVE-2021-44916MISCMISCMISC parse-link-header — parse-link-header   The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function. 2021-12-24 not yet calculated CVE-2021-23490CONFIRMCONFIRMCONFIRM pimcore — pimcore   pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-21 not yet calculated CVE-2021-4139MISCCONFIRM pjsip — pjsip   PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason’s length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. This issue affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length. Users are advised to upgrade as soon as possible. There are no known workarounds. 2021-12-22 not yet calculated CVE-2021-43804CONFIRMMISC pjsip –pjsip   PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds. 2021-12-22 not yet calculated CVE-2021-37706CONFIRMMISC podman — podman   A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host’s firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host’s services by forwarding all ports to the VM. 2021-12-23 not yet calculated CVE-2021-4024MISCMISC prestashop — prestashop   PrestaShop before 1.5.2 allows XSS via the “<object data=’data:text/html” substring in the message field. 2021-12-21 not yet calculated CVE-2012-20001MISC privoxy — privoxy   An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself. 2021-12-23 not yet calculated CVE-2021-44543MISCMISC privoxy — privoxy   A memory leak vulnerability was found in Privoxy when handling errors. 2021-12-23 not yet calculated CVE-2021-44542MISCMISC privoxy — privoxy   A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination. 2021-12-23 not yet calculated CVE-2021-44541MISCMISC privoxy — privoxy   A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. 2021-12-23 not yet calculated CVE-2021-44540MISCMISC projectworlds — hospital_management_system Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php. 2021-12-22 not yet calculated CVE-2021-43629MISCMISC projectworlds — hospital_management_system Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php. 2021-12-22 not yet calculated CVE-2021-43631MISCMISC projectworlds — hospital_management_system Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php. 2021-12-22 not yet calculated CVE-2021-43628MISCMISC projectworlds — hospital_management_system   Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server. 2021-12-22 not yet calculated CVE-2021-43630MISCMISC projectworlds — online_book_store In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. 2021-12-22 not yet calculated CVE-2021-43156MISC projectworlds — online_book_store Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php. 2021-12-22 not yet calculated CVE-2021-43157MISCMISC projectworlds — online_book_store Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the “bookisbn” parameter in cart.php. 2021-12-22 not yet calculated CVE-2021-43155MISC projectworlds — online_book_store   In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer’s cart. 2021-12-22 not yet calculated CVE-2021-43158MISCMISC pytorch_lightning — pytorch_lightning   pytorch-lightning is vulnerable to Deserialization of Untrusted Data 2021-12-23 not yet calculated CVE-2021-4118MISCCONFIRM quest — kace_desktop_authority Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery. 2021-12-22 not yet calculated CVE-2021-44030CONFIRM quest — kace_desktop_authority   An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}. 2021-12-22 not yet calculated CVE-2021-44031MISC quest — kace_desktop_authority   An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known (due to the presence of CVE-2017-11317, CVE-2017-11357, or other means). A default setting for the type whitelisting feature in more current versions of ASP.NET AJAX prevents exploitation. 2021-12-22 not yet calculated CVE-2021-44029MISC quest — kace_desktop_authority   XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. 2021-12-22 not yet calculated CVE-2021-44028MISC realtek — rtl8195am_device   A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security. 2021-12-22 not yet calculated CVE-2021-39306MISCMISC rockoa — rockoa   A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account. 2021-12-22 not yet calculated CVE-2020-20593MISCMISC samsung — printers   The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required. 2021-12-20 not yet calculated CVE-2021-42913MISCMISC simple — cold_storage_management_system   The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL’s load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. 2021-12-21 not yet calculated CVE-2021-45253MISC simple — forum_discussion_system   Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability. 2021-12-21 not yet calculated CVE-2021-45252MISC simple_online_mens_salon_management_system — simple_online_mens_salon_management_system   The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve all authentication and information about the users of this system. 2021-12-23 not yet calculated CVE-2021-44600MISC solarwinds — orion   It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings. 2021-12-20 not yet calculated CVE-2021-35248MISCMISCMISC solarwinds — orion   The “Log alert to a file” action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution. 2021-12-20 not yet calculated CVE-2021-35244MISCMISCMISC solarwinds — orion   Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information. 2021-12-20 not yet calculated CVE-2021-35234MISCMISCMISCMISCMISCMISCMISCMISCMISCMISCMISCMISC solarwinds — web_help_desk   The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.6 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity. 2021-12-23 not yet calculated CVE-2021-35243MISC solidusio — solidus   `solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user’s cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the “Add to cart” action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory. 2021-12-20 not yet calculated CVE-2021-43846MISCMISCCONFIRM sonicwall — sma100_series   A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. 2021-12-23 not yet calculated CVE-2021-20049CONFIRM sonicwall — sma100_series   An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. 2021-12-23 not yet calculated CVE-2021-20050CONFIRM sourcecodetester — engineers_online_portal   In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. This header specifies which website should process the HTTP request. The web server uses the value of this header to dispatch the request to the specified website. Each website hosted on the same IP address is called a virtual host. And It’s possible to send requests with arbitrary Host Headers to the first virtual host. 2021-12-20 not yet calculated CVE-2021-43437MISCMISC sssd — sssd   A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-12-23 not yet calculated CVE-2021-3621MISCMISC starcharge — multiple_products Certain Starcharge products are affected by Improper Input Validation. The affected products include: Nova 360 Cabinet <= 1.3.0.0.7b102 – Fixed: Beta1.3.0.1.0 and Titan 180 Premium <= 1.3.0.0.6 – Fixed: 1.3.0.0.9. 2021-12-22 not yet calculated CVE-2021-45419MISCMISCMISC starcharge — multiple_products   Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 – Fixed: 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 – Fixed: Beta1.3.0.1.0. 2021-12-22 not yet calculated CVE-2021-45418MISCMISCMISC stormshield — stormshield_endpoint_security Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. 2021-12-21 not yet calculated CVE-2021-45091MISC stormshield — stormshield_endpoint_security Stormshield Endpoint Security before 2.1.2 allows remote code execution. 2021-12-21 not yet calculated CVE-2021-45090MISC stormshield — stormshield_endpoint_security Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. 2021-12-21 not yet calculated CVE-2021-45089MISC thales — safenet_agent   A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine. 2021-12-20 not yet calculated CVE-2021-42138MISCMISCMISC thales — sentinel_protection_installer Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges. 2021-12-20 not yet calculated CVE-2021-42808MISC thales — sentinel_protection_installer Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code. 2021-12-20 not yet calculated CVE-2021-42809MISC theforeman — foreman   A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0. 2021-12-23 not yet calculated CVE-2021-3584MISCMISCMISC thinfinity — virtualui   Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to the configuration of VirtualUI. Common users are administrator, admin, guest and krgtbt. 2021-12-20 not yet calculated CVE-2021-44554MISC thinkcmf — thinkcmf   An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet. 2021-12-22 not yet calculated CVE-2020-20601MISC tp-link — ax10v1   A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack. 2021-12-17 not yet calculated CVE-2021-41451MISCMISCMISC tp-link — wifi_router   TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. 2021-12-23 not yet calculated CVE-2021-4144JVNCONFIRM uti_mutual_fund_android_application — uti_mutual_fund_android_application   An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted. 2021-12-23 not yet calculated CVE-2020-35398MISCMISC video_sharing_website — video_sharing_website   The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL’s load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. 2021-12-21 not yet calculated CVE-2021-45255MISC vim — vim   vim is vulnerable to Heap-based Buffer Overflow 2021-12-19 not yet calculated CVE-2021-4136CONFIRMMISC vim — vim   vim is vulnerable to Out-of-bounds Read 2021-12-25 not yet calculated CVE-2021-4166CONFIRMMISC vmware — workspace_one_access   VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. 2021-12-20 not yet calculated CVE-2021-22056MISC vmware — workspace_one_access   VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify. 2021-12-20 not yet calculated CVE-2021-22057MISC webassembly — binaryen   A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable. 2021-12-21 not yet calculated CVE-2021-45290MISC webassembly — binaryen   A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet. 2021-12-21 not yet calculated CVE-2021-45293MISC webkitgtk — webkitgtk   In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889. 2021-12-25 not yet calculated CVE-2021-45483MISC webkitgtk — webkitgtk   In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889. 2021-12-25 not yet calculated CVE-2021-45482MISC webkitgtk — webkitgtk   In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889. 2021-12-25 not yet calculated CVE-2021-45481MISC wordpress — directorist   The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. 2021-12-21 not yet calculated CVE-2021-24981MISCMISC wordpress — logo_carousel   The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature 2021-12-21 not yet calculated CVE-2021-24739MISC wordpress — logo_carousel   The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the “Logo Margin” carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks 2021-12-21 not yet calculated CVE-2021-24738MISC wordpress — sportspress   The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue 2021-12-21 not yet calculated CVE-2021-24578MISC wordpress — wcfm_marketplace   The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections 2021-12-21 not yet calculated CVE-2021-24849MISC wordpress — wordpress   The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber 2021-12-21 not yet calculated CVE-2021-24846MISC wordpress — wordpress   The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue 2021-12-21 not yet calculated CVE-2021-24907MISC wordpress — wordpress   The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue 2021-12-21 not yet calculated CVE-2021-24941MISC wordpress — wordpress   The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue 2021-12-21 not yet calculated CVE-2021-24956MISC wordpress — wordpress   Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters “tarteaucitronEmail” and “tarteaucitronPass”. 2021-12-20 not yet calculated CVE-2021-36887CONFIRMMISC wordpress wp_visitor_statistics   The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks 2021-12-21 not yet calculated CVE-2021-24750MISCCONFIRM wuzhi_cms — wuzhi_cms   A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin’s cookie. 2021-12-21 not yet calculated CVE-2020-19770MISC zohocorp — manageengine_log360 Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. 2021-12-23 not yet calculated CVE-2021-44526MISC zohocorp — manageengine_log360 Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. 2021-12-20 not yet calculated CVE-2021-44676CONFIRMMISC zohocorp — manageengine_log360 Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. 2021-12-20 not yet calculated CVE-2021-44675CONFIRM zohocorp — manageengine_log360   Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. 2021-12-20 not yet calculated CVE-2021-44525CONFIRM Back to top This product is provided subject to this Notification and this Privacy & Use policy.

  • Vulnerability Summary for the Week of December 13, 2021
    by CISA on December 21, 2021 at 1:27 pm

    Original release date: December 21, 2021  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abb — omnicore_c30_firmware A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port. 2021-12-13 9.3 CVE-2021-22279MISC amazon — aws_opensearch The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file. 2021-12-12 7.5 CVE-2021-44833MISCMISC amd — amd_generic_encapsulated_software_architecture Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system. 2021-12-10 7.2 CVE-2020-12890MISC apache — log4j Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. 2021-12-10 9.3 CVE-2021-44228MISCMLISTMLISTMISCCONFIRMCISCOMLISTCONFIRMCONFIRMFEDORAMLISTMLISTMISCMLISTDEBIANCONFIRMMISCMISCMISCMLISTCONFIRMCERT-VNMISCMISCMISCMISCMISCMLISTCONFIRMMS blackberry — qnx_software_development_platform A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process. 2021-12-13 7.5 CVE-2021-32024MISC c2fo — comb All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function. 2021-12-10 7.5 CVE-2021-23561CONFIRM crocoblock — jetengine Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. 2021-12-15 7.5 CVE-2021-41844MISC digi — transport_dr64_firmware An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc. 2021-12-10 10 CVE-2021-35978MISCMISC digitalocean — toxcore A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet. 2021-12-13 7.5 CVE-2021-44847MISC emlog — emlog A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. 2021-12-14 7.5 CVE-2021-40883MISC employee_record_management_system_project — employee_record_management_system SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system. 2021-12-13 10 CVE-2021-44966MISC employee_record_management_system_project — employee_record_management_system Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. 2021-12-13 7.8 CVE-2021-44965MISC fastadmin — fastadmin fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access. 2021-12-13 10 CVE-2021-43117MISC frentix — openolat OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files anywhere on the target system. The attack could be used to write files anywhere in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account, an enabled REST API and the rights on a business object to call the vulnerable REST calls. The problem is fixed in version 15.5.12 and 16.0.5. There is a workaround available. The vulnerability requires the REST module to be enabled. Disabling the REST module or limiting the REST module via some firewall or web-server access rules to be accessed only be trusted systems will mitigate the risk. 2021-12-10 7.9 CVE-2021-41242MISCCONFIRMMISCMISC glfusion — glfusion glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php. 2021-12-14 7.5 CVE-2021-44949MISC google — android In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. This could lead to local escalation of privilege CONTROL_ALWAYS_ON_VPN with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-191382886 2021-12-15 7.2 CVE-2021-0649MISC google — android In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064258. 2021-12-15 7.2 CVE-2021-0675MISC google — android In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195962697 2021-12-15 7.2 CVE-2021-0921MISC google — android In ActivityThread.java, there is a possible way to collide the content provider’s authorities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197647956 2021-12-15 7.2 CVE-2021-0799MISC google — android In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06076938; Issue ID: ALPS06076938. 2021-12-15 7.2 CVE-2021-0904MISC google — android In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195338390 2021-12-15 7.2 CVE-2021-0923MISC google — android In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194461020References: Upstream kernel 2021-12-15 7.2 CVE-2021-0924MISC google — android In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user’s consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-191053931 2021-12-15 7.2 CVE-2021-0926MISC google — android In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175 2021-12-15 7.2 CVE-2021-0927MISC google — android In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-188675581 2021-12-15 7.2 CVE-2021-0928MISC google — android In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187527909References: Upstream kernel 2021-12-15 7.2 CVE-2021-0929MISC google — android In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performed as the System UI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173025705 2021-12-15 7.2 CVE-2021-0932MISC google — android In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196970023 2021-12-15 7.2 CVE-2021-0970MISC google — android Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A 2021-12-15 7.5 CVE-2021-39644MISC google — android In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-180745296 2021-12-15 10 CVE-2021-0889MISC google — android In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-193363621 2021-12-15 7.1 CVE-2021-0964MISC google — android In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197536150 2021-12-15 8.3 CVE-2021-0918MISC google — android In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure due to a limited change in behavior based on the out of bounds data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191444150 2021-12-15 7.8 CVE-2021-0925MISC google — android In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetooth device, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-172251622 2021-12-15 7.9 CVE-2021-0933MISC google — android In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-181660091 2021-12-15 8.3 CVE-2021-0930MISC google — android In vorbis_book_decodev_set of codebook.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199065614 2021-12-15 9.3 CVE-2021-0967MISC google — android Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A 2021-12-15 10 CVE-2021-39645MISC ibm — powervm_hypervisor IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018. 2021-12-10 9.4 CVE-2021-38917XFCONFIRM ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958. 2021-12-13 10 CVE-2021-39065CONFIRMXF ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523. 2021-12-13 7.5 CVE-2021-39052XFCONFIRM itextpdf — itext iTextPDF in iText before 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. 2021-12-15 7.5 CVE-2021-43113MISCCONFIRM listary — listary An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content. 2021-12-14 7.6 CVE-2021-41067MISCMISC markdown_to_pdf_project — markdown_to_pdf The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. 2021-12-10 7.5 CVE-2021-23639CONFIRMCONFIRMCONFIRM max-3000 — maxsite_cms Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page. 2021-12-10 7.5 CVE-2021-27983MISC merge-deep2_project — merge-deep2 All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function. 2021-12-10 7.5 CVE-2021-23700CONFIRM nocean — totop_link The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize() PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain. 2021-12-13 7.5 CVE-2021-24857MISC online_magazine_management_system_project — online_magazine_management_system Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application. 2021-12-15 7.5 CVE-2021-44653MISC online_pre-owned\/used_car_showroom_management_system_project — online_pre-owned\/used_car_showroom_management_system Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application. 2021-12-15 7.5 CVE-2021-44655MISC opencats — opencats OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php. 2021-12-15 10 CVE-2021-41560MISCCONFIRMMISC pluck-cms — pluck In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files. 2021-12-10 7.5 CVE-2021-27984MISC pluck-cms — pluck Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution. 2021-12-10 7.5 CVE-2021-31746MISC reprisesoftware — reprise_license_manager An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo “C:\Windows\System32\calc.exe” entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.) 2021-12-13 9 CVE-2021-44153MISCMISC reprisesoftware — reprise_license_manager An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user’s account. 2021-12-13 7.5 CVE-2021-44152MISCMISC sap — abap_platform Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. 2021-12-14 7.5 CVE-2021-44231MISCMISC sap — netweaver_application_server_for_abap Two methods of a utility class in SAP NetWeaver AS ABAP – versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system. 2021-12-14 7.2 CVE-2021-44235MISCMISC sey_project — sey All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function. 2021-12-10 7.5 CVE-2021-23663CONFIRM siemens — 7kg9501-0aa01-2aa1_firmware A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41). The affected firmware contains a buffer overflow vulnerability in the web application that could allow a remote attacker with engineer or admin priviliges to potentially perform remote code execution. 2021-12-14 9 CVE-2021-44165CONFIRM siemens — sipass_integrated A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. 2021-12-14 7.5 CVE-2021-44524CONFIRMCONFIRM stopbadbots — block_and_stop_bad_bots The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection 2021-12-13 7.5 CVE-2021-24863MISC taogogo — taocms There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26 2021-12-14 7.5 CVE-2021-45014MISC thimpress — learnpress The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues 2021-12-13 7.5 CVE-2021-24951MISC webnus — modern_events_calendar_lite The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue 2021-12-13 7.5 CVE-2021-24946MISC zohocorp — manageengine_desktop_central Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. 2021-12-12 10 CVE-2021-44515CONFIRMMISCCONFIRM zzcms — zzcms A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php. 2021-12-15 7.5 CVE-2021-42945MISCMISC Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abantecart — abantecart An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS. 2021-12-14 4.3 CVE-2021-42050MISCMISC advancedcustomfields — advanced_custom_fields Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors. 2021-12-13 4 CVE-2021-20866MISCMISCMISC advancedcustomfields — advanced_custom_fields Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors. 2021-12-13 5 CVE-2021-20865MISCMISCMISC advancedcustomfields — advanced_custom_fields Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors. 2021-12-13 4 CVE-2021-20867MISCMISCMISC apache — log4j JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. 2021-12-14 6.8 CVE-2021-4104MISCMISCMISCCERT-VN app\ — \ The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. 2021-12-13 6.8 CVE-2020-16154MISCMISC auerswald — comfortel_3600_ip_firmware Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring. 2021-12-13 5 CVE-2021-40856MISCMISC auerswald — compact_5500r_ip_firmware Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. 2021-12-13 4 CVE-2021-40857MISCMISC auerswald — compact_5500r_ip_firmware Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring. 2021-12-13 6.8 CVE-2021-40858MISCMISC automox — automox Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. 2021-12-15 4.6 CVE-2021-43326MISCCONFIRM automox — automox Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression. 2021-12-15 4.6 CVE-2021-43325MISCCONFIRM clementine-player — clementine Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. 2021-12-15 6.8 CVE-2021-40826MISC clementine-player — clementine Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move, affecting the MP3 file parsing functionality at memcpy+0x265. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. 2021-12-15 6.8 CVE-2021-40827MISC cleverplugins — seo_booster The SEO Booster WordPress plugin through 3.7 allows for authenticated SQL injection via the “fn_my_ajaxified_dataloader_ajax” AJAX request as the $_REQUEST[‘order’][0][‘dir’] parameter is not properly escaped leading to blind and error-based SQL injections. 2021-12-13 6.5 CVE-2021-24747MISC cm-wp — auto_featured_image The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue. 2021-12-13 4.3 CVE-2021-24932MISC collabora — online Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session’s authentication token which was also passed in at iframe creation time. Users should upgrade to Collabora Online 6.4.16 or higher or Collabora Online 4.2.20 or higher. Collabora Online Development Edition 21.11 is not affected. 2021-12-13 4.3 CVE-2021-43817CONFIRM contact_form_advanced_database_project — contact_form_advanced_database The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its delete_cf7_data and export_cf7_data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The delete_cf7_data would lead to arbitrary metadata deletion, as well as PHP Object Injection if a suitable gadget chain is present in another plugin, as user data is passed to the maybe_unserialize() function without being first validated. 2021-12-13 4 CVE-2021-24790MISC cpan\ — \ The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data. 2021-12-13 4 CVE-2020-16155MISCMISC cuppacms — cuppacms An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. 2021-12-14 6.5 CVE-2021-3376MISC cybelesoft — thinfinity_virtualui In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists. 2021-12-13 5 CVE-2021-44848MISCMISC dbeaver — dbeaver dbeaver is vulnerable to Improper Restriction of XML External Entity Reference 2021-12-14 4.3 CVE-2021-3836CONFIRMMISC digi — transport_dr64_firmware An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users’ passwords. 2021-12-10 4 CVE-2021-37187MISCMISC digi — transport_dr64_firmware An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway. 2021-12-10 6.5 CVE-2021-37188MISCMISC digi — transport_wr11_firmware An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session. 2021-12-10 5 CVE-2021-37189MISCMISC digitalocean — toxcore The Onion module in toxcore before 0.2.2 doesn’t restrict which packets can be onion-routed, which allows a remote attacker to discover a target user’s IP address (when knowing only their Tox Id) by positioning themselves close to target’s Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target’s DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node. 2021-12-13 4.3 CVE-2018-25022MISCMISCMISC digitalocean — toxcore The TCP Server module in toxcore before 0.2.8 doesn’t free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system’s memory, causing a denial of service (DoS). 2021-12-13 5 CVE-2018-25021MISCMISCMISC dpsoft — parsian_bank_gateway_for_woocommerce The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via and parameter due to a var_dump() on $_POST variables found in the ~/vendor/dpsoft/parsian-payment/sample/rollback-payment.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. 2021-12-14 4.3 CVE-2021-39309MISCMISC duogeek — duofaq-responsive-flat-simple-faq The duoFAQ – Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8. 2021-12-14 4.3 CVE-2021-39319MISCMISC duogeek — simple_image_gallery The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6. 2021-12-14 4.3 CVE-2021-39313MISCMISC f-secure — safe A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack. 2021-12-10 4.3 CVE-2021-40834MISCMISC facebook — hermes A type confusion vulnerability could be triggered when resolving the “typeof” unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. 2021-12-13 6.8 CVE-2021-24045CONFIRMMISC fatcatapps — pixel_cat The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks 2021-12-13 6 CVE-2021-24922MISC fortinet — fortios A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations. 2021-12-13 6.6 CVE-2021-36169CONFIRM frenify — mediamatic The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin through 2.7, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection 2021-12-13 6.5 CVE-2021-24848MISC genesys — workforce_management A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter. 2021-12-15 4.3 CVE-2021-26787MISCMISC get_custom_field_values_project — get_custom_field_values The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata. 2021-12-13 4 CVE-2021-24872MISC gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent. 2021-12-13 4 CVE-2021-39940MISCCONFIRMMISC gitlab — gitlab Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project’s disabled wiki. 2021-12-13 4 CVE-2021-39936MISCMISCCONFIRM gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack. 2021-12-13 4 CVE-2021-39933MISCMISCCONFIRM gitlab — gitlab A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands 2021-12-13 4 CVE-2021-39938MISCCONFIRM gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege to a maintainer on projects they import 2021-12-13 5.5 CVE-2021-39944MISCMISCCONFIRM gitlab — gitlab A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances 2021-12-13 6.5 CVE-2021-39937MISCCONFIRM gitlab — gitlab An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager 2021-12-13 4 CVE-2021-39939CONFIRMMISC gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes. 2021-12-13 4 CVE-2021-39932MISCCONFIRM gitlab — gitlab Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user’s custom project and group templates 2021-12-13 4 CVE-2021-39930MISCCONFIRMMISC gitlab — gitlab Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. 2021-12-13 4 CVE-2021-39934MISCCONFIRMMISC gitlab — gitlab Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed. 2021-12-13 4 CVE-2021-39918CONFIRMMISCMISC gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack. 2021-12-13 4 CVE-2021-39917MISCMISCCONFIRM gitlab — gitlab Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. 2021-12-13 4 CVE-2021-39916CONFIRMMISCMISC gitlab — gitlab Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked 2021-12-13 4 CVE-2021-39945MISCMISCCONFIRM gitlab — gitlab Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects 2021-12-13 5 CVE-2021-39915CONFIRMMISCMISC gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API 2021-12-13 5 CVE-2021-39935MISCCONFIRMMISC gitlab — gitlab An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members 2021-12-13 5 CVE-2021-39941MISCMISCCONFIRM gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature. 2021-12-13 4.3 CVE-2021-39910CONFIRMMISCMISC glfusion — glfusion glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction. 2021-12-14 6.4 CVE-2021-44935MISC glfusion — glfusion glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied. 2021-12-14 5 CVE-2021-44937MISC glfusion — glfusion glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist. 2021-12-14 4.3 CVE-2021-44948MISC glfusion — glfusion glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist. 2021-12-14 4.3 CVE-2021-44942MISC gnome — epiphany XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list. 2021-12-16 4.3 CVE-2021-45085MISCMISC gnome — epiphany XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server’s suggested_filename is used as the pdf_name value in PDF.js. 2021-12-16 4.3 CVE-2021-45086MISCMISC gnome — epiphany XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. 2021-12-16 4.3 CVE-2021-45087MISCMISC gnome — epiphany XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. 2021-12-16 4.3 CVE-2021-45088MISCMISC gnuboard — gnuboard5 gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-14 4.3 CVE-2021-3831MISCCONFIRM google — android In onCreate of UsbPermissionActivity.java, there is a possible way to grant an app access to USB without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183610267 2021-12-15 4.4 CVE-2021-1016MISC google — android In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191981182 2021-12-15 4.6 CVE-2021-0981MISC google — android In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-177931370 2021-12-15 4.9 CVE-2021-0653MISC google — android In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675 2021-12-15 4.9 CVE-2021-0704MISC google — android In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-180747689 2021-12-15 4.7 CVE-2021-0931MISC google — android In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user’s contacts with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-195748381 2021-12-15 4.7 CVE-2021-0952MISC google — android In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-183411279 2021-12-15 4.7 CVE-2021-1038MISC google — android In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195630721 2021-12-15 4.6 CVE-2021-0922MISC google — android In phNxpNHal_DtaUpdate of phNxpNciHal_dta.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183487770 2021-12-15 4.6 CVE-2021-0977MISC google — android In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192475653 2021-12-15 4.6 CVE-2021-0984MISC google — android In onCreate of AllowBindAppWidgetActivity.java, there is a possible bypass of user interaction requirements due to unclear UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-184676316 2021-12-15 4.4 CVE-2021-0769MISC google — android In getOffsetBeforeAfter of TextLine.java, there is a possible denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193849901 2021-12-15 4.3 CVE-2021-0993MISC google — android In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190403923 2021-12-15 4.6 CVE-2021-0985MISC google — android In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-199680600 2021-12-15 4.3 CVE-2021-0976MISC google — android In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-188893559 2021-12-15 4.3 CVE-2021-0971MISC google — android In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-196858999 2021-12-15 4.6 CVE-2021-0999MISC google — android In onEventReceived of EventResultPersister.java, there is a possible intent redirection due to a confused deputy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191283525 2021-12-15 4.6 CVE-2021-1024MISC google — android In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193033243 2021-12-15 4.6 CVE-2021-1027MISC google — android In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel 2021-12-15 6.9 CVE-2021-0920MISCMLIST google — android In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034677 2021-12-15 4.6 CVE-2021-1029MISC google — android In getTitle of AccessPoint.java, there is a possible unhandled exception due to a missing null check. This could lead to remote denial of service if a proximal Wi-Fi AP provides invalid information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-199922685 2021-12-15 4.3 CVE-2021-0969MISC google — android In snoozeNotificationInt of NotificationManagerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031703 2021-12-15 4.4 CVE-2021-1021MISC google — android In snoozeNotification of NotificationListenerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195111725 2021-12-15 4.4 CVE-2021-1020MISC google — android In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion due to a misleading user consent dialog. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031401 2021-12-15 4.4 CVE-2021-1019MISC google — android In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-167403112 2021-12-15 6.9 CVE-2021-0434MISC google — android In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034683 2021-12-15 4.6 CVE-2021-1028MISC google — android In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a possible Bluetooth service crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180420059 2021-12-15 5 CVE-2021-1022MISC google — android Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A 2021-12-15 5 CVE-2021-39646MISC google — android In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197868577 2021-12-15 6.8 CVE-2021-0968MISC google — android In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user’s consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194300867 2021-12-15 5.8 CVE-2021-0965MISC grafana — grafana Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text. 2021-12-10 4 CVE-2021-43813MISCMISCCONFIRMMISCMISCMISCMLIST h2database — h2 The package com.h2database:h2 from 0 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability. 2021-12-10 6.4 CVE-2021-23463CONFIRMCONFIRMCONFIRMCONFIRM h5p-css-editor_project — h5p-css-editor The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the ~/h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. 2021-12-14 4.3 CVE-2021-39318MISCMISC hashicorp — consul HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace. 2021-12-12 6.5 CVE-2021-41805MISCMISC hd-network_real-time_monitoring_system_project — hd-network_real-time_monitoring_system HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter. 2021-12-15 5 CVE-2021-45043MISCMISC hp — storeserv_management_console A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1. 2021-12-10 6.5 CVE-2021-29214MISC htaccess-redirect_project — htaccess-redirect The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the link parameter found in the ~/htaccess-redirect.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.3.1. 2021-12-14 4.3 CVE-2021-38361MISCMISC huawei — cloudengine_7800_firmware There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust. 2021-12-13 5 CVE-2021-40008MISC huawei — ecns280_td_firmware There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure. 2021-12-13 4 CVE-2021-40007MISC huntflow — huntflow_enterprise An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching for the “isLdap” JavaScript parameter in the HTML source code. 2021-12-10 5 CVE-2021-37935MISC huntflow — huntflow_enterprise Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing. 2021-12-10 5 CVE-2021-37934MISC ibm — i2_analysts_notebook IBM i2 Analyst’s Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439. 2021-12-13 4.6 CVE-2021-39049CONFIRMXF ibm — i2_analysts_notebook IBM i2 Analyst’s Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440. 2021-12-13 4.6 CVE-2021-39050CONFIRMXF ibm — mq_for_hpe_nonstop IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404. 2021-12-14 4.4 CVE-2021-38950CONFIRMXF ibm — powervm_hypervisor IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894. 2021-12-10 6.8 CVE-2021-38937XFCONFIRM ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID: 214957. 2021-12-13 5 CVE-2021-39064CONFIRMXF ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 214617. 2021-12-13 5 CVE-2021-39058CONFIRMXF ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin Console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 214524. 2021-12-13 5 CVE-2021-39053XFCONFIRM ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242. 2021-12-13 5 CVE-2021-38947CONFIRMXF ibm — spectrum_protect_plus IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956. 2021-12-13 6.4 CVE-2021-39063CONFIRMXF ibm — spectrum_protect_plus The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046. 2021-12-13 4.3 CVE-2020-4496CONFIRMXF ibm — spectrum_protect_plus IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616. 2021-12-13 5.5 CVE-2021-39057CONFIRMXF improved_include_page_project — improved_include_page The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to. 2021-12-13 4 CVE-2021-24845MISC jackalope_doctrine-dbal_project — jackalope_doctrine-dbal Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API (PHPCR) using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible, you can escape all places where `$property` is used to filter `sv:name` in the class `Jackalope\Transport\DoctrineDBAL\Query\QOMWalker`: `XPath::escape($property)`. Node names and xpaths can contain `”` or `;` according to the JCR specification. The jackalope component that translates the query object model into doctrine dbal queries does not properly escape the names and paths, so that a accordingly crafted node name can lead to an SQL injection. If queries are never done from user input, or if you validate the user input to not contain `;`, you are not affected. 2021-12-13 6.8 CVE-2021-43822MISCCONFIRM kyma-project — kyma Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. 2021-12-14 6.5 CVE-2021-38182MISCMISC likebtn — like_button_rating The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog. 2021-12-13 6 CVE-2021-24945MISC link-list-manager_project — link-list-manager The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the ~/llm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. 2021-12-14 4.3 CVE-2021-39311MISCMISC linuxfoundation — besu Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart contracts that ask for shifts between approximately 2 billion and 4 billion bits (nonsensical but valid values for the operation) will fail to execute and hence fail to validate. In networks where vulnerable versions are mining with other clients or non-vulnerable versions this will result in a fork and the relevant transactions will not be included in the fork. In networks where vulnerable versions are not mining (such as Rinkeby) no fork will result and the validator nodes will stop accepting blocks. In networks where only vulnerable versions are mining the relevant transaction will not be included in any blocks. When the network adds a non-vulnerable version the network will act as in the first case. Besu 21.10.2 contains a patch for this issue. Besu 21.7.4 is not vulnerable and clients can roll back to that version. There is a workaround available: Once a transaction with the relevant shift operations is included in the canonical chain, the only remediation is to make sure all nodes are on non-vulnerable versions. 2021-12-13 5 CVE-2021-41272CONFIRMMISCMISC lxml — lxml lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. 2021-12-13 6.8 CVE-2021-43818MISCMISCCONFIRMMISC lycheeorganisation — lychee Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user. 2021-12-15 4.3 CVE-2021-43675MISCMISCMISC magic-post-voice_project — magic-post-voice The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the ~/inc/admin/main.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. 2021-12-14 4.3 CVE-2021-39315MISCMISC mercurius_project — mercurius Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to `/graphql` unless they are using a custom error handler. The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2. As a workaround users may use a custom error handler. 2021-12-13 5 CVE-2021-43801MISCCONFIRMMISC microsoft — hevc_video_extensions HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40452, CVE-2021-40453. 2021-12-15 6.8 CVE-2021-41360MISC microsoft — hevc_video_extensions HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40453, CVE-2021-41360. 2021-12-15 6.8 CVE-2021-40452MISC microsoft — hevc_video_extensions HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40452, CVE-2021-41360. 2021-12-15 6.8 CVE-2021-40453MISC mruby — mruby mruby is vulnerable to NULL Pointer Dereference 2021-12-15 5 CVE-2021-4110CONFIRMMISC nodejs — node.js Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue. 2021-12-10 4.3 CVE-2021-43803MISCMISCMISCMISCCONFIRM openwhyd — openwhyd openwhyd is vulnerable to URL Redirection to Untrusted Site 2021-12-10 5.8 CVE-2021-3829CONFIRMMISC page\/post_content_shortcode_project — page\/post_content_shortcode The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors. 2021-12-13 4 CVE-2021-24819MISC patrowl — patrowlmanager PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/<owner_id>/<tmp_file> In that, owner_id is predictable and tmp_file is in format of import_<ownder_id>_<time_created>, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files This vulnerability is capable of allowing unlogged in users to download all finding imports file. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds. 2021-12-14 5 CVE-2021-43828CONFIRMMISC patrowl — patrowlmanager PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and potentially other forms of code injection. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds for this issue. 2021-12-14 6.5 CVE-2021-43829CONFIRMMISCMISC perl — comprehensive_perl_archive_network CPAN 2.28 allows Signature Verification Bypass. 2021-12-13 6.8 CVE-2020-16156MISCMISCMISC phoeniixx — filter_portfolio_gallery The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery (CSRF) check when deleting a Gallery, which could allow attackers to make a logged in admin delete arbitrary Gallery. 2021-12-13 4.3 CVE-2021-24795MISC phpservermonitor — php_server_monitor phpservermon is vulnerable to Improper Neutralization of CRLF Sequences 2021-12-12 5.8 CVE-2021-4097MISCCONFIRM pimcore — pimcore pimcore is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-10 4.3 CVE-2021-4082MISCCONFIRM pimcore — pimcore pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-10 4.3 CVE-2021-4084CONFIRMMISC piwigo — piwigo A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location. 2021-12-14 4.3 CVE-2021-40882MISC pluck-cms — pluck Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password. 2021-12-10 5 CVE-2021-31745MISC pluck-cms — pluck Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks. 2021-12-10 5.8 CVE-2021-31747MISC plugins360 — all-in-one_video_gallery The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue 2021-12-13 6.5 CVE-2021-24970MISC profilepress — user_registration\,_login_form\,_user_profile_\&_membership The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppress_cc_data parameter before outputting it back in an attribute of an admin dashboard page, leading to a Reflected Cross-Site Scripting issue 2021-12-13 4.3 CVE-2021-24954CONFIRMMISC profilepress — user_registration\,_login_form\,_user_profile_\&_membership The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not escape the data parameter of the pp_get_forms_by_builder_type AJAX action before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue 2021-12-13 4.3 CVE-2021-24955CONFIRMMISC quotes_collection_project — quotes_collection The Quotes Collection WordPress plugin through 2.5.2 does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection 2021-12-13 6.5 CVE-2021-24861MISC registrationmagic — registrationmagic The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plugin. This affects versions equal to, and less than, 5.0.1.7. 2021-12-14 6.8 CVE-2021-4073MISCMISCMISC reprisesoftware — reprise_license_manager An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g., /goforms/menu) and saving the name of the cookie sent with the response. The attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit. 2021-12-13 5 CVE-2021-44151MISCMISC reprisesoftware — reprise_license_manager An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users. 2021-12-13 5 CVE-2021-44155MISCMISC reprisesoftware — reprise_license_manager An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/edit_opt, which will then be triggered when running the diagnostics (via /goform/diagnostics_doit), resulting in a buffer overflow. 2021-12-13 6.5 CVE-2021-44154MISCMISC sap — 3d_visual_enterprise_viewer When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application 2021-12-14 4.3 CVE-2021-42070MISCMISC sap — 3d_visual_enterprise_viewer When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application 2021-12-14 4.3 CVE-2021-42069MISCMISC sap — 3d_visual_enterprise_viewer When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-12-14 4.3 CVE-2021-42068MISCMISC sap — commerce If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized “in” clause, SAP Commerce – versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the parameterized “in” clause accepts more than 1000 values. 2021-12-14 6.8 CVE-2021-42064MISCMISC sap — knowledge_warehouse A security vulnerability has been discovered in the SAP Knowledge Warehouse – versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data. 2021-12-14 4.3 CVE-2021-42063MISCMISC siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition. 2021-12-14 4.3 CVE-2021-44007CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. 2021-12-14 4.3 CVE-2021-44004CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition. 2021-12-14 4.3 CVE-2021-44003CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Image.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted TIF files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15111) 2021-12-14 4.3 CVE-2021-44017CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. 2021-12-14 4.3 CVE-2021-44008CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. 2021-12-14 4.3 CVE-2021-44009CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. 2021-12-14 4.3 CVE-2021-44010CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer while parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15101) 2021-12-14 4.3 CVE-2021-44011CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14974) 2021-12-14 6.8 CVE-2021-44001CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15102) 2021-12-14 4.3 CVE-2021-44012CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The VCRUNTIME140.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted CGM files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15109) 2021-12-14 4.3 CVE-2021-44015CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058) 2021-12-14 6.8 CVE-2021-44002CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process. 2021-12-14 6.8 CVE-2021-44005CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process. 2021-12-14 6.8 CVE-2021-44006CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15103) 2021-12-14 6.8 CVE-2021-44013CONFIRM siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057) 2021-12-14 6.8 CVE-2021-44014CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14845) 2021-12-14 6.8 CVE-2021-44432CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14829) 2021-12-14 6.8 CVE-2021-44430CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14907) 2021-12-14 6.8 CVE-2021-44438CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14906) 2021-12-14 6.8 CVE-2021-44437CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14902, ZDI-CAN-14866) 2021-12-14 6.8 CVE-2021-44434CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14841) 2021-12-14 4.3 CVE-2021-44431CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14905) 2021-12-14 4.3 CVE-2021-44436CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15052) 2021-12-14 4.3 CVE-2021-44444CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14843, ZDI-CAN-15051) 2021-12-14 4.3 CVE-2021-44448CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14908) 2021-12-14 6.8 CVE-2021-44439CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14903) 2021-12-14 6.8 CVE-2021-44435CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14900) 2021-12-14 6.8 CVE-2021-44433CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14995) 2021-12-14 6.8 CVE-2021-44442CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to memory corruption condition while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14912) 2021-12-14 6.8 CVE-2021-44440CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14911) 2021-12-14 6.8 CVE-2021-44447CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14913) 2021-12-14 6.8 CVE-2021-44441CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15039) 2021-12-14 6.8 CVE-2021-44443CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15054) 2021-12-14 6.8 CVE-2021-44445CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15055, ZDI-CAN-14915, ZDI-CAN-14865) 2021-12-14 6.8 CVE-2021-44450CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14828, ZDI-CAN-14898) 2021-12-14 6.8 CVE-2021-44446CONFIRM siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830) 2021-12-14 6.8 CVE-2021-44449CONFIRM siemens — sipass_integrated A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. 2021-12-14 5 CVE-2021-44522CONFIRMCONFIRM siemens — sipass_integrated A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries. 2021-12-14 6.4 CVE-2021-44523CONFIRMCONFIRM siemens — teamcenter_active_workspace A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All versions < V5.2.3). The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights. 2021-12-14 6.5 CVE-2021-41547CONFIRM single_post_exporter_project — single_post_exporter The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL 2021-12-13 4.3 CVE-2021-24780MISC snipeitapp — snipe-it snipe-it is vulnerable to Improper Access Control 2021-12-10 4 CVE-2021-4089CONFIRMMISC socomec — remote_view_pro_firmware An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenticated attacker can bypass a client-side file-type check and upload arbitrary .php files. 2021-12-15 6.5 CVE-2021-41870MISCMISC sourcegraph — sourcegraph Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A successful attack would require an authenticated bad actor to create many Saved Searches or Code Monitors to receive confirmation that a specific string exists. This could allow an attacker to guess formatted tokens in source code, such as API keys. This issue was patched in version 3.33.2 and any future versions of Sourcegraph. We strongly encourage upgrading to secure versions. If you are unable to, you may disable Saved Searches and Code Monitors. 2021-12-13 4 CVE-2021-43823CONFIRMMISC storeapps — temporary_login_without_password The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them 2021-12-13 4 CVE-2021-24836MISC sysaid — application_programming_interface Sysaid API User Enumeration – Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server. 2021-12-14 5 CVE-2021-36721CERT taogogo — taocms taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. 2021-12-14 6.4 CVE-2021-45015MISC trueranker — true_ranker The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file. 2021-12-14 5 CVE-2021-39312MISCMISC unisys — cargo_mobile Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False. 2021-12-14 4.3 CVE-2021-43388MISC user_meta_shortcodes_project — user_meta_shortcodes The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes 2021-12-13 4 CVE-2021-24859MISC verint — workforce_optimization Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter. 2021-12-15 4.3 CVE-2021-36450MISCMISCMISC wanderlust-webdesign — woo-enviopack The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the ~/includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. 2021-12-14 4.3 CVE-2021-39314MISCMISC we-con — levistudiou WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code. 2021-12-13 6.8 CVE-2021-43983MISC webnus — modern_events_calendar_lite The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its mec_list_load_more AJAX call (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue 2021-12-13 4.3 CVE-2021-24925MISC windyroad — real_wysiwyg The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHP_SELF in the ~/real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2. 2021-12-14 4.3 CVE-2021-39310MISCMISC woo-myghpay-payment-gateway_project — woo-myghpay-payment-gateway The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the clientref parameter found in the ~/processresponse.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.0. 2021-12-14 4.3 CVE-2021-39308MISCMISC wp_admin_logo_changer_project — wp_admin_logo_changer The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin update them via a CSRF attack. 2021-12-13 4.3 CVE-2021-24784MISC wp_limits_project — wp_limits The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values 2021-12-13 4.3 CVE-2021-24818MISC wp_system_log_project — wp_system_log The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs. 2021-12-13 4.3 CVE-2021-24756MISC wpcloudplugins — lets-box Insufficient Input Validation in the search functionality of WordPress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. 2021-12-13 4.3 CVE-2021-42549CONFIRM wpcloudplugins — out-of-the-box Insufficient Input Validation in the search functionality of WordPress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. 2021-12-13 4.3 CVE-2021-42547CONFIRM wpcloudplugins — share-one-drive Insufficient Input Validation in the search functionality of WordPress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. 2021-12-13 4.3 CVE-2021-42548CONFIRM wpcloudplugins — use-your-drive Insufficient Input Validation in the search functionality of WordPress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. 2021-12-13 4.3 CVE-2021-42546CONFIRM wpeden — shiny_buttons The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template (wpbtn_save_template function hooked to the init action), nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored Cross-Site Scripting issues. 2021-12-13 4.3 CVE-2021-24792MISC yetiforce — yetiforce_customer_relationship_management yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-14 4.3 CVE-2021-4107CONFIRMMISC yetiforce — yetiforce_customer_relationship_management yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-11 4.3 CVE-2021-4092CONFIRMMISC yetiforce — yetiforce_customer_relationship_management yetiforcecrm is vulnerable to Business Logic Errors 2021-12-15 4 CVE-2021-4111CONFIRMMISC yetiforce — yetiforce_customer_relationship_management yetiforcecrm is vulnerable to Business Logic Errors 2021-12-15 4 CVE-2021-4117CONFIRMMISC zoom — meetings The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat’s “link preview” functionality. In versions prior to 5.7.3, if a user were to enable the chat’s “link preview” feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly. 2021-12-14 4 CVE-2021-34425MISC zzcms — zzcms Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php. 2021-12-13 4.3 CVE-2020-19042MISC Back to top   Low Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abantecart — abantecart An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload. 2021-12-14 3.5 CVE-2021-42051MISCMISC amd — epyc_7001_firmware A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM). 2021-12-10 3.6 CVE-2021-26340MISC apache — log4j It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. 2021-12-14 2.6 CVE-2021-45046MLISTMISCMISCCONFIRMCISCOMLISTCONFIRMCERT-VNCONFIRMDEBIANCONFIRMCONFIRMMLIST basixonline — nex-forms The NEX-Forms WordPress plugin through 7.9.4 does not escape some of its settings and form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-12-13 3.5 CVE-2021-24705MISC calderaforms — caldera_forms The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-12-13 3.5 CVE-2021-24896MISC comment_engine_pro_project — comment_engine_pro Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role. 2021-12-10 3.5 CVE-2021-36911CONFIRMMISC conva — fathom_analytics The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $site_id parameter found in the ~/fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 3.0.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. 2021-12-14 3.5 CVE-2021-41836MISCMISC display_post_metadata_project — display_post_metadata The Display Post Metadata WordPress plugin before 1.5.0 adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks 2021-12-13 3.5 CVE-2021-24855MISC dolibarr — dolibarr A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box. 2021-12-15 3.5 CVE-2021-42220MISCMISC fatcatapps — pixel_cat The Pixel Cat WordPress plugin before 2.6.3 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2021-12-13 3.5 CVE-2021-24972MISC flex_local_fonts_project — flex_local_fonts The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-12-13 3.5 CVE-2021-24782MISC get_custom_field_values_project — get_custom_field_values The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks 2021-12-13 3.5 CVE-2021-24871MISC gitlab — gitlab In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure. 2021-12-13 2.1 CVE-2021-39919MISCCONFIRM gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error. 2021-12-13 3.5 CVE-2021-39931MISCCONFIRMMISC google — android In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190619791 2021-12-15 2.1 CVE-2021-0987MISC google — android In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191954233 2021-12-15 2.1 CVE-2021-0988MISC google — android In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180104327 2021-12-15 1.9 CVE-2021-0992MISC google — android In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194105812 2021-12-15 2.1 CVE-2021-0989MISC google — android In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-185591180 2021-12-15 2.1 CVE-2021-0990MISC google — android In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193801134 2021-12-15 2.1 CVE-2021-0994MISC google — android In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197536547 2021-12-15 2.1 CVE-2021-0995MISC google — android In ‘ih264e_find_bskip_params()’ of ih264e_me.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193442575 2021-12-15 2.1 CVE-2021-0998MISC google — android In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191086488 2021-12-15 2.1 CVE-2021-0997MISC google — android In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197328178 2021-12-15 1.9 CVE-2021-0973MISC google — android In adjustStreamVolume of AudioService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194110891 2021-12-15 2.1 CVE-2021-1018MISC google — android In hasNamedWallpaper of WallpaperManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193800652 2021-12-15 2.1 CVE-2021-1025MISC google — android In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192245204 2021-12-15 2.1 CVE-2021-0983MISC google — android In startRanging of RttServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194798757 2021-12-15 2.1 CVE-2021-1026MISC google — android In setNotificationsShownFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194697001 2021-12-15 2.1 CVE-2021-1030MISC google — android In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-197336441 2021-12-15 1.9 CVE-2021-0919MISC google — android In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192247339 2021-12-15 2.1 CVE-2021-0986MISC google — android In nfaHciCallback of HciEventManager.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-181346545 2021-12-15 2.7 CVE-2021-0996MISC google — android In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192368508 2021-12-15 2.1 CVE-2021-0982MISC google — android In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199754277 2021-12-15 3.3 CVE-2021-0963MISC google — android In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191772737 2021-12-15 2.1 CVE-2021-0979MISC google — android In onCreate of RequestIgnoreBatteryOptimizations.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195963373 2021-12-15 1.9 CVE-2021-1023MISC google — android In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192587406 2021-12-15 2.1 CVE-2021-0978MISC google — android In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-181588752 2021-12-15 2.7 CVE-2021-0991MISC google — android In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-198346478 2021-12-15 2.1 CVE-2021-0966MISC grafana — grafana Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. 2021-12-10 3.5 CVE-2021-43815CONFIRMMISCMISCMISCMISCMLIST ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 214525. 2021-12-13 3.5 CVE-2021-39054XFCONFIRM ibm — spectrum_protect_backup-archive_client IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438. 2021-12-13 2.1 CVE-2021-39048XFCONFIRM ibm — spectrum_protect_operations_center IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610. 2021-12-13 2.1 CVE-2021-38901XFCONFIRM inspirational_quote_rotator_project — inspirational_quote_rotator The Inspirational Quote Rotator WordPress plugin through 1.0.0 does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the “Quotes list” even when the unfiltered_html capability is disallowed 2021-12-13 3.5 CVE-2021-24771MISC sap — business_one SAP Business One – version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application. 2021-12-14 3.5 CVE-2021-42066MISCMISC sap — businessobjects_business_intelligence_platform SAP BusinessObjects Business Intelligence Platform (Web Intelligence) – version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the “Quick Prompt” workflow. 2021-12-14 3.5 CVE-2021-42061MISCMISC siemens — simatic_easie_pcs_7_skill A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files. The affected file download function is disabled by default. 2021-12-14 3.5 CVE-2021-42022CONFIRM socomec — remote_view_pro_firmware An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper validation of input into the username field makes it possible to place a stored XSS payload. This is executed if an administrator views the System Event Log. 2021-12-15 3.5 CVE-2021-41871MISCMISC sofico — miles_rich_internet_application Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting (XSS). An attacker with access to a user account of the RIA IT or the Fleet role can create a crafted work order in the damage reports section (or change existing work orders). The XSS payload is in the work order number. 2021-12-15 3.5 CVE-2021-41557MISCMISC thruk — thruk Thruk 2.40-2 allows stored XSS. 2021-12-15 3.5 CVE-2021-35490MISCMISC ultimate_nofollow_project — ultimate_nofollow The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks 2021-12-13 3.5 CVE-2021-24817MISC variation_swatches_for_woocommerce_project — variation_swatches_for_woocommerce The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability. 2021-12-14 3.5 CVE-2021-42367MISCMISC yetiforce — yetiforce_customer_relationship_management yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-15 3.5 CVE-2021-4116MISCCONFIRM Back to top   Severity Not Yet Assigned Primary Vendor — Product Description Published CVSS Score Source & Patch Info N/A — N/A   pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. 2021-12-16 not yet calculated CVE-2021-45095MISCMISC addons-ssh — addons-ssh   ** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against complex social engineering situations. 2021-12-16 not yet calculated CVE-2021-45099MISCMISC ajaxsoundstudio — ajaxsoundstudio   Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name. 2021-12-17 not yet calculated CVE-2021-41499MISC alac_decoder — alac_decoder   In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237. 2021-12-17 not yet calculated CVE-2021-0674MISC anchor — cms   Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations. 2021-12-15 not yet calculated CVE-2021-44116MISC anonaddy — anonaddy   A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. 2021-12-15 not yet calculated CVE-2021-42216MISCMISCMISC apache — log4j2   Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3. 2021-12-18 not yet calculated CVE-2021-45105MISCCONFIRMMLISTDEBIANMISCCISCO apache — nifi   In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information. 2021-12-17 not yet calculated CVE-2021-44145MISCMLIST apache — sling_commons_messaging_mail   Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of “man in the middle” attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. Apache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default. – https://javaee.github.io/javamail/docs/SSLNOTES.txt – https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html – https://github.com/eclipse-ee4j/mail/issues/429 2021-12-14 not yet calculated CVE-2021-44549MISC apple — ios   GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass. 2021-12-16 not yet calculated CVE-2021-3179MISCMISCMISC apple — ios   An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar. 2021-12-16 not yet calculated CVE-2021-40835MISCMISC apusys — apusys   In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05670549. 2021-12-17 not yet calculated CVE-2021-0897MISC apusys — apusys   In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656488. 2021-12-17 not yet calculated CVE-2021-0903MISC apusys — apusys   In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656484. 2021-12-17 not yet calculated CVE-2021-0902MISC apusys — apusys   In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618. 2021-12-17 not yet calculated CVE-2021-0901MISC apusys — apusys   In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672055. 2021-12-17 not yet calculated CVE-2021-0900MISC apusys — apusys   In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672059. 2021-12-17 not yet calculated CVE-2021-0899MISC apusys — apusys   In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672071. 2021-12-17 not yet calculated CVE-2021-0898MISC apusys — apusys   In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05722511. 2021-12-17 not yet calculated CVE-2021-0678MISC apusys — apusys   In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781. 2021-12-17 not yet calculated CVE-2021-0679MISC apusys — apusys   In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474. 2021-12-17 not yet calculated CVE-2021-0893MISC apusys — apusys   In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672038. 2021-12-17 not yet calculated CVE-2021-0894MISC apusys — apusys   In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672003. 2021-12-17 not yet calculated CVE-2021-0895MISC apusys — apusys   In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05671206. 2021-12-17 not yet calculated CVE-2021-0896MISC atomix — atomix   An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node. 2021-12-16 not yet calculated CVE-2020-35213MISC atomix — atomix   An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations. 2021-12-16 not yet calculated CVE-2020-35214MISC atomix — atomix   An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information. 2021-12-16 not yet calculated CVE-2020-35209MISC atomix — atomix   A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages. 2021-12-16 not yet calculated CVE-2020-35210MISC atomix — atomix   An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext. 2021-12-16 not yet calculated CVE-2020-35211MISC atomix — atomix   An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states. 2021-12-16 not yet calculated CVE-2020-35215MISC atomix — atomix   An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages. 2021-12-16 not yet calculated CVE-2020-35216MISC audio_aurisys_hal — audio_aurisys_hal   In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326. 2021-12-17 not yet calculated CVE-2021-0673MISC auth0 — auth0   The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2021-12-16 not yet calculated CVE-2021-43812MISCCONFIRM bitdefender — endpoint_security_tools   A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272 2021-12-16 not yet calculated CVE-2021-3959MISC bitdefender — gravityzone   Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272 2021-12-16 not yet calculated CVE-2021-3960MISC bookstack — bookstack   bookstack is vulnerable to Improper Access Control 2021-12-15 not yet calculated CVE-2021-4119MISCCONFIRM bus_pass_management_system — bus_pass_management_system In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. 2021-12-16 not yet calculated CVE-2021-44315MISCMISC bus_pass_management_system — bus_pass_management_system In Bus Pass Management System v1.0, parameters ‘pagedes’ and `About Us` are affected with a Stored Cross-site scripting vulnerability. 2021-12-16 not yet calculated CVE-2021-44317MISCMISC catfish — catfish   Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via a Google search in url:/catfishcms/index.php/admin/Index/addmenu.htmland then the .html file on the website that uses this editor (the file suffix is allowed). 2021-12-15 not yet calculated CVE-2021-45018MISC catfish — catfish   Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as your malicious url address in the Add Menu column. 2021-12-15 not yet calculated CVE-2021-45017MISC cbioportal — cbioportal   A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json. 2021-12-16 not yet calculated CVE-2021-38244MISCMISC ccu_driver — ccu_driver   In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827154; Issue ID: ALPS05827154. 2021-12-17 not yet calculated CVE-2021-0677MISC convos-chat — convos-chat   A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before 6.32. 2021-12-17 not yet calculated CVE-2021-42584MISCMISCMISC cvxopt — cvxopt   Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects. 2021-12-17 not yet calculated CVE-2021-41500MISC discourse — discourse   discourse-footnote is a library providing footnotes for posts in Discourse. ### Impact When posting an inline footnote wrapped in `<a>` tags (e.g. `<a>^[footnote]</a>`, the resulting rendered HTML would include a nested `<a>`, which is stripped by Nokogiri because it is not valid. This then caused a javascript error on topic pages because we were looking for an `<a>` element inside the footnote reference span and getting its ID, and because it did not exist we got a null reference error in javascript. Users are advised to update to version 0.2. As a workaround editing offending posts from the rails console or the database console for self-hosters, or disabling the plugin in the admin panel can mitigate this issue. 2021-12-14 not yet calculated CVE-2021-43827MISCCONFIRM dojo — dojo   All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. 2021-12-17 not yet calculated CVE-2021-23450CONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRM dojo — dojo   All versions of package http-server-node are vulnerable to Directory Traversal via use of –path-as-is. 2021-12-17 not yet calculated CVE-2021-23797CONFIRM elabftw — elabftw   eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows any authenticated user to gain access to arbitrary accounts by setting a specially crafted email address. This vulnerability impacts all instances that have not set an explicit email domain name allowlist. Note that whereas neither administrators nor targeted users are notified of a change, an attacker will need to control an account. The default settings require administrators to validate newly created accounts. The problem has been patched. Users should upgrade to at least version 4.2.0. For users unable to upgrade enabling an email domain allow list (from Sysconfig panel, Security tab) will completely resolve the issue. 2021-12-16 not yet calculated CVE-2021-43833CONFIRMMISC elabftw — elabftw   eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the (default) local password mechanism. Users should upgrade to at least version 4.2.0. 2021-12-16 not yet calculated CVE-2021-43834MISCCONFIRM fatpipe_network — fatpipe_warp_ipvpn_and_mpvpn_software   A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005. 2021-12-15 not yet calculated CVE-2021-27859CONFIRMMISCMISC fatpipe_network — fatpipe_warp_ipvpn_and_mpvpn_software   A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL “/fpui/jsp/index.jsp” leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004. 2021-12-15 not yet calculated CVE-2021-27858CONFIRMMISCMISC fatpipe_network — fatpipe_warp_ipvpn_and_mpvpn_software   A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003. 2021-12-15 not yet calculated CVE-2021-27857MISCCONFIRMMISC fatpipe_network — fatpipe_warp_ipvpn_and_mpvpn_software   FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named “cmuser” that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002. 2021-12-15 not yet calculated CVE-2021-27856MISCCONFIRMMISC fatpipe_network — fatpipe_warp_ipvpn_and_mpvpn_software   FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001. 2021-12-15 not yet calculated CVE-2021-27855MISCMISCCONFIRM fiberhome — onu_gpon_an5506   FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon. 2021-12-16 not yet calculated CVE-2021-42912MISCMISCMISC fortiguard — forticlientems   A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol. 2021-12-16 not yet calculated CVE-2021-41028CONFIRM ftpshell — ftpshell   A buffer overflow vulnerability in the Virtual Path Mapping component of FTPShell v6.83 allows attackers to cause a denial of service (DoS). 2021-12-17 not yet calculated CVE-2020-18077MISC galette — galette   Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with “member” privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds. 2021-12-16 not yet calculated CVE-2021-41262MISCCONFIRM galette — galette   Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been resolved in the 0.9.6 release and all users are advised to upgrade. There are no known workarounds. 2021-12-16 not yet calculated CVE-2021-41261CONFIRMMISC galette — galette   Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue. 2021-12-16 not yet calculated CVE-2021-41260CONFIRMMISC geniezone_driver — geniezone_driver   In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009. 2021-12-17 not yet calculated CVE-2021-0676MISC gnu — binutils   stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. 2021-12-15 not yet calculated CVE-2021-45078MISCMISC google — android   In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible disclosure of freed kernel heap memory due to a use after free. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187851056References: N/A 2021-12-15 not yet calculated CVE-2021-1042MISC google — android   In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel 2021-12-15 not yet calculated CVE-2021-39648MISC google — android   In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857506 2021-12-15 not yet calculated CVE-2021-1003MISC google — android   In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194533433 2021-12-15 not yet calculated CVE-2021-1002MISC google — android   In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190435883 2021-12-15 not yet calculated CVE-2021-1001MISC google — android   In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196046570References: Upstream kernel 2021-12-15 not yet calculated CVE-2021-0961MISC google — android   In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel information due to uninitialized data. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-120612905References: Upstream kernel 2021-12-15 not yet calculated CVE-2021-39636MISC google — android   In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193579873References: N/A 2021-12-15 not yet calculated CVE-2021-39637MISC google — android   In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195607566References: N/A 2021-12-15 not yet calculated CVE-2021-39638MISC google — android   In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. This could lead to local escalation of privilege with physical access to device internals with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198291476References: N/A 2021-12-15 not yet calculated CVE-2021-39639MISC google — android   In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157294279References: N/A 2021-12-15 not yet calculated CVE-2021-39640MISC google — android   Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A 2021-12-15 not yet calculated CVE-2021-39641MISC google — android   In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195731663References: N/A 2021-12-15 not yet calculated CVE-2021-39642MISC google — android   In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195573629References: N/A 2021-12-15 not yet calculated CVE-2021-39643MISC google — android   In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible reinitialization of TEE due to improper locking. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198713939References: N/A 2021-12-15 not yet calculated CVE-2021-39647MISC google — android   In regmap_exit of regmap.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049006References: N/A 2021-12-15 not yet calculated CVE-2021-39649MISC google — android   In TBD of TBD, there is a possible downgrade attack due to under utilized anti-rollback protections. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194697257References: N/A 2021-12-15 not yet calculated CVE-2021-1043MISC google — android   In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-169763055References: N/A 2021-12-15 not yet calculated CVE-2021-39650MISC google — android   In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN confirmation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193438173References: N/A 2021-12-15 not yet calculated CVE-2021-39651MISC google — android   In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194499021References: N/A 2021-12-15 not yet calculated CVE-2021-39652MISC google — android   In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193443223References: N/A 2021-12-15 not yet calculated CVE-2021-39653MISC google — android   Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A 2021-12-15 not yet calculated CVE-2021-39655MISC google — android   In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel 2021-12-15 not yet calculated CVE-2021-39656MISC google — android   In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel 2021-12-15 not yet calculated CVE-2021-39657MISC google — android   In update of km_compat.cpp, there is a possible loss of potentially sensitive data due to a logic error in the code. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200041882 2021-12-15 not yet calculated CVE-2021-0958MISC google — android   In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532 2021-12-15 not yet calculated CVE-2021-0956MISC google — android   In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-192085766 2021-12-15 not yet calculated CVE-2021-0955MISC google — android   In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-143559931 2021-12-15 not yet calculated CVE-2021-0954MISC google — android   In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278 2021-12-15 not yet calculated CVE-2021-0953MISC google — android   In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-190286685 2021-12-15 not yet calculated CVE-2021-0650MISC google — android   In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197749180 2021-12-15 not yet calculated CVE-2021-1004MISC google — android   In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530889 2021-12-15 not yet calculated CVE-2021-1005MISC google — android   In several functions of DatabaseManager.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183961974 2021-12-15 not yet calculated CVE-2021-1006MISC google — android   In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186404356 2021-12-15 not yet calculated CVE-2021-1013MISC google — android   In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195570681References: N/A 2021-12-15 not yet calculated CVE-2021-1044MISC google — android   Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A 2021-12-15 not yet calculated CVE-2021-1045MISC google — android   In (TBD) of (TBD), there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182950799References: N/A 2021-12-15 not yet calculated CVE-2021-1041MISC google — android   In valid_ipc_dram_addr of cm_access_control.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197966306References: N/A 2021-12-15 not yet calculated CVE-2021-1047MISC google — android   In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel 2021-12-15 not yet calculated CVE-2021-1048MISC google — android   In onCreate of BluetoothPairingSelectionFragment.java, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182810085 2021-12-15 not yet calculated CVE-2021-1040MISC google — android   In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182808318 2021-12-15 not yet calculated CVE-2021-1039MISC google — android   In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine whether an app is installed, without querypermissions due to a missing permission check. This could lead to localinformation disclosure with no additional execution privileges needed. Userinteraction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193441322 2021-12-15 not yet calculated CVE-2021-1034MISC google — android   In getMimeGroup of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-184745603 2021-12-15 not yet calculated CVE-2021-1032MISC google — android   In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194697004 2021-12-15 not yet calculated CVE-2021-1031MISC google — android   In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530496 2021-12-15 not yet calculated CVE-2021-1015MISC google — android   In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186776740 2021-12-15 not yet calculated CVE-2021-1014MISC google — android   In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-182583850 2021-12-15 not yet calculated CVE-2021-1017MISC google — android   In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195412179 2021-12-15 not yet calculated CVE-2021-1012MISC google — android   In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189858128 2021-12-15 not yet calculated CVE-2021-1009MISC google — android   In btu_hcif_process_event of btu_hcif.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-167759047 2021-12-15 not yet calculated CVE-2021-1007MISC google — android   In setPackageStoppedState of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-188219307 2021-12-15 not yet calculated CVE-2021-1011MISC google — android   In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197327688 2021-12-15 not yet calculated CVE-2021-1008MISC google — android   In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195609074References: N/A 2021-12-15 not yet calculated CVE-2021-1046MISC google — android   In getSigningKeySet of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857801 2021-12-15 not yet calculated CVE-2021-1010MISC gradio — gradio   Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access any files on the host computer if they know the file names or file paths. This is limited only by the host operating system. Paths are opened in read only mode. The problem has been patched in gradio 2.5.0. 2021-12-15 not yet calculated CVE-2021-43831MISCCONFIRM hashicorp — vault_and_vault_enterprise   In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0. 2021-12-17 not yet calculated CVE-2021-45042MISCMISC hillrom — welch_allyn_cardio_products   The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges. 2021-12-15 not yet calculated CVE-2021-43935MISC htcondor — htcondor   An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow. 2021-12-16 not yet calculated CVE-2021-45102MISC htcondor — htcondor   An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users’ jobs and/or read their data. 2021-12-16 not yet calculated CVE-2021-45101MISC ibm — bmc_firmware   BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267. 2021-12-15 not yet calculated CVE-2021-29847CONFIRMXF ibm — business_automation_workflow   IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209165. 2021-12-17 not yet calculated CVE-2021-38883CONFIRMXF irfanview — irfanview   IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ReadXPM_W+0x0000000000000531. 2021-12-15 not yet calculated CVE-2020-23545MISCMISCMISC ivanti — workspace_control   Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity. 2021-12-15 not yet calculated CVE-2019-19138MISCMISC jflyfox — jfinal_cms   JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service. 2021-12-16 not yet calculated CVE-2021-37262MISC jsx-slack — jsx-slack   jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `<blockquote>` tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters. Users are advised to upgrade as soon as possible. 2021-12-17 not yet calculated CVE-2021-43838MISCCONFIRM knime — knime   KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator’s password in a file without appropriate file access controls, allowing all local users to read its content. 2021-12-16 not yet calculated CVE-2021-45097MISC knime — knime   KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. 2021-12-16 not yet calculated CVE-2021-45096MISCMISCMISC ksmbd — ksmbd   The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption. 2021-12-16 not yet calculated CVE-2021-45100MISCMISCMISC laravel-filemanager — laravel-filemanager   This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: – Install a package with a web Laravel application. – Navigate to the Upload window – Upload an image file, then capture the request – Edit the request contents with a malicious file (webshell) – Enter the path of file uploaded on URL – Remote Code Execution **Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories). 2021-12-17 not yet calculated CVE-2021-23814CONFIRMCONFIRM lattelatte — lattelatte   This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions. 2021-12-17 not yet calculated CVE-2021-23803CONFIRMCONFIRMCONFIRM limesurvey — limesurvey   Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI. 2021-12-14 not yet calculated CVE-2018-10228MISC listary — listary   An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim’s token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds). 2021-12-14 not yet calculated CVE-2021-41065MISCMISC listary — listary   An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will not ask for permissions again if a user tries to access files on the system from Listary itself (it will bypass UAC protection; there is no privilege validation of the current user that runs via Listary). 2021-12-14 not yet calculated CVE-2021-41066MISCMISC livehelperchat — livehelperchat   livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-18 not yet calculated CVE-2021-4131CONFIRMMISC livehelperchat — livehelperchat   livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-16 not yet calculated CVE-2021-4123MISCCONFIRM livehelperchat — livehelperchat   livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-17 not yet calculated CVE-2021-4132CONFIRMMISC logback — logback   In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. 2021-12-16 not yet calculated CVE-2021-42550MISCMISCCONFIRM matrix — libolm   The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver’s session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web. 2021-12-14 not yet calculated CVE-2021-44538MISCMISC mattermost — mattermost   Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post. 2021-12-17 not yet calculated CVE-2021-37863MISCMISC mattermost — mattermost   Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token. 2021-12-17 not yet calculated CVE-2021-37862MISCMISC mediawiki — mediawiki   An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn’t have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead. 2021-12-17 not yet calculated CVE-2021-44857CONFIRMMISC mediawiki — mediawiki   An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents. 2021-12-17 not yet calculated CVE-2021-45038CONFIRMMISC meetecho — janus-gateway   janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-16 not yet calculated CVE-2021-4124CONFIRMMISC message_bus — message_bus   message_bus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled (default off) are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user were to gain access to the diagnostic route. The impact is also greater if there is no proxy for your web application as the number of steps up the directories is not bounded. For deployments which uses a proxy, the impact varies. For example, If a request goes through a proxy like Nginx with `merge_slashes` enabled, the number of steps up the directories that can be read is limited to 3 levels. This issue has been patched in version 3.3.7. Users unable to upgrade should ensure that MessageBus::Diagnostics is disabled. 2021-12-17 not yet calculated CVE-2021-43840CONFIRMMISC microsoft — 4k_wireless_display_adapter   Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43899MISC microsoft — appx   Windows AppX Installer Spoofing Vulnerability 2021-12-15 not yet calculated CVE-2021-43890MISC microsoft — asp.net_core_and_visual_studio   ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43877MISC microsoft — biztalk_esb_toolkit   Microsoft BizTalk ESB Toolkit Spoofing Vulnerability 2021-12-15 not yet calculated CVE-2021-43892MISC microsoft — bot_framework_sdk   Bot Framework SDK Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43225MISC microsoft — defender   Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882. 2021-12-15 not yet calculated CVE-2021-43889MISC microsoft — defender   Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. 2021-12-15 not yet calculated CVE-2021-42311MISC microsoft — defender   Microsoft Defender for IoT Information Disclosure Vulnerability 2021-12-15 not yet calculated CVE-2021-43888MISC microsoft — defender   Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. 2021-12-15 not yet calculated CVE-2021-41365MISC microsoft — defender   Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43889. 2021-12-15 not yet calculated CVE-2021-43882MISC microsoft — defender   Microsoft Defender for IOT Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-42312MISC microsoft — defender   Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. 2021-12-15 not yet calculated CVE-2021-42310MISC microsoft — defender   Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. 2021-12-15 not yet calculated CVE-2021-42313MISC microsoft — defender   Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. 2021-12-15 not yet calculated CVE-2021-42314MISC microsoft — defender   Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-43882, CVE-2021-43889. 2021-12-15 not yet calculated CVE-2021-42315MISC microsoft — excel   Microsoft Excel Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43256MISC microsoft — jet_red_database_engine_and_access_connectivity_engine   Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-42293MISC microsoft — nfts   NTFS Set Short Name Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43240MISC microsoft — office   Visual Basic for Applications Information Disclosure Vulnerability 2021-12-15 not yet calculated CVE-2021-42295MISC microsoft — office   Microsoft Office Trust Center Spoofing Vulnerability 2021-12-15 not yet calculated CVE-2021-43255MISC microsoft — office   Microsoft Office Graphics Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43875MISC microsoft — office   Microsoft Office app Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43905MISC microsoft — powershell   Microsoft PowerShell Spoofing Vulnerability 2021-12-15 not yet calculated CVE-2021-43896MISC microsoft — sharepoint   Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42309. 2021-12-15 not yet calculated CVE-2021-42294MISC microsoft — sharepoint   Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42294. 2021-12-15 not yet calculated CVE-2021-42309MISC microsoft — sharepoint   Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242. 2021-12-15 not yet calculated CVE-2021-42320MISC microsoft — sharepoint_server   Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42320. 2021-12-15 not yet calculated CVE-2021-43242MISC microsoft — storage_spaces_controller   Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43235. 2021-12-15 not yet calculated CVE-2021-43227MISC microsoft — visual_studio   Visual Studio Code Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43891MISC microsoft — visual_studio   Visual Studio Code WSL Extension Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43907MISC microsoft — visual_studio   Visual Studio Code Spoofing Vulnerability 2021-12-15 not yet calculated CVE-2021-43908MISC microsoft — vp9_video_extensions   VP9 Video Extensions Information Disclosure Vulnerability 2021-12-15 not yet calculated CVE-2021-43243MISC microsoft — windows Remote Desktop Client Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43233MISC microsoft — windows   Windows Kernel Information Disclosure Vulnerability 2021-12-15 not yet calculated CVE-2021-43244MISC microsoft — windows   Windows TCP/IP Driver Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43247MISC microsoft — windows   Windows Installer Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43883MISC microsoft — windows   Windows Recovery Environment Agent Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43239MISC microsoft — windows   Windows Remote Access Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43238MISC microsoft — windows   Windows Setup Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43237MISC microsoft — windows   Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43222. 2021-12-15 not yet calculated CVE-2021-43236MISC microsoft — windows   Windows Fax Service Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43234MISC microsoft — windows   Windows Event Tracing Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43232MISC microsoft — windows   Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43230. 2021-12-15 not yet calculated CVE-2021-43231MISC microsoft — windows   Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43231. 2021-12-15 not yet calculated CVE-2021-43230MISC microsoft — windows   A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the “keybase git lfs-config” command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user’s Git repository could leverage this vulnerability to potentially execute arbitrary Windows commands on a user’s local system. 2021-12-14 not yet calculated CVE-2021-34426MISC microsoft — windows   Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43230, CVE-2021-43231. 2021-12-15 not yet calculated CVE-2021-43229MISC microsoft — windows   SymCrypt Denial of Service Vulnerability 2021-12-15 not yet calculated CVE-2021-43228MISC microsoft — windows   Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43207. 2021-12-15 not yet calculated CVE-2021-43226MISC microsoft — windows   Windows Common Log File System Driver Information Disclosure Vulnerability 2021-12-15 not yet calculated CVE-2021-43224MISC microsoft — windows   Windows Remote Access Connection Manager Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43223MISC microsoft — windows   Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43236. 2021-12-15 not yet calculated CVE-2021-43222MISC microsoft — windows   DirectX Graphics Kernel File Denial of Service Vulnerability 2021-12-15 not yet calculated CVE-2021-43219MISC microsoft — windows   Windows Encrypting File System (EFS) Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43217MISC microsoft — windows   Windows Media Center Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-40441MISC microsoft — windows   Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability 2021-12-15 not yet calculated CVE-2021-43216MISC microsoft — windows   iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution 2021-12-15 not yet calculated CVE-2021-43215MISC microsoft — windows   Web Media Extensions Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43214MISC microsoft — windows   Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43226. 2021-12-15 not yet calculated CVE-2021-43207MISC microsoft — windows   Windows Print Spooler Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-41333MISC microsoft — windows_device_management   Windows Mobile Device Management Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43880MISC microsoft — windows_digital_media_receiver   Windows Digital Media Receiver Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43248MISC microsoft — windows_digital_tv_tuner   Windows Digital TV Tuner Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43245MISC microsoft — windows_encrypting_file_system   Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43893MISC microsoft — windows_hyper-v   Windows Hyper-V Denial of Service Vulnerability 2021-12-15 not yet calculated CVE-2021-43246MISC mitsubishi_electric — gx_works2   Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file. 2021-12-17 not yet calculated CVE-2021-20608MISCMISCMISC mitsubishi_electric — gx_works2_melsoft_navigator_and_ezsocket   Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, MELSOFT Navigator all versions and EZSocket all versions allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker. 2021-12-17 not yet calculated CVE-2021-20606MISCMISCMISC mitsubishi_electric — gx_works2_melsoft_navigator_and_ezsocket   Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, MELSOFT Navigator all versions and EZSocket all versions allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker. 2021-12-17 not yet calculated CVE-2021-20607MISCMISCMISC mongodb — mongodb_servier   An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server v4.4 versions prior to 4.4.6. 2021-12-15 not yet calculated CVE-2021-20330MISC motorola_solutions — avigilon_devices   Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180. 2021-12-15 not yet calculated CVE-2021-38701CONFIRMMISC numpy — numpy   Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. 2021-12-17 not yet calculated CVE-2021-41495MISC numpy — numpy   Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. 2021-12-17 not yet calculated CVE-2021-41496MISC numpy — numpy   Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects. 2021-12-17 not yet calculated CVE-2021-34141MISC numpy — numpy   A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. 2021-12-17 not yet calculated CVE-2021-33430MISC opencast — opencast   Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE requests. This bypasses restrictions otherwise put on these types of requests and aids in cross-site request forgery (CSRF) attacks, which would otherwise not be possible. The vulnerability allows attackers to craft links or forms which may change the server state. This issue is fixed in Opencast 9.10 and 10.0. You can mitigate the problem by setting the `SameSite=Strict` attribute for your cookies. If this is a viable option for you depends on your integrations. We strongly recommend updating in any case. 2021-12-14 not yet calculated CVE-2021-43807CONFIRMMISCMISC opencast — opencast   Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast’s host machines and making them available via the web interface. Before Opencast 9.10 and 10.6, Opencast would open and include local files during ingests. Attackers could exploit this to include most local files the process has read access to, extracting secrets from the host machine. An attacker would need to have the privileges required to add new media to exploit this. But these are often widely given. The issue has been fixed in Opencast 10.6 and 11.0. You can mitigate this issue by narrowing down the read access Opencast has to files on the file system using UNIX permissions or mandatory access control systems like SELinux. This cannot prevent access to files Opencast needs to read though and we highly recommend updating. 2021-12-14 not yet calculated CVE-2021-43821CONFIRMMISCMISCMISC openemr — openemr   An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI. 2021-12-17 not yet calculated CVE-2021-41843MISCMISCMISCFULLDISC openssl — libssl   Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). 2021-12-14 not yet calculated CVE-2021-4044CONFIRMCONFIRM opf — openproject   OpenProject is a web-based project management software. OpenProject versions >= 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the “Edit budgets” permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in the `reassign_to_id` parameter. The vulnerability has been fixed in version 12.0.4. Versions prior to 12.0.0 are not affected. If you’re upgrading from an older version, ensure you are upgrading to at least version 12.0.4. If you are unable to upgrade in a timely fashion, the following patch can be applied: https://github.com/opf/openproject/pull/9983.patch 2021-12-14 not yet calculated CVE-2021-43830MISCMISCMISCCONFIRM owncast — owncast   Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-src is required to be set to blob for the video player. 2021-12-14 not yet calculated CVE-2021-39183CONFIRM parallels — remote_application_server   Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password. 2021-12-17 not yet calculated CVE-2020-8968CONFIRM peopledoc– vault-cli   vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix `!template!`, vault-cli interprets the rest of the contents of the secret as a Jinja2 template. Jinja2 is a powerful templating engine and is not designed to safely render arbitrary templates. An attacker controlling a jinja2 template rendered on a machine can trigger arbitrary code, making this a Remote Code Execution (RCE) risk. If the content of the vault can be completely trusted, then this is not a problem. Otherwise, if your threat model includes cases where an attacker can manipulate a secret value read from the vault using vault-cli, then this vulnerability may impact you. In 3.0.0, the code related to interpreting vault templated secrets has been removed entirely. Users are advised to upgrade as soon as possible. For users unable to upgrade a workaround does exist. Using the environment variable `VAULT_CLI_RENDER=false` or the flag `–no-render` (placed between `vault-cli` and the subcommand, e.g. `vault-cli –no-render get-all`) or adding `render: false` to the vault-cli configuration yaml file disables rendering and removes the vulnerability. Using the python library, you can use: `vault_cli.get_client(render=False)` when creating your client to get a client that will not render templated secrets and thus operates securely. 2021-12-16 not yet calculated CVE-2021-43837MISCMISCCONFIRM phpgurukul — phpgurukul   Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary account. 2021-12-16 not yet calculated CVE-2021-26800MISCMISC pyo_&it — pyo_&it   Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name. 2021-12-17 not yet calculated CVE-2021-41498MISC rapid7 — insight_agent   Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at “C:\DLLs\python3.dll,” which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent’s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629. 2021-12-14 not yet calculated CVE-2021-4007MISCCONFIRM rare-technologies — bounter Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash bucket. 2021-12-17 not yet calculated CVE-2021-41497MISC rizinorg — rizin   Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade. 2021-12-13 not yet calculated CVE-2021-43814MISCCONFIRMMISC sap — grc_access_control   SAP GRC Access Control – versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges. 2021-12-14 not yet calculated CVE-2021-44233MISCMISC sap — saf-t_framework_transaction_saftn_g   SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server. 2021-12-14 not yet calculated CVE-2021-44232MISCMISC seafile — seafile   Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn’t check whether it’s associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue. 2021-12-14 not yet calculated CVE-2021-43820CONFIRMMISC securitashome — home_alarm_system   An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. This lets an adversary, among other things, disarm an armed system. 2021-12-15 not yet calculated CVE-2021-40170MISCCONFIRM securitashome — home_alarm_system   The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system. 2021-12-15 not yet calculated CVE-2021-40171MISCMISC semcms — semcms   A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account’s password. 2021-12-17 not yet calculated CVE-2020-18078MISC semcms — semcms   The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query. 2021-12-17 not yet calculated CVE-2020-18081MISC sick — sopas_et   SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable. 2021-12-17 not yet calculated CVE-2021-32499MISC sick — sopas_et   SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator 2021-12-17 not yet calculated CVE-2021-32498MISC sick — sopas_et   SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks. 2021-12-17 not yet calculated CVE-2021-32497MISC siemens — modelsim_simulation_and_questa_simulation   A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property (IP) data in accordance with the IEEE 1735 recommended practice. This could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE 1735 recommended practice. 2021-12-14 not yet calculated CVE-2021-42023CONFIRM siemens — simcenter_star-ccm+_viewer   A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < 2021.3.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. 2021-12-14 not yet calculated CVE-2021-42024CONFIRM siemens — sinumerik_edge   A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server. 2021-12-14 not yet calculated CVE-2021-42027CONFIRM snipe-it — snipe-it   snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-18 not yet calculated CVE-2021-4130CONFIRMMISC snipe-it — snipe-it   snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-14 not yet calculated CVE-2021-4108MISCCONFIRM sourcecodester_vehice_service_management_system — sourcecodester_vehice_service_management_system   Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Owner fullname parameter in a Send Service Request in vehicle_service. 2021-12-16 not yet calculated CVE-2021-41962MISC stackstorm — stackstorm   In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to backwards compatibility. Stackstorm now sets sandboxed mode for jinja by default. 2021-12-15 not yet calculated CVE-2021-44657MISCMISCMISCMISC sulu — sulu   Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language. 2021-12-15 not yet calculated CVE-2021-43836CONFIRMMISC sulu — sulu   Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually. 2021-12-15 not yet calculated CVE-2021-43835CONFIRMMISC suricata — suricata   An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it’s possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client’s request. These packets will not trigger a Suricata reject action. 2021-12-16 not yet calculated CVE-2021-45098MISCMISCMISCMISC suse — longhorn   A Improper Access Control vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3. 2021-12-17 not yet calculated CVE-2021-36779CONFIRMCONFIRM suse — longhorn   A Improper Access Control vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3v. 2021-12-17 not yet calculated CVE-2021-36780CONFIRMCONFIRM tcman_gim — tcman_gim   TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information. 2021-12-17 not yet calculated CVE-2021-40851CONFIRM tcman_gim — tcman_gim   TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information. 2021-12-17 not yet calculated CVE-2021-40853CONFIRM tcman_gim — tcman_gim   TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx. 2021-12-17 not yet calculated CVE-2021-40850CONFIRM tcman_gim — tcman_gim   TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information. 2021-12-17 not yet calculated CVE-2021-40852CONFIRM teeworlds — teeworlds   Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client’s stack causing denial of service or code execution. 2021-12-15 not yet calculated CVE-2021-43518MISCMISC thinfinity — virtualui   Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. 2021-12-16 not yet calculated CVE-2021-45092MISC thinkphp5 — thinkphp5   SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php. 2021-12-15 not yet calculated CVE-2021-44350MISC tibco_software_inc — spotfire_server   The Spotfire Server component of TIBCO Software Inc.’s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Server: versions 10.10.6 and below, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, and TIBCO Spotfire Server: versions 11.5.0 and 11.6.0. 2021-12-14 not yet calculated CVE-2021-43051CONFIRMCONFIRM tp-link — tp-link   An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before V1_211117 could allow an attacker to send a specially crafted HTTP/0.9 packet that could cause a cache poisoning attack. 2021-12-17 not yet calculated CVE-2021-41451MISCMISCMISC trend_micro — maximum_security   A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service. 2021-12-16 not yet calculated CVE-2021-44023MISCMISC tuleap — tuleap   Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with read access to a CVS repository could execute arbitrary SQL queries. Tuleap instances without an active CVS repositories are not impacted. The following versions contain the fix: Tuleap Community Edition 13.2.99.155, Tuleap Enterprise Edition 13.1-7, and Tuleap Enterprise Edition 13.2-6. 2021-12-15 not yet calculated CVE-2021-43806CONFIRMMISCMISCMISC tuleap — tuleap   Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. The following versions contain the fix: Tuleap Community Edition 13.2.99.83, Tuleap Enterprise Edition 13.1-6, and Tuleap Enterprise Edition 13.2-4. 2021-12-15 not yet calculated CVE-2021-43782MISCCONFIRMMISCMISCMISC tuleap — tuleap   Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. This issue has been patched in Tuleap Community Edition 13.2.99.31, Tuleap Enterprise Edition 13.1-5, and Tuleap Enterprise Edition 13.2-3. 2021-12-15 not yet calculated CVE-2021-41276CONFIRMMISCMISCMISC uipath_app_studio — uipath_app_studio   An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization. 2021-12-14 not yet calculated CVE-2021-44043MISCMISC uipath_assistant — uipath_assistant   UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the –dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim’s machine or capture NTLM credentials by supplying a networked or WebDAV file path. 2021-12-14 not yet calculated CVE-2021-44041MISCMISC uipath_assistant — uipath_assistant   An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the –process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the injected content does not match an existing process). A determined attacker could leverage this to execute JavaScript in the context of the Electron application. 2021-12-14 not yet calculated CVE-2021-44042MISCMISC vaultcli — vaultcli   Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43227. 2021-12-15 not yet calculated CVE-2021-43235MISC vmware — workspace_one_uem_console   VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. 2021-12-17 not yet calculated CVE-2021-22054MISC wechat-php-sdk — wechat-php-sdk Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php. 2021-12-17 not yet calculated CVE-2021-43678MISCMISC wolters_kluwer — teammate_am   Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files. 2021-12-17 not yet calculated CVE-2021-44035MISCMISC wordpress — wordpress   Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin. 2021-12-15 not yet calculated CVE-2021-36888CONFIRMCONFIRM xorg — xserver   A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-12-17 not yet calculated CVE-2021-4009MISCMISCFEDORAFEDORA xorg — xserver   A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-12-17 not yet calculated CVE-2021-4010MISCMISCFEDORAFEDORA xorg — xserver   A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-12-17 not yet calculated CVE-2021-4008MISCMISCFEDORAFEDORA xorg — xserver   A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-12-17 not yet calculated CVE-2021-4011MISCMISCFEDORAFEDORA yetiforcecrm — yetiforcecrm   yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-16 not yet calculated CVE-2021-4121MISCCONFIRM zimbra — zimbra_collaboration   An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. 2021-12-15 not yet calculated CVE-2020-18985MISC zimbra — zimbra_collaboration   A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection. 2021-12-15 not yet calculated CVE-2020-18984MISC Back to top This product is provided subject to this Notification and this Privacy & Use policy.

  • Vulnerability Summary for the Week of December 6, 2021
    by CISA on December 13, 2021 at 2:29 pm

    Original release date: December 13, 2021  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info accops — hyworks_dvm_tools A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105. The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42681MISC accops — hyworks_dvm_tools An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 .The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42682MISC accops — hyworks_dvm_tools An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 . The IOCTL Handler 0x22005B in the Accops HyWorks DVM Tools prior to v3.3.1.105 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42685MISC accops — hyworks_windows_client A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42683MISC accops — hyworks_windows_client An Integer Overflow exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22001B in the Accops HyWorks Windows Client prior to v 3.2.8.200 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42686MISC accops — hyworks_windows_client A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22005B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42687MISC accops — hyworks_windows_client An Integer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler 0x22005B in the Accops HyWorks Windows Client prior to v 3.2.8.200 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42688MISC ajaxpro.2_project — ajaxpro.2 All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution. 2021-12-03 7.5 CVE-2021-23758CONFIRMCONFIRM amazon — workspaces Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-43638MISC amazon — workspaces Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-43637MISC amzetta — zportal_dvm_tools AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal DVM Tools <= v3.3.148.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-43006MISC amzetta — zportal_dvm_tools Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal DVM Tools <= v3.3.148.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-43002MISC amzetta — zportal_windows_zclient Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal Windows zClient <= v3.2.8180.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-43003MISC amzetta — zportal_windows_zclient Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal Windows zClient <= v3.2.8180.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-43000MISC auerswald — compact_5500r_firmware Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device. 2021-12-07 10 CVE-2021-40859MISCMISC ays-pro — secure_copy_content_protection_and_content_locking The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection. 2021-12-06 7.5 CVE-2021-24931MISC b2evolution — b2evolution_cms b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input. 2021-12-06 7.5 CVE-2021-31632MISC canon — lbp223dw_firmware In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability. 2021-12-06 7.8 CVE-2021-43471MISC chamilo — chamilo_lms Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php. 2021-12-03 7.5 CVE-2021-35414MISCMISCMISCMISCMISCMISCMISC contiki-ng — contiki-ng A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames. 2021-12-07 8.3 CVE-2020-12140MISCMISC donglify — donglify Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in the Donglify above 1.0.12309 below 1.7.14110 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42996MISC donglify — donglify Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Donglify above 1.0.12309 below 1.7.14110 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42994MISC eltima — usb_network_gate Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler 0x22001B in the USB Network Gate above 7.0.1370 below 9.2.2420 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42988MISC eltima — usb_network_gate Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler 0x22001B in the USB Network Gate above 7.0.1370 below 9.2.2420 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42987MISC esri — arcgis_server A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries. 2021-12-07 7.5 CVE-2021-29114CONFIRM flexihub — flexihub FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42993MISC flexihub — flexihub FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42990MISC fortinet — fortinac A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data. 2021-12-09 7.2 CVE-2021-43065CONFIRM fortinet — fortinac A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. 2021-12-08 7.2 CVE-2021-41021CONFIRM fortinet — fortios An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution. 2021-12-08 7.5 CVE-2021-26109CONFIRM fortinet — fortiweb Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of authentication bypass by capture-replay, may allow a remote unauthenticated attacker to circumvent the authentication process and authenticate as a legitimate cluster peer. 2021-12-08 7.5 CVE-2021-41025CONFIRM fortinet — fortiweb Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments. 2021-12-08 9 CVE-2021-36195CONFIRM fortinet — fortiwlc An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions. 2021-12-08 9 CVE-2021-42758CONFIRM fortinet — fortiwlm A improper neutralization of special elements used in an sql command (‘sql injection’) in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests. 2021-12-08 7.5 CVE-2021-42760CONFIRM git-it_project — git-it Git-it through 4.4.0 allows OS command injection at the Branches Aren’t Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution). 2021-12-07 7.5 CVE-2021-44685MISCMISC github-todos_project — github-todos naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function. 2021-12-07 7.5 CVE-2021-44684MISCMISC gitlab — gitlab It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above. 2021-12-06 7.5 CVE-2021-39890MISCCONFIRM huawei — emui There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion. 2021-12-07 7.8 CVE-2021-37046MISC huawei — emui There is an Invalid address access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart. 2021-12-08 7.8 CVE-2021-37037MISCMISC huawei — harmonyos There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote denial of service and potential remote code execution. 2021-12-07 7.5 CVE-2021-37095MISC huawei — harmonyos There is a Encoding timing vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of service. 2021-12-07 7.1 CVE-2021-37085MISC huawei — harmonyos There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious invoking other functions of the Smart Assistant through text messages. 2021-12-07 7.5 CVE-2021-37084MISC huawei — harmonyos There is a Cryptographic Issues vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to read and delete images of Harmony devices. 2021-12-07 7.5 CVE-2021-37063MISC huawei — harmonyos There is a Weaknesses Introduced During Design 2021-12-07 7.5 CVE-2021-37059MISC huawei — harmonyos There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may rewrite the memory of adjacent objects. 2021-12-08 7.5 CVE-2021-37049MISCMISC huawei — harmonyos There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart. 2021-12-08 7.8 CVE-2021-37097MISCMISC huawei — harmonyos There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel restart. 2021-12-07 7.8 CVE-2021-37089MISC huawei — harmonyos There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel crash. 2021-12-07 7.8 CVE-2021-37077MISC huawei — harmonyos There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to restart the phone. 2021-12-07 7.8 CVE-2021-37057MISC huawei — harmonyos There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user root privilege escalation. 2021-12-08 9.3 CVE-2021-37074MISCMISC huawei — harmonyos There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. 2021-12-07 9.4 CVE-2021-37011MISC huawei — harmonyos There is an UAF vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed. 2021-12-08 10 CVE-2021-37045MISCMISC ivanti — avalanche An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. 2021-12-07 7.5 CVE-2021-42128MISC ivanti — avalanche A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. 2021-12-07 7.5 CVE-2021-42127MISC ivanti — endpoint_manager_cloud_services_appliance A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). 2021-12-08 7.5 CVE-2021-44529MISC kaseya — unitrends_backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account. 2021-12-06 7.5 CVE-2021-43035MISC kaseya — unitrends_backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak. 2021-12-06 7.5 CVE-2021-43036MISC kaseya — unitrends_backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls. 2021-12-06 10 CVE-2021-43033MISC kaseya — unitrends_backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community. 2021-12-06 7.5 CVE-2021-43044MISC kaseya — unitrends_backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the vaultServer component. This was exploitable by a remote unauthenticated attacker. 2021-12-06 7.5 CVE-2021-43042MISC laravel — laravel Laravel v5.1 was discovered to contain a deserialization vulnerability via the component \Mockery\Generator\DefinedTargetClass. 2021-12-06 7.5 CVE-2021-37298MISC librenms — librenms Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. 2021-12-03 7.5 CVE-2021-44278MISC m-files — m-files_web ** DISPUTED ** M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application. 2021-12-05 7.8 CVE-2021-37253MISCMISCMISCFULLDISCMISC mahadiscom — mahavitaran Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function 2021-12-07 7.5 CVE-2021-41716MISCMISC nomachine — cloud_server NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42979MISC nomachine — cloud_server NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42980MISC nomachine — enterprise_client NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42986MISC nomachine — enterprise_client NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42983MISC nomachine — enterprise_desktop NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42977MISC nomachine — enterprise_desktop NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42976MISC nomachine — server NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42973MISC nomachine — server NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. 2021-12-07 7.2 CVE-2021-42972MISC prestashop — prestashop PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2. 2021-12-07 7.5 CVE-2021-43789CONFIRMMISCMISC raspberrypi — raspberry_pi_os_lite Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges. 2021-12-07 10 CVE-2021-38759MISCMISCMISC roundupwp — registrations_for_the_events_calendar The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection. 2021-12-06 7.5 CVE-2021-24943MISC sonicwall — sma_200_firmware A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the ‘nobody’ user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. 2021-12-08 7.5 CVE-2021-20045CONFIRM sonicwall — sma_200_firmware Improper neutralization of special elements in the SMA100 management interface ‘/cgi-bin/viewcert’ POST http method allows a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. 2021-12-08 9 CVE-2021-20039CONFIRM sonicwall — sma_200_firmware A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. 2021-12-08 9 CVE-2021-20044CONFIRM sonicwall — sma_200_firmware An unauthenticated and remote adversary can consume all of the device’s CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. 2021-12-08 7.8 CVE-2021-20041CONFIRM sonicwall — sma_200_firmware A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server’s mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a ‘nobody’ user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. 2021-12-08 7.5 CVE-2021-20038CONFIRM sonicwall — sma_200_firmware An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. 2021-12-08 7.5 CVE-2021-20042CONFIRM squaredup — squaredup An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. 2021-12-06 7.5 CVE-2021-40091MISCMISC swoole — swoole_php_framework matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. 2021-12-03 7.5 CVE-2021-43676MISC tendacn — ac15_firmware A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind. 2021-12-03 7.5 CVE-2021-44352MISC thinkphp — thinkphp ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php. 2021-12-06 7.5 CVE-2021-36564MISC thinkphp — thinkphp ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache. 2021-12-06 10 CVE-2021-36567MISC thinkup — thinkup ** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-12-03 7.5 CVE-2021-43674MISC tp-link — archer_ax10_firmware A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames 2021-12-07 7.8 CVE-2021-40288MISC trendmicro — worry-free_business_security An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021. 2021-12-03 7.2 CVE-2021-44019MISCMISC trendmicro — worry-free_business_security An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021. 2021-12-03 7.2 CVE-2021-44020MISCMISC trendmicro — worry-free_business_security An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020. 2021-12-03 7.2 CVE-2021-44021MISCMISC tsmuxer_project — tsmuxer tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h. 2021-12-03 7.5 CVE-2021-35344MISCMISC tsmuxer_project — tsmuxer tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp. 2021-12-03 7.5 CVE-2021-35346MISCMISC utils.js_project — utils.js utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) 2021-12-08 7.5 CVE-2021-3815CONFIRMMISC webhmi — webhmi_firmware The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. 2021-12-06 7.5 CVE-2021-43931MISC webhmi — webhmi_firmware The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product’s environment or lead to arbitrary code execution. 2021-12-06 10 CVE-2021-43936MISC whatsapp — whatsapp A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image. 2021-12-07 7.5 CVE-2021-24041CONFIRM wpdataaccess — wp_data_access The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion 2021-12-06 7.5 CVE-2021-24866MISC xylem — aanderaa_geoview SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands. 2021-12-08 7.5 CVE-2021-41063MISCMISC yejiao — tuzicms SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php. 2021-12-03 7.5 CVE-2021-44347MISC yejiao — tuzicms SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php. 2021-12-03 7.5 CVE-2021-44348MISC yejiao — tuzicms SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php. 2021-12-03 7.5 CVE-2021-44349MISC Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 10web — photo_gallery The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action 2021-12-06 4.3 CVE-2021-25041CONFIRMMISC 74cms — 74cms 74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vulnerability via /index.php?m=&c=help&a=help_list&key. 2021-12-08 4.3 CVE-2020-22421MISC admidio — admidio Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12. 2021-12-07 4.3 CVE-2021-43810MISCMISCCONFIRMMISC adobe — bridge Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file. 2021-12-07 4.3 CVE-2021-44187MISCMISC adobe — bridge Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file. 2021-12-07 4.3 CVE-2021-44186MISCMISC adobe — bridge Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious RGB file. 2021-12-07 4.3 CVE-2021-44185MISCMISC allegro — allegro An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking. 2021-12-08 6.2 CVE-2021-42110MISCMISC apereo — central_authentication_service Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints. 2021-12-07 4.3 CVE-2021-42567CONFIRMMISC atlassian — jira_software_data_center Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects’ Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. The affected versions are before version 8.19.1. 2021-12-08 5 CVE-2021-41311MISC atlassian — jira_software_data_center Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user’s Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The affected versions of Jira Server and Data Center are before version 8.19.1. 2021-12-08 5 CVE-2021-41309MISC b2evolution — b2evolution_cms b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges. 2021-12-06 6.8 CVE-2021-31631MISC bkw — solar-log_500_firmware An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. 2021-12-07 4 CVE-2021-34544MISCMISCMISC calibre-ebook — calibre calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. 2021-12-07 5 CVE-2021-44686MISCMISCMISC chamilo — chamilo_lms A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file. 2021-12-03 6 CVE-2021-35413MISCMISCMISCMISC citrix — application_delivery_controller_firmware An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. 2021-12-07 4.3 CVE-2021-22956MISC citrix — application_delivery_controller_firmware A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. 2021-12-07 4.3 CVE-2021-22955MISC couchbase — sync_gateway An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sync Gateway.) 2021-12-07 5.5 CVE-2021-43963CONFIRM douco — douphp DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php. 2021-12-08 4.3 CVE-2021-3370MISC dzzoffice — dzzoffice dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)). 2021-12-03 4.3 CVE-2021-43673MISC elastic — enterprise_search An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible. 2021-12-07 4 CVE-2021-37940MISC elgg — elgg elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor 2021-12-03 5 CVE-2021-3980MISCCONFIRM email_log_project — email_log The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue 2021-12-06 4.3 CVE-2021-24924MISC esri — arcgis_enterprise An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features. 2021-12-07 5 CVE-2021-29115CONFIRM esri — arcgis_server A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. 2021-12-07 4.3 CVE-2021-29116CONFIRM esri — arcgis_server A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page. 2021-12-07 4.3 CVE-2021-29113CONFIRM firefly-iii — firefly_iii firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-04 4.3 CVE-2021-4005CONFIRMMISC fortinet — fortianalyzer A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. 2021-12-08 4.6 CVE-2021-42757CONFIRM fortinet — fortiauthenticator A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests. 2021-12-08 4.3 CVE-2021-43067CONFIRM fortinet — fortiauthenticator A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal. 2021-12-09 5.5 CVE-2021-43068CONFIRM fortinet — forticlient An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater. 2021-12-09 5 CVE-2021-36167CONFIRM fortinet — forticlient A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions. 2021-12-09 4.9 CVE-2021-43204CONFIRM fortinet — forticlient_enterprise_management_server An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages. 2021-12-08 6.4 CVE-2021-41030CONFIRM fortinet — forticlient_enterprise_management_server A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data 2021-12-09 4 CVE-2021-36189CONFIRM fortinet — fortios A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images. 2021-12-08 6.8 CVE-2021-36173CONFIRM fortinet — fortios A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering. 2021-12-08 5 CVE-2021-26108CONFIRM fortinet — fortiproxy An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability. 2021-12-08 5.1 CVE-2021-26103CONFIRM fortinet — fortiproxy A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page. 2021-12-08 5 CVE-2021-41024CONFIRM fortinet — fortiproxy An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features. 2021-12-08 4.6 CVE-2021-26110CONFIRM fortinet — fortiweb A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller. 2021-12-09 6.5 CVE-2021-43071CONFIRM fortinet — fortiweb A url redirection to untrusted site (‘open redirect’) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests to error handlers 2021-12-08 5.8 CVE-2021-36191CONFIRM fortinet — fortiweb A url redirection to untrusted site (‘open redirect’) in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers. 2021-12-08 5.8 CVE-2021-43064CONFIRM fortinet — fortiweb A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets 2021-12-08 5 CVE-2021-41014CONFIRM fortinet — fortiweb Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests. 2021-12-08 6.5 CVE-2021-41017CONFIRM fortinet — fortiweb A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage. 2021-12-08 4.3 CVE-2021-43063CONFIRM fortinet — fortiweb A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler 2021-12-08 4.3 CVE-2021-41015CONFIRM fortinet — fortiweb A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device. 2021-12-08 4.6 CVE-2021-41027CONFIRM fortinet — fortiweb A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers 2021-12-08 4.3 CVE-2021-36188CONFIRM fortinet — fortiweb Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. 2021-12-08 6.5 CVE-2021-36180CONFIRM fortinet — fortiweb A unintended proxy or intermediary (‘confused deputy’) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests. 2021-12-08 6.5 CVE-2021-36190CONFIRM fortinet — fortiweb Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests. 2021-12-09 6.5 CVE-2021-36194CONFIRM fortinet — fortiweb An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs. 2021-12-08 5 CVE-2021-41013CONFIRM gitlab — gitlab Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database’s encrypted content 2021-12-06 5 CVE-2021-22170MISCCONFIRM gl-inet — gl-ar150_firmware GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name. 2021-12-07 4.3 CVE-2021-44148MISC goautodial — goautodial The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly, allowing the caller to specify any values for these parameters and successfully authenticate. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 2021-12-07 5 CVE-2021-43175MISC goautodial — goautodial The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize the user input that specifies the action. This permits an attacker to execute any PHP source file with a .php extension that is present on the disk and readable by the GOautodial web server process. Combined with CVE-2021-43175, it is possible for the attacker to do this without valid credentials. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2021-12-07 6.5 CVE-2021-43176MISC google — android An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities. 2021-12-08 4.6 CVE-2021-25512MISC google — android An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability. 2021-12-08 4.6 CVE-2021-25511MISC google — android An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution. 2021-12-08 4.6 CVE-2021-25510MISC google — android An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution. 2021-12-08 4.6 CVE-2021-25517MISC google — android An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information. 2021-12-08 4.3 CVE-2021-25514MISC grafana — grafana Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. 2021-12-07 5 CVE-2021-43798CONFIRMMISCMISCCONFIRMMISCMLISTMLIST hashicorp — nomad HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1. 2021-12-03 6 CVE-2021-43415MISCMISC huawei — emui There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious application processes occupy system resources. 2021-12-07 5 CVE-2021-37043MISC huawei — emui There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. 2021-12-07 5 CVE-2021-37038MISC huawei — emui There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause some services to restart. 2021-12-07 5 CVE-2021-37047MISC huawei — emui There is a Logic bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information. 2021-12-07 5 CVE-2021-37055MISC huawei — emui There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. 2021-12-07 6.4 CVE-2021-37021MISC huawei — emui There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read. 2021-12-07 6.4 CVE-2021-37041MISCMISC huawei — emui There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read. 2021-12-07 6.4 CVE-2021-37042MISCMISC huawei — emui There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. 2021-12-07 6.4 CVE-2021-37020MISC huawei — harmonyos There is a Service logic vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. 2021-12-08 5 CVE-2021-37053MISCMISCMISC huawei — harmonyos There is an Exception log vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause address information leakage. 2021-12-08 5 CVE-2021-37052MISCMISC huawei — harmonyos There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. 2021-12-08 5 CVE-2021-37050MISCMISC huawei — harmonyos There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. 2021-12-08 5 CVE-2021-37054MISCMISC huawei — harmonyos There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user’s nickname is maliciously tampered with. 2021-12-07 5 CVE-2021-37058MISC huawei — harmonyos There is a Uncontrolled Resource Consumption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Screen projection application denial of service. 2021-12-07 5 CVE-2021-37061MISC huawei — harmonyos There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to SAMGR Heap Address Leakage. 2021-12-07 5 CVE-2021-37060MISC huawei — harmonyos There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. 2021-12-07 5 CVE-2021-37076MISC huawei — harmonyos There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. 2021-12-07 5 CVE-2021-37090MISC huawei — harmonyos There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers which can isolate and read synchronization files of other applications across the UID sandbox. 2021-12-07 5 CVE-2021-37086MISC huawei — harmonyos There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Denial of Service Attacks. 2021-12-07 5 CVE-2021-37083MISC huawei — harmonyos There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to nearby crash. 2021-12-07 5 CVE-2021-37081MISC huawei — harmonyos There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. 2021-12-07 5 CVE-2021-37080MISC huawei — harmonyos There is a Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote Denial of Service. 2021-12-07 5 CVE-2021-37078MISC huawei — harmonyos There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. 2021-12-08 5 CVE-2021-37075MISCMISC huawei — harmonyos There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages. 2021-12-08 5 CVE-2021-37093MISCMISC huawei — harmonyos There is a Incorrect Calculation of Buffer Size vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory crash. 2021-12-07 5 CVE-2021-37072MISC huawei — harmonyos There is a Business Logic Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to persistent dos. 2021-12-07 5 CVE-2021-37071MISC huawei — harmonyos There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. 2021-12-07 5 CVE-2021-37070MISC huawei — harmonyos There is a Resource Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of Service Attacks. 2021-12-07 5 CVE-2021-37068MISC huawei — harmonyos There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality impacted. 2021-12-07 5 CVE-2021-37067MISC huawei — harmonyos There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. 2021-12-07 5 CVE-2021-37066MISC huawei — harmonyos There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to fake visitors to control PC,play a video,etc. 2021-12-07 5 CVE-2021-37048MISC huawei — harmonyos There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete any file. 2021-12-07 6.4 CVE-2021-37099MISC huawei — harmonyos There is a Permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. 2021-12-08 5 CVE-2021-37044MISCMISC huawei — harmonyos There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to device cannot be used properly. 2021-12-07 5 CVE-2021-37014MISC huawei — harmonyos There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting. 2021-12-08 6.8 CVE-2021-37040MISCMISC huawei — harmonyos There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to motionhub crash. 2021-12-07 4.3 CVE-2021-37082MISC huawei — harmonyos There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the detection result is tampered with. 2021-12-07 4.3 CVE-2021-37073MISC huawei — harmonyos There is an Out-of-bounds read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds memory access. 2021-12-08 6.4 CVE-2021-37051MISCMISCMISC huawei — harmonyos There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage. 2021-12-07 6.4 CVE-2021-37062MISC huawei — harmonyos There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to arbitrary file created. 2021-12-07 6.4 CVE-2021-37064MISC huawei — harmonyos There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality or Availability impacted. 2021-12-07 6.4 CVE-2021-37065MISC huawei — harmonyos There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete arbitrary file by system_app permission. 2021-12-07 6.4 CVE-2021-37079MISC huawei — harmonyos There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can create arbitrary file. 2021-12-07 6.4 CVE-2021-37087MISC huawei — harmonyos There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can write any content to any file. 2021-12-07 6.4 CVE-2021-37088MISC huawei — harmonyos There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. 2021-12-08 5 CVE-2021-37092MISCMISC huawei — harmonyos There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. 2021-12-08 5.8 CVE-2021-37069MISCMISC huawei — harmonyos There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed. 2021-12-07 5 CVE-2021-37100MISC huawei — harmonyos There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to user privacy disclosed. 2021-12-07 5 CVE-2021-37096MISC huawei — harmonyos There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system denial of service. 2021-12-07 5 CVE-2021-37094MISC huawei — harmonyos There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. 2021-12-07 5 CVE-2021-37091MISC huawei — magic_ui There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information. 2021-12-07 5 CVE-2021-37056MISCMISC ibm — cognos_analytics IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212. 2021-12-03 5.5 CVE-2021-29867CONFIRMXF ibm — cognos_analytics IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339. 2021-12-03 5 CVE-2021-20470XFCONFIRM ibm — cognos_analytics IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794. 2021-12-03 4.3 CVE-2021-20493XFCONFIRM ibm — cognos_analytics IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091 2021-12-03 5 CVE-2021-29719CONFIRMXF ibm — cognos_analytics IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087. 2021-12-03 4 CVE-2021-29716CONFIRMXF ibm — cognos_analytics IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167. 2021-12-03 6.8 CVE-2021-29756CONFIRMXF inveniosoftware — invenio-drafts-resources Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default installation of InvenioRDM. An authenticated a user is able via REST API calls to publish draft records of other users if they know the record identifier and the draft validates (e.g. all require fields filled out). An attacker is not able to modify the data in the record, and thus e.g. *cannot* change a record from restricted to public. The problem is patched in Invenio-Drafts-Resources v0.13.7 and 0.14.6, which is part of InvenioRDM v6.0.1 and InvenioRDM v7.0 respectively. 2021-12-06 4 CVE-2021-43781MISCCONFIRM ivanti — avalanche An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. 2021-12-07 6.5 CVE-2021-42124MISC ivanti — avalanche An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. 2021-12-07 5.5 CVE-2021-42133MISC ivanti — avalanche An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. 2021-12-07 6.5 CVE-2021-42125MISC ivanti — avalanche An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. 2021-12-07 6.5 CVE-2021-42126MISC ivanti — avalanche A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. 2021-12-07 6.5 CVE-2021-42129MISC ivanti — avalanche A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. 2021-12-07 6.5 CVE-2021-42130MISC ivanti — avalanche A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. 2021-12-07 6.5 CVE-2021-42131MISC ivanti — avalanche A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. 2021-12-07 6.5 CVE-2021-42132MISC johnsoncontrols — kantech_entrapass Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data. 2021-12-06 5 CVE-2021-36198CERTCONFIRM kaseya — unitrends_backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation. 2021-12-06 6.5 CVE-2021-43040MISC kaseya — unitrends_backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application. 2021-12-06 6.5 CVE-2021-43041MISC kaseya — unitrends_backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM. 2021-12-06 6.9 CVE-2021-43037MISC kaseya — unitrends_backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule. 2021-12-06 4 CVE-2021-43043MISC kaseya — unitrends_backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation. 2021-12-06 4.6 CVE-2021-43034MISC kaseya — unitrends_backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access. 2021-12-06 6.4 CVE-2021-43039MISC kaseya — unitrends_backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user. 2021-12-06 6.5 CVE-2021-43038MISC knime — knime_server KNIME Server before 4.13.4 allows XSS via the old WebPortal login page. 2021-12-08 4.3 CVE-2021-44726MISC knime — knime_server KNIME Server before 4.13.4 allows directory traversal in a request for a client profile. 2021-12-08 5 CVE-2021-44725MISC laravel — framework Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request. 2021-12-08 4.3 CVE-2021-43808MISCMISCMISCMISCCONFIRMMISCMISCMISC linuxfoundation — runc runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug. 2021-12-06 6 CVE-2021-43784MISCMISCMISCCONFIRMMISCMLIST livehelperchat — live_helper_chat livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-07 4.3 CVE-2021-4049MISCCONFIRM livehelperchat — live_helper_chat livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-08 4.3 CVE-2021-4050MISCCONFIRM mcafee — database_security A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server. 2021-12-08 5.5 CVE-2021-31850CONFIRM mozilla — firefox When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should have access to. This was fixed to provide the pre-redirect URL. This is related to CVE-2021-43532 but in the context of Web Extensions. This vulnerability affects Firefox < 94. 2021-12-08 4.3 CVE-2021-43531MISCMISC mozilla — firefox The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user’s computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2021-12-08 6.8 CVE-2021-38510MISCMISCMISCMISC mozilla — firefox Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2021-12-08 4.3 CVE-2021-43536MISCMISCMISCMISC mozilla — firefox Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2021-12-08 6.8 CVE-2021-43534MISCMISCMISCMISC mozilla — firefox When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox < 94. 2021-12-08 4.3 CVE-2021-43533MISCMISC mozilla — firefox The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2021-12-08 4.3 CVE-2021-38507MISCMISCMISCMISC mozilla — firefox A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94. 2021-12-08 4.3 CVE-2021-43530MISCMISC mozilla — firefox A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. 2021-12-08 6.8 CVE-2021-43535MISCMISCMISCMISC mozilla — firefox An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2021-12-08 6.8 CVE-2021-43537MISCMISCMISCMISC mozilla — firefox Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2021-12-08 4.3 CVE-2021-38506MISCMISCMISCMISC mozilla — firefox Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker’s choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2021-12-08 4.3 CVE-2021-38509MISCMISCMISCMISC mozilla — firefox By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2021-12-08 4.3 CVE-2021-38508MISCMISCMISCMISC mozilla — firefox Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user’s Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2021-12-08 4.3 CVE-2021-38505MISCMISCMISCMISC mozilla — firefox By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2021-12-08 4.3 CVE-2021-43538MISCMISCMISCMISC mozilla — firefox Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2021-12-08 4.3 CVE-2021-43545MISCMISCMISCMISC mozilla — firefox The ‘Copy Image Link’ context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows – in conjunction with a Content Security Policy that stopped a redirection chain in the middle – the final image URL could be one that contained an authentication token used to takeover a user account. If a website tricked a user into copy and pasting the image link back to the page, the page would be able to steal the authentication tokens. This was fixed by making the action return the original URL, before any redirects. This vulnerability affects Firefox < 94. 2021-12-08 5.8 CVE-2021-43532MISCMISC mozilla — firefox When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2021-12-08 4.3 CVE-2021-43541MISCMISCMISCMISC mozilla — firefox WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95. 2021-12-08 4.3 CVE-2021-43540MISCMISC mozilla — firefox Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2021-12-08 6.8 CVE-2021-43539MISCMISCMISCMISC mozilla — firefox It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2021-12-08 4.3 CVE-2021-43546MISCMISCMISCMISC mozilla — firefox Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2021-12-08 4.3 CVE-2021-43542MISCMISCMISCMISC mozilla — firefox Documents loaded with the CSP sandbox directive could have escaped the sandbox’s script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 2021-12-08 4.3 CVE-2021-43543MISCMISCMISCMISC mozilla — firefox When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95. 2021-12-08 4.3 CVE-2021-43544MISCMISC mozilla — thunderbird Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0. 2021-12-08 4.3 CVE-2021-43528MISCMISC nebulab — solidus Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order’s email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity. 2021-12-07 5 CVE-2021-43805CONFIRMMISC online_enrollment_management_system_project — online_enrollment_management_system Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter. 2021-12-07 6.5 CVE-2021-40578MISC opendesign — drawings_explorer An out-of-bounds write vulnerability exists when reading a TIF file using Open Design Alliance (ODA) Drawings Explorer before 2022.11. The specific issue exists after loading TIF files. Crafted data in a TIF file can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-12-05 6.8 CVE-2021-44048MISC opendesign — drawings_sdk An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-12-05 6.8 CVE-2021-44045MISC opendesign — drawings_sdk A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-12-05 6.8 CVE-2021-44047MISC opendesign — drawings_sdk An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG (4 extraneous bytes before the marker 0xca) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-12-05 6.8 CVE-2021-44044MISC opendesign — prc_sdk An out-of-bounds write vulnerability exists when reading U3D files in Open Design Alliance PRC SDK before 2022.11. An unchecked return value of a function (verifying input data from a U3D file) leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process. 2021-12-05 6.8 CVE-2021-44046MISC pimcore — pimcore pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-10 4.3 CVE-2021-4081MISCCONFIRM piwigo — piwigo Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. 2021-12-06 6.5 CVE-2021-40313MISC profilepress — loginwp The LoginWP (Formerly Peter’s Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue 2021-12-06 4.3 CVE-2021-24939MISC racktables_project — racktables Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter. 2021-12-07 4.3 CVE-2020-19611MISCMISC requarks — wiki.js Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible on a Wiki.js server running on Windows, when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and that no web application firewall solution (e.g. cloudflare) strips potentially malicious URLs. Commit number 414033de9dff66a327e3f3243234852f468a9d85 fixes this vulnerability by sanitizing the path before it is passed on to the storage module. The sanitization step removes any windows directory traversal sequences from the path. As a workaround, disable any storage module with local asset caching capabilities (Local File System, Git). 2021-12-06 4.3 CVE-2021-43800MISCCONFIRMMISC showdoc — showdoc showdoc is vulnerable to URL Redirection to Untrusted Site 2021-12-03 5.8 CVE-2021-4000CONFIRMMISC snipeitapp — snipe-it snipe-it is vulnerable to Server-Side Request Forgery (SSRF) 2021-12-06 6.5 CVE-2021-4075MISCCONFIRM solardatasystems — solar-log_500_firmware The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. 2021-12-07 5 CVE-2021-34543MISCMISCMISC solarwinds — serv-u Serv-U server responds with valid CSRFToken when the request contains only Session. 2021-12-06 6.8 CVE-2021-35242MISCMISC solarwinds — serv-u When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. 2021-12-06 6.8 CVE-2021-35245MISCMISC sonicwall — global_vpn_client SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system. 2021-12-08 6.9 CVE-2021-20047CONFIRM sonicwall — sma_200_firmware A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. 2021-12-08 6.5 CVE-2021-20043CONFIRM sonicwall — sma_200_firmware A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a ‘nobody’ user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. 2021-12-08 5 CVE-2021-20040CONFIRM squaredup — squaredup An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in the log files downloaded by an authenticated administrator user), leading to the ability to read arbitrary files on the server filesystems. 2021-12-07 4 CVE-2021-40095MISCMISC tawk — tawk.to_live_chat The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users (including simple subscribers) to change the ‘tawkto-embed-widget-page-id’ and ‘tawkto-embed-widget-widget-id’ parameters. Any authenticated user can thus link the vulnerable website to their own Tawk.to instance. Consequently, they will be able to monitor the vulnerable website and interact with its visitors (receive contact messages, answer, …). They will also be able to display an arbitrary Knowledge Base. The second one will remove the live chat widget from pages. 2021-12-06 6 CVE-2021-24914MISC tiny — plupload This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file. 2021-12-03 6.8 CVE-2021-23562CONFIRMCONFIRMCONFIRMCONFIRMCONFIRMCONFIRM tmate — tmate-ssh-server Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling. 2021-12-07 4.4 CVE-2021-44513MISCMISC tmate — tmate-ssh-server World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory. 2021-12-07 4.4 CVE-2021-44512MISCMISC trustwave — modsecurity ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4. 2021-12-07 5 CVE-2021-42717MISC ui — unifi_switch_firmware A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later. 2021-12-07 6.1 CVE-2021-44527MISC veritas — enterprise_vault An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14076). 2021-12-06 6.8 CVE-2021-44678MISC veritas — enterprise_vault An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14078). 2021-12-06 6.8 CVE-2021-44677MISC veritas — enterprise_vault An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14074). 2021-12-06 6.8 CVE-2021-44679MISC veritas — enterprise_vault An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14075). 2021-12-06 6.8 CVE-2021-44680MISC veritas — enterprise_vault An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14080). 2021-12-06 6.8 CVE-2021-44681MISC veritas — enterprise_vault An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14079). 2021-12-06 6.8 CVE-2021-44682MISC vim — vim vim is vulnerable to Use After Free 2021-12-06 6.8 CVE-2021-4069CONFIRMMISCFEDORA vinga — wr-n300u_firmware VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component. 2021-12-06 6.5 CVE-2021-43469MISC woocommerce — woocommerce_currency_switcher The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected cross-Site Scripting issue 2021-12-06 4.3 CVE-2021-24938MISC wp_google_fonts_project — wp_google_fonts The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated user) before outputing them in attributes, leading Reflected Cross-Site Scripting issues 2021-12-06 4.3 CVE-2021-24935CONFIRMMISC wpserveur — wps_hide_login The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. 2021-12-06 5 CVE-2021-24917MISCMISC wso2 — api_manager In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.) 2021-12-07 4.3 CVE-2021-36760MISCMISC xen — xen grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. This bug was fortuitously fixed by code cleanup in Xen 4.14, and backported to security-supported Xen branches as a prerequisite of the fix for XSA-378. 2021-12-07 6.9 CVE-2021-28703MISC Back to top   Low Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info bookly_project — bookly The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue 2021-12-06 3.5 CVE-2021-24930MISC chamilo — chamilo_lms A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course “Title” and “Content” fields. 2021-12-03 3.5 CVE-2021-35415MISCMISCMISCMISCMISCMISCMISCMISC debug_meta_data_project — debug_meta_data The debug-meta-data plugin 1.1.2 for WordPress allows XSS. 2021-12-07 3.5 CVE-2020-27356MISCMISCMISC fortinet — fortiadc A missing cryptographic steps vulnerability in the function that encrypts users’ LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets. 2021-12-08 2.6 CVE-2021-32591CONFIRM fortinet — fortiwlm A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests 2021-12-08 3.5 CVE-2021-41029CONFIRM fortinet — fortiwlm A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim’s host via crafted HTTP requests 2021-12-08 3.5 CVE-2021-42752CONFIRM google — android An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen. 2021-12-08 2.1 CVE-2021-25513MISC huawei — harmonyos There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Bluetooth DoS. 2021-12-08 3.3 CVE-2021-37039MISCMISC ibm — cognos_analytics IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706. 2021-12-03 3.5 CVE-2021-38909CONFIRMXF kentico — xperience The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. 2021-12-03 3.5 CVE-2021-43991MISC linaro — op-tee The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral. 2021-12-07 3.6 CVE-2021-36133MISC mahadiscom — mahavitaran An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application. 2021-12-07 1.9 CVE-2020-27413MISCMISCMISCMISC pdf.js_viewer_project — pdf.js_viewer The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks 2021-12-06 3.5 CVE-2021-24759MISC reputeinfosystems — contact_form\,_survey_\&_popup_form_plugin_for_wordpress_-_arforms_form_builder The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2021-12-06 3.5 CVE-2021-24718MISC soflyy — wp_all_import The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import’s Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfiltered_html capability is disallowed. 2021-12-06 3.5 CVE-2021-24714MISC squaredup — squaredup A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations. 2021-12-07 3.5 CVE-2021-40096MISCMISC squaredup — squaredup A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions. 2021-12-07 3.5 CVE-2021-40093MISCMISC squaredup — squaredup A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file. 2021-12-07 3.5 CVE-2021-40092MISCMISC squaredup — squaredup A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user’s device. 2021-12-07 3.5 CVE-2021-40094MISCMISC trendmicro — antivirus\+_security Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection. 2021-12-03 2.1 CVE-2021-43772MISC trendmicro — apex_one A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2021-12-03 2.1 CVE-2021-44022MISC Back to top   Severity Not Yet Assigned Primary Vendor — Product Description Published CVSS Score Source & Patch Info allegro — windows   Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials. 2021-12-08 not yet calculated CVE-2021-43978MISCMISC amd — amd_generic_encapsulated_software_architecture   Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system. 2021-12-10 not yet calculated CVE-2020-12890MISC amd — epyc_processors   A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM). 2021-12-10 not yet calculated CVE-2021-26340MISC android — samsung An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. 2021-12-08 not yet calculated CVE-2021-25516MISC android — samsung   An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. 2021-12-08 not yet calculated CVE-2021-25515MISC android — samsung   An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution. 2021-12-08 not yet calculated CVE-2021-25518MISC android — samsung   An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission. 2021-12-08 not yet calculated CVE-2021-25519MISC android — samsung   Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. 2021-12-08 not yet calculated CVE-2021-25520MISC android — samsung   Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. 2021-12-08 not yet calculated CVE-2021-25521MISC android — samsung   Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim’s captured images without permission. 2021-12-08 not yet calculated CVE-2021-25522MISC android — samsung   Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. 2021-12-08 not yet calculated CVE-2021-25523MISC android — samsung   Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. 2021-12-08 not yet calculated CVE-2021-25524MISC android — samsung   Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition. 2021-12-08 not yet calculated CVE-2021-25525MISC android — samsung   Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication. 2021-12-08 not yet calculated CVE-2021-25527MISC android — samsung   Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action. 2021-12-08 not yet calculated CVE-2021-25526MISC apache — airavata_django_portal   Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https://github.com/apache/airavata-django-portal/commit/3c5d8c72bfc3eb0af8693a655a5d60f9273f8170 2021-12-09 not yet calculated CVE-2021-43410CONFIRM apache — log4j2   Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property “log4j2.formatMsgNoLookups” to “true” or by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class). Java 8u121 (see https://www.oracle.com/java/technologies/javase/8u121-relnotes.html) protects against remote code execution by defaulting “com.sun.jndi.rmi.object.trustURLCodebase” and “com.sun.jndi.cosnaming.object.trustURLCodebase” to “false”. 2021-12-10 not yet calculated CVE-2021-44228MISCMLISTMLISTMISCCONFIRMCISCOMLISTCONFIRMCONFIRM apache — openid_connect   Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation vulnerabilities. Versions `2.5.2` contains a patch for this issue. 2021-12-09 not yet calculated CVE-2021-41246CONFIRMMISCMISC apm_java_agent — apm_java_agent   A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of permissions than they possess. This vulnerability affects users that have set up the agent via the attacher cli 3, the attach API 2, as well as users that have enabled the profiling_inferred_spans_enabled option 2021-12-08 not yet calculated CVE-2021-37941MISC awslabs — sockeye   Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24. 2021-12-08 not yet calculated CVE-2021-43811CONFIRMMISCMISC bosch — bt_software_products   An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859 2021-12-08 not yet calculated CVE-2021-23859CONFIRM bosch — bt_software_products   A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000). 2021-12-08 not yet calculated CVE-2021-23862CONFIRM bosch — bt_software_products   By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed. 2021-12-08 not yet calculated CVE-2021-23861CONFIRM bosch — bt_software_products   An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed. 2021-12-08 not yet calculated CVE-2021-23860CONFIRM cybonet — pineapp_mail_secure   PineApp – Mail Secure – The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code. 2021-12-08 not yet calculated CVE-2021-36719CERT cybonet — pineapp_mail_secure   PineApp – Mail Secure – Attacker sending a request to :/blocking.php?url=<script>alert(1)</script> and stealing cookies . 2021-12-08 not yet calculated CVE-2021-36720CERT dart_lang — sdk   When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on pub.dev. We recommend upgrading past https://github.com/dart-lang/sdk/commit/d787e78d21e12ec1ef712d229940b1172aafcdf8 or beyond version 2.15.0 2021-12-09 not yet calculated CVE-2021-22568CONFIRMCONFIRMCONFIRM defensify — devise_masquerade_gem   The devise_masquerade gem before 1.3 allows certain attacks when a password’s salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this extension) is used. If the server-side secret_key_base value became publicly known (for instance if it is committed to a public repository by mistake), there are still other protections in place that prevent an attacker from impersonating any user on the site. When masquerading is not used in a plain Devise application, one must know the password salt of the target user if one wants to encrypt and sign a valid session cookie. When devise_masquerade is used, however, an attacker can decide which user the “back” action will go back to without knowing that user’s password salt and simply knowing the user ID, by manipulating the session cookie and pretending that a user is already masqueraded by an administrator. 2021-12-07 not yet calculated CVE-2021-28680MISCMISC delta_electronics — cncsoft   Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. 2021-12-09 not yet calculated CVE-2021-43982MISC digger — digger   National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected by a XML External Entity (XXE) vulnerability. Since XML parsing resolves external entities, a malicious XML stream could leak internal files and/or cause a DoS. 2021-12-08 not yet calculated CVE-2021-44556MISCMISC digi — transport   An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway. 2021-12-10 not yet calculated CVE-2021-37188MISCMISC digi — transport   An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users’ passwords. 2021-12-10 not yet calculated CVE-2021-37187MISCMISC digi — transport   An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc. 2021-12-10 not yet calculated CVE-2021-35978MISCMISC digi — transport   An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session. 2021-12-10 not yet calculated CVE-2021-37189MISCMISC django — django   In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. 2021-12-08 not yet calculated CVE-2021-44420MISCCONFIRMCONFIRMMISC doctrin — dbal   Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other API that ultimately uses the AbstractPlatform::modifyLimitQuery API. 2021-12-09 not yet calculated CVE-2021-43608CONFIRMMISCMISCMISC ether — etherpad   Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute arbitrary code (including system commands). To gain privileges, the attacker must be able to trigger deletion of `express-session` state or wait for old `express-session` state to be cleaned up. Core Etherpad does not delete any `express-session` state, so the only known attacks require either a plugin that can delete session state or a custom cleanup process (such as a cron job that deletes old `sessionstorage:*` records). The problem has been fixed in version 1.8.16. If users cannot upgrade to 1.8.16 or install patches manually, several workarounds are available. Users may configure their reverse proxies to reject requests to `/p/*/import`, which will block all imports, not just `*.etherpad` imports; limit all users to read-only access; and/or prevent the reuse of `express_sid` cookie values that refer to deleted express-session state. More detailed information and general mitigation strategies may be found in the GitHub Security Advisory. 2021-12-09 not yet calculated CVE-2021-43802MISCMISCMISCCONFIRM eufy — homebase   An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability. 2021-12-09 not yet calculated CVE-2021-21955MISC eufy — homebase   A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution. 2021-12-09 not yet calculated CVE-2021-21954MISC eufy — homebase   An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code execution. 2021-12-08 not yet calculated CVE-2021-21951MISC eufy — homebase   An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function recv_server_device_response_msg_process. A specially-crafted network packet can lead to code execution. 2021-12-08 not yet calculated CVE-2021-21950MISC f-secure — safe_browser   A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack. 2021-12-10 not yet calculated CVE-2021-40834MISCMISC fatpipe_networks — warp_ipvpn_and_mpvpn_software   A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 could allow a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006. 2021-12-08 not yet calculated CVE-2021-27860CONFIRMMISCMISC flask-appbuilder — flask-appbuilder   Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. This only affects non database authentication types and new REST API endpoints. Users should upgrade to Flask-AppBuilder 3.3.4 to receive a patch. 2021-12-09 not yet calculated CVE-2021-41265CONFIRMMISCMISC fortiguard — fortinet_meru_ap   A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. 2021-12-09 not yet calculated CVE-2021-42759CONFIRM genesys — intelligent_workload_distribution   A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine. 2021-12-08 not yet calculated CVE-2021-40860MISCMISC genesys — intelligent_workload_distribution   A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine. 2021-12-08 not yet calculated CVE-2021-40861MISCMISC google — android   Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account. 2021-12-08 not yet calculated CVE-2020-27416MISCMISC google — exposure_notification_server   An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater. 2021-12-09 not yet calculated CVE-2021-22565MISCMISC grafana — grafana   Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text. 2021-12-10 not yet calculated CVE-2021-43813MISCMISCCONFIRMMISCMISCMISCMLIST grafana — grafana   Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defined in the base YAML file are exposed at `/-/config` and metrics instance configs defined for the scraping service are exposed at `/agent/api/v1/configs/:key`. Inline secrets will be exposed to anyone being able to reach these endpoints. If HTTPS with client authentication is not configured, these endpoints are accessible to unauthenticated users. Secrets found in these sections are used for delivering metrics to a Prometheus Remote Write system, authenticating against a system for discovering Prometheus targets, and authenticating against a system for collecting metrics. This does not apply for non-inlined secrets, such as `*_file` based secrets. This issue is patched in Grafana Agent versions 0.20.1 and 0.21.2. A few workarounds are available. Users who cannot upgrade should use non-inline secrets where possible. Users may also desire to restrict API access to Grafana Agent with some combination of restricting the network interfaces Grafana Agent listens on through `http_listen_address` in the `server` block, configuring Grafana Agent to use HTTPS with client authentication, and/or using firewall rules to restrict external access to Grafana Agent’s API. 2021-12-08 not yet calculated CVE-2021-41090MISCMISCMISCCONFIRMMISC grafana — grafana   Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. 2021-12-10 not yet calculated CVE-2021-43815CONFIRMMISCMISCMISCMISCMLIST h2database — h2database   The package com.h2database:h2 from 0 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability. 2021-12-10 not yet calculated CVE-2021-23463CONFIRMCONFIRMCONFIRMCONFIRM hpe — storeserv_management_console   A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1. 2021-12-10 not yet calculated CVE-2021-29214MISC huntflow_enterprise — huntflow_enterprise   An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching for the “isLdap” JavaScript parameter in the HTML source code. 2021-12-10 not yet calculated CVE-2021-37935MISC huntflow_enterprise — huntflow_enterprise   Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing. 2021-12-10 not yet calculated CVE-2021-37934MISC ibm — db2   IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418. 2021-12-09 not yet calculated CVE-2021-38931CONFIRMXF ibm — db2   IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321. 2021-12-09 not yet calculated CVE-2021-38926XFCONFIRM ibm — db2   IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914. 2021-12-09 not yet calculated CVE-2021-29678XFCONFIRM ibm — db2   IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521. 2021-12-09 not yet calculated CVE-2021-20373CONFIRMXF ibm — db2   IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. 2021-12-09 not yet calculated CVE-2021-39002XFCONFIRM ibm — powervm_hypervisor   IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018. 2021-12-10 not yet calculated CVE-2021-38917XFCONFIRM ibm — pwervm_hypervisor   IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894. 2021-12-10 not yet calculated CVE-2021-38937XFCONFIRM ibm — websphere_application_server   IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405. 2021-12-09 not yet calculated CVE-2021-38951CONFIRMXF kimai2 — kimai2   kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-09 not yet calculated CVE-2021-4033MISCCONFIRM lapack — lapack   An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. 2021-12-08 not yet calculated CVE-2021-4048MISCMISCMISCMISCMISCMISCMISC linaro — op-tee   An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle. 2021-12-07 not yet calculated CVE-2021-44149MISCCONFIRM linux — linux_kernel   The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. 2021-12-08 not yet calculated CVE-2018-25020MISC mattermost — mattermost   Mattermost 6.0.2 and earlier fails to sufficiently sanitize user’s password in audit logs when user creation fails. 2021-12-09 not yet calculated CVE-2021-37861MISC maxsite — cms   Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page. 2021-12-10 not yet calculated CVE-2021-27983MISC mcafee — network_security_manager   Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios. 2021-12-09 not yet calculated CVE-2021-4038CONFIRM mozilla — firefox_thunderbird_and_firfox_esr   The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2021-12-08 not yet calculated CVE-2021-38503MISCMISCMISCMISC mozilla — firefox_thunderbird_and_firfox_esr   When interacting with an HTML input element’s file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 2021-12-08 not yet calculated CVE-2021-38504MISCMISCMISCMISC mozilla — network_security_services   NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. 2021-12-08 not yet calculated CVE-2021-43527MISCMISCMISCMISC multiner — multiner   National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is affected by an XML External Entity (XXE) vulnerability in multiNER/ner.py. Since XML parsing resolves external entities, a malicious XML stream could leak internal files and/or cause a DoS. 2021-12-08 not yet calculated CVE-2021-44557MISCMISC netgear — multiple_routers   A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet. 2021-12-09 not yet calculated CVE-2021-41449MISCMISCMISCMISC netty — netty   Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.7.1.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to “sanitize” header names before it forward these to another remote system when used as proxy. This remote system can’t see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.7.1.Final to receive a patch. 2021-12-09 not yet calculated CVE-2021-43797CONFIRMMISC next.js — next.js   Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue. 2021-12-10 not yet calculated CVE-2021-43803MISCMISCMISCMISCCONFIRM ocean_data_systems — dream_report   A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability. 2021-12-08 not yet calculated CVE-2021-21957MISC openolat — openolat   OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files anywhere on the target system. The attack could be used to write files anywhere in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account, an enabled REST API and the rights on a business object to call the vulnerable REST calls. The problem is fixed in version 15.5.12 and 16.0.5. There is a workaround available. The vulnerability requires the REST module to be enabled. Disabling the REST module or limiting the REST module via some firewall or web-server access rules to be accessed only be trusted systems will mitigate the risk. 2021-12-10 not yet calculated CVE-2021-41242MISCCONFIRMMISCMISC openwhyd — openwhyd   openwhyd is vulnerable to URL Redirection to Untrusted Site 2021-12-10 not yet calculated CVE-2021-3829CONFIRMMISC pimcore — pimcore   pimcore is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-10 not yet calculated CVE-2021-4082MISCCONFIRM pimcore — pimcore   pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-10 not yet calculated CVE-2021-4084CONFIRMMISC plex — plex_media_server   An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM). 2021-12-08 not yet calculated CVE-2021-42835MISCMISCMISCMISC pluck — cms   Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks. 2021-12-10 not yet calculated CVE-2021-31747MISC pluck — cms   Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution. 2021-12-10 not yet calculated CVE-2021-31746MISC pluck — cms   Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password. 2021-12-10 not yet calculated CVE-2021-31745MISC pluck — cms   In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files. 2021-12-10 not yet calculated CVE-2021-27984MISC premiumdatingscript — premiumdatingscript   An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php. 2021-12-09 not yet calculated CVE-2021-41694MISC premiumdatingscript — premiumdatingscript   An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php. 2021-12-09 not yet calculated CVE-2021-41696MISC premiumdatingscript — premiumdatingscript   A reflected Cross Site Scripting (XSS) vulnerability exists in Premiumdatingscript 4.2.7.7 via the aerror_description parameter in assets/sources/instagram.php script. 2021-12-09 not yet calculated CVE-2021-41697MISC premiumdatingscript — premiumdatingscript   An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php. . 2021-12-09 not yet calculated CVE-2021-41695MISC rubygems — rubygems   `Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`’s, it is not expected that they lead to execution of external code, unless that’s explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash. To exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside. This vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `–` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`’s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code. 2021-12-08 not yet calculated CVE-2021-43809MISCCONFIRMMISCMISC snipe — snipe-it   snipe-it is vulnerable to Improper Access Control 2021-12-10 not yet calculated CVE-2021-4089CONFIRMMISC snyk — prototype_pollution All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function. 2021-12-10 not yet calculated CVE-2021-23700CONFIRM snyk — prototype_pollution The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. 2021-12-10 not yet calculated CVE-2021-23639CONFIRMCONFIRMCONFIRM snyk — prototype_pollution   All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function. 2021-12-10 not yet calculated CVE-2021-23663CONFIRM snyk — prototype_pollution   All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function. 2021-12-10 not yet calculated CVE-2021-23561CONFIRM synel — eharmoneynew_and_synel_reports   SYNEL – eharmonynew / Synel Reports – The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data (Employee name, Employee ID number, Working hours etc’) The vulnerabilety has been addressed and fixed on version 11. Default credentials , Security miscommunication , Sensetive data exposure vulnerability in Synel Reports of SYNEL eharmonynew, Synel Reports allows an attacker to log into the system with default credentials. This issue affects: SYNEL eharmonynew, Synel Reports 8.0.2 version 11 and prior versions. 2021-12-08 not yet calculated CVE-2021-36718CERT tenable — gryphon_tower_router   A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router’s web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim’s browser. 2021-12-09 not yet calculated CVE-2021-20137MISC tenable — gryphon_tower_router   An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the web interface. 2021-12-09 not yet calculated CVE-2021-20138MISC tenable — gryphon_tower_router   An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. 2021-12-09 not yet calculated CVE-2021-20139MISC tenable — gryphon_tower_router   An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. 2021-12-09 not yet calculated CVE-2021-20140MISC tenable — gryphon_tower_router   An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon’s development and infrastructure. At the time of discovery, the ssh key could be used to login to the development server hosted in Amazon Web Services. 2021-12-09 not yet calculated CVE-2021-20146MISC tenable — gryphon_tower_router   An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. 2021-12-09 not yet calculated CVE-2021-20141MISC tenable — gryphon_tower_router   Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users’ devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims’ devices as though they were on an adjacent network. 2021-12-09 not yet calculated CVE-2021-20145MISC tenable — gryphon_tower_router   An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. 2021-12-09 not yet calculated CVE-2021-20142MISC tenable — gryphon_tower_router   An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. 2021-12-09 not yet calculated CVE-2021-20143MISC tenable — gryphon_tower_router   An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. 2021-12-09 not yet calculated CVE-2021-20144MISC tp-link — ax10v1   An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. 2021-12-08 not yet calculated CVE-2021-41450MISCMISCMISC wbce_cms — wbce_cms   wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command 2021-12-09 not yet calculated CVE-2021-3817MISCCONFIRM wordpress — comment_engine_pro   Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role. 2021-12-10 not yet calculated CVE-2021-36911CONFIRMMISC yetiforcecrm — yetiforcecrm   yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-11 not yet calculated CVE-2021-4092CONFIRMMISC yubio — yubihsm   The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device. 2021-12-08 not yet calculated CVE-2021-43399MISC zohocorp — manageengine_opmanager   OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. 2021-12-09 not yet calculated CVE-2021-44514MISC zzcms — zzcms   An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php. 2021-12-09 not yet calculated CVE-2021-40280MISC zzcms — zzcms   An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. 2021-12-09 not yet calculated CVE-2021-40281MISC zzcms — zzcms   An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users. 2021-12-09 not yet calculated CVE-2021-40282MISC zzcms — zzcms   An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php. 2021-12-09 not yet calculated CVE-2021-40279MISC zzcms — zzcms   An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console. 2021-12-09 not yet calculated CVE-2021-43703MISC zzzcms — zzzcms   A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php. 2021-12-09 not yet calculated CVE-2020-19683MISC zzzcms — zzzcms   A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. 2021-12-09 not yet calculated CVE-2020-19682MISC Back to top This product is provided subject to this Notification and this Privacy & Use policy.

Share This Information.

16 thoughts on “US National Cyber Awareness System Bulletins

  1. If some one wants to be updated with latest technologies then he must be pay a
    quick visit this website and be up to date
    all the time.

  2. It’s a pity you don’t have a donate button! I’d most certainly donate to
    this fantastic blog! I guess for now i’ll settle for book-marking and adding your RSS feed to my Google account.

    I look forward to new updates and will talk about this blog with my Facebook group.
    Talk soon!

  3. Hello there, You have done an excellent job. I will certainly digg it and
    personally suggest to my friends. I’m sure they’ll
    be benefited from this website.

  4. I like the helpful information you provide in your articles.

    I will bookmark your blog and check again here frequently.
    I’m quite sure I’ll learn plenty of new stuff right here!
    Best of luck 🙂

  5. Hi there, just became aware of your blog through Google, and found that it is really informative.
    I will appreciate if you continue this in future. Numerous people will benefit from your writing.
    Cheers!

  6. I simply could not leave your site before saying that I extremely loved the high standard of information you supply to your visitors? I am going to be back ceaselessly in order to check out new posts.

  7. This is very interesting, You’re a very skilled blogger.
    I’ve joined your feed and look forward to seeing more of your fantastic posts.
    Also, I’ve shared websitecyber in my social networks!

  8. We stumbled over here by a different web page and thought
    I may as well check things out. I like what I
    see so I am now following you. Look forward to looking at websitecyber yet again.

  9. Very nice post. I just stumbled upon websitecyber.com and wished to mention that
    I’ve truly enjoyed surfing around your blog posts. In any case I will be subscribing on your rss feed
    and I’m hoping you write again very soon!

  10. Hurrah! After all I got a web site at websitecyber.com from where I know how to actually obtain valuable facts concerning my study and knowledge in cyber security.

Leave a Reply

Your email address will not be published. Required fields are marked *