US-CERT Bulletin (SB21-355):Vulnerability Summary for the Week of December 13, 2021

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — omnicore_c30_firmware A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port. 2021-12-13 9.3 CVE-2021-22279
MISC
amazon — aws_opensearch The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file. 2021-12-12 7.5 CVE-2021-44833
MISC
MISC
amd — amd_generic_encapsulated_software_architecture Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system. 2021-12-10 7.2 CVE-2020-12890
MISC
apache — log4j Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. 2021-12-10 9.3 CVE-2021-44228
MISC
MLIST
MLIST
MISC
CONFIRM
CISCO
MLIST
CONFIRM
CONFIRM
FEDORA
MLIST
MLIST
MISC
MLIST
DEBIAN
CONFIRM
MISC
MISC
MISC
MLIST
CONFIRM
CERT-VN
MISC
MISC
MISC
MISC
MISC
MLIST
CONFIRM
MS
blackberry — qnx_software_development_platform A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process. 2021-12-13 7.5 CVE-2021-32024
MISC
c2fo — comb All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function. 2021-12-10 7.5 CVE-2021-23561
CONFIRM
crocoblock — jetengine Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. 2021-12-15 7.5 CVE-2021-41844
MISC
digi — transport_dr64_firmware An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc. 2021-12-10 10 CVE-2021-35978
MISC
MISC
digitalocean — toxcore A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet. 2021-12-13 7.5 CVE-2021-44847
MISC
emlog — emlog A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. 2021-12-14 7.5 CVE-2021-40883
MISC
employee_record_management_system_project — employee_record_management_system SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system. 2021-12-13 10 CVE-2021-44966
MISC
employee_record_management_system_project — employee_record_management_system Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. 2021-12-13 7.8 CVE-2021-44965
MISC
fastadmin — fastadmin fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access. 2021-12-13 10 CVE-2021-43117
MISC
frentix — openolat OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files anywhere on the target system. The attack could be used to write files anywhere in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account, an enabled REST API and the rights on a business object to call the vulnerable REST calls. The problem is fixed in version 15.5.12 and 16.0.5. There is a workaround available. The vulnerability requires the REST module to be enabled. Disabling the REST module or limiting the REST module via some firewall or web-server access rules to be accessed only be trusted systems will mitigate the risk. 2021-12-10 7.9 CVE-2021-41242
MISC
CONFIRM
MISC
MISC
glfusion — glfusion glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php. 2021-12-14 7.5 CVE-2021-44949
MISC
google — android In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. This could lead to local escalation of privilege CONTROL_ALWAYS_ON_VPN with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-191382886 2021-12-15 7.2 CVE-2021-0649
MISC
google — android In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064258. 2021-12-15 7.2 CVE-2021-0675
MISC
google — android In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195962697 2021-12-15 7.2 CVE-2021-0921
MISC
google — android In ActivityThread.java, there is a possible way to collide the content provider’s authorities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197647956 2021-12-15 7.2 CVE-2021-0799
MISC
google — android In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06076938; Issue ID: ALPS06076938. 2021-12-15 7.2 CVE-2021-0904
MISC
google — android In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195338390 2021-12-15 7.2 CVE-2021-0923
MISC
google — android In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194461020References: Upstream kernel 2021-12-15 7.2 CVE-2021-0924
MISC
google — android In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user’s consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-191053931 2021-12-15 7.2 CVE-2021-0926
MISC
google — android In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175 2021-12-15 7.2 CVE-2021-0927
MISC
google — android In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-188675581 2021-12-15 7.2 CVE-2021-0928
MISC
google — android In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187527909References: Upstream kernel 2021-12-15 7.2 CVE-2021-0929
MISC
google — android In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performed as the System UI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173025705 2021-12-15 7.2 CVE-2021-0932
MISC
google — android In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196970023 2021-12-15 7.2 CVE-2021-0970
MISC
google — android Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A 2021-12-15 7.5 CVE-2021-39644
MISC
google — android In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-180745296 2021-12-15 10 CVE-2021-0889
MISC
google — android In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-193363621 2021-12-15 7.1 CVE-2021-0964
MISC
google — android In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197536150 2021-12-15 8.3 CVE-2021-0918
MISC
google — android In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure due to a limited change in behavior based on the out of bounds data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191444150 2021-12-15 7.8 CVE-2021-0925
MISC
google — android In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetooth device, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-172251622 2021-12-15 7.9 CVE-2021-0933
MISC
google — android In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-181660091 2021-12-15 8.3 CVE-2021-0930
MISC
google — android In vorbis_book_decodev_set of codebook.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199065614 2021-12-15 9.3 CVE-2021-0967
MISC
google — android Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A 2021-12-15 10 CVE-2021-39645
MISC
ibm — powervm_hypervisor IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018. 2021-12-10 9.4 CVE-2021-38917
XF
CONFIRM
ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958. 2021-12-13 10 CVE-2021-39065
CONFIRM
XF
ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523. 2021-12-13 7.5 CVE-2021-39052
XF
CONFIRM
itextpdf — itext iTextPDF in iText before 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. 2021-12-15 7.5 CVE-2021-43113
MISC
CONFIRM
listary — listary An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content. 2021-12-14 7.6 CVE-2021-41067
MISC
MISC
markdown_to_pdf_project — markdown_to_pdf The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. 2021-12-10 7.5 CVE-2021-23639
CONFIRM
CONFIRM
CONFIRM
max-3000 — maxsite_cms Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page. 2021-12-10 7.5 CVE-2021-27983
MISC
merge-deep2_project — merge-deep2 All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function. 2021-12-10 7.5 CVE-2021-23700
CONFIRM
nocean — totop_link The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize() PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain. 2021-12-13 7.5 CVE-2021-24857
MISC
online_magazine_management_system_project — online_magazine_management_system Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application. 2021-12-15 7.5 CVE-2021-44653
MISC
online_pre-owned\/used_car_showroom_management_system_project — online_pre-owned\/used_car_showroom_management_system Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application. 2021-12-15 7.5 CVE-2021-44655
MISC
opencats — opencats OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php. 2021-12-15 10 CVE-2021-41560
MISC
CONFIRM
MISC
pluck-cms — pluck In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files. 2021-12-10 7.5 CVE-2021-27984
MISC
pluck-cms — pluck Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution. 2021-12-10 7.5 CVE-2021-31746
MISC
reprisesoftware — reprise_license_manager An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo “C:\Windows\System32\calc.exe” entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.) 2021-12-13 9 CVE-2021-44153
MISC
MISC
reprisesoftware — reprise_license_manager An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user’s account. 2021-12-13 7.5 CVE-2021-44152
MISC
MISC
sap — abap_platform Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. 2021-12-14 7.5 CVE-2021-44231
MISC
MISC
sap — netweaver_application_server_for_abap Two methods of a utility class in SAP NetWeaver AS ABAP – versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system. 2021-12-14 7.2 CVE-2021-44235
MISC
MISC
sey_project — sey All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function. 2021-12-10 7.5 CVE-2021-23663
CONFIRM
siemens — 7kg9501-0aa01-2aa1_firmware A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41). The affected firmware contains a buffer overflow vulnerability in the web application that could allow a remote attacker with engineer or admin priviliges to potentially perform remote code execution. 2021-12-14 9 CVE-2021-44165
CONFIRM
siemens — sipass_integrated A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. 2021-12-14 7.5 CVE-2021-44524
CONFIRM
CONFIRM
stopbadbots — block_and_stop_bad_bots The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection 2021-12-13 7.5 CVE-2021-24863
MISC
taogogo — taocms There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26 2021-12-14 7.5 CVE-2021-45014
MISC
thimpress — learnpress The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues 2021-12-13 7.5 CVE-2021-24951
MISC
webnus — modern_events_calendar_lite The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue 2021-12-13 7.5 CVE-2021-24946
MISC
zohocorp — manageengine_desktop_central Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. 2021-12-12 10 CVE-2021-44515
CONFIRM
MISC
CONFIRM
zzcms — zzcms A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php. 2021-12-15 7.5 CVE-2021-42945
MISC
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abantecart — abantecart An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS. 2021-12-14 4.3 CVE-2021-42050
MISC
MISC
advancedcustomfields — advanced_custom_fields Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors. 2021-12-13 4 CVE-2021-20866
MISC
MISC
MISC
advancedcustomfields — advanced_custom_fields Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors. 2021-12-13 5 CVE-2021-20865
MISC
MISC
MISC
advancedcustomfields — advanced_custom_fields Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors. 2021-12-13 4 CVE-2021-20867
MISC
MISC
MISC
apache — log4j JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. 2021-12-14 6.8 CVE-2021-4104
MISC
MISC
MISC
CERT-VN
app\ — \ The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. 2021-12-13 6.8 CVE-2020-16154
MISC
MISC
auerswald — comfortel_3600_ip_firmware Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring. 2021-12-13 5 CVE-2021-40856
MISC
MISC
auerswald — compact_5500r_ip_firmware Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. 2021-12-13 4 CVE-2021-40857
MISC
MISC
auerswald — compact_5500r_ip_firmware Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring. 2021-12-13 6.8 CVE-2021-40858
MISC
MISC
automox — automox Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. 2021-12-15 4.6 CVE-2021-43326
MISC
CONFIRM
automox — automox Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression. 2021-12-15 4.6 CVE-2021-43325
MISC
CONFIRM
clementine-player — clementine Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. 2021-12-15 6.8 CVE-2021-40826
MISC
clementine-player — clementine Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move, affecting the MP3 file parsing functionality at memcpy+0x265. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. 2021-12-15 6.8 CVE-2021-40827
MISC
cleverplugins — seo_booster The SEO Booster WordPress plugin through 3.7 allows for authenticated SQL injection via the “fn_my_ajaxified_dataloader_ajax” AJAX request as the $_REQUEST[‘order’][0][‘dir’] parameter is not properly escaped leading to blind and error-based SQL injections. 2021-12-13 6.5 CVE-2021-24747
MISC
cm-wp — auto_featured_image The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue. 2021-12-13 4.3 CVE-2021-24932
MISC
collabora — online Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session’s authentication token which was also passed in at iframe creation time. Users should upgrade to Collabora Online 6.4.16 or higher or Collabora Online 4.2.20 or higher. Collabora Online Development Edition 21.11 is not affected. 2021-12-13 4.3 CVE-2021-43817
CONFIRM
contact_form_advanced_database_project — contact_form_advanced_database The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its delete_cf7_data and export_cf7_data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The delete_cf7_data would lead to arbitrary metadata deletion, as well as PHP Object Injection if a suitable gadget chain is present in another plugin, as user data is passed to the maybe_unserialize() function without being first validated. 2021-12-13 4 CVE-2021-24790
MISC
cpan\ — \ The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data. 2021-12-13 4 CVE-2020-16155
MISC
MISC
cuppacms — cuppacms An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. 2021-12-14 6.5 CVE-2021-3376
MISC
cybelesoft — thinfinity_virtualui In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists. 2021-12-13 5 CVE-2021-44848
MISC
MISC
dbeaver — dbeaver dbeaver is vulnerable to Improper Restriction of XML External Entity Reference 2021-12-14 4.3 CVE-2021-3836
CONFIRM
MISC
digi — transport_dr64_firmware An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users’ passwords. 2021-12-10 4 CVE-2021-37187
MISC
MISC
digi — transport_dr64_firmware An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway. 2021-12-10 6.5 CVE-2021-37188
MISC
MISC
digi — transport_wr11_firmware An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session. 2021-12-10 5 CVE-2021-37189
MISC
MISC
digitalocean — toxcore The Onion module in toxcore before 0.2.2 doesn’t restrict which packets can be onion-routed, which allows a remote attacker to discover a target user’s IP address (when knowing only their Tox Id) by positioning themselves close to target’s Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target’s DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node. 2021-12-13 4.3 CVE-2018-25022
MISC
MISC
MISC
digitalocean — toxcore The TCP Server module in toxcore before 0.2.8 doesn’t free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system’s memory, causing a denial of service (DoS). 2021-12-13 5 CVE-2018-25021
MISC
MISC
MISC
dpsoft — parsian_bank_gateway_for_woocommerce The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via and parameter due to a var_dump() on $_POST variables found in the ~/vendor/dpsoft/parsian-payment/sample/rollback-payment.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. 2021-12-14 4.3 CVE-2021-39309
MISC
MISC
duogeek — duofaq-responsive-flat-simple-faq The duoFAQ – Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8. 2021-12-14 4.3 CVE-2021-39319
MISC
MISC
duogeek — simple_image_gallery The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6. 2021-12-14 4.3 CVE-2021-39313
MISC
MISC
f-secure — safe A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack. 2021-12-10 4.3 CVE-2021-40834
MISC
MISC
facebook — hermes A type confusion vulnerability could be triggered when resolving the “typeof” unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. 2021-12-13 6.8 CVE-2021-24045
CONFIRM
MISC
fatcatapps — pixel_cat The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks 2021-12-13 6 CVE-2021-24922
MISC
fortinet — fortios A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations. 2021-12-13 6.6 CVE-2021-36169
CONFIRM
frenify — mediamatic The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin through 2.7, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection 2021-12-13 6.5 CVE-2021-24848
MISC
genesys — workforce_management A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter. 2021-12-15 4.3 CVE-2021-26787
MISC
MISC
get_custom_field_values_project — get_custom_field_values The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata. 2021-12-13 4 CVE-2021-24872
MISC
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent. 2021-12-13 4 CVE-2021-39940
MISC
CONFIRM
MISC
gitlab — gitlab Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project’s disabled wiki. 2021-12-13 4 CVE-2021-39936
MISC
MISC
CONFIRM
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack. 2021-12-13 4 CVE-2021-39933
MISC
MISC
CONFIRM
gitlab — gitlab A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands 2021-12-13 4 CVE-2021-39938
MISC
CONFIRM
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege to a maintainer on projects they import 2021-12-13 5.5 CVE-2021-39944
MISC
MISC
CONFIRM
gitlab — gitlab A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances 2021-12-13 6.5 CVE-2021-39937
MISC
CONFIRM
gitlab — gitlab An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager 2021-12-13 4 CVE-2021-39939
CONFIRM
MISC
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes. 2021-12-13 4 CVE-2021-39932
MISC
CONFIRM
gitlab — gitlab Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user’s custom project and group templates 2021-12-13 4 CVE-2021-39930
MISC
CONFIRM
MISC
gitlab — gitlab Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. 2021-12-13 4 CVE-2021-39934
MISC
CONFIRM
MISC
gitlab — gitlab Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed. 2021-12-13 4 CVE-2021-39918
CONFIRM
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack. 2021-12-13 4 CVE-2021-39917
MISC
MISC
CONFIRM
gitlab — gitlab Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. 2021-12-13 4 CVE-2021-39916
CONFIRM
MISC
MISC
gitlab — gitlab Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project access revoked 2021-12-13 4 CVE-2021-39945
MISC
MISC
CONFIRM
gitlab — gitlab Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects 2021-12-13 5 CVE-2021-39915
CONFIRM
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API 2021-12-13 5 CVE-2021-39935
MISC
CONFIRM
MISC
gitlab — gitlab An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members 2021-12-13 5 CVE-2021-39941
MISC
MISC
CONFIRM
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature. 2021-12-13 4.3 CVE-2021-39910
CONFIRM
MISC
MISC
glfusion — glfusion glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction. 2021-12-14 6.4 CVE-2021-44935
MISC
glfusion — glfusion glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied. 2021-12-14 5 CVE-2021-44937
MISC
glfusion — glfusion glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist. 2021-12-14 4.3 CVE-2021-44948
MISC
glfusion — glfusion glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist. 2021-12-14 4.3 CVE-2021-44942
MISC
gnome — epiphany XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list. 2021-12-16 4.3 CVE-2021-45085
MISC
MISC
gnome — epiphany XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server’s suggested_filename is used as the pdf_name value in PDF.js. 2021-12-16 4.3 CVE-2021-45086
MISC
MISC
gnome — epiphany XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. 2021-12-16 4.3 CVE-2021-45087
MISC
MISC
gnome — epiphany XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. 2021-12-16 4.3 CVE-2021-45088
MISC
MISC
gnuboard — gnuboard5 gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-14 4.3 CVE-2021-3831
MISC
CONFIRM
google — android In onCreate of UsbPermissionActivity.java, there is a possible way to grant an app access to USB without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183610267 2021-12-15 4.4 CVE-2021-1016
MISC
google — android In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191981182 2021-12-15 4.6 CVE-2021-0981
MISC
google — android In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-177931370 2021-12-15 4.9 CVE-2021-0653
MISC
google — android In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675 2021-12-15 4.9 CVE-2021-0704
MISC
google — android In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-180747689 2021-12-15 4.7 CVE-2021-0931
MISC
google — android In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user’s contacts with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-195748381 2021-12-15 4.7 CVE-2021-0952
MISC
google — android In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-183411279 2021-12-15 4.7 CVE-2021-1038
MISC
google — android In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195630721 2021-12-15 4.6 CVE-2021-0922
MISC
google — android In phNxpNHal_DtaUpdate of phNxpNciHal_dta.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183487770 2021-12-15 4.6 CVE-2021-0977
MISC
google — android In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192475653 2021-12-15 4.6 CVE-2021-0984
MISC
google — android In onCreate of AllowBindAppWidgetActivity.java, there is a possible bypass of user interaction requirements due to unclear UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-184676316 2021-12-15 4.4 CVE-2021-0769
MISC
google — android In getOffsetBeforeAfter of TextLine.java, there is a possible denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193849901 2021-12-15 4.3 CVE-2021-0993
MISC
google — android In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190403923 2021-12-15 4.6 CVE-2021-0985
MISC
google — android In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-199680600 2021-12-15 4.3 CVE-2021-0976
MISC
google — android In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-188893559 2021-12-15 4.3 CVE-2021-0971
MISC
google — android In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-196858999 2021-12-15 4.6 CVE-2021-0999
MISC
google — android In onEventReceived of EventResultPersister.java, there is a possible intent redirection due to a confused deputy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191283525 2021-12-15 4.6 CVE-2021-1024
MISC
google — android In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193033243 2021-12-15 4.6 CVE-2021-1027
MISC
google — android In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel 2021-12-15 6.9 CVE-2021-0920
MISC
MLIST
google — android In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034677 2021-12-15 4.6 CVE-2021-1029
MISC
google — android In getTitle of AccessPoint.java, there is a possible unhandled exception due to a missing null check. This could lead to remote denial of service if a proximal Wi-Fi AP provides invalid information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-199922685 2021-12-15 4.3 CVE-2021-0969
MISC
google — android In snoozeNotificationInt of NotificationManagerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031703 2021-12-15 4.4 CVE-2021-1021
MISC
google — android In snoozeNotification of NotificationListenerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195111725 2021-12-15 4.4 CVE-2021-1020
MISC
google — android In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion due to a misleading user consent dialog. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031401 2021-12-15 4.4 CVE-2021-1019
MISC
google — android In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-167403112 2021-12-15 6.9 CVE-2021-0434
MISC
google — android In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034683 2021-12-15 4.6 CVE-2021-1028
MISC
google — android In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a possible Bluetooth service crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180420059 2021-12-15 5 CVE-2021-1022
MISC
google — android Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A 2021-12-15 5 CVE-2021-39646
MISC
google — android In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197868577 2021-12-15 6.8 CVE-2021-0968
MISC
google — android In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user’s consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194300867 2021-12-15 5.8 CVE-2021-0965
MISC
grafana — grafana Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text. 2021-12-10 4 CVE-2021-43813
MISC
MISC
CONFIRM
MISC
MISC
MISC
MLIST
h2database — h2 The package com.h2database:h2 from 0 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability. 2021-12-10 6.4 CVE-2021-23463
CONFIRM
CONFIRM
CONFIRM
CONFIRM
h5p-css-editor_project — h5p-css-editor The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the ~/h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. 2021-12-14 4.3 CVE-2021-39318
MISC
MISC
hashicorp — consul HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace. 2021-12-12 6.5 CVE-2021-41805
MISC
MISC
hd-network_real-time_monitoring_system_project — hd-network_real-time_monitoring_system HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter. 2021-12-15 5 CVE-2021-45043
MISC
MISC
hp — storeserv_management_console A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1. 2021-12-10 6.5 CVE-2021-29214
MISC
htaccess-redirect_project — htaccess-redirect The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the link parameter found in the ~/htaccess-redirect.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.3.1. 2021-12-14 4.3 CVE-2021-38361
MISC
MISC
huawei — cloudengine_7800_firmware There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust. 2021-12-13 5 CVE-2021-40008
MISC
huawei — ecns280_td_firmware There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure. 2021-12-13 4 CVE-2021-40007
MISC
huntflow — huntflow_enterprise An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching for the “isLdap” JavaScript parameter in the HTML source code. 2021-12-10 5 CVE-2021-37935
MISC
huntflow — huntflow_enterprise Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing. 2021-12-10 5 CVE-2021-37934
MISC
ibm — i2_analysts_notebook IBM i2 Analyst’s Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439. 2021-12-13 4.6 CVE-2021-39049
CONFIRM
XF
ibm — i2_analysts_notebook IBM i2 Analyst’s Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440. 2021-12-13 4.6 CVE-2021-39050
CONFIRM
XF
ibm — mq_for_hpe_nonstop IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404. 2021-12-14 4.4 CVE-2021-38950
CONFIRM
XF
ibm — powervm_hypervisor IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894. 2021-12-10 6.8 CVE-2021-38937
XF
CONFIRM
ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID: 214957. 2021-12-13 5 CVE-2021-39064
CONFIRM
XF
ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 214617. 2021-12-13 5 CVE-2021-39058
CONFIRM
XF
ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin Console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 214524. 2021-12-13 5 CVE-2021-39053
XF
CONFIRM
ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242. 2021-12-13 5 CVE-2021-38947
CONFIRM
XF
ibm — spectrum_protect_plus IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956. 2021-12-13 6.4 CVE-2021-39063
CONFIRM
XF
ibm — spectrum_protect_plus The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046. 2021-12-13 4.3 CVE-2020-4496
CONFIRM
XF
ibm — spectrum_protect_plus IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616. 2021-12-13 5.5 CVE-2021-39057
CONFIRM
XF
improved_include_page_project — improved_include_page The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to. 2021-12-13 4 CVE-2021-24845
MISC
jackalope_doctrine-dbal_project — jackalope_doctrine-dbal Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API (PHPCR) using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible, you can escape all places where `$property` is used to filter `sv:name` in the class `Jackalope\Transport\DoctrineDBAL\Query\QOMWalker`: `XPath::escape($property)`. Node names and xpaths can contain `”` or `;` according to the JCR specification. The jackalope component that translates the query object model into doctrine dbal queries does not properly escape the names and paths, so that a accordingly crafted node name can lead to an SQL injection. If queries are never done from user input, or if you validate the user input to not contain `;`, you are not affected. 2021-12-13 6.8 CVE-2021-43822
MISC
CONFIRM
kyma-project — kyma Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. 2021-12-14 6.5 CVE-2021-38182
MISC
MISC
likebtn — like_button_rating The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog. 2021-12-13 6 CVE-2021-24945
MISC
link-list-manager_project — link-list-manager The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the ~/llm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. 2021-12-14 4.3 CVE-2021-39311
MISC
MISC
linuxfoundation — besu Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart contracts that ask for shifts between approximately 2 billion and 4 billion bits (nonsensical but valid values for the operation) will fail to execute and hence fail to validate. In networks where vulnerable versions are mining with other clients or non-vulnerable versions this will result in a fork and the relevant transactions will not be included in the fork. In networks where vulnerable versions are not mining (such as Rinkeby) no fork will result and the validator nodes will stop accepting blocks. In networks where only vulnerable versions are mining the relevant transaction will not be included in any blocks. When the network adds a non-vulnerable version the network will act as in the first case. Besu 21.10.2 contains a patch for this issue. Besu 21.7.4 is not vulnerable and clients can roll back to that version. There is a workaround available: Once a transaction with the relevant shift operations is included in the canonical chain, the only remediation is to make sure all nodes are on non-vulnerable versions. 2021-12-13 5 CVE-2021-41272
CONFIRM
MISC
MISC
lxml — lxml lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. 2021-12-13 6.8 CVE-2021-43818
MISC
MISC
CONFIRM
MISC
lycheeorganisation — lychee Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user. 2021-12-15 4.3 CVE-2021-43675
MISC
MISC
MISC
magic-post-voice_project — magic-post-voice The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the ~/inc/admin/main.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. 2021-12-14 4.3 CVE-2021-39315
MISC
MISC
mercurius_project — mercurius Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to `/graphql` unless they are using a custom error handler. The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2. As a workaround users may use a custom error handler. 2021-12-13 5 CVE-2021-43801
MISC
CONFIRM
MISC
microsoft — hevc_video_extensions HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40452, CVE-2021-40453. 2021-12-15 6.8 CVE-2021-41360
MISC
microsoft — hevc_video_extensions HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40453, CVE-2021-41360. 2021-12-15 6.8 CVE-2021-40452
MISC
microsoft — hevc_video_extensions HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40452, CVE-2021-41360. 2021-12-15 6.8 CVE-2021-40453
MISC
mruby — mruby mruby is vulnerable to NULL Pointer Dereference 2021-12-15 5 CVE-2021-4110
CONFIRM
MISC
nodejs — node.js Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue. 2021-12-10 4.3 CVE-2021-43803
MISC
MISC
MISC
MISC
CONFIRM
openwhyd — openwhyd openwhyd is vulnerable to URL Redirection to Untrusted Site 2021-12-10 5.8 CVE-2021-3829
CONFIRM
MISC
page\/post_content_shortcode_project — page\/post_content_shortcode The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors. 2021-12-13 4 CVE-2021-24819
MISC
patrowl — patrowlmanager PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/<owner_id>/<tmp_file> In that, owner_id is predictable and tmp_file is in format of import_<ownder_id>_<time_created>, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files This vulnerability is capable of allowing unlogged in users to download all finding imports file. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds. 2021-12-14 5 CVE-2021-43828
CONFIRM
MISC
patrowl — patrowlmanager PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and potentially other forms of code injection. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds for this issue. 2021-12-14 6.5 CVE-2021-43829
CONFIRM
MISC
MISC
perl — comprehensive_perl_archive_network CPAN 2.28 allows Signature Verification Bypass. 2021-12-13 6.8 CVE-2020-16156
MISC
MISC
MISC
phoeniixx — filter_portfolio_gallery The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery (CSRF) check when deleting a Gallery, which could allow attackers to make a logged in admin delete arbitrary Gallery. 2021-12-13 4.3 CVE-2021-24795
MISC
phpservermonitor — php_server_monitor phpservermon is vulnerable to Improper Neutralization of CRLF Sequences 2021-12-12 5.8 CVE-2021-4097
MISC
CONFIRM
pimcore — pimcore pimcore is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-10 4.3 CVE-2021-4082
MISC
CONFIRM
pimcore — pimcore pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-10 4.3 CVE-2021-4084
CONFIRM
MISC
piwigo — piwigo A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location. 2021-12-14 4.3 CVE-2021-40882
MISC
pluck-cms — pluck Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password. 2021-12-10 5 CVE-2021-31745
MISC
pluck-cms — pluck Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks. 2021-12-10 5.8 CVE-2021-31747
MISC
plugins360 — all-in-one_video_gallery The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue 2021-12-13 6.5 CVE-2021-24970
MISC
profilepress — user_registration\,_login_form\,_user_profile_\&_membership The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppress_cc_data parameter before outputting it back in an attribute of an admin dashboard page, leading to a Reflected Cross-Site Scripting issue 2021-12-13 4.3 CVE-2021-24954
CONFIRM
MISC
profilepress — user_registration\,_login_form\,_user_profile_\&_membership The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not escape the data parameter of the pp_get_forms_by_builder_type AJAX action before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue 2021-12-13 4.3 CVE-2021-24955
CONFIRM
MISC
quotes_collection_project — quotes_collection The Quotes Collection WordPress plugin through 2.5.2 does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection 2021-12-13 6.5 CVE-2021-24861
MISC
registrationmagic — registrationmagic The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plugin. This affects versions equal to, and less than, 5.0.1.7. 2021-12-14 6.8 CVE-2021-4073
MISC
MISC
MISC
reprisesoftware — reprise_license_manager An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g., /goforms/menu) and saving the name of the cookie sent with the response. The attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit. 2021-12-13 5 CVE-2021-44151
MISC
MISC
reprisesoftware — reprise_license_manager An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users. 2021-12-13 5 CVE-2021-44155
MISC
MISC
reprisesoftware — reprise_license_manager An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/edit_opt, which will then be triggered when running the diagnostics (via /goform/diagnostics_doit), resulting in a buffer overflow. 2021-12-13 6.5 CVE-2021-44154
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application 2021-12-14 4.3 CVE-2021-42070
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application 2021-12-14 4.3 CVE-2021-42069
MISC
MISC
sap — 3d_visual_enterprise_viewer When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. 2021-12-14 4.3 CVE-2021-42068
MISC
MISC
sap — commerce If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized “in” clause, SAP Commerce – versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the parameterized “in” clause accepts more than 1000 values. 2021-12-14 6.8 CVE-2021-42064
MISC
MISC
sap — knowledge_warehouse A security vulnerability has been discovered in the SAP Knowledge Warehouse – versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data. 2021-12-14 4.3 CVE-2021-42063
MISC
MISC
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition. 2021-12-14 4.3 CVE-2021-44007
CONFIRM
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. 2021-12-14 4.3 CVE-2021-44004
CONFIRM
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition. 2021-12-14 4.3 CVE-2021-44003
CONFIRM
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Image.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted TIF files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15111) 2021-12-14 4.3 CVE-2021-44017
CONFIRM
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. 2021-12-14 4.3 CVE-2021-44008
CONFIRM
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. 2021-12-14 4.3 CVE-2021-44009
CONFIRM
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. 2021-12-14 4.3 CVE-2021-44010
CONFIRM
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer while parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15101) 2021-12-14 4.3 CVE-2021-44011
CONFIRM
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14974) 2021-12-14 6.8 CVE-2021-44001
CONFIRM
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15102) 2021-12-14 4.3 CVE-2021-44012
CONFIRM
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The VCRUNTIME140.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted CGM files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15109) 2021-12-14 4.3 CVE-2021-44015
CONFIRM
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058) 2021-12-14 6.8 CVE-2021-44002
CONFIRM
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process. 2021-12-14 6.8 CVE-2021-44005
CONFIRM
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process. 2021-12-14 6.8 CVE-2021-44006
CONFIRM
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15103) 2021-12-14 6.8 CVE-2021-44013
CONFIRM
siemens — jt2go A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057) 2021-12-14 6.8 CVE-2021-44014
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14845) 2021-12-14 6.8 CVE-2021-44432
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14829) 2021-12-14 6.8 CVE-2021-44430
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14907) 2021-12-14 6.8 CVE-2021-44438
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14906) 2021-12-14 6.8 CVE-2021-44437
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14902, ZDI-CAN-14866) 2021-12-14 6.8 CVE-2021-44434
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14841) 2021-12-14 4.3 CVE-2021-44431
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14905) 2021-12-14 4.3 CVE-2021-44436
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15052) 2021-12-14 4.3 CVE-2021-44444
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14843, ZDI-CAN-15051) 2021-12-14 4.3 CVE-2021-44448
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14908) 2021-12-14 6.8 CVE-2021-44439
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14903) 2021-12-14 6.8 CVE-2021-44435
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14900) 2021-12-14 6.8 CVE-2021-44433
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14995) 2021-12-14 6.8 CVE-2021-44442
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to memory corruption condition while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14912) 2021-12-14 6.8 CVE-2021-44440
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14911) 2021-12-14 6.8 CVE-2021-44447
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14913) 2021-12-14 6.8 CVE-2021-44441
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15039) 2021-12-14 6.8 CVE-2021-44443
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15054) 2021-12-14 6.8 CVE-2021-44445
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15055, ZDI-CAN-14915, ZDI-CAN-14865) 2021-12-14 6.8 CVE-2021-44450
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14828, ZDI-CAN-14898) 2021-12-14 6.8 CVE-2021-44446
CONFIRM
siemens — jt_open_toolkit A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830) 2021-12-14 6.8 CVE-2021-44449
CONFIRM
siemens — sipass_integrated A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. 2021-12-14 5 CVE-2021-44522
CONFIRM
CONFIRM
siemens — sipass_integrated A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries. 2021-12-14 6.4 CVE-2021-44523
CONFIRM
CONFIRM
siemens — teamcenter_active_workspace A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All versions < V5.2.3). The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights. 2021-12-14 6.5 CVE-2021-41547
CONFIRM
single_post_exporter_project — single_post_exporter The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL 2021-12-13 4.3 CVE-2021-24780
MISC
snipeitapp — snipe-it snipe-it is vulnerable to Improper Access Control 2021-12-10 4 CVE-2021-4089
CONFIRM
MISC
socomec — remote_view_pro_firmware An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenticated attacker can bypass a client-side file-type check and upload arbitrary .php files. 2021-12-15 6.5 CVE-2021-41870
MISC
MISC
sourcegraph — sourcegraph Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A successful attack would require an authenticated bad actor to create many Saved Searches or Code Monitors to receive confirmation that a specific string exists. This could allow an attacker to guess formatted tokens in source code, such as API keys. This issue was patched in version 3.33.2 and any future versions of Sourcegraph. We strongly encourage upgrading to secure versions. If you are unable to, you may disable Saved Searches and Code Monitors. 2021-12-13 4 CVE-2021-43823
CONFIRM
MISC
storeapps — temporary_login_without_password The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them 2021-12-13 4 CVE-2021-24836
MISC
sysaid — application_programming_interface Sysaid API User Enumeration – Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server. 2021-12-14 5 CVE-2021-36721
CERT
taogogo — taocms taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. 2021-12-14 6.4 CVE-2021-45015
MISC
trueranker — true_ranker The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file. 2021-12-14 5 CVE-2021-39312
MISC
MISC
unisys — cargo_mobile Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False. 2021-12-14 4.3 CVE-2021-43388
MISC
user_meta_shortcodes_project — user_meta_shortcodes The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes 2021-12-13 4 CVE-2021-24859
MISC
verint — workforce_optimization Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter. 2021-12-15 4.3 CVE-2021-36450
MISC
MISC
MISC
wanderlust-webdesign — woo-enviopack The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the ~/includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. 2021-12-14 4.3 CVE-2021-39314
MISC
MISC
we-con — levistudiou WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code. 2021-12-13 6.8 CVE-2021-43983
MISC
webnus — modern_events_calendar_lite The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its mec_list_load_more AJAX call (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue 2021-12-13 4.3 CVE-2021-24925
MISC
windyroad — real_wysiwyg The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHP_SELF in the ~/real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2. 2021-12-14 4.3 CVE-2021-39310
MISC
MISC
woo-myghpay-payment-gateway_project — woo-myghpay-payment-gateway The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the clientref parameter found in the ~/processresponse.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.0. 2021-12-14 4.3 CVE-2021-39308
MISC
MISC
wp_admin_logo_changer_project — wp_admin_logo_changer The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin update them via a CSRF attack. 2021-12-13 4.3 CVE-2021-24784
MISC
wp_limits_project — wp_limits The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values 2021-12-13 4.3 CVE-2021-24818
MISC
wp_system_log_project — wp_system_log The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs. 2021-12-13 4.3 CVE-2021-24756
MISC
wpcloudplugins — lets-box Insufficient Input Validation in the search functionality of WordPress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. 2021-12-13 4.3 CVE-2021-42549
CONFIRM
wpcloudplugins — out-of-the-box Insufficient Input Validation in the search functionality of WordPress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. 2021-12-13 4.3 CVE-2021-42547
CONFIRM
wpcloudplugins — share-one-drive Insufficient Input Validation in the search functionality of WordPress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. 2021-12-13 4.3 CVE-2021-42548
CONFIRM
wpcloudplugins — use-your-drive Insufficient Input Validation in the search functionality of WordPress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. 2021-12-13 4.3 CVE-2021-42546
CONFIRM
wpeden — shiny_buttons The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template (wpbtn_save_template function hooked to the init action), nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored Cross-Site Scripting issues. 2021-12-13 4.3 CVE-2021-24792
MISC
yetiforce — yetiforce_customer_relationship_management yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-14 4.3 CVE-2021-4107
CONFIRM
MISC
yetiforce — yetiforce_customer_relationship_management yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-11 4.3 CVE-2021-4092
CONFIRM
MISC
yetiforce — yetiforce_customer_relationship_management yetiforcecrm is vulnerable to Business Logic Errors 2021-12-15 4 CVE-2021-4111
CONFIRM
MISC
yetiforce — yetiforce_customer_relationship_management yetiforcecrm is vulnerable to Business Logic Errors 2021-12-15 4 CVE-2021-4117
CONFIRM
MISC
zoom — meetings The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat’s “link preview” functionality. In versions prior to 5.7.3, if a user were to enable the chat’s “link preview” feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly. 2021-12-14 4 CVE-2021-34425
MISC
zzcms — zzcms Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php. 2021-12-13 4.3 CVE-2020-19042
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abantecart — abantecart An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload. 2021-12-14 3.5 CVE-2021-42051
MISC
MISC
amd — epyc_7001_firmware A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM). 2021-12-10 3.6 CVE-2021-26340
MISC
apache — log4j It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. 2021-12-14 2.6 CVE-2021-45046
MLIST
MISC
MISC
CONFIRM
CISCO
MLIST
CONFIRM
CERT-VN
CONFIRM
DEBIAN
CONFIRM
CONFIRM
MLIST
basixonline — nex-forms The NEX-Forms WordPress plugin through 7.9.4 does not escape some of its settings and form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-12-13 3.5 CVE-2021-24705
MISC
calderaforms — caldera_forms The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-12-13 3.5 CVE-2021-24896
MISC
comment_engine_pro_project — comment_engine_pro Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role. 2021-12-10 3.5 CVE-2021-36911
CONFIRM
MISC
conva — fathom_analytics The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $site_id parameter found in the ~/fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 3.0.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. 2021-12-14 3.5 CVE-2021-41836
MISC
MISC
display_post_metadata_project — display_post_metadata The Display Post Metadata WordPress plugin before 1.5.0 adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks 2021-12-13 3.5 CVE-2021-24855
MISC
dolibarr — dolibarr A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box. 2021-12-15 3.5 CVE-2021-42220
MISC
MISC
fatcatapps — pixel_cat The Pixel Cat WordPress plugin before 2.6.3 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2021-12-13 3.5 CVE-2021-24972
MISC
flex_local_fonts_project — flex_local_fonts The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2021-12-13 3.5 CVE-2021-24782
MISC
get_custom_field_values_project — get_custom_field_values The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks 2021-12-13 3.5 CVE-2021-24871
MISC
gitlab — gitlab In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure. 2021-12-13 2.1 CVE-2021-39919
MISC
CONFIRM
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under specific condition an unauthorised project member was allowed to delete a protected branches due to a business logic error. 2021-12-13 3.5 CVE-2021-39931
MISC
CONFIRM
MISC
google — android In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190619791 2021-12-15 2.1 CVE-2021-0987
MISC
google — android In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191954233 2021-12-15 2.1 CVE-2021-0988
MISC
google — android In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180104327 2021-12-15 1.9 CVE-2021-0992
MISC
google — android In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194105812 2021-12-15 2.1 CVE-2021-0989
MISC
google — android In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-185591180 2021-12-15 2.1 CVE-2021-0990
MISC
google — android In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193801134 2021-12-15 2.1 CVE-2021-0994
MISC
google — android In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197536547 2021-12-15 2.1 CVE-2021-0995
MISC
google — android In ‘ih264e_find_bskip_params()’ of ih264e_me.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193442575 2021-12-15 2.1 CVE-2021-0998
MISC
google — android In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191086488 2021-12-15 2.1 CVE-2021-0997
MISC
google — android In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197328178 2021-12-15 1.9 CVE-2021-0973
MISC
google — android In adjustStreamVolume of AudioService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194110891 2021-12-15 2.1 CVE-2021-1018
MISC
google — android In hasNamedWallpaper of WallpaperManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193800652 2021-12-15 2.1 CVE-2021-1025
MISC
google — android In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192245204 2021-12-15 2.1 CVE-2021-0983
MISC
google — android In startRanging of RttServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194798757 2021-12-15 2.1 CVE-2021-1026
MISC
google — android In setNotificationsShownFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194697001 2021-12-15 2.1 CVE-2021-1030
MISC
google — android In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-197336441 2021-12-15 1.9 CVE-2021-0919
MISC
google — android In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192247339 2021-12-15 2.1 CVE-2021-0986
MISC
google — android In nfaHciCallback of HciEventManager.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-181346545 2021-12-15 2.7 CVE-2021-0996
MISC
google — android In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192368508 2021-12-15 2.1 CVE-2021-0982
MISC
google — android In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199754277 2021-12-15 3.3 CVE-2021-0963
MISC
google — android In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191772737 2021-12-15 2.1 CVE-2021-0979
MISC
google — android In onCreate of RequestIgnoreBatteryOptimizations.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195963373 2021-12-15 1.9 CVE-2021-1023
MISC
google — android In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192587406 2021-12-15 2.1 CVE-2021-0978
MISC
google — android In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-181588752 2021-12-15 2.7 CVE-2021-0991
MISC
google — android In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-198346478 2021-12-15 2.1 CVE-2021-0966
MISC
grafana — grafana Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. 2021-12-10 3.5 CVE-2021-43815
CONFIRM
MISC
MISC
MISC
MISC
MLIST
ibm — spectrum_copy_data_management IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 214525. 2021-12-13 3.5 CVE-2021-39054
XF
CONFIRM
ibm — spectrum_protect_backup-archive_client IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438. 2021-12-13 2.1 CVE-2021-39048
XF
CONFIRM
ibm — spectrum_protect_operations_center IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610. 2021-12-13 2.1 CVE-2021-38901
XF
CONFIRM
inspirational_quote_rotator_project — inspirational_quote_rotator The Inspirational Quote Rotator WordPress plugin through 1.0.0 does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the “Quotes list” even when the unfiltered_html capability is disallowed 2021-12-13 3.5 CVE-2021-24771
MISC
sap — business_one SAP Business One – version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application. 2021-12-14 3.5 CVE-2021-42066
MISC
MISC
sap — businessobjects_business_intelligence_platform SAP BusinessObjects Business Intelligence Platform (Web Intelligence) – version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the “Quick Prompt” workflow. 2021-12-14 3.5 CVE-2021-42061
MISC
MISC
siemens — simatic_easie_pcs_7_skill A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files. The affected file download function is disabled by default. 2021-12-14 3.5 CVE-2021-42022
CONFIRM
socomec — remote_view_pro_firmware An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper validation of input into the username field makes it possible to place a stored XSS payload. This is executed if an administrator views the System Event Log. 2021-12-15 3.5 CVE-2021-41871
MISC
MISC
sofico — miles_rich_internet_application Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting (XSS). An attacker with access to a user account of the RIA IT or the Fleet role can create a crafted work order in the damage reports section (or change existing work orders). The XSS payload is in the work order number. 2021-12-15 3.5 CVE-2021-41557
MISC
MISC
thruk — thruk Thruk 2.40-2 allows stored XSS. 2021-12-15 3.5 CVE-2021-35490
MISC
MISC
ultimate_nofollow_project — ultimate_nofollow The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks 2021-12-13 3.5 CVE-2021-24817
MISC
variation_swatches_for_woocommerce_project — variation_swatches_for_woocommerce The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability. 2021-12-14 3.5 CVE-2021-42367
MISC
MISC
yetiforce — yetiforce_customer_relationship_management yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-15 3.5 CVE-2021-4116
MISC
CONFIRM
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
N/A — N/A
 
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. 2021-12-16 not yet calculated CVE-2021-45095
MISC
MISC
addons-ssh — addons-ssh
 
** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against complex social engineering situations. 2021-12-16 not yet calculated CVE-2021-45099
MISC
MISC
ajaxsoundstudio — ajaxsoundstudio
 
Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name. 2021-12-17 not yet calculated CVE-2021-41499
MISC
alac_decoder — alac_decoder
 
In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237. 2021-12-17 not yet calculated CVE-2021-0674
MISC
anchor — cms
 
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations. 2021-12-15 not yet calculated CVE-2021-44116
MISC
anonaddy — anonaddy
 
A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. 2021-12-15 not yet calculated CVE-2021-42216
MISC
MISC
MISC
apache — log4j2
 
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3. 2021-12-18 not yet calculated CVE-2021-45105
MISC
CONFIRM
MLIST
DEBIAN
MISC
CISCO
apache — nifi
 
In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information. 2021-12-17 not yet calculated CVE-2021-44145
MISC
MLIST
apache — sling_commons_messaging_mail
 
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of “man in the middle” attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. Apache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default. – https://javaee.github.io/javamail/docs/SSLNOTES.txt – https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html – https://github.com/eclipse-ee4j/mail/issues/429 2021-12-14 not yet calculated CVE-2021-44549
MISC
apple — ios
 
GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass. 2021-12-16 not yet calculated CVE-2021-3179
MISC
MISC
MISC
apple — ios
 
An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar. 2021-12-16 not yet calculated CVE-2021-40835
MISC
MISC
apusys — apusys
 
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05670549. 2021-12-17 not yet calculated CVE-2021-0897
MISC
apusys — apusys
 
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656488. 2021-12-17 not yet calculated CVE-2021-0903
MISC
apusys — apusys
 
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656484. 2021-12-17 not yet calculated CVE-2021-0902
MISC
apusys — apusys
 
In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618. 2021-12-17 not yet calculated CVE-2021-0901
MISC
apusys — apusys
 
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672055. 2021-12-17 not yet calculated CVE-2021-0900
MISC
apusys — apusys
 
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672059. 2021-12-17 not yet calculated CVE-2021-0899
MISC
apusys — apusys
 
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672071. 2021-12-17 not yet calculated CVE-2021-0898
MISC
apusys — apusys
 
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05722511. 2021-12-17 not yet calculated CVE-2021-0678
MISC
apusys — apusys
 
In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781. 2021-12-17 not yet calculated CVE-2021-0679
MISC
apusys — apusys
 
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474. 2021-12-17 not yet calculated CVE-2021-0893
MISC
apusys — apusys
 
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672038. 2021-12-17 not yet calculated CVE-2021-0894
MISC
apusys — apusys
 
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672003. 2021-12-17 not yet calculated CVE-2021-0895
MISC
apusys — apusys
 
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05671206. 2021-12-17 not yet calculated CVE-2021-0896
MISC
atomix — atomix
 
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node. 2021-12-16 not yet calculated CVE-2020-35213
MISC
atomix — atomix
 
An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations. 2021-12-16 not yet calculated CVE-2020-35214
MISC
atomix — atomix
 
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information. 2021-12-16 not yet calculated CVE-2020-35209
MISC
atomix — atomix
 
A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages. 2021-12-16 not yet calculated CVE-2020-35210
MISC
atomix — atomix
 
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext. 2021-12-16 not yet calculated CVE-2020-35211
MISC
atomix — atomix
 
An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states. 2021-12-16 not yet calculated CVE-2020-35215
MISC
atomix — atomix
 
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages. 2021-12-16 not yet calculated CVE-2020-35216
MISC
audio_aurisys_hal — audio_aurisys_hal
 
In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326. 2021-12-17 not yet calculated CVE-2021-0673
MISC
auth0 — auth0
 
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 2021-12-16 not yet calculated CVE-2021-43812
MISC
CONFIRM
bitdefender — endpoint_security_tools
 
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272 2021-12-16 not yet calculated CVE-2021-3959
MISC
bitdefender — gravityzone
 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272 2021-12-16 not yet calculated CVE-2021-3960
MISC
bookstack — bookstack
 
bookstack is vulnerable to Improper Access Control 2021-12-15 not yet calculated CVE-2021-4119
MISC
CONFIRM
bus_pass_management_system — bus_pass_management_system In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. 2021-12-16 not yet calculated CVE-2021-44315
MISC
MISC

bus_pass_management_system — bus_pass_management_system

In Bus Pass Management System v1.0, parameters ‘pagedes’ and `About Us` are affected with a Stored Cross-site scripting vulnerability. 2021-12-16 not yet calculated CVE-2021-44317
MISC
MISC
catfish — catfish
 
Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via a Google search in url:/catfishcms/index.php/admin/Index/addmenu.htmland then the .html file on the website that uses this editor (the file suffix is allowed). 2021-12-15 not yet calculated CVE-2021-45018
MISC
catfish — catfish
 
Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as your malicious url address in the Add Menu column. 2021-12-15 not yet calculated CVE-2021-45017
MISC
cbioportal — cbioportal
 
A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json. 2021-12-16 not yet calculated CVE-2021-38244
MISC
MISC
ccu_driver — ccu_driver
 
In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827154; Issue ID: ALPS05827154. 2021-12-17 not yet calculated CVE-2021-0677
MISC
convos-chat — convos-chat
 
A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before 6.32. 2021-12-17 not yet calculated CVE-2021-42584
MISC
MISC
MISC
cvxopt — cvxopt
 
Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects. 2021-12-17 not yet calculated CVE-2021-41500
MISC
discourse — discourse
 
discourse-footnote is a library providing footnotes for posts in Discourse. ### Impact When posting an inline footnote wrapped in `<a>` tags (e.g. `<a>^[footnote]</a>`, the resulting rendered HTML would include a nested `<a>`, which is stripped by Nokogiri because it is not valid. This then caused a javascript error on topic pages because we were looking for an `<a>` element inside the footnote reference span and getting its ID, and because it did not exist we got a null reference error in javascript. Users are advised to update to version 0.2. As a workaround editing offending posts from the rails console or the database console for self-hosters, or disabling the plugin in the admin panel can mitigate this issue. 2021-12-14 not yet calculated CVE-2021-43827
MISC
CONFIRM
dojo — dojo
 
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. 2021-12-17 not yet calculated CVE-2021-23450
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
dojo — dojo
 
All versions of package http-server-node are vulnerable to Directory Traversal via use of –path-as-is. 2021-12-17 not yet calculated CVE-2021-23797
CONFIRM
elabftw — elabftw
 
eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows any authenticated user to gain access to arbitrary accounts by setting a specially crafted email address. This vulnerability impacts all instances that have not set an explicit email domain name allowlist. Note that whereas neither administrators nor targeted users are notified of a change, an attacker will need to control an account. The default settings require administrators to validate newly created accounts. The problem has been patched. Users should upgrade to at least version 4.2.0. For users unable to upgrade enabling an email domain allow list (from Sysconfig panel, Security tab) will completely resolve the issue. 2021-12-16 not yet calculated CVE-2021-43833
CONFIRM
MISC
elabftw — elabftw
 
eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the (default) local password mechanism. Users should upgrade to at least version 4.2.0. 2021-12-16 not yet calculated CVE-2021-43834
MISC
CONFIRM
fatpipe_network — fatpipe_warp_ipvpn_and_mpvpn_software
 
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005. 2021-12-15 not yet calculated CVE-2021-27859
CONFIRM
MISC
MISC
fatpipe_network — fatpipe_warp_ipvpn_and_mpvpn_software
 
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL “/fpui/jsp/index.jsp” leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004. 2021-12-15 not yet calculated CVE-2021-27858
CONFIRM
MISC
MISC
fatpipe_network — fatpipe_warp_ipvpn_and_mpvpn_software
 
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003. 2021-12-15 not yet calculated CVE-2021-27857
MISC
CONFIRM
MISC
fatpipe_network — fatpipe_warp_ipvpn_and_mpvpn_software
 
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named “cmuser” that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002. 2021-12-15 not yet calculated CVE-2021-27856
MISC
CONFIRM
MISC
fatpipe_network — fatpipe_warp_ipvpn_and_mpvpn_software
 
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001. 2021-12-15 not yet calculated CVE-2021-27855
MISC
MISC
CONFIRM
fiberhome — onu_gpon_an5506
 
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon. 2021-12-16 not yet calculated CVE-2021-42912
MISC
MISC
MISC
fortiguard — forticlientems
 
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol. 2021-12-16 not yet calculated CVE-2021-41028
CONFIRM
ftpshell — ftpshell
 
A buffer overflow vulnerability in the Virtual Path Mapping component of FTPShell v6.83 allows attackers to cause a denial of service (DoS). 2021-12-17 not yet calculated CVE-2020-18077
MISC
galette — galette
 
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with “member” privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds. 2021-12-16 not yet calculated CVE-2021-41262
MISC
CONFIRM
galette — galette
 
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been resolved in the 0.9.6 release and all users are advised to upgrade. There are no known workarounds. 2021-12-16 not yet calculated CVE-2021-41261
CONFIRM
MISC
galette — galette
 
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue. 2021-12-16 not yet calculated CVE-2021-41260
CONFIRM
MISC
geniezone_driver — geniezone_driver
 
In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009. 2021-12-17 not yet calculated CVE-2021-0676
MISC
gnu — binutils
 
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. 2021-12-15 not yet calculated CVE-2021-45078
MISC
MISC
google — android
 
In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible disclosure of freed kernel heap memory due to a use after free. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187851056References: N/A 2021-12-15 not yet calculated CVE-2021-1042
MISC
google — android
 
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel 2021-12-15 not yet calculated CVE-2021-39648
MISC
google — android
 
In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857506 2021-12-15 not yet calculated CVE-2021-1003
MISC
google — android
 
In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194533433 2021-12-15 not yet calculated CVE-2021-1002
MISC
google — android
 
In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190435883 2021-12-15 not yet calculated CVE-2021-1001
MISC
google — android
 
In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196046570References: Upstream kernel 2021-12-15 not yet calculated CVE-2021-0961
MISC
google — android
 
In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel information due to uninitialized data. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-120612905References: Upstream kernel 2021-12-15 not yet calculated CVE-2021-39636
MISC
google — android
 
In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193579873References: N/A 2021-12-15 not yet calculated CVE-2021-39637
MISC
google — android
 
In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195607566References: N/A 2021-12-15 not yet calculated CVE-2021-39638
MISC
google — android
 
In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. This could lead to local escalation of privilege with physical access to device internals with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198291476References: N/A 2021-12-15 not yet calculated CVE-2021-39639
MISC
google — android
 
In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157294279References: N/A 2021-12-15 not yet calculated CVE-2021-39640
MISC
google — android
 
Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A 2021-12-15 not yet calculated CVE-2021-39641
MISC
google — android
 
In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195731663References: N/A 2021-12-15 not yet calculated CVE-2021-39642
MISC
google — android
 
In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195573629References: N/A 2021-12-15 not yet calculated CVE-2021-39643
MISC
google — android
 
In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible reinitialization of TEE due to improper locking. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198713939References: N/A 2021-12-15 not yet calculated CVE-2021-39647
MISC
google — android
 
In regmap_exit of regmap.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049006References: N/A 2021-12-15 not yet calculated CVE-2021-39649
MISC
google — android
 
In TBD of TBD, there is a possible downgrade attack due to under utilized anti-rollback protections. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194697257References: N/A 2021-12-15 not yet calculated CVE-2021-1043
MISC
google — android
 
In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-169763055References: N/A 2021-12-15 not yet calculated CVE-2021-39650
MISC
google — android
 
In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN confirmation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193438173References: N/A 2021-12-15 not yet calculated CVE-2021-39651
MISC
google — android
 
In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194499021References: N/A 2021-12-15 not yet calculated CVE-2021-39652
MISC
google — android
 
In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193443223References: N/A 2021-12-15 not yet calculated CVE-2021-39653
MISC
google — android
 
Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A 2021-12-15 not yet calculated CVE-2021-39655
MISC
google — android
 
In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel 2021-12-15 not yet calculated CVE-2021-39656
MISC
google — android
 
In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel 2021-12-15 not yet calculated CVE-2021-39657
MISC
google — android
 
In update of km_compat.cpp, there is a possible loss of potentially sensitive data due to a logic error in the code. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200041882 2021-12-15 not yet calculated CVE-2021-0958
MISC
google — android
 
In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532 2021-12-15 not yet calculated CVE-2021-0956
MISC
google — android
 
In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-192085766 2021-12-15 not yet calculated CVE-2021-0955
MISC
google — android
 
In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-143559931 2021-12-15 not yet calculated CVE-2021-0954
MISC
google — android
 
In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278 2021-12-15 not yet calculated CVE-2021-0953
MISC
google — android
 
In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-190286685 2021-12-15 not yet calculated CVE-2021-0650
MISC
google — android
 
In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197749180 2021-12-15 not yet calculated CVE-2021-1004
MISC
google — android
 
In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530889 2021-12-15 not yet calculated CVE-2021-1005
MISC
google — android
 
In several functions of DatabaseManager.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183961974 2021-12-15 not yet calculated CVE-2021-1006
MISC
google — android
 
In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186404356 2021-12-15 not yet calculated CVE-2021-1013
MISC
google — android
 
In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195570681References: N/A 2021-12-15 not yet calculated CVE-2021-1044
MISC
google — android
 
Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A 2021-12-15 not yet calculated CVE-2021-1045
MISC
google — android
 
In (TBD) of (TBD), there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182950799References: N/A 2021-12-15 not yet calculated CVE-2021-1041
MISC
google — android
 
In valid_ipc_dram_addr of cm_access_control.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197966306References: N/A 2021-12-15 not yet calculated CVE-2021-1047
MISC
google — android
 
In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel 2021-12-15 not yet calculated CVE-2021-1048
MISC
google — android
 
In onCreate of BluetoothPairingSelectionFragment.java, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182810085 2021-12-15 not yet calculated CVE-2021-1040
MISC
google — android
 
In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182808318 2021-12-15 not yet calculated CVE-2021-1039
MISC
google — android
 
In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine whether an app is installed, without querypermissions due to a missing permission check. This could lead to localinformation disclosure with no additional execution privileges needed. Userinteraction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193441322 2021-12-15 not yet calculated CVE-2021-1034
MISC
google — android
 
In getMimeGroup of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-184745603 2021-12-15 not yet calculated CVE-2021-1032
MISC
google — android
 
In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194697004 2021-12-15 not yet calculated CVE-2021-1031
MISC
google — android
 
In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530496 2021-12-15 not yet calculated CVE-2021-1015
MISC
google — android
 
In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186776740 2021-12-15 not yet calculated CVE-2021-1014
MISC
google — android
 
In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-182583850 2021-12-15 not yet calculated CVE-2021-1017
MISC
google — android
 
In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195412179 2021-12-15 not yet calculated CVE-2021-1012
MISC
google — android
 
In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189858128 2021-12-15 not yet calculated CVE-2021-1009
MISC
google — android
 
In btu_hcif_process_event of btu_hcif.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-167759047 2021-12-15 not yet calculated CVE-2021-1007
MISC
google — android
 
In setPackageStoppedState of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-188219307 2021-12-15 not yet calculated CVE-2021-1011
MISC
google — android
 
In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197327688 2021-12-15 not yet calculated CVE-2021-1008
MISC
google — android
 
In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195609074References: N/A 2021-12-15 not yet calculated CVE-2021-1046
MISC
google — android
 
In getSigningKeySet of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857801 2021-12-15 not yet calculated CVE-2021-1010
MISC
gradio — gradio
 
Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access any files on the host computer if they know the file names or file paths. This is limited only by the host operating system. Paths are opened in read only mode. The problem has been patched in gradio 2.5.0. 2021-12-15 not yet calculated CVE-2021-43831
MISC
CONFIRM
hashicorp — vault_and_vault_enterprise
 
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0. 2021-12-17 not yet calculated CVE-2021-45042
MISC
MISC
hillrom — welch_allyn_cardio_products
 
The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges. 2021-12-15 not yet calculated CVE-2021-43935
MISC
htcondor — htcondor
 
An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow. 2021-12-16 not yet calculated CVE-2021-45102
MISC
htcondor — htcondor
 
An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users’ jobs and/or read their data. 2021-12-16 not yet calculated CVE-2021-45101
MISC
ibm — bmc_firmware
 
BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267. 2021-12-15 not yet calculated CVE-2021-29847
CONFIRM
XF
ibm — business_automation_workflow
 
IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209165. 2021-12-17 not yet calculated CVE-2021-38883
CONFIRM
XF
irfanview — irfanview
 
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ReadXPM_W+0x0000000000000531. 2021-12-15 not yet calculated CVE-2020-23545
MISC
MISC
MISC
ivanti — workspace_control
 
Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity. 2021-12-15 not yet calculated CVE-2019-19138
MISC
MISC
jflyfox — jfinal_cms
 
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service. 2021-12-16 not yet calculated CVE-2021-37262
MISC
jsx-slack — jsx-slack
 
jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `<blockquote>` tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters. Users are advised to upgrade as soon as possible. 2021-12-17 not yet calculated CVE-2021-43838
MISC
CONFIRM
knime — knime
 
KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator’s password in a file without appropriate file access controls, allowing all local users to read its content. 2021-12-16 not yet calculated CVE-2021-45097
MISC
knime — knime
 
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. 2021-12-16 not yet calculated CVE-2021-45096
MISC
MISC
MISC
ksmbd — ksmbd
 
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption. 2021-12-16 not yet calculated CVE-2021-45100
MISC
MISC
MISC
laravel-filemanager — laravel-filemanager
 
This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: – Install a package with a web Laravel application. – Navigate to the Upload window – Upload an image file, then capture the request – Edit the request contents with a malicious file (webshell) – Enter the path of file uploaded on URL – Remote Code Execution **Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories). 2021-12-17 not yet calculated CVE-2021-23814
CONFIRM
CONFIRM
lattelatte — lattelatte
 
This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions. 2021-12-17 not yet calculated CVE-2021-23803
CONFIRM
CONFIRM
CONFIRM
limesurvey — limesurvey
 
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI. 2021-12-14 not yet calculated CVE-2018-10228
MISC
listary — listary
 
An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim’s token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds). 2021-12-14 not yet calculated CVE-2021-41065
MISC
MISC
listary — listary
 
An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will not ask for permissions again if a user tries to access files on the system from Listary itself (it will bypass UAC protection; there is no privilege validation of the current user that runs via Listary). 2021-12-14 not yet calculated CVE-2021-41066
MISC
MISC
livehelperchat — livehelperchat
 
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-18 not yet calculated CVE-2021-4131
CONFIRM
MISC
livehelperchat — livehelperchat
 
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-16 not yet calculated CVE-2021-4123
MISC
CONFIRM
livehelperchat — livehelperchat
 
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-17 not yet calculated CVE-2021-4132
CONFIRM
MISC
logback — logback
 
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. 2021-12-16 not yet calculated CVE-2021-42550
MISC
MISC
CONFIRM
matrix — libolm
 
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver’s session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web. 2021-12-14 not yet calculated CVE-2021-44538
MISC
MISC
mattermost — mattermost
 
Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post. 2021-12-17 not yet calculated CVE-2021-37863
MISC
MISC
mattermost — mattermost
 
Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token. 2021-12-17 not yet calculated CVE-2021-37862
MISC
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn’t have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead. 2021-12-17 not yet calculated CVE-2021-44857
CONFIRM
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents. 2021-12-17 not yet calculated CVE-2021-45038
CONFIRM
MISC
meetecho — janus-gateway
 
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-16 not yet calculated CVE-2021-4124
CONFIRM
MISC
message_bus — message_bus
 
message_bus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled (default off) are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user were to gain access to the diagnostic route. The impact is also greater if there is no proxy for your web application as the number of steps up the directories is not bounded. For deployments which uses a proxy, the impact varies. For example, If a request goes through a proxy like Nginx with `merge_slashes` enabled, the number of steps up the directories that can be read is limited to 3 levels. This issue has been patched in version 3.3.7. Users unable to upgrade should ensure that MessageBus::Diagnostics is disabled. 2021-12-17 not yet calculated CVE-2021-43840
CONFIRM
MISC
microsoft — 4k_wireless_display_adapter
 
Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43899
MISC
microsoft — appx
 
Windows AppX Installer Spoofing Vulnerability 2021-12-15 not yet calculated CVE-2021-43890
MISC
microsoft — asp.net_core_and_visual_studio
 
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43877
MISC
microsoft — biztalk_esb_toolkit
 
Microsoft BizTalk ESB Toolkit Spoofing Vulnerability 2021-12-15 not yet calculated CVE-2021-43892
MISC
microsoft — bot_framework_sdk
 
Bot Framework SDK Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43225
MISC
microsoft — defender
 
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882. 2021-12-15 not yet calculated CVE-2021-43889
MISC
microsoft — defender
 
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. 2021-12-15 not yet calculated CVE-2021-42311
MISC
microsoft — defender
 
Microsoft Defender for IoT Information Disclosure Vulnerability 2021-12-15 not yet calculated CVE-2021-43888
MISC
microsoft — defender
 
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. 2021-12-15 not yet calculated CVE-2021-41365
MISC
microsoft — defender
 
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43889. 2021-12-15 not yet calculated CVE-2021-43882
MISC
microsoft — defender
 
Microsoft Defender for IOT Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-42312
MISC
microsoft — defender
 
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. 2021-12-15 not yet calculated CVE-2021-42310
MISC
microsoft — defender
 
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. 2021-12-15 not yet calculated CVE-2021-42313
MISC
microsoft — defender
 
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. 2021-12-15 not yet calculated CVE-2021-42314
MISC
microsoft — defender
 
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-43882, CVE-2021-43889. 2021-12-15 not yet calculated CVE-2021-42315
MISC
microsoft — excel
 
Microsoft Excel Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43256
MISC
microsoft — jet_red_database_engine_and_access_connectivity_engine
 
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-42293
MISC
microsoft — nfts
 
NTFS Set Short Name Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43240
MISC
microsoft — office
 
Visual Basic for Applications Information Disclosure Vulnerability 2021-12-15 not yet calculated CVE-2021-42295
MISC
microsoft — office
 
Microsoft Office Trust Center Spoofing Vulnerability 2021-12-15 not yet calculated CVE-2021-43255
MISC
microsoft — office
 
Microsoft Office Graphics Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43875
MISC
microsoft — office
 
Microsoft Office app Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43905
MISC
microsoft — powershell
 
Microsoft PowerShell Spoofing Vulnerability 2021-12-15 not yet calculated CVE-2021-43896
MISC
microsoft — sharepoint
 
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42309. 2021-12-15 not yet calculated CVE-2021-42294
MISC
microsoft — sharepoint
 
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42294. 2021-12-15 not yet calculated CVE-2021-42309
MISC
microsoft — sharepoint
 
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242. 2021-12-15 not yet calculated CVE-2021-42320
MISC
microsoft — sharepoint_server
 
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42320. 2021-12-15 not yet calculated CVE-2021-43242
MISC
microsoft — storage_spaces_controller
 
Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43235. 2021-12-15 not yet calculated CVE-2021-43227
MISC
microsoft — visual_studio
 
Visual Studio Code Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43891
MISC
microsoft — visual_studio
 
Visual Studio Code WSL Extension Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43907
MISC
microsoft — visual_studio
 
Visual Studio Code Spoofing Vulnerability 2021-12-15 not yet calculated CVE-2021-43908
MISC
microsoft — vp9_video_extensions
 
VP9 Video Extensions Information Disclosure Vulnerability 2021-12-15 not yet calculated CVE-2021-43243
MISC
microsoft — windows Remote Desktop Client Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43233
MISC
microsoft — windows
 
Windows Kernel Information Disclosure Vulnerability 2021-12-15 not yet calculated CVE-2021-43244
MISC
microsoft — windows
 
Windows TCP/IP Driver Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43247
MISC
microsoft — windows
 
Windows Installer Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43883
MISC
microsoft — windows
 
Windows Recovery Environment Agent Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43239
MISC
microsoft — windows
 
Windows Remote Access Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43238
MISC
microsoft — windows
 
Windows Setup Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43237
MISC
microsoft — windows
 
Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43222. 2021-12-15 not yet calculated CVE-2021-43236
MISC
microsoft — windows
 
Windows Fax Service Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43234
MISC
microsoft — windows
 
Windows Event Tracing Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43232
MISC
microsoft — windows
 
Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43230. 2021-12-15 not yet calculated CVE-2021-43231
MISC
microsoft — windows
 
Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43231. 2021-12-15 not yet calculated CVE-2021-43230
MISC
microsoft — windows
 
A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the “keybase git lfs-config” command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user’s Git repository could leverage this vulnerability to potentially execute arbitrary Windows commands on a user’s local system. 2021-12-14 not yet calculated CVE-2021-34426
MISC
microsoft — windows
 
Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43230, CVE-2021-43231. 2021-12-15 not yet calculated CVE-2021-43229
MISC
microsoft — windows
 
SymCrypt Denial of Service Vulnerability 2021-12-15 not yet calculated CVE-2021-43228
MISC
microsoft — windows
 
Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43207. 2021-12-15 not yet calculated CVE-2021-43226
MISC
microsoft — windows
 
Windows Common Log File System Driver Information Disclosure Vulnerability 2021-12-15 not yet calculated CVE-2021-43224
MISC
microsoft — windows
 
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43223
MISC
microsoft — windows
 
Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43236. 2021-12-15 not yet calculated CVE-2021-43222
MISC
microsoft — windows
 
DirectX Graphics Kernel File Denial of Service Vulnerability 2021-12-15 not yet calculated CVE-2021-43219
MISC
microsoft — windows
 
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43217
MISC
microsoft — windows
 
Windows Media Center Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-40441
MISC
microsoft — windows
 
Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability 2021-12-15 not yet calculated CVE-2021-43216
MISC
microsoft — windows
 
iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution 2021-12-15 not yet calculated CVE-2021-43215
MISC
microsoft — windows
 
Web Media Extensions Remote Code Execution Vulnerability 2021-12-15 not yet calculated CVE-2021-43214
MISC
microsoft — windows
 
Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43226. 2021-12-15 not yet calculated CVE-2021-43207
MISC
microsoft — windows
 
Windows Print Spooler Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-41333
MISC
microsoft — windows_device_management
 
Windows Mobile Device Management Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43880
MISC
microsoft — windows_digital_media_receiver
 
Windows Digital Media Receiver Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43248
MISC
microsoft — windows_digital_tv_tuner
 
Windows Digital TV Tuner Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43245
MISC
microsoft — windows_encrypting_file_system
 
Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability 2021-12-15 not yet calculated CVE-2021-43893
MISC
microsoft — windows_hyper-v
 
Windows Hyper-V Denial of Service Vulnerability 2021-12-15 not yet calculated CVE-2021-43246
MISC
mitsubishi_electric — gx_works2
 
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file. 2021-12-17 not yet calculated CVE-2021-20608
MISC
MISC
MISC
mitsubishi_electric — gx_works2_melsoft_navigator_and_ezsocket
 
Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, MELSOFT Navigator all versions and EZSocket all versions allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker. 2021-12-17 not yet calculated CVE-2021-20606
MISC
MISC
MISC
mitsubishi_electric — gx_works2_melsoft_navigator_and_ezsocket
 
Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, MELSOFT Navigator all versions and EZSocket all versions allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker. 2021-12-17 not yet calculated CVE-2021-20607
MISC
MISC
MISC
mongodb — mongodb_servier
 
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server v4.4 versions prior to 4.4.6. 2021-12-15 not yet calculated CVE-2021-20330
MISC
motorola_solutions — avigilon_devices
 
Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180. 2021-12-15 not yet calculated CVE-2021-38701
CONFIRM
MISC
numpy — numpy
 
Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. 2021-12-17 not yet calculated CVE-2021-41495
MISC
numpy — numpy
 
Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. 2021-12-17 not yet calculated CVE-2021-41496
MISC
numpy — numpy
 
Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects. 2021-12-17 not yet calculated CVE-2021-34141
MISC
numpy — numpy
 
A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. 2021-12-17 not yet calculated CVE-2021-33430
MISC
opencast — opencast
 
Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE requests. This bypasses restrictions otherwise put on these types of requests and aids in cross-site request forgery (CSRF) attacks, which would otherwise not be possible. The vulnerability allows attackers to craft links or forms which may change the server state. This issue is fixed in Opencast 9.10 and 10.0. You can mitigate the problem by setting the `SameSite=Strict` attribute for your cookies. If this is a viable option for you depends on your integrations. We strongly recommend updating in any case. 2021-12-14 not yet calculated CVE-2021-43807
CONFIRM
MISC
MISC
opencast — opencast
 
Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast’s host machines and making them available via the web interface. Before Opencast 9.10 and 10.6, Opencast would open and include local files during ingests. Attackers could exploit this to include most local files the process has read access to, extracting secrets from the host machine. An attacker would need to have the privileges required to add new media to exploit this. But these are often widely given. The issue has been fixed in Opencast 10.6 and 11.0. You can mitigate this issue by narrowing down the read access Opencast has to files on the file system using UNIX permissions or mandatory access control systems like SELinux. This cannot prevent access to files Opencast needs to read though and we highly recommend updating. 2021-12-14 not yet calculated CVE-2021-43821
CONFIRM
MISC
MISC
MISC
openemr — openemr
 
An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI. 2021-12-17 not yet calculated CVE-2021-41843
MISC
MISC
MISC
FULLDISC
openssl — libssl
 
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). 2021-12-14 not yet calculated CVE-2021-4044
CONFIRM
CONFIRM
opf — openproject
 
OpenProject is a web-based project management software. OpenProject versions >= 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the “Edit budgets” permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in the `reassign_to_id` parameter. The vulnerability has been fixed in version 12.0.4. Versions prior to 12.0.0 are not affected. If you’re upgrading from an older version, ensure you are upgrading to at least version 12.0.4. If you are unable to upgrade in a timely fashion, the following patch can be applied: https://github.com/opf/openproject/pull/9983.patch 2021-12-14 not yet calculated CVE-2021-43830
MISC
MISC
MISC
CONFIRM
owncast — owncast
 
Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-src is required to be set to blob for the video player. 2021-12-14 not yet calculated CVE-2021-39183
CONFIRM
parallels — remote_application_server
 
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password. 2021-12-17 not yet calculated CVE-2020-8968
CONFIRM
peopledoc– vault-cli
 
vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix `!template!`, vault-cli interprets the rest of the contents of the secret as a Jinja2 template. Jinja2 is a powerful templating engine and is not designed to safely render arbitrary templates. An attacker controlling a jinja2 template rendered on a machine can trigger arbitrary code, making this a Remote Code Execution (RCE) risk. If the content of the vault can be completely trusted, then this is not a problem. Otherwise, if your threat model includes cases where an attacker can manipulate a secret value read from the vault using vault-cli, then this vulnerability may impact you. In 3.0.0, the code related to interpreting vault templated secrets has been removed entirely. Users are advised to upgrade as soon as possible. For users unable to upgrade a workaround does exist. Using the environment variable `VAULT_CLI_RENDER=false` or the flag `–no-render` (placed between `vault-cli` and the subcommand, e.g. `vault-cli –no-render get-all`) or adding `render: false` to the vault-cli configuration yaml file disables rendering and removes the vulnerability. Using the python library, you can use: `vault_cli.get_client(render=False)` when creating your client to get a client that will not render templated secrets and thus operates securely. 2021-12-16 not yet calculated CVE-2021-43837
MISC
MISC
CONFIRM
phpgurukul — phpgurukul
 
Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary account. 2021-12-16 not yet calculated CVE-2021-26800
MISC
MISC
pyo_&it — pyo_&it
 
Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name. 2021-12-17 not yet calculated CVE-2021-41498
MISC
rapid7 — insight_agent
 
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at “C:\DLLs\python3.dll,” which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent’s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629. 2021-12-14 not yet calculated CVE-2021-4007
MISC
CONFIRM
rare-technologies — bounter Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash bucket. 2021-12-17 not yet calculated CVE-2021-41497
MISC
rizinorg — rizin
 
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade. 2021-12-13 not yet calculated CVE-2021-43814
MISC
CONFIRM
MISC
sap — grc_access_control
 
SAP GRC Access Control – versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges. 2021-12-14 not yet calculated CVE-2021-44233
MISC
MISC
sap — saf-t_framework_transaction_saftn_g
 
SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server. 2021-12-14 not yet calculated CVE-2021-44232
MISC
MISC
seafile — seafile
 
Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn’t check whether it’s associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue. 2021-12-14 not yet calculated CVE-2021-43820
CONFIRM
MISC
securitashome — home_alarm_system
 
An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. This lets an adversary, among other things, disarm an armed system. 2021-12-15 not yet calculated CVE-2021-40170
MISC
CONFIRM
securitashome — home_alarm_system
 
The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system. 2021-12-15 not yet calculated CVE-2021-40171
MISC
MISC
semcms — semcms
 
A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account’s password. 2021-12-17 not yet calculated CVE-2020-18078
MISC
semcms — semcms
 
The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query. 2021-12-17 not yet calculated CVE-2020-18081
MISC
sick — sopas_et
 
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable. 2021-12-17 not yet calculated CVE-2021-32499
MISC
sick — sopas_et
 
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator 2021-12-17 not yet calculated CVE-2021-32498
MISC
sick — sopas_et
 
SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks. 2021-12-17 not yet calculated CVE-2021-32497
MISC
siemens — modelsim_simulation_and_questa_simulation
 
A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property (IP) data in accordance with the IEEE 1735 recommended practice. This could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE 1735 recommended practice. 2021-12-14 not yet calculated CVE-2021-42023
CONFIRM
siemens — simcenter_star-ccm+_viewer
 
A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < 2021.3.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. 2021-12-14 not yet calculated CVE-2021-42024
CONFIRM
siemens — sinumerik_edge
 
A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server. 2021-12-14 not yet calculated CVE-2021-42027
CONFIRM
snipe-it — snipe-it
 
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) 2021-12-18 not yet calculated CVE-2021-4130
CONFIRM
MISC
snipe-it — snipe-it
 
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-14 not yet calculated CVE-2021-4108
MISC
CONFIRM
sourcecodester_vehice_service_management_system — sourcecodester_vehice_service_management_system
 
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Owner fullname parameter in a Send Service Request in vehicle_service. 2021-12-16 not yet calculated CVE-2021-41962
MISC
stackstorm — stackstorm
 
In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to backwards compatibility. Stackstorm now sets sandboxed mode for jinja by default. 2021-12-15 not yet calculated CVE-2021-44657
MISC
MISC
MISC
MISC
sulu — sulu
 
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language. 2021-12-15 not yet calculated CVE-2021-43836
CONFIRM
MISC
sulu — sulu
 
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually. 2021-12-15 not yet calculated CVE-2021-43835
CONFIRM
MISC
suricata — suricata
 
An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it’s possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client’s request. These packets will not trigger a Suricata reject action. 2021-12-16 not yet calculated CVE-2021-45098
MISC
MISC
MISC
MISC
suse — longhorn
 
A Improper Access Control vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3. 2021-12-17 not yet calculated CVE-2021-36779
CONFIRM
CONFIRM
suse — longhorn
 
A Improper Access Control vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3v. 2021-12-17 not yet calculated CVE-2021-36780
CONFIRM
CONFIRM
tcman_gim — tcman_gim
 
TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information. 2021-12-17 not yet calculated CVE-2021-40851
CONFIRM
tcman_gim — tcman_gim
 
TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information. 2021-12-17 not yet calculated CVE-2021-40853
CONFIRM
tcman_gim — tcman_gim
 
TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx. 2021-12-17 not yet calculated CVE-2021-40850
CONFIRM
tcman_gim — tcman_gim
 
TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information. 2021-12-17 not yet calculated CVE-2021-40852
CONFIRM
teeworlds — teeworlds
 
Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client’s stack causing denial of service or code execution. 2021-12-15 not yet calculated CVE-2021-43518
MISC
MISC
thinfinity — virtualui
 
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. 2021-12-16 not yet calculated CVE-2021-45092
MISC
thinkphp5 — thinkphp5
 
SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php. 2021-12-15 not yet calculated CVE-2021-44350
MISC
tibco_software_inc — spotfire_server
 
The Spotfire Server component of TIBCO Software Inc.’s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Server: versions 10.10.6 and below, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, and TIBCO Spotfire Server: versions 11.5.0 and 11.6.0. 2021-12-14 not yet calculated CVE-2021-43051
CONFIRM
CONFIRM
tp-link — tp-link
 
An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before V1_211117 could allow an attacker to send a specially crafted HTTP/0.9 packet that could cause a cache poisoning attack. 2021-12-17 not yet calculated CVE-2021-41451
MISC
MISC
MISC
trend_micro — maximum_security
 
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service. 2021-12-16 not yet calculated CVE-2021-44023
MISC
MISC
tuleap — tuleap
 
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with read access to a CVS repository could execute arbitrary SQL queries. Tuleap instances without an active CVS repositories are not impacted. The following versions contain the fix: Tuleap Community Edition 13.2.99.155, Tuleap Enterprise Edition 13.1-7, and Tuleap Enterprise Edition 13.2-6. 2021-12-15 not yet calculated CVE-2021-43806
CONFIRM
MISC
MISC
MISC
tuleap — tuleap
 
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. The following versions contain the fix: Tuleap Community Edition 13.2.99.83, Tuleap Enterprise Edition 13.1-6, and Tuleap Enterprise Edition 13.2-4. 2021-12-15 not yet calculated CVE-2021-43782
MISC
CONFIRM
MISC
MISC
MISC
tuleap — tuleap
 
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. This issue has been patched in Tuleap Community Edition 13.2.99.31, Tuleap Enterprise Edition 13.1-5, and Tuleap Enterprise Edition 13.2-3. 2021-12-15 not yet calculated CVE-2021-41276
CONFIRM
MISC
MISC
MISC
uipath_app_studio — uipath_app_studio
 
An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization. 2021-12-14 not yet calculated CVE-2021-44043
MISC
MISC
uipath_assistant — uipath_assistant
 
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the –dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim’s machine or capture NTLM credentials by supplying a networked or WebDAV file path. 2021-12-14 not yet calculated CVE-2021-44041
MISC
MISC
uipath_assistant — uipath_assistant
 
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the –process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the injected content does not match an existing process). A determined attacker could leverage this to execute JavaScript in the context of the Electron application. 2021-12-14 not yet calculated CVE-2021-44042
MISC
MISC
vaultcli — vaultcli
 
Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43227. 2021-12-15 not yet calculated CVE-2021-43235
MISC
vmware — workspace_one_uem_console
 
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. 2021-12-17 not yet calculated CVE-2021-22054
MISC

wechat-php-sdk — wechat-php-sdk

Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php. 2021-12-17 not yet calculated CVE-2021-43678
MISC
MISC
wolters_kluwer — teammate_am
 
Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files. 2021-12-17 not yet calculated CVE-2021-44035
MISC
MISC
wordpress — wordpress
 
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin. 2021-12-15 not yet calculated CVE-2021-36888
CONFIRM
CONFIRM
xorg — xserver
 
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-12-17 not yet calculated CVE-2021-4009
MISC
MISC
FEDORA
FEDORA
xorg — xserver
 
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-12-17 not yet calculated CVE-2021-4010
MISC
MISC
FEDORA
FEDORA
xorg — xserver
 
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-12-17 not yet calculated CVE-2021-4008
MISC
MISC
FEDORA
FEDORA
xorg — xserver
 
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-12-17 not yet calculated CVE-2021-4011
MISC
MISC
FEDORA
FEDORA
yetiforcecrm — yetiforcecrm
 
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2021-12-16 not yet calculated CVE-2021-4121
MISC
CONFIRM
zimbra — zimbra_collaboration
 
An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. 2021-12-15 not yet calculated CVE-2020-18985
MISC
zimbra — zimbra_collaboration
 
A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection. 2021-12-15 not yet calculated CVE-2020-18984
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.