by Scott Muniz | Nov 1, 2021 | Security, Technology
This article is contributed. See the original author and article here.
| advantech — webaccess/nms |
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS. |
2021-10-27 |
5 |
CVE-2021-32951
MISC |
| air_sender_project — air_sender |
Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file. |
2021-10-22 |
6.5 |
CVE-2020-23043
MISC |
| anaconda — dask |
An issue was discovered in Dask (aka python-dask) through 2021.09.1. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution. |
2021-10-26 |
6.8 |
CVE-2021-42343
MISC |
| aplixio — pdf_shapingup |
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file. |
2021-10-22 |
6.8 |
CVE-2020-28969
MISC |
| atlassian — jira |
Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1. |
2021-10-26 |
4 |
CVE-2021-41308
MISC |
| atlassian — jira |
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12.. |
2021-10-26 |
5 |
CVE-2021-41305
MISC |
| atlassian — jira |
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. |
2021-10-26 |
5 |
CVE-2021-41306
MISC |
| atlassian — jira |
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. |
2021-10-26 |
5 |
CVE-2021-41307
MISC |
| atlassian — jira |
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.1. |
2021-10-26 |
4.3 |
CVE-2021-41304
MISC |
| automatedlogic — webctrl |
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization. |
2021-10-22 |
4.3 |
CVE-2021-31682
MISC
MISC
MISC |
| auvesy — versiondog |
Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. An attacker can manipulate API functions by writing arbitrary data into the resolved address of a raw pointer. |
2021-10-22 |
5 |
CVE-2021-38479
CONFIRM |
| auvesy — versiondog |
A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control what memory regions will be freed and cause use-after-free condition. |
2021-10-22 |
5.5 |
CVE-2021-38467
CONFIRM |
| auvesy — versiondog |
The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions. |
2021-10-22 |
5.5 |
CVE-2021-38463
CONFIRM |
| auvesy — versiondog |
There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files. |
2021-10-22 |
6.4 |
CVE-2021-38471
CONFIRM |
| auvesy — versiondog |
The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries. |
2021-10-22 |
6.4 |
CVE-2021-38461
CONFIRM |
| auvesy — versiondog |
Some API functions allow interaction with the registry, which includes reading values as well as data modification. |
2021-10-22 |
6.4 |
CVE-2021-38453
CONFIRM |
| auvesy — versiondog |
There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files. |
2021-10-22 |
6.4 |
CVE-2021-38477
CONFIRM |
| auvesy — versiondog |
The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow. |
2021-10-22 |
6.5 |
CVE-2021-38473
CONFIRM |
| auvesy — versiondog |
The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the value. |
2021-10-22 |
4 |
CVE-2021-38455
CONFIRM |
| auvesy — versiondog |
The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable. |
2021-10-22 |
4 |
CVE-2021-38465
CONFIRM |
| auvesy — versiondog |
Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the affected product’s binaries, thus hijacking the loaded DLL. |
2021-10-22 |
4.3 |
CVE-2021-38469
CONFIRM |
| bqe — billquick_web_suite |
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell. |
2021-10-22 |
6.8 |
CVE-2021-42258
MISC |
| cisco — adaptive_security_appliance |
Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming. |
2021-10-27 |
5 |
CVE-2021-34790
CISCO |
| cisco — adaptive_security_appliance |
A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices configured to use object group search. An attacker could exploit this vulnerability by sending a specially crafted network request to an affected device. A successful exploit could allow the attacker to bypass access control list (ACL) rules on the device, bypass security protections, and send network traffic to unauthorized hosts. |
2021-10-27 |
4.3 |
CVE-2021-34787
CISCO |
| cisco — adaptive_security_appliance |
Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming. |
2021-10-27 |
5 |
CVE-2021-34791
CISCO |
| cisco — adaptive_security_appliance |
A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in transparent mode could allow an unauthenticated, remote attacker to poison MAC address tables, resulting in a denial of service (DoS) vulnerability. This vulnerability is due to incorrect handling of certain TCP segments when the affected device is operating in transparent mode. An attacker could exploit this vulnerability by sending a crafted TCP segment through an affected device. A successful exploit could allow the attacker to poison the MAC address tables in adjacent devices, resulting in network disruption. |
2021-10-27 |
5 |
CVE-2021-34793
CISCO |
| cisco — adaptive_security_appliance |
A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A successful exploit could allow the attacker to send an SNMP query to an affected device and retrieve information from the device. The attacker would need valid credentials to perform the SNMP query. |
2021-10-27 |
5 |
CVE-2021-34794
CISCO |
| cisco — adaptive_security_appliance |
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. This vulnerability is due to improper control of a resource. An attacker with the ability to spoof a trusted IKEv2 site-to-site VPN peer and in possession of valid IKEv2 credentials for that peer could exploit this vulnerability by sending malformed, authenticated IKEv2 messages to an affected device. A successful exploit could allow the attacker to trigger a reload of the device. |
2021-10-27 |
6.3 |
CVE-2021-40125
CISCO |
| cisco — firepower_management_center |
Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet. |
2021-10-27 |
5 |
CVE-2021-34754
CISCO |
| cisco — firepower_management_center_virtual_appliance |
A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges. |
2021-10-27 |
6.6 |
CVE-2021-34761
CISCO |
| cisco — firepower_management_center_virtual_appliance |
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory. |
2021-10-27 |
5.8 |
CVE-2021-34764
CISCO |
| cisco — firepower_management_center_virtual_appliance |
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device. |
2021-10-27 |
5.5 |
CVE-2021-34762
CISCO |
| cloudfoundry — capi-release |
Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query. |
2021-10-27 |
5 |
CVE-2021-22101
MISC |
| codesys — codesys |
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. |
2021-10-26 |
5 |
CVE-2021-34586
CONFIRM
MISC |
| codesys — codesys |
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation. |
2021-10-26 |
5 |
CVE-2021-34585
CONFIRM
MISC |
| codesys — codesys |
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. |
2021-10-26 |
5 |
CVE-2021-34583
CONFIRM
MISC |
| codesys — codesys |
Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. |
2021-10-26 |
6.4 |
CVE-2021-34584
CONFIRM
MISC |
| codesys — plcwinnt |
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. |
2021-10-26 |
5.5 |
CVE-2021-34595
CONFIRM |
| codesys — plcwinnt |
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC. |
2021-10-26 |
5 |
CVE-2021-34593
CONFIRM
FULLDISC |
| codesys — plcwinnt |
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. |
2021-10-26 |
4 |
CVE-2021-34596
CONFIRM |
| csdn — csdn_app |
Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive information such as user cookies. |
2021-10-22 |
4.3 |
CVE-2021-41747
MISC
MISC |
| customer_relationship_management_system_project — customer_relationship_management_system |
A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. . |
2021-10-27 |
6.5 |
CVE-2021-37221
MISC |
| d-link — dap-2020_firmware |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13271. |
2021-10-25 |
5.8 |
CVE-2021-34863
N/A
N/A |
| d-link — dap-2020_firmware |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13270. |
2021-10-25 |
5.8 |
CVE-2021-34862
N/A
N/A |
| d-link — dap-2020_firmware |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12104. |
2021-10-25 |
5.8 |
CVE-2021-34861
N/A
N/A |
| dedecms — dedecms |
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet’ parameters. |
2021-10-22 |
4.3 |
CVE-2020-36497
MISC |
| dedecms — dedecms |
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet’ parameters. |
2021-10-22 |
4.3 |
CVE-2020-23046
MISC |
| dedecms — dedecms |
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet’ parameters. |
2021-10-22 |
4.3 |
CVE-2020-36494
MISC |
| dedecms — dedecms |
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet’ parameters. |
2021-10-22 |
4.3 |
CVE-2020-36495
MISC |
| dedecms — dedecms |
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet’ parameters. |
2021-10-22 |
4.3 |
CVE-2020-36496
MISC |
| dropouts — air_share |
Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request. |
2021-10-22 |
4.3 |
CVE-2020-23041
MISC |
| dropouts — super_backup |
Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request. |
2021-10-22 |
4.3 |
CVE-2020-23042
MISC |
| dropouts — super_backup |
Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command. |
2021-10-22 |
5 |
CVE-2020-23061
MISC |
| elabftw — elabftw |
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing brute force login protection, as recommended by Owasp with Device Cookies. This mechanism will not impact users and will effectively thwart any brute-force attempts at guessing passwords. The only correct way to address this is to upgrade to version 4.1.0. Adding rate limitation upstream of the eLabFTW service is of course a valid option, with or without upgrading. |
2021-10-22 |
4 |
CVE-2021-41171
CONFIRM
MISC
MISC
MISC
MISC |
| emerson — wireless_1410_gateway_firmware |
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. |
2021-10-22 |
4 |
CVE-2021-42536
CONFIRM |
| emerson — wireless_1410_gateway_firmware |
The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure. |
2021-10-22 |
6.5 |
CVE-2021-42542
CONFIRM |
| emerson — wireless_1410_gateway_firmware |
The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality. |
2021-10-22 |
6.5 |
CVE-2021-42540
CONFIRM |
| emerson — wireless_1410_gateway_firmware |
The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk. |
2021-10-22 |
6.5 |
CVE-2021-38485
CONFIRM |
| emerson — wireless_1410_gateway_firmware |
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input. |
2021-10-22 |
6.5 |
CVE-2021-42538
CONFIRM |
| emerson — wireless_1410_gateway_firmware |
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change. |
2021-10-22 |
6.5 |
CVE-2021-42539
CONFIRM |
| facebook — hhvm |
HHVM supports the use of an “admin” server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0. |
2021-10-26 |
5.5 |
CVE-2019-3556
CONFIRM
CONFIRM
CONFIRM |
| firefly-iii — firefly_iii |
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) |
2021-10-27 |
4.3 |
CVE-2021-3900
MISC
CONFIRM |
| freeswitch — freeswitch |
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication. |
2021-10-26 |
5 |
CVE-2021-41157
CONFIRM
MISC
MISC
FULLDISC |
| freeswitch — freeswitch |
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH’s SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. Abuse of this vulnerability allows attackers to potentially recover gateway passwords by performing a fast offline password cracking attack on the challenge response. The attacker does not require special network privileges, such as the ability to sniff the FreeSWITCH’s network traffic, to exploit this issue. Instead, what is required for this attack to work is the ability to cause the victim server to send SIP request messages to the malicious party. Additionally, to exploit this issue, the attacker needs to specify the correct realm which might in some cases be considered secret. However, because many gateways are actually public, this information can easily be retrieved. The vulnerability appears to be due to the code which handles challenges in `sofia_reg.c`, `sofia_reg_handle_sip_r_challenge()` which does not check if the challenge is originating from the actual gateway. The lack of these checks allows arbitrary UACs (and gateways) to challenge any request sent by FreeSWITCH with the realm of the gateway being targeted. This issue is patched in version 10.10.7. Maintainers recommend that one should create an association between a SIP session for each gateway and its realm to make a check be put into place for this association when responding to challenges. |
2021-10-26 |
5 |
CVE-2021-41158
CONFIRM
MISC
FULLDISC |
| freeswitch — freeswitch |
Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion. By abusing this vulnerability, an attacker is able to crash any FreeSWITCH instance by flooding it with SIP messages, leading to Denial of Service. The attack does not require authentication and can be carried out over UDP, TCP or TLS. This issue was patched in version 1.10.7. |
2021-10-25 |
5 |
CVE-2021-41145
CONFIRM
MISC
FULLDISC |
| freeswitch — freeswitch |
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls can be terminated by remote attackers. This attack can be done continuously, thus denying encrypted calls during the attack. When a media port that is handling SRTP traffic is flooded with a specially crafted SRTP packet, the call is terminated leading to denial of service. This issue was reproduced when using the SDES key exchange mechanism in a SIP environment as well as when using the DTLS key exchange mechanism in a WebRTC environment. The call disconnection occurs due to line 6331 in the source file `switch_rtp.c`, which disconnects the call when the total number of SRTP errors reach a hard-coded threshold (100). By abusing this vulnerability, an attacker is able to disconnect any ongoing calls that are using SRTP. The attack does not require authentication or any special foothold in the caller’s or the callee’s network. This issue is patched in version 1.10.7. |
2021-10-25 |
5 |
CVE-2021-41105
CONFIRM
MISC
FULLDISC |
| froala — wysiwyg-editor |
A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML. |
2021-10-26 |
4.3 |
CVE-2020-22864
MISC
MISC |
| game-server-status_project — game-server-status |
The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page |
2021-10-25 |
6.5 |
CVE-2021-24662
MISC |
| gjson_project — gjson |
GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack. |
2021-10-22 |
5 |
CVE-2021-42836
MISC
MISC
MISC
MISC
MISC |
| google — android |
In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-153358911 |
2021-10-22 |
4.4 |
CVE-2021-0483
MISC |
| google — android |
In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173789633References: Upstream kernel |
2021-10-25 |
4.6 |
CVE-2021-0936
MISC |
| google — android |
In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-67013844 |
2021-10-22 |
4.7 |
CVE-2021-0651
MISC |
| google — android |
In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-193444889 |
2021-10-22 |
4.9 |
CVE-2021-0706
MISC |
| google — android |
In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551397; Issue ID: ALPS05551397. |
2021-10-25 |
5 |
CVE-2021-0630
MISC |
| google — android |
In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551435; Issue ID: ALPS05551435. |
2021-10-25 |
5 |
CVE-2021-0631
MISC |
| helpu — helpuviewer |
An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator. |
2021-10-27 |
4.6 |
CVE-2020-7867
MISC |
| huawei — emui |
There is a Configuration defects in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. |
2021-10-28 |
5 |
CVE-2021-22405
MISC |
| huawei — emui |
There is a Directory traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
2021-10-28 |
5 |
CVE-2021-22404
MISC |
| huawei — emui |
There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability can affect service integrity. |
2021-10-28 |
5 |
CVE-2021-22401
MISC |
| huawei — emui |
There is a DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS attacks. |
2021-10-28 |
5 |
CVE-2021-22402
MISC |
| huawei — fusioncube_firmware |
There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. |
2021-10-27 |
5 |
CVE-2021-37130
MISC |
| huawei — ips_module_firmware |
There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20. |
2021-10-27 |
5 |
CVE-2021-37129
MISC |
| huawei — manageone |
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. |
2021-10-27 |
6 |
CVE-2021-37131
MISC |
| ibm — business_automation_workflow |
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204833. |
2021-10-22 |
4.3 |
CVE-2021-29835
CONFIRM
XF |
| ibm — engineering_lifecycle_optimization |
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025. |
2021-10-27 |
6 |
CVE-2021-29774
XF
CONFIRM |
| ibm — planning_analytics |
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755. |
2021-10-27 |
5 |
CVE-2021-20526
CONFIRM
XF |
| ingeteam — ingepac_da_au_firmware |
Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device´s web service could exploit this vulnerability in order to obtain different configuration files. |
2021-10-25 |
5 |
CVE-2017-20007
CONFIRM |
| jquery — jquery_ui |
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. |
2021-10-26 |
4.3 |
CVE-2021-41182
CONFIRM
MISC
MISC |
| jquery — jquery_ui |
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. |
2021-10-26 |
4.3 |
CVE-2021-41183
MISC
MISC
CONFIRM
MISC |
| jquery — jquery_ui |
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. |
2021-10-26 |
4.3 |
CVE-2021-41184
MISC
CONFIRM
MISC |
| jquery-reply-to-comment_project — jquery-reply-to-comment |
The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its ‘Quote String’ and ‘Reply String’ settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue. |
2021-10-25 |
4.3 |
CVE-2021-24543
MISC |
| kumilabs — swift_file_transfer |
Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables. |
2021-10-22 |
5 |
CVE-2020-23038
MISC |
| macs_cms_project — macs_cms |
Macrob7 Macs Framework Content Management System – 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module. |
2021-10-22 |
4.3 |
CVE-2020-23047
MISC |
| macs_cms_project — macs_cms |
Macrob7 Macs Framework Content Management System – 1.14f was discovered to contain a SQL injection vulnerability via the ‘roleId’ parameter of the `editRole` and `deletUser` modules. |
2021-10-22 |
6.5 |
CVE-2020-23045
MISC |
| madeportable — playable |
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file. |
2021-10-22 |
4.6 |
CVE-2020-36485
MISC |
| mangboard — mang_board |
A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter. The order_type parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information. |
2021-10-26 |
5 |
CVE-2021-26609
MISC |
| mcafee — epolicy_orchestrator |
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator’s entries were not correctly sanitized. |
2021-10-22 |
4.3 |
CVE-2021-31835
CONFIRM |
| medianavi — smacom |
MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up requests containing the user password via a man in the middle attack. |
2021-10-22 |
4.3 |
CVE-2020-23036
MISC |
| mycodo_project — mycodo |
Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has been applied and a release made. Users should upgrade to version 8.12.7. As a workaround, users may manually apply the changes from the fix commit. |
2021-10-26 |
4 |
CVE-2021-41185
CONFIRM
MISC
MISC
MISC |
| nameko — nameko |
Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file. |
2021-10-26 |
6.8 |
CVE-2021-41078
MISC
MISC |
| nextcloud — deck |
Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. There are no known workarounds aside from upgrading. |
2021-10-25 |
5.5 |
CVE-2021-39225
CONFIRM
MISC
MISC |
| nextcloud — nextcloud_server |
Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or `UserRateThrottle`) was thus not rate limited on instances not having a memory cache backend configured. In the case of a default installation, this would notably include the rate-limits on the two factor codes. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 22.2.0. As a workaround, enable a memory cache backend in `config.php`. |
2021-10-25 |
5.5 |
CVE-2021-41177
CONFIRM
MISC
MISC |
| nextcloud — officeonline |
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the OfficeOnline application is upgraded to 1.1.1. As a workaround, one may disable the OfficeOnline application in the app settings. |
2021-10-25 |
5 |
CVE-2021-39224
CONFIRM
MISC |
| nextcloud — richdocuments |
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the Richdocuments application is upgraded to 3.8.6 or 4.2.3. As a workaround, disable the Richdocuments application in the app settings. |
2021-10-25 |
5 |
CVE-2021-39223
MISC
CONFIRM
MISC |
| nextcloud — server |
Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG file that mimics the Nextcloud login form and send a specially crafted link to victims. The XSS risk here is mitigated due to the fact that Nextcloud employs a strict Content-Security-Policy disallowing execution of arbitrary JavaScript. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading. |
2021-10-25 |
4 |
CVE-2021-41178
MISC
MISC
CONFIRM |
| nextcloud — server |
Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn’t enforced for pages marked as public. Any page marked as `@PublicPage` could thus be accessed with a valid user session that isn’t authenticated. This particularly affects the Nextcloud Talk application, as this could be leveraged to gain access to any private chat channel without going through the Two-Factor flow. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading. |
2021-10-25 |
4 |
CVE-2021-41179
MISC
MISC
CONFIRM |
| nxp — mcuxpresso_software_development_kit |
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback(). |
2021-10-25 |
4.6 |
CVE-2021-38258
MISC |
| nxp — mcuxpresso_software_development_kit |
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor(). |
2021-10-25 |
4.6 |
CVE-2021-38260
MISC |
| onepeloton — peloton |
Exposure of senstive information to an unauthorised actor in the “com.onepeloton.erlich” mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application. |
2021-10-25 |
5 |
CVE-2021-40527
CONFIRM |
| onepeloton — ttr01_firmware |
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike |
2021-10-25 |
5 |
CVE-2021-40526
CONFIRM |
| online_student_admission_system_project — online_student_admission_system |
Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution. |
2021-10-26 |
6.5 |
CVE-2021-37372
MISC
MISC
MISC |
| parallels — parallels_desktop |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13581. |
2021-10-25 |
4.6 |
CVE-2021-34856
N/A
N/A |
| parallels — parallels_desktop |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13601. |
2021-10-25 |
4.6 |
CVE-2021-34857
N/A
N/A |
| parallels — parallels_desktop |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the WinAppHelper component. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13543. |
2021-10-25 |
4.6 |
CVE-2021-34864
N/A |
| permalink_manager_lite_project — permalink_manager_lite |
The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection |
2021-10-25 |
6.5 |
CVE-2021-24769
MISC |
| pterodactyl — panel |
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel’s sign-out endpoint. This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. **No user details are leaked, nor is any user data affected, this is simply an annoyance at worst.** This is fixed in version 1.6.3. |
2021-10-25 |
4.3 |
CVE-2021-41176
MISC
CONFIRM
MISC |
| rasa — rasa_x |
Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file. |
2021-10-22 |
4.3 |
CVE-2021-42556
MISC
CONFIRM |
| sanskruti — st-daily-tip |
The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its ‘Default Text to Display if no tips’ setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, leading to a Stored Cross-Site Scripting issue |
2021-10-25 |
6.8 |
CVE-2021-24487
MISC |
| seeddms — seeddms |
SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters. |
2021-10-22 |
4.3 |
CVE-2020-23048
MISC |
| sky_file_project — sky_file |
Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via ‘null’ path commands. |
2021-10-22 |
5 |
CVE-2020-23040
MISC |
| sky_file_project — sky_file |
An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands. |
2021-10-22 |
4 |
CVE-2020-36488
MISC |
| skyworth — penguin_aurora_box_firmware |
Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a specific link to remotely control the TV. |
2021-10-26 |
6.4 |
CVE-2021-41873
MISC |
| solarwinds — kiwi_syslog_server |
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies. |
2021-10-27 |
5 |
CVE-2021-35233
MISC
MISC |
| solarwinds — kiwi_syslog_server |
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: “ComputerHKEY_LOCAL_MACHINESYSTEMControlSet001ServicesKiwi Syslog ServerParametersApplication”. |
2021-10-25 |
4.6 |
CVE-2021-35231
MISC
MISC |
| solarwinds — kiwi_syslog_server |
The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent. |
2021-10-27 |
5 |
CVE-2021-35235
MISC
MISC |
| solarwinds — kiwi_syslog_server |
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP, there is a potential for the cookie can be sent in clear text. |
2021-10-27 |
5 |
CVE-2021-35236
MISC
MISC |
| sourcecodester — news247_cms |
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search function in articles. |
2021-10-28 |
4.3 |
CVE-2021-41728
MISC |
| strategy11 — formidable_form_builder |
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Link gets clicked, Javascript code can be executed. The vulnerability is due to insufficient sanitization of the “data-frmverify” tag for links in the web-based entry inspection page of affected systems. A successful exploitation incomibantion with CSRF could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These actions include stealing the users account by changing their password or allowing attackers to submit their own code through an authenticated user resulting in Remote Code Execution. If an authenticated user who is able to edit WordPress PHP Code in any kind, clicks the malicious link, PHP code can be edited. |
2021-10-25 |
6.8 |
CVE-2021-24884
MISC
MISC
MISC |
| swiftfiletransfer — swift_file_transfer |
Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself. |
2021-10-22 |
4.3 |
CVE-2020-36502
MISC |
| swiftfiletransfer — swift_file_transfer |
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the ‘path’ parameter of the ‘list’ and ‘download’ exception-handling. |
2021-10-22 |
4.3 |
CVE-2020-36486
MISC |
| taotesting — tao_assessment_platform |
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code. |
2021-10-22 |
6 |
CVE-2020-23050
MISC |
| teamviewer — teamviewer |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13697. |
2021-10-25 |
6.8 |
CVE-2021-34859
N/A
N/A |
| tonec — internet_download_manager |
Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file. |
2021-10-22 |
6.6 |
CVE-2020-23060
MISC |
| trane — tracer_concierge |
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. |
2021-10-27 |
6.5 |
CVE-2021-38450
CONFIRM |
| trane — tracer_sc_firmware |
The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms. |
2021-10-22 |
4.3 |
CVE-2021-42534
CONFIRM |
| user-agent_switcher_and_manager_project — user-agent_switcher_and_manager |
A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field. |
2021-10-22 |
4.3 |
CVE-2020-23054
MISC |
| user_registration_&_login_and_user_management_system_with_admin_panel_project — user_registration_&_login_and_user_management_system_with_admin_panel |
Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields. |
2021-10-22 |
4.3 |
CVE-2020-23051
MISC |
| wp_debugging_project — wp_debugging |
The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any capability and CSRF checks, as a result, the settings can be updated by unauthenticated users. |
2021-10-25 |
4.3 |
CVE-2021-24779
MISC |
| wpchill — check_&_log_email |
The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the “order” and “orderby” GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues |
2021-10-25 |
6.5 |
CVE-2021-24774
MISC |
| yop-poll — yop-poll |
The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting |
2021-10-25 |
4.3 |
CVE-2021-24885
CONFIRM
MISC |
Recent Comments