US-CERT Bulletin (SB21-249):Vulnerability Summary for the Week of August 30, 2021

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
atlassian — confluence In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if ‘Allow people to sign up to create their account’ is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. 2021-08-30 7.5 CVE-2021-26084
MISC
MISC
dedecms — dedecms An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format. 2021-08-27 7.5 CVE-2020-18114
MISC
deltaww — diaenergie Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. 2021-08-30 10 CVE-2021-32967
MISC
deltaww — diaenergie A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. 2021-08-30 7.5 CVE-2021-32983
MISC
deltaww — diaenergie Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. 2021-08-30 7.5 CVE-2021-32955
MISC
easycorp — zentao The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System. 2021-08-31 9 CVE-2021-27556
MISC
govicture — pc420_firmware Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versions. 2021-08-30 10 CVE-2020-15744
MISC
hexagongeospatial — geomedia_webmap MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Injection via the Id (within sourceItems) parameter to the GetMap method. 2021-08-30 10 CVE-2021-37749
MISC
MISC
MISC
object-path_project — object-path This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === ‘__proto__’ returns false if currentPath is [‘__proto__’]. This is because the === operator returns always false when the type of the operands is different. 2021-08-27 7.5 CVE-2021-23434
MISC
MISC
MISC
MISC
openzeppelin — contracts OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team’s control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining. 2021-08-27 7.5 CVE-2021-39167
MISC
CONFIRM
MISC
openzeppelin — contracts OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team’s control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining. 2021-08-27 7.5 CVE-2021-39168
MISC
CONFIRM
MISC
simiki_project — simiki Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component ‘simiki/blob/master/simiki/config.py’. 2021-08-27 10 CVE-2020-19001
MISC
squashfs-tools_project — squashfs-tools squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. 2021-08-27 7.5 CVE-2021-40153
MISC
MISC
MISC
FEDORA
MLIST
DEBIAN
wms_project — wms The GET parameter “id” in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection. 2021-08-27 7.5 CVE-2020-18106
MISC
zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions. 2021-08-30 10 CVE-2021-33055
CONFIRM
MISC
zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass. 2021-08-30 7.5 CVE-2021-37421
MISC
zohocorp — manageengine_log360 Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. 2021-08-29 7.5 CVE-2021-40175
MISC
zohocorp — manageengine_log360 Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. 2021-08-29 7.5 CVE-2021-40177
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — ofbiz In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs. 2021-08-30 5 CVE-2021-25958
CONFIRM
MISC
atlassian — data_center Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14.0 before 8.18.0. 2021-08-30 5 CVE-2021-39113
MISC
atlassian — data_center The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field. 2021-08-30 4.3 CVE-2021-39111
MISC
blog_mini_project — blog_mini Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component ‘/admin/custom/blog-plugin/add’. 2021-08-27 4.3 CVE-2020-18998
MISC
blog_mini_project — blog_mini Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component ‘/admin/submit-articles’. 2021-08-27 4.3 CVE-2020-18999
MISC
bold-themes — bold_page_builder The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog could allow such issue to be exploited and lead to RCE in some cases. 2021-08-30 6.5 CVE-2021-24579
MISC
bscw — bscw_classic OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3. 2021-08-30 6.5 CVE-2021-39271
MISC
MISC
MISC
bscw — bscw_classic OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3. 2021-08-30 6.5 CVE-2021-36359
MISC
FULLDISC
MISC
cxuu — cxuucms SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. 2021-08-27 6.5 CVE-2021-3264
MISC
deltaww — diaenergie Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. 2021-08-30 4.3 CVE-2021-32991
MISC
deltaww — dopsoft A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. 2021-08-30 6.8 CVE-2021-33019
MISC
deltaww — tpeditor A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code. 2021-08-30 6.8 CVE-2021-33007
MISC
fetchmail — fetchmail Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. 2021-08-30 4.3 CVE-2021-39272
MISC
MISC
MISC
ibm — sterling_external_authentication_server IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160. 2021-08-30 4 CVE-2021-29728
CONFIRM
CONFIRM
XF
ibm — sterling_external_authentication_server IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095. 2021-08-30 5 CVE-2021-29722
CONFIRM
CONFIRM
XF
ibm — sterling_external_authentication_server IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. 2021-08-30 5 CVE-2021-29723
CONFIRM
CONFIRM
XF
indexhibit — indexhibit A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell. 2021-08-30 6.5 CVE-2020-18121
MISC
indexhibit — indexhibit A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords. 2021-08-30 4 CVE-2020-18124
MISC
indexhibit — indexhibit A reflected cross-site scripting (XSS) vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML. 2021-08-30 4.3 CVE-2020-18125
MISC
indexhibit — indexhibit An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files. 2021-08-30 4 CVE-2020-18127
MISC
indexhibit — indexhibit A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts. 2021-08-30 4.3 CVE-2020-18123
MISC
jupo — mezzanine Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the ‘Description’ field of the component ‘admin/blog/blogpost/add/’. This issue is different than CVE-2018-16632. 2021-08-27 4.3 CVE-2020-19002
MISC
nested_pages_project — nested_pages The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata. 2021-08-30 4.3 CVE-2021-38342
MISC
MISC
nested_pages_project — nested_pages The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions. 2021-08-30 5.8 CVE-2021-38343
MISC
MISC
northern.tech — useradm The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled). 2021-08-27 4.3 CVE-2021-35342
MISC
MISC
opcfoundation — local_discover_server In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. 2021-08-27 5 CVE-2021-40142
MISC
MISC
openmage — magento OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for this Issue. 2021-08-27 6.5 CVE-2021-32759
MISC
CONFIRM
MISC
realfavicongenerator — favicon_by_realfavicongenerator The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 does not sanitise or escape one of its parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting (XSS) which is executed in the context of a logged administrator. 2021-08-30 4.3 CVE-2021-24437
MISC
simiki_project — simiki Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary code via line 54 of the component ‘simiki/blob/master/simiki/generators.py’. 2021-08-27 4.3 CVE-2020-19000
MISC
torproject — tor Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007. 2021-08-30 5 CVE-2021-38385
CONFIRM
MISC
CONFIRM
vmare — vrealize_operations_manager The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure. 2021-08-30 4 CVE-2021-22022
MISC
vmare — vrealize_operations_manager The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover. 2021-08-30 6.5 CVE-2021-22023
MISC
vmare — vrealize_operations_manager The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. 2021-08-30 5 CVE-2021-22027
MISC
vmare — vrealize_operations_manager The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. 2021-08-30 5 CVE-2021-22026
MISC
vmare — vrealize_operations_manager The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster. 2021-08-30 5 CVE-2021-22025
MISC
vmare — vrealize_operations_manager The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure. 2021-08-30 5 CVE-2021-22024
MISC
wow-estore — side_menu The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue 2021-08-30 6.5 CVE-2021-24580
MISC
xen — xen IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn’t have access to anymore (CVE-2021-28696). 2021-08-27 4.6 CVE-2021-28694
MISC
MLIST
MLIST
MLIST
FEDORA
FEDORA
xen — xen xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured. 2021-08-27 6.8 CVE-2021-28700
MISC
FEDORA
FEDORA
xen — xen grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. 2021-08-27 4.6 CVE-2021-28697
MISC
FEDORA
FEDORA
xen — xen IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn’t have access to anymore (CVE-2021-28696). 2021-08-27 4.6 CVE-2021-28695
MISC
MLIST
MLIST
MLIST
FEDORA
FEDORA
xen — xen long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren’t in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starving other domains or causing issues in the hypervisor itself. Note that a domain may map its own grants, i.e. there is no need for multiple domains to be involved here. A pair of “cooperating” guests may, however, cause the effects to be more severe. 2021-08-27 4.9 CVE-2021-28698
MISC
MLIST
FEDORA
FEDORA
xen — xen IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn’t have access to anymore (CVE-2021-28696). 2021-08-27 4.6 CVE-2021-28696
MISC
MLIST
MLIST
MLIST
FEDORA
FEDORA
xen — xen inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of requests has to occur because the interface structure layouts commonly differ between 32- and 64-bit. The translation of the request to obtain the frame numbers of the grant status table involves translating the resulting array of frame numbers. Since the space used to carry out the translation is limited, the translation layer tells the core function the capacity of the array within translation space. Unfortunately the core function then only enforces array bounds to be below 8 times the specified value, and would write past the available space if enough frame numbers needed storing. 2021-08-27 4.9 CVE-2021-28699
MISC
FEDORA
FEDORA
youdiancms — youdiancms A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection. 2021-08-27 6.5 CVE-2020-18116
MISC
zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page. 2021-08-30 4.3 CVE-2021-37416
MISC
zohocorp — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation. 2021-08-30 5 CVE-2021-37417
MISC
zohocorp — manageengine_cloud_security_plus Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. 2021-08-29 6.8 CVE-2021-40173
MISC
zohocorp — manageengine_log360 Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. 2021-08-29 6.8 CVE-2021-40174
MISC
zohocorp — manageengine_log360 Zoho ManageEngine Log360 before Build 5225 allows stored XSS. 2021-08-29 4.3 CVE-2021-40176
MISC
zohocorp — manageengine_log360 Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. 2021-08-29 4.3 CVE-2021-40178
MISC
zohocorp — manageengine_log360 Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings. 2021-08-29 6.8 CVE-2021-40172
MISC
Back to top

&#xA0;

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acquia — mautic The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0. 2021-08-30 3.5 CVE-2021-27913
CONFIRM
acquia — mautic Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets. 2021-08-30 3.5 CVE-2021-27912
CONFIRM
atlassian — data_center The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability via the name of a custom field. 2021-08-30 3.5 CVE-2021-39117
MISC
business_hours_indicator_project — business_hours_indicator The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its ‘Now closed message” setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue 2021-08-30 3.5 CVE-2021-24593
MISC
deltaww — diaenergie Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. 2021-08-30 2.1 CVE-2021-33003
MISC
devowl — wordpress_real_media_library The WordPress Real Media Library WordPress plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the ~/inc/overrides/lite/rest/Folder.php file which allows author-level attackers to inject arbitrary web scripts in folder names, in versions up to and including 4.14.1. 2021-08-30 3.5 CVE-2021-34668
MISC
ibm — maximo_application_suite IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201693. 2021-08-30 3.5 CVE-2021-29743
XF
CONFIRM
ibm — maximo_application_suite IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694. 2021-08-27 3.5 CVE-2021-29744
XF
CONFIRM
indexhibit — indexhibit Multiple stored cross-site scripting (XSS) vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML. 2021-08-30 3.5 CVE-2020-18126
MISC
openkm — openkm OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter. 2021-08-30 3.5 CVE-2021-3628
CONFIRM
CONFIRM
CONFIRM
simplygallery — simply_gallery_blocks_with_lightbox A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox (Version – 2.2.0 & below). The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of image parameters in meta data. 2021-08-30 3.5 CVE-2021-24667
MISC
MISC
tipsandtricks-hq — wp_video_lightbox The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks 2021-08-30 3.5 CVE-2021-24665
MISC
MISC
vmware — cloud_foundation VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link. 2021-08-30 3.5 CVE-2021-22021
MISC
wpmanageninja — fluentsmtp The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting (XSS) vulnerability. Only users with roles capable of managing plugins can modify the plugin’s settings. 2021-08-30 3.5 CVE-2021-24528
MISC
yoohooplugins — sitewide_notice The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2021-08-30 3.5 CVE-2021-24592
MISC
Back to top

&#xA0;

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acccusine — pcs+/pfv+
 
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ (Versions prior to V1.6.7) and AccuSine PCSn (Versions prior to V2.2.4) that could allow an authenticated attacker to access the device via FTP protocol. 2021-09-02 not yet calculated CVE-2021-22793
MISC
adaptivescale — adaptivescale
 
A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system. 2021-09-03 not yet calculated CVE-2021-40494
MISC
adobe — acrobat_reader_dc Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-28565
MISC
adobe — acrobat_reader_dc Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Write vulnerability within the ImageTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-28564
MISC
adobe — acrobat_reader_dc Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-28561
MISC
adobe — acrobat_reader_dc Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to leak sensitive system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-28557
MISC
adobe — acrobat_reader_dc Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-28555
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-28558
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-21086
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-28560
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global variables and objects. 2021-09-02 not yet calculated CVE-2021-28559
MISC
adobe — acrobat_reader_dc Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-28553
MISC
adobe — acrobat_reader_dc
 
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-28550
MISC
adobe — after_effects Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-36018
MISC
adobe — after_effects Adobe After Effects version 18.2.1 (and earlier) is affected by an out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-35994
MISC
adobe — after_effects
 
Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-36019
MISC
adobe — after_effects
 
Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-36017
MISC
adobe — after_effects
 
Adobe After Effects version 18.2.1 (and earlier) is affected by an out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-35993
MISC
adobe — after_effects
 
Adobe After Effects version 18.2.1 (and earlier) is affected by an Improper input validation vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-35995
MISC
adobe — after_effects
 
Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-02 not yet calculated CVE-2021-35996
MISC
adobe — bridge
 
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-09-01 not yet calculated CVE-2021-36068
MISC
adobe — bridge

 
Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-01 not yet calculated CVE-2021-36072
MISC
adobe — bridge
 
Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-01 not yet calculated CVE-2021-36071
MISC
adobe — bridge

 
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-09-01 not yet calculated CVE-2021-36069
MISC
adobe — bridge
 
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-09-01 not yet calculated CVE-2021-36067
MISC
adobe — bridge
 
Adobe Bridge version 11.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .SGI file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-01 not yet calculated CVE-2021-36079
MISC
adobe — bridge
 
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-09-01 not yet calculated CVE-2021-39816
MISC
adobe — bridge
 
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-09-01 not yet calculated CVE-2021-36049
MISC
adobe — bridge
 
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-09-01 not yet calculated CVE-2021-36059
MISC
adobe — bridge Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-09-01 not yet calculated CVE-2021-36076
MISC
adobe — bridge Adobe Bridge version 11.1 (and earlier) is affected by a heap-based buffer overflow vulnerability when parsing a crafted .SGI file. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-01 not yet calculated CVE-2021-36073
MISC
adobe — bridge
 
Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-01 not yet calculated CVE-2021-36074
MISC
adobe — bridge
 
Adobe Bridge version 11.1 (and earlier) is affected by a Buffer Overflow vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-09-01 not yet calculated CVE-2021-36075
MISC
adobe — bridge Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability. 2021-09-01 not yet calculated CVE-2021-36077
MISC
adobe — bridge
 
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-09-01 not yet calculated CVE-2021-36078
MISC
adobe — bridge Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-09-01 not yet calculated CVE-2021-39817
MISC
adobe — captivate
 
Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim’s machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer. 2021-09-01 not yet calculated CVE-2021-36002
MISC
adobe — connect Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2021-09-01 not yet calculated CVE-2021-36063
MISC
adobe — connect Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2021-09-01 not yet calculated CVE-2021-36062
MISC
adobe — connect Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the ‘pbMode’ parameter. An unauthenticated attacker could leverage this vulnerability to edit or delete recordings on the Connect environment. Exploitation of this issue requires user interaction in that a victim must publish a link of a Connect recording. 2021-09-01 not yet calculated CVE-2021-36061
MISC
adobe — media_encoder
 
Adobe Media Encoder version 15.1 (and earlier) is affected by an improper memory access vulnerability when parsing a crafted .SVG file. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-01 not yet calculated CVE-2021-36070
MISC
adobe — photoshop
 
Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-01 not yet calculated CVE-2021-36066
MISC
adobe — photoshop
 
Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-01 not yet calculated CVE-2021-36065
MISC
amazon — kindle_e-reader Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book. 2021-09-01 not yet calculated CVE-2021-30354
MISC
amazon — kindle_e-reader
 
Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root. 2021-09-01 not yet calculated CVE-2021-30355
MISC
apache — openid_connect
 
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version. 2021-09-03 not yet calculated CVE-2021-39191
MISC
MISC
MISC
CONFIRM
apache — zeppelin
 
Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0. 2021-09-02 not yet calculated CVE-2021-27578
MISC
MLIST
MLIST
MLIST
appache — zeppelin
 
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. 2021-09-02 not yet calculated CVE-2020-13929
MISC
MLIST
MLIST
MLIST
appache — zeppelin bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. 2021-09-02 not yet calculated CVE-2019-10095
MISC
MLIST
MLIST
MLIST
atlasian — atlasbaord
 
The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability. 2021-09-01 not yet calculated CVE-2021-39109
MISC
atlassian — jira_server_and_data_center
 
Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before version 8.19.0. 2021-09-01 not yet calculated CVE-2021-39119
MISC
atlassian — jira_service_management_server
 
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with “Jira Administrators” access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0. 2021-09-01 not yet calculated CVE-2021-39115
N/A
axios — axios
 
axios is vulnerable to Inefficient Regular Expression Complexity 2021-08-31 not yet calculated CVE-2021-3749
MISC
CONFIRM
benq — smart_wireless_conference_projector
 
The management interface of BenQ smart wireless conference projector does not properly control user’s privilege. Attackers can access any system directory of this device through the interface and execute arbitrary commands if he enters the local subnetwork. 2021-08-30 not yet calculated CVE-2021-37911
MISC
bludit — bludit
 
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup’ parameter. 2021-09-01 not yet calculated CVE-2020-20495
MISC
bookstack — bookstack
 
bookstack is vulnerable to Server-Side Request Forgery (SSRF) 2021-09-02 not yet calculated CVE-2021-3758
MISC
CONFIRM
brave — browser_desktop
 
An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log. 2021-08-31 not yet calculated CVE-2021-22929
MISC
cacti — cacti Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. 2021-08-27 not yet calculated CVE-2020-23226
MISC
cannon — multiple_devices Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For example, an incoming FAX may be sent through e-mail to the attacker. This occurs when a PIN is not required for General User Mode, as exploited in the wild in August 2021. 2021-08-29 not yet calculated CVE-2021-38154
MISC
MISC
cgal_libcgal — cgal_libcgal

 
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability. 2021-08-30 not yet calculated CVE-2020-35634
MISC
cgal_libcgal — cgal_libcgal
 
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability. 2021-08-30 not yet calculated CVE-2020-35635
MISC
cgal_libcgal — cgal_libcgal A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability. 2021-08-30 not yet calculated CVE-2020-35633
MISC
christine_digital — dwu850-gs
 
webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate. 2021-09-01 not yet calculated CVE-2021-40350
MISC
cisco — enterprise_nfv_infrastructure_software
 
A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device. 2021-09-02 not yet calculated CVE-2021-34746
CISCO
cisco — identity_services_engine_software A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need valid administrative credentials. 2021-09-02 not yet calculated CVE-2021-34759
CISCO
cisco — nexus_insights
 
A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit could allow the attacker to download sensitive files that should be restricted, which could result in disclosure of sensitive information. 2021-09-02 not yet calculated CVE-2021-34765
CISCO
cisco — prime_collaboration_provisioning
 
A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2021-09-02 not yet calculated CVE-2021-34732
CISCO
cisco — prime_collaboration_provisioning
 
A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system. 2021-09-02 not yet calculated CVE-2021-34733
CISCO
compro — multiple_devices An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://…/medias2 does not require authorization. 2021-09-01 not yet calculated CVE-2021-40379
MISC
MISC
compro — multiple_devices
 
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device. 2021-09-01 not yet calculated CVE-2021-40378
MISC
MISC
compro — multiple_devices
 
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials. 2021-09-01 not yet calculated CVE-2021-40380
MISC
MISC
compro — multiple_devices An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. index_MJpeg.cgi allows video access. 2021-09-01 not yet calculated CVE-2021-40381
MISC
MISC
compro — multiple_devices
 
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allows video screenshot access. 2021-09-01 not yet calculated CVE-2021-40382
MISC
MISC
craigms — craigms An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field. 2021-09-02 not yet calculated CVE-2020-18048
MISC
createlabelorattrib — createlabelorattrib A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2021-08-31 not yet calculated CVE-2021-21811
MISC
cscms — cscms A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands. 2021-08-30 not yet calculated CVE-2020-22848
MISC
cyberark — credential_provider An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36. 2021-09-02 not yet calculated CVE-2021-31796
MISC
MISC
MISC
MISC
cyberark — credential_provider The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files. 2021-09-02 not yet calculated CVE-2021-31798
MISC
MISC
MISC
MISC
cyberark — credential_provider
 
The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure. 2021-09-02 not yet calculated CVE-2021-31797
MISC
MISC
MISC
MISC
cyberark — identity
 
CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one (aka Username Enumeration). Response differentiation enables attackers to enumerate usernames of valid application users. Attackers can use this information to leverage brute-force and dictionary attacks in order to discover valid account information such as passwords. 2021-09-01 not yet calculated CVE-2021-37151
MISC
MISC
cyrus — imap
 
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. 2021-09-01 not yet calculated CVE-2021-33582
MISC
MISC
CONFIRM
MISC
delta_electronics — diaenergie A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. 2021-08-30 not yet calculated CVE-2021-38393
MISC
delta_electronics — diaenergie
 
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. 2021-08-30 not yet calculated CVE-2021-38390
MISC
delta_electronics — diaenergie A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. 2021-08-30 not yet calculated CVE-2021-38391
MISC
detect-character-encoding — detect-character-encoding
 
detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1. 2021-08-31 not yet calculated CVE-2021-39176
CONFIRM
MISC
MISC
MISC
django — django
 
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP’s Laravel or Python’s Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9. 2021-08-30 not yet calculated CVE-2021-32831
MISC
MISC
MISC
CONFIRM
drk — odenwaldkreis_testerfassung
 
Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components. 2021-08-30 not yet calculated CVE-2021-35061
MISC
drk — odenwaldkreis_testerfassung
 
A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server. 2021-08-30 not yet calculated CVE-2021-35062
MISC
easycorp — zentao A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator. 2021-08-31 not yet calculated CVE-2021-27558
MISC
easycorp — zentao
 
A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job. 2021-08-31 not yet calculated CVE-2021-27557
MISC
eclipse — mosquitto
 
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked. 2021-08-30 not yet calculated CVE-2021-34434
CONFIRM
eclipse&#xA0;– theia In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default. 2021-09-02 not yet calculated CVE-2021-34436
CONFIRM
eclipse&#xA0;– theia
 
In Eclipse Theia 0.3.9 to 1.8.1, the “mini-browser” extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file.. 2021-09-01 not yet calculated CVE-2021-34435
CONFIRM
edgegallery — edgegallery
 
An issue was discovered in EdgeGallery/developer before v1.0. There is a “Deserialization of yaml file” vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file. 2021-08-30 not yet calculated CVE-2021-34066
MISC
elfinder.netcore — elfinder.netcore
 
This affects all versions of package elFinder.NetCore. The Path.Combine(…) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal 2021-09-01 not yet calculated CVE-2021-23428
MISC
MISC
MISC
elfinder.netcore — elfinder.netcore
 
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation. 2021-09-01 not yet calculated CVE-2021-23427
MISC
MISC
filebrowser — filebrowser A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance. 2021-08-31 not yet calculated CVE-2021-37794
MISC
MISC
MISC
form_tools — form_tools An issue was discovered in Form Tools through 3.0.20. SQL Injection can occur via the export_group_id field when a low-privileged user (client) tries to export a form with data, e.g., manipulation of modules/export_manager/export.php?export_group_id=1&export_group_1_results=all&export_type_id=1. 2021-08-31 not yet calculated CVE-2021-38145
MISC
MISC
MISC
MISC
form_tools — form_tools
 
An issue was discovered in Form Tools through 3.0.20. A low-privileged user can trigger Reflected XSS when a viewing a form via the submission_id parameter, e.g., clients/forms/edit_submission.php?form_id=1&view_id=1&submission_id=[XSS]. 2021-08-31 not yet calculated CVE-2021-38144
MISC
MISC
MISC
MISC
form_tools — form_tools
 
An issue was discovered in Form Tools through 3.0.20. When an administrator creates a customer account, it is possible for the customer to log in and proceed with a change of name and last name. However, these fields are vulnerable to XSS payload insertion, being triggered in the admin panel when the admin tries to see the client list. This type of XSS (stored) can lead to the extraction of the PHPSESSID cookie belonging to the admin. 2021-08-31 not yet calculated CVE-2021-38143
MISC
MISC
MISC
MISC
freebsd — multiple_products In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process. 2021-08-30 not yet calculated CVE-2021-29631
MISC
freebsd — multiple_products
 
In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code. 2021-08-30 not yet calculated CVE-2021-29630
MISC
frontier — frontier Frontier is Substrate’s Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in `pallet-ethereum` can cause invalid transactions to be included in the Ethereum block state in `pallet-ethereum` due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction will appear to have be included, but is of no effect as it is rejected by the EVM engine. The impact is further limited by Substrate extrinsic size constraints. A patch is available in commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26. There are no workarounds aside from applying the patch. 2021-09-03 not yet calculated CVE-2021-39193
MISC
MISC
CONFIRM
MISC
ghost — ghost
 
Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability. This issue is patched in Ghost version 4.10.0. As a workaround, disable all non-Administrator accounts to prevent API access. It is highly recommended to regenerate all API keys after patching or applying the workaround. 2021-09-03 not yet calculated CVE-2021-39192
CONFIRM
MISC
gibbon — gibbon
 
A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php). 2021-09-03 not yet calculated CVE-2021-40492
MISC
MISC
git — git_connect_git git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. 2021-08-31 not yet calculated CVE-2021-40330
MISC
MISC
globalnewsfiles — globalnewsfiles GlobalNewFiles is a package in Miraheze, a wiki hosting service. Prior to commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d, the username column of the GlobalNewFiles special page is vulnerable to a stored XSS. Commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d contains a patch. As a workaround, one may disallow <,> (or other characters required to insert html/js) from being used in account names so an XSS is not possible. 2021-09-01 not yet calculated CVE-2021-39186
CONFIRM
MISC
MISC
google — chrome Use after free in Base internals in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30613
MISC
MISC
google — chrome Use after free in WebRTC in Google Chrome on Linux, ChromeOS prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30611
MISC
MISC
google — chrome Use after free in Web Share in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30608
MISC
MISC
google — chrome Inappropriate implementation in DevTools in Google Chrome prior to 93.0.4577.63 allowed a remote attacker who had convinced the user to use Chrome headless with remote debugging to execute arbitrary code via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30618
MISC
MISC
google — chrome Use after free in Bookmarks in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30623
MISC
MISC
google — chrome Inappropriate implementation in Autofill in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to spoof security UI via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30621
MISC
MISC
google — chrome Use after free in Media in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30616
MISC
MISC
google — chrome
 
Use after free in WebRTC in Google Chrome on Linux, ChromeOS prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30612
MISC
MISC
google — chrome Heap buffer overflow in TabStrip in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30614
MISC
MISC
google — chrome Use after free in Blink in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to drag and drop a malicous folder to a page to potentially perform a sandbox escape via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30606
MISC
MISC
google — chrome
 
Policy bypass in Blink in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to bypass site isolation via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30617
MISC
MISC
google — chrome
 
Use after free in Autofill in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30624
MISC
MISC
google — chrome Use after free in WebApp Installs in Google Chrome prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30622
MISC
MISC
google — chrome
 
Inappropriate implementation in Navigation in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30615
MISC
MISC
google — chrome
 
Use after free in Extensions API in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30610
MISC
MISC
google — chrome
 
Inappropriate implementation in Autofill in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to spoof security UI via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30619
MISC
MISC
google — chrome
 
Use after free in Permissions in Google Chrome prior to 93.0.4577.63 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30607
MISC
MISC
google — chrome
 
Insufficient policy enforcement in Blink in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to bypass content security policy via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30620
MISC
MISC
google — chrome
 
Use after free in Sign-In in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-09-03 not yet calculated CVE-2021-30609
MISC
MISC
gp — pro_ex
 
A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software. 2021-09-02 not yet calculated CVE-2021-22775
MISC
gyser — geyser
 
Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Versions of Geyser prior to 1.4.2-SNAPSHOT allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. Version 1.4.2-SNAPSHOT contains a patch for the issue. There are no known workarounds aside from upgrading. 2021-08-30 not yet calculated CVE-2021-39177
CONFIRM
MISC
MISC
hashicorp — vault_enterprise
 
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3. 2021-08-31 not yet calculated CVE-2021-27668
MISC
hedgedoc — hedgedoc
 
HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading. 2021-08-30 not yet calculated CVE-2021-39175
MISC
MISC
MISC
CONFIRM
http4s — http4s
 
Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null Origin Attack. The problem is fixed in 0.21.27, 0.22.3, 0.23.2, and 1.0.0-M25. The original `CORS` implementation and `CORSConfig` are deprecated. See the GitHub GHSA for more information, including code examples and workarounds. 2021-09-01 not yet calculated CVE-2021-39185
CONFIRM
MISC
ibm — openpages IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633. 2021-08-31 not yet calculated CVE-2021-29907
CONFIRM
XF
ibm — planning_analytics
 
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527. 2021-09-01 not yet calculated CVE-2021-29851
CONFIRM
XF
ibm — planning_analytics IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529. 2021-09-01 not yet calculated CVE-2021-29853
XF
CONFIRM
ibm — planning_analytics
 
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528. 2021-09-01 not yet calculated CVE-2021-29852
XF
CONFIRM
iec104 — iec104 IEC104 v1.0 contains a stack-buffer overflow in the parameter Iec10x_Sta_Addr. 2021-08-31 not yet calculated CVE-2020-20486
MISC
immer — immer
 
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) 2021-09-02 not yet calculated CVE-2021-3757
CONFIRM
MISC
immer — immer
 
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition (p === “__proto__” || p === “constructor”) in applyPatches_ returns false if p is [‘__proto__’] (or [‘constructor’]). The === operator (strict equality operator) returns false if the operands have different type. 2021-09-01 not yet calculated CVE-2021-23436
MISC
MISC
MISC
inetutils — inetutils The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl. 2021-09-03 not yet calculated CVE-2021-40491
MISC
MISC
MISC
iportalis — ics
 
An issue was discovered in iPortalis iCS 7.1.13.0. Attackers can send a sequence of requests to rapidly cause .NET Input Validation errors. This increases the size of the log file on the remote server until memory is exhausted, therefore consuming the maximum amount of resources (triggering a denial of service condition). 2021-09-01 not yet calculated CVE-2020-9000
MISC
MISC
iportalis — ics
 
An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gain privileges by intercepting a request and changing UserRoleKey=COMPANY_ADMIN to UserRoleKey=DOMAIN_ADMIN (to achieve Domain Administrator access). 2021-09-01 not yet calculated CVE-2020-9002
MISC
MISC
ivanti — workspace An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges. 2021-09-01 not yet calculated CVE-2021-36235
MISC
iwebshop — iwebshop Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component ‘/index.php?controller=system&action=admin_edit_act’. 2021-08-31 not yet calculated CVE-2020-19047
MISC
jenkins — azure_ad_plugin Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. 2021-08-31 not yet calculated CVE-2021-21679
CONFIRM
MLIST
jenkins — code_coverage_appi_plugin Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability. 2021-08-31 not yet calculated CVE-2021-21677
CONFIRM
MLIST
jenkins — nested_view_plugin
 
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks. 2021-08-31 not yet calculated CVE-2021-21680
CONFIRM
MLIST
jenkins — saml_plugin
 
Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. 2021-08-31 not yet calculated CVE-2021-21678
CONFIRM
MLIST
jenkins — nomad_plugin Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 2021-08-31 not yet calculated CVE-2021-21681
CONFIRM
MLIST
jforum2 — jforum2
 
ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature. 2021-09-04 not yet calculated CVE-2021-40509
MISC
MISC
johnson_controls — cem_systems_ac2000 A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5. 2021-08-30 not yet calculated CVE-2021-27663
CERT
CONFIRM
kaseya — unitrends_backup_software
 
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution. 2021-09-01 not yet calculated CVE-2021-40387
MISC
kaseya — unitrends_backup_software
 
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin. 2021-09-01 not yet calculated CVE-2021-40385
MISC
kpn_experia — wifi_devices Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be exploited in conjunction with CVE-2021-20090. 2021-09-01 not yet calculated CVE-2021-38703
MISC
MISC
kramer — viaware KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124. 2021-08-31 not yet calculated CVE-2021-36356
MISC
libiec_iccp_mod — libiec_iccp_mod A heap buffer-overflow in the client_example1.c component of libiec_iccp_mod v1.5 leads to a denial of service (DOS). 2021-08-31 not yet calculated CVE-2020-20490
MISC
libjxl — libjxl
 
libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service. 2021-08-30 not yet calculated CVE-2021-36691
MISC
libjxl — libjxl
 
libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service. 2021-08-30 not yet calculated CVE-2021-36692
MISC
MISC
MISC
libsolv — libsolv
 
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. 2021-09-02 not yet calculated CVE-2021-33930
MISC
libsolv — libsolv Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. 2021-09-02 not yet calculated CVE-2021-33929
MISC
libsolv — libsolv
 
Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. 2021-09-02 not yet calculated CVE-2021-33928
MISC
libsolv — libsolv
 
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. 2021-09-02 not yet calculated CVE-2021-33938
MISC
libssh — libssh A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating “secret_hash” of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange. 2021-08-31 not yet calculated CVE-2021-3634
MISC
DEBIAN
linux — linux_kernel
 
NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service configuration or overwrite the binary service. 2021-09-01 not yet calculated CVE-2021-35508
MISC
MISC
linux — linux_kernel
 
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. 2021-09-03 not yet calculated CVE-2021-40490
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability while saving a customer’s details with a specially crafted file. An authenticated attacker with admin privileges can leverage this vulnerability to achieve remote code execution. 2021-09-01 not yet calculated CVE-2021-36025
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. 2021-09-01 not yet calculated CVE-2021-36028
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2021-09-01 not yet calculated CVE-2021-36027
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2021-09-01 not yet calculated CVE-2021-36026
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution. 2021-09-01 not yet calculated CVE-2021-36024
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution. 2021-09-01 not yet calculated CVE-2021-36031
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to bypass file extension restrictions and could lead to remote code execution. 2021-09-01 not yet calculated CVE-2021-36040
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the ‘City’ field. An unauthenticated attacker can trigger a specially crafted script to achieve remote code execution. 2021-09-01 not yet calculated CVE-2021-36020
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code execution should Redis be enabled. 2021-09-01 not yet calculated CVE-2021-36043
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field. 2021-09-01 not yet calculated CVE-2021-36044
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure. 2021-09-01 not yet calculated CVE-2021-36038
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. 2021-09-01 not yet calculated CVE-2021-36033
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution. 2021-09-01 not yet calculated CVE-2021-36042
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. 2021-09-01 not yet calculated CVE-2021-36022
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution. 2021-09-01 not yet calculated CVE-2021-36029
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item. 2021-09-01 not yet calculated CVE-2021-36012
MISC
magento — commerce
 
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation. 2021-09-01 not yet calculated CVE-2021-36032
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure. 2021-09-01 not yet calculated CVE-2021-36037
MISC
magento — commerce
 
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution. 2021-09-01 not yet calculated CVE-2021-36034
MISC
magento — commerce
 
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could make a crafted request to the Adobe Stock API to achieve remote code execution. 2021-09-01 not yet calculated CVE-2021-36035
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could upload a specially crafted file in the ‘pub/media` directory could lead to remote code execution. 2021-09-01 not yet calculated CVE-2021-36041
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter. An attacker can abuse this vulnerability to disclose sensitive information. 2021-09-01 not yet calculated CVE-2021-36039
MISC
magento — commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items. 2021-09-01 not yet calculated CVE-2021-36030
MISC
mariadb — mariadb
 
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME parameter. NOTE: this issue may exist because of an incomplete fix for CVE-2020-6637. 2021-09-01 not yet calculated CVE-2021-40353
MISC
MISC
matrix — matrix Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable homeserver is in the room and untrusted users are permitted to create groups (communities). By default, only homeserver administrators can create groups. However, homeserver administrators can already access this information in the database or using the admin API. As a result, only homeservers where the configuration setting `enable_group_creation` has been set to `true` are impacted. Server administrators should upgrade to 1.41.1 or higher to patch the vulnerability. There are two potential workarounds. Server administrators can set `enable_group_creation` to `false` in their homeserver configuration (this is the default value) to prevent creation of groups by non-administrators. Administrators that are using a reverse proxy could, with partial loss of group functionality, block the endpoints `/_matrix/client/r0/groups/{group_id}/rooms` and `/_matrix/client/unstable/groups/{group_id}/rooms`. 2021-08-31 not yet calculated CVE-2021-39163
CONFIRM
MISC
MISC
matrix — matrix
 
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver that is in the room. Server administrators should upgrade to 1.41.1 or later in order to receive the patch. One workaround is available. Administrators of servers that use a reverse proxy could, with potentially unacceptable loss of functionality, block the endpoints: `/_matrix/client/r0/rooms/{room_id}/members` with `at` query parameter, and `/_matrix/client/unstable/rooms/{room_id}/members` with `at` query parameter. 2021-08-31 not yet calculated CVE-2021-39164
CONFIRM
MISC
MISC
mautic — mautic
 
For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic’s password reset page where a vulnerable parameter, “bundle,” in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized. 2021-08-30 not yet calculated CVE-2021-27909
CONFIRM
mautic — mautic
 
Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the “error” and “error_related_to” parameters of the POST request of the bounce management callback will be permanently stored and executed once the details page of an affected lead is opened by a Mautic user. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the “error” and “error_related_to” parameters of the POST request (POST /mailer/<product / webhook>/callback). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information. 2021-08-30 not yet calculated CVE-2021-27910
CONFIRM
mautic — mautic
 
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact’s first or last name and triggered when viewing a contact’s details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc. 2021-08-30 not yet calculated CVE-2021-27911
CONFIRM
microsoft — edge Microsoft Edge for iOS Spoofing Vulnerability 2021-09-02 not yet calculated CVE-2021-38642
MISC
microsoft — edge
 
Microsoft Edge for Android Information Disclosure Vulnerability 2021-09-02 not yet calculated CVE-2021-26439
MISC
microsoft — edge Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930. 2021-09-02 not yet calculated CVE-2021-26436
MISC
microsoft — edge Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436. 2021-09-02 not yet calculated CVE-2021-36930
MISC
microsoft — edge Microsoft Edge for Android Spoofing Vulnerability 2021-09-02 not yet calculated CVE-2021-38641
MISC
midnight — commander
 
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. 2021-08-30 not yet calculated CVE-2021-36370
MISC
MISC
MISC
MISC
mik — starlight Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects. 2021-08-31 not yet calculated CVE-2021-36231
MISC
mik — starlight Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors. 2021-08-31 not yet calculated CVE-2021-36234
MISC
MISC
mik — starlight The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path. 2021-08-31 not yet calculated CVE-2021-36233
MISC
mik — starlight
 
Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges. 2021-08-31 not yet calculated CVE-2021-36232
MISC
modicon — multiple_devices A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure&#xAA; Control Expert, including all Unity Pro versions (former name of EcoStruxure&#xAA; Control Expert, all versions), PLC Simulator for EcoStruxure&#xAA; Process Expert including all HDCS versions (former name of EcoStruxure&#xAA; Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions). 2021-09-02 not yet calculated CVE-2021-22789
MISC
modicon — multiple_devices A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure&#xAA; Control Expert, including all Unity Pro versions (former name of EcoStruxure&#xAA; Control Expert, all versions), PLC Simulator for EcoStruxure&#xAA; Process Expert including all HDCS versions (former name of EcoStruxure&#xAA; Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions). 2021-09-02 not yet calculated CVE-2021-22792
MISC
modicon — multiple_devices A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure&#xAA; Control Expert, including all Unity Pro versions (former name of EcoStruxure&#xAA; Control Expert, all versions), PLC Simulator for EcoStruxure&#xAA; Process Expert including all HDCS versions (former name of EcoStruxure&#xAA; Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions). 2021-09-02 not yet calculated CVE-2021-22791
MISC
modicon — multiple_devices
 
A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure&#xAA; Control Expert, including all Unity Pro versions (former name of EcoStruxure&#xAA; Control Expert, all versions), PLC Simulator for EcoStruxure&#xAA; Process Expert including all HDCS versions (former name of EcoStruxure&#xAA; Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions). 2021-09-02 not yet calculated CVE-2021-22790
MISC
mpath — mpath This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is [‘__proto__’]. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input. 2021-09-01 not yet calculated CVE-2021-23438
MISC
MISC
MISC
mybb — mybb Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the “Title” field found in the “Add New Forum” page by doing an authenticated POST HTTP request to ‘/Upload/admin/index.php?module=forum-management&action=add’. 2021-08-31 not yet calculated CVE-2020-19048
MISC
mybb — mybb
 
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the “Description” field found in the “Add New Forum” page by doing an authenticated POST HTTP request to ‘/Upload/admin/index.php?module=forum-management&action=add’. 2021-08-31 not yet calculated CVE-2020-19049
MISC
netiq — access_manager
 
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1 2021-09-02 not yet calculated CVE-2021-22525
MISC
next.js — next.js Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the `next.config.js` file must have `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default or the instance is deployed on Vercel, the instance is not affected by the vulnerability. The vulnerability is patched in Next.js version 11.1.1. 2021-08-31 not yet calculated CVE-2021-39178
CONFIRM
MISC
npmcli/arborist — npmcli/arborist `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project’s `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system. Note that symbolic links contained within package artifact contents are filtered out, so another means of creating a `node_modules` symbolic link would have to be employed. 1. A `preinstall` script could replace `node_modules` with a symlink. (This is prevented by using `–ignore-scripts`.) 2. An attacker could supply the target with a git repository, instructing them to run `npm install –ignore-scripts` in the root. This may be successful, because `npm install –ignore-scripts` is typically not capable of making changes outside of the project directory, so it may be deemed safe. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above. For more information including workarounds please see the referenced GHSA-gmw6-94gg-2rc2. 2021-08-31 not yet calculated CVE-2021-39135
CONFIRM
MISC
npmcli/arborist — npmcli/arborist `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist’s internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `”foo”: “file:/some/path”`. Another package, `pwn-b` could define a dependency such as `FOO: “file:foo.tgz”`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above. 2021-08-31 not yet calculated CVE-2021-39134
CONFIRM
MISC
openemr — openemr OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users. 2021-09-01 not yet calculated CVE-2021-40352
MISC
MISC
MISC
openolat — openolat OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user (e.g. the tomcat user). Depending on the configuration this can be limited to files of the OpenOlat user data directory, however, if not properly set up, the attack could also be used to overwrite application server config files, java code or even operating system files. The attack could be used to corrupt or modify any OpenOlat file such as course structures, config files or temporary test data. Those attack would require in-depth knowledge of the installation and thus more theoretical. If the app server configuration allows the execution of jsp files and the path to the context is known, it is also possible to execute java code. If the app server runs with the same user that is used to deploy the OpenOlat code or has write permissions on the OpenOlat code files and the path to the context is know, code injection is possible. The attack requires an OpenOlat user account to upload a ZIP file and trigger the unzip method. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3 and 16.0.0. There are no known workarounds aside from upgrading. 2021-08-31 not yet calculated CVE-2021-39180
MISC
MISC
MISC
CONFIRM
MISC
openolat — openolat OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file (e.g. a course) any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the attacker. The attack requires an OpenOlat user account with the authoring role. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3, and 16.0.0. There are no known workarounds aside from upgrading. 2021-09-01 not yet calculated CVE-2021-39181
MISC
MISC
CONFIRM
opensis — opensis A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the NamesList.php str parameter. 2021-09-01 not yet calculated CVE-2021-39378
MISC
MISC
MISC
opensis — opensis A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the ResetUserInfo.php password_stn_id parameter. 2021-09-01 not yet calculated CVE-2021-39379
MISC
MISC
MISC
opensis — opensis A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the index.php username parameter. 2021-09-01 not yet calculated CVE-2021-39377
MISC
MISC
MISC
openstack — neutron An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value. 2021-08-31 not yet calculated CVE-2021-40085
MISC
MISC
MLIST
outsystems — multiple_devices A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback content into /ECT_Provider/, such that when the content is viewed (it can only be viewed by Administrators), attacker-controlled JavaScript will execute in the security context of an administrator’s browser. This is fixed in Outsystems 10.0.1005.2, Outsystems 11.9.0 Platform Server, and Outsystems 11.7.0 LifeTime Management Console. 2021-08-31 not yet calculated CVE-2020-13639
MISC
MISC
parse_server — parse_server
 
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. There is a patch for this issue in version 4.10.3. No workarounds aside from upgrading are known to exist. 2021-09-02 not yet calculated CVE-2021-39187
MISC
MISC
MISC
CONFIRM
pepper — fuchs In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target’s browser. 2021-08-31 not yet calculated CVE-2021-34561
CONFIRM
pepper — fuchs In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. 2021-08-31 not yet calculated CVE-2021-33555
CONFIRM
pepper — fuchs Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user’s credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9. 2021-08-31 not yet calculated CVE-2021-34564
CONFIRM
pepper — fuchs In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. 2021-08-31 not yet calculated CVE-2021-34565
CONFIRM
pepper — fuchs In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user’s computer. Therefore the user must have logged in at least once. 2021-08-31 not yet calculated CVE-2021-34560
CONFIRM
pepper — fuchs In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings. 2021-08-31 not yet calculated CVE-2021-34559
CONFIRM
pepper — fuchs In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie’s value to be read or set by client-side JavaScript. 2021-08-31 not yet calculated CVE-2021-34563
CONFIRM
pepper — fuchs In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application’s response. 2021-08-31 not yet calculated CVE-2021-34562
CONFIRM
pillow — pillow The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. 2021-09-03 not yet calculated CVE-2021-23437
CONFIRM
CONFIRM
CONFIRM
pimcore — pimcore Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually. 2021-09-01 not yet calculated CVE-2021-39170
MISC
MISC
CONFIRM
MISC
pimcore — pimcore Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version 10.1.2. 2021-09-01 not yet calculated CVE-2021-39166
CONFIRM
MISC
proto — proto This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function. 2021-09-01 not yet calculated CVE-2021-23426
MISC
MISC
puppet — enterprise
 
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. 2021-08-30 not yet calculated CVE-2021-27020
MISC
puppet — puppetdb
 
PuppetDB logging included potentially sensitive system information. 2021-08-30 not yet calculated CVE-2021-27019
MISC
puppet — remidate
 
The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source. 2021-08-30 not yet calculated CVE-2021-27018
MISC
rocket.chat — rocket.chat Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13. 2021-08-30 not yet calculated CVE-2021-32832
MISC
CONFIRM
MISC
MISC
rundeck — rundeck
 
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck versions 3.4.3 and 3.3.14. 2021-08-30 not yet calculated CVE-2021-39133
CONFIRM
MISC
rundeck — rundeck
 
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with a crafted aclpolicy yaml file, that can cause the server to run untrusted code on Rundeck Community or Enterprise Edition. An authenticated user can make a POST request, that can cause the server to run untrusted code on Rundeck Enterprise Edition. The zip-format plugin issues requires authentication and authorization to these access levels, and affects all Rundeck editions:`admin` level access to the `system` resource type. The ACL Policy yaml file upload issues requires authentication and authorization to these access levels, and affects all Rundeck editions: `create` `update` or `admin` level access to a `project_acl` resource, and/or`create` `update` or `admin` level access to the `system_acl` resource. The unauthorized POST request requires authentication, but no specific authorization, and affects Rundeck Enterprise only. Patches are available in versions 3.4.3, 3.3.14 2021-08-30 not yet calculated CVE-2021-39132
CONFIRM
MISC
s-cms — s-cms Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component ‘/admin/tpl.php?page=’. 2021-08-31 not yet calculated CVE-2020-19046
MISC
s-cms — s-cms A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information. 2021-09-01 not yet calculated CVE-2020-20340
MISC
samsung — drive_manager
 
Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure. 2021-09-01 not yet calculated CVE-2021-39373
MISC
sernet — verinice
 
In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code. 2021-08-31 not yet calculated CVE-2021-36981
MISC
MISC
solarwinds — orion_platform Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server 2021-09-01 not yet calculated CVE-2021-35218
MISC
MISC
solarwinds — orion_platform Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability. 2021-09-01 not yet calculated CVE-2021-35215
MISC
MISC
MISC
solarwinds — orion_platform An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability. 2021-08-31 not yet calculated CVE-2021-35213
MISC
MISC
MISC
solarwinds — orion_platform This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. 2021-08-31 not yet calculated CVE-2021-35222
MISC
MISC
MISC
MISC
solarwinds — orion_platform
 
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. 2021-08-31 not yet calculated CVE-2021-35220
MISC
MISC
MISC
MISC
solarwinds — orion_platform
 
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user. 2021-08-31 not yet calculated CVE-2021-35212
MISC
MISC
MISC
solarwinds — orion_platform
 
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution. 2021-09-01 not yet calculated CVE-2021-35216
MISC
MISC
solarwinds — orion_platform
 
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page. 2021-08-31 not yet calculated CVE-2021-35219
MISC
MISC
MISC
MISC
solarwinds — orion_platform Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. 2021-08-31 not yet calculated CVE-2021-35221
MISC
MISC
MISC
MISC
solarwinds — orion_platform The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of ‘user string variables,&#x201D; allowing remote code execution. 2021-08-31 not yet calculated CVE-2021-35223
MISC
MISC
MISC
solarwinds — orion_platform A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support ‘rel=noopener’. 2021-08-31 not yet calculated CVE-2021-35240
MISC
MISC
MISC
MISC
solarwinds — orion_platform
 
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. 2021-08-31 not yet calculated CVE-2021-35239
MISC
MISC
MISC
MISC
solarwinds — orion_platform User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. 2021-09-01 not yet calculated CVE-2021-35238
MISC
MISC
MISC
tar — tar The npm package “tar” (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction target directory. This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as `C:some\path`. If the drive letter does not match the extraction target, for example `D:\extraction\dir`, then the result of `path.resolve(extractionDirectory, entryPath)` would resolve against the current working directory on the `C:` drive, rather than the extraction target directory. Additionally, a `..` portion of the path could occur immediately after the drive letter, such as `C:../foo`, and was not properly sanitized by the logic that checked for `..` within the normalized and split portions of the path. This only affects users of `node-tar` on Windows systems. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does. Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves. 2021-08-31 not yet calculated CVE-2021-37713
CONFIRM
MISC
tar — tar The npm package “tar” (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 “short path” counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file system entity, followed by a file using the first form. By first creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-qq89-hq3f-393p. 2021-08-31 not yet calculated CVE-2021-37712
CONFIRM
MISC
tar — tar The npm package “tar” (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory, where the symlink and directory names in the archive entry used backslashes as a path separator on posix systems. The cache checking logic used both `\` and `/` characters as path separators, however `\` is a valid filename character on posix systems. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. Additionally, a similar confusion could arise on case-insensitive filesystems. If a tar archive contained a directory at `FOO`, followed by a symbolic link named `foo`, then on case-insensitive file systems, the creation of the symbolic link would remove the directory from the filesystem, but _not_ from the internal directory cache, as it would not be treated as a cache hit. A subsequent file entry within the `FOO` directory would then be placed in the target of the symbolic link, thinking that the directory had already been created. These issues were addressed in releases 4.4.16, 5.0.8 and 6.1.7. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-9r2w-394v-53qc. 2021-08-31 not yet calculated CVE-2021-37701
CONFIRM
MISC
tizen — rt_rtos
 
Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash 2021-08-31 not yet calculated CVE-2021-22684
MISC
unifi — protect
 
A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protect application V1.19.0 and later. 2021-08-31 not yet calculated CVE-2021-22944
MISC
unifi — protect
 
A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later. 2021-08-31 not yet calculated CVE-2021-22943
MISC
vijeo_designer — harmony A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP. 2021-09-02 not yet calculated CVE-2021-22704
MISC
vmware — workspace VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting. 2021-08-31 not yet calculated CVE-2021-22029
MISC
vmware — workspace_one_access_and_identity_manager VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication. 2021-08-31 not yet calculated CVE-2021-22002
MISC
vmware — workspace_one_access_and_identity_manager
 
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account. 2021-08-31 not yet calculated CVE-2021-22003
MISC
wago — wago This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07. 2021-08-31 not yet calculated CVE-2021-34578
CONFIRM
wago — wago
 
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device. 2021-08-31 not yet calculated CVE-2021-34581
CONFIRM
wordpress — wordpress The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of ‘-redux’ and an md5 hash of the previous hash with a known salt value of ‘-support’. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site’s PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`. 2021-09-02 not yet calculated CVE-2021-38314
MISC
wordpress — wordpress The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the &#x201C;redux/v1/templates/&#x201D; REST Route in &#x201C;redux-templates/classes/class-api.php&#x201D;. The `permissions_callback` used in this file only checked for the `edit_posts` capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts. 2021-09-02 not yet calculated CVE-2021-38312
MISC
wordpress — wordpress The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the ‘ga_action’ parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator 2021-08-30 not yet calculated CVE-2021-24438
MISC
wordpress — wordpress
 
The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its “Logo Title” setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. 2021-08-30 not yet calculated CVE-2021-24581
MISC
wordpress — wordpress Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which it is by default. 2021-08-30 not yet calculated CVE-2021-34646
MISC
MISC
wordpress — wordpress
 
The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS[‘PHP_SELF’]` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path. 2021-09-01 not yet calculated CVE-2021-39320
MISC
MISC
wordpress — wordpress
 
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter. 2021-08-31 not yet calculated CVE-2021-39316
MISC
wordpress — wordpress The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER[‘PHP_SELF’]` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path. 2021-09-02 not yet calculated CVE-2021-39322
MISC
MISC
wtcms — wtcms WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box. 2021-09-01 not yet calculated CVE-2020-20345
MISC
MISC
MISC
wtcms — wtcms WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module. 2021-09-01 not yet calculated CVE-2020-20347
MISC
wtcms — wtcms WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module. 2021-09-01 not yet calculated CVE-2020-20349
MISC
wtcms — wtcms WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module. 2021-09-01 not yet calculated CVE-2020-20344
MISC
wtcms — wtcms WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module. 2021-09-01 not yet calculated CVE-2020-20348
MISC
wtcms — wtcms WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. 2021-09-01 not yet calculated CVE-2020-20343
MISC
xmp — toolkit_sdk XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-01 not yet calculated CVE-2021-36064
MISC
xmp — toolkit_sdk XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. 2021-09-01 not yet calculated CVE-2021-36050
MISC
xmp — toolkit_sdk XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-01 not yet calculated CVE-2021-36055
MISC
xmp — toolkit_sdk XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-09-01 not yet calculated CVE-2021-36052
MISC
xmp — toolkit_sdk XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-01 not yet calculated CVE-2021-36053
MISC
xmp — toolkit_sdk XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. 2021-09-01 not yet calculated CVE-2021-36054
MISC
xmp — toolkit_sdk XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application’s memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user. 2021-09-01 not yet calculated CVE-2021-36057
MISC
xmp — toolkit_sdk
 
XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2021-09-01 not yet calculated CVE-2021-36045
MISC
xmp — toolkit_sdk XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. 2021-09-01 not yet calculated CVE-2021-36047
MISC
xmp — toolkit_sdk XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. 2021-09-01 not yet calculated CVE-2021-39847
MISC
xmp — toolkit_sdk XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. 2021-09-01 not yet calculated CVE-2021-36048
MISC
xmp — toolkit_sdk XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 2021-09-01 not yet calculated CVE-2021-36046
MISC
xmp — toolkit_sdk
 
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. 2021-09-01 not yet calculated CVE-2021-36056
MISC
xmp — toolkit_sdk XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. 2021-09-01 not yet calculated CVE-2021-36058
MISC
yzcms — yzcms YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. 2021-09-01 not yet calculated CVE-2020-20341
MISC
zoho — manageengine_servicedesk_plus
 
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. 2021-09-01 not yet calculated CVE-2021-37415
MISC
CONFIRM
zte — zte A conference management system of ZTE is impacted by a command execution vulnerability. Since the soapmonitor’s java object service is enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending a deserialized payload to port 5001. 2021-08-30 not yet calculated CVE-2021-21741
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.