This article is contributed. See the original author and article here.

advantech — webaccess/nms WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS. 2021-10-27 5 CVE-2021-32951
MISC air_sender_project — air_sender Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file. 2021-10-22 6.5 CVE-2020-23043
MISC anaconda — dask An issue was discovered in Dask (aka python-dask) through 2021.09.1. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution. 2021-10-26 6.8 CVE-2021-42343
MISC aplixio — pdf_shapingup Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file. 2021-10-22 6.8 CVE-2020-28969
MISC atlassian — jira Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1. 2021-10-26 4 CVE-2021-41308
MISC atlassian — jira Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12.. 2021-10-26 5 CVE-2021-41305
MISC atlassian — jira Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. 2021-10-26 5 CVE-2021-41306
MISC atlassian — jira Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. 2021-10-26 5 CVE-2021-41307
MISC atlassian — jira Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.1. 2021-10-26 4.3 CVE-2021-41304
MISC automatedlogic — webctrl The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization. 2021-10-22 4.3 CVE-2021-31682
MISC
MISC
MISC auvesy — versiondog Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. An attacker can manipulate API functions by writing arbitrary data into the resolved address of a raw pointer. 2021-10-22 5 CVE-2021-38479
CONFIRM auvesy — versiondog A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control what memory regions will be freed and cause use-after-free condition. 2021-10-22 5.5 CVE-2021-38467
CONFIRM auvesy — versiondog The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions. 2021-10-22 5.5 CVE-2021-38463
CONFIRM auvesy — versiondog There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files. 2021-10-22 6.4 CVE-2021-38471
CONFIRM auvesy — versiondog The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries. 2021-10-22 6.4 CVE-2021-38461
CONFIRM auvesy — versiondog Some API functions allow interaction with the registry, which includes reading values as well as data modification. 2021-10-22 6.4 CVE-2021-38453
CONFIRM auvesy — versiondog There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files. 2021-10-22 6.4 CVE-2021-38477
CONFIRM auvesy — versiondog The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow. 2021-10-22 6.5 CVE-2021-38473
CONFIRM auvesy — versiondog The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the value. 2021-10-22 4 CVE-2021-38455
CONFIRM auvesy — versiondog The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable. 2021-10-22 4 CVE-2021-38465
CONFIRM auvesy — versiondog Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the affected product’s binaries, thus hijacking the loaded DLL. 2021-10-22 4.3 CVE-2021-38469
CONFIRM bqe — billquick_web_suite BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell. 2021-10-22 6.8 CVE-2021-42258
MISC cisco — adaptive_security_appliance Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming. 2021-10-27 5 CVE-2021-34790
CISCO cisco — adaptive_security_appliance A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices configured to use object group search. An attacker could exploit this vulnerability by sending a specially crafted network request to an affected device. A successful exploit could allow the attacker to bypass access control list (ACL) rules on the device, bypass security protections, and send network traffic to unauthorized hosts. 2021-10-27 4.3 CVE-2021-34787
CISCO cisco — adaptive_security_appliance Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming. 2021-10-27 5 CVE-2021-34791
CISCO cisco — adaptive_security_appliance A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in transparent mode could allow an unauthenticated, remote attacker to poison MAC address tables, resulting in a denial of service (DoS) vulnerability. This vulnerability is due to incorrect handling of certain TCP segments when the affected device is operating in transparent mode. An attacker could exploit this vulnerability by sending a crafted TCP segment through an affected device. A successful exploit could allow the attacker to poison the MAC address tables in adjacent devices, resulting in network disruption. 2021-10-27 5 CVE-2021-34793
CISCO cisco — adaptive_security_appliance A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A successful exploit could allow the attacker to send an SNMP query to an affected device and retrieve information from the device. The attacker would need valid credentials to perform the SNMP query. 2021-10-27 5 CVE-2021-34794
CISCO cisco — adaptive_security_appliance A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. This vulnerability is due to improper control of a resource. An attacker with the ability to spoof a trusted IKEv2 site-to-site VPN peer and in possession of valid IKEv2 credentials for that peer could exploit this vulnerability by sending malformed, authenticated IKEv2 messages to an affected device. A successful exploit could allow the attacker to trigger a reload of the device. 2021-10-27 6.3 CVE-2021-40125
CISCO cisco — firepower_management_center Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet. 2021-10-27 5 CVE-2021-34754
CISCO cisco — firepower_management_center_virtual_appliance A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges. 2021-10-27 6.6 CVE-2021-34761
CISCO cisco — firepower_management_center_virtual_appliance Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory. 2021-10-27 5.8 CVE-2021-34764
CISCO cisco — firepower_management_center_virtual_appliance A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device. 2021-10-27 5.5 CVE-2021-34762
CISCO cloudfoundry — capi-release Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query. 2021-10-27 5 CVE-2021-22101
MISC codesys — codesys In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. 2021-10-26 5 CVE-2021-34586
CONFIRM
MISC codesys — codesys In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation. 2021-10-26 5 CVE-2021-34585
CONFIRM
MISC codesys — codesys Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. 2021-10-26 5 CVE-2021-34583
CONFIRM
MISC codesys — codesys Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. 2021-10-26 6.4 CVE-2021-34584
CONFIRM
MISC codesys — plcwinnt A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. 2021-10-26 5.5 CVE-2021-34595
CONFIRM codesys — plcwinnt In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC. 2021-10-26 5 CVE-2021-34593
CONFIRM
FULLDISC codesys — plcwinnt A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. 2021-10-26 4 CVE-2021-34596
CONFIRM csdn — csdn_app Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive information such as user cookies. 2021-10-22 4.3 CVE-2021-41747
MISC
MISC customer_relationship_management_system_project — customer_relationship_management_system A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. . 2021-10-27 6.5 CVE-2021-37221
MISC d-link — dap-2020_firmware This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13271. 2021-10-25 5.8 CVE-2021-34863
N/A
N/A d-link — dap-2020_firmware This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13270. 2021-10-25 5.8 CVE-2021-34862
N/A
N/A d-link — dap-2020_firmware This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12104. 2021-10-25 5.8 CVE-2021-34861
N/A
N/A dedecms — dedecms DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet’ parameters. 2021-10-22 4.3 CVE-2020-36497
MISC dedecms — dedecms DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet’ parameters. 2021-10-22 4.3 CVE-2020-23046
MISC dedecms — dedecms DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet’ parameters. 2021-10-22 4.3 CVE-2020-36494
MISC dedecms — dedecms DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet’ parameters. 2021-10-22 4.3 CVE-2020-36495
MISC dedecms — dedecms DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet’ parameters. 2021-10-22 4.3 CVE-2020-36496
MISC dropouts — air_share Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request. 2021-10-22 4.3 CVE-2020-23041
MISC dropouts — super_backup Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request. 2021-10-22 4.3 CVE-2020-23042
MISC dropouts — super_backup Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command. 2021-10-22 5 CVE-2020-23061
MISC elabftw — elabftw eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing brute force login protection, as recommended by Owasp with Device Cookies. This mechanism will not impact users and will effectively thwart any brute-force attempts at guessing passwords. The only correct way to address this is to upgrade to version 4.1.0. Adding rate limitation upstream of the eLabFTW service is of course a valid option, with or without upgrading. 2021-10-22 4 CVE-2021-41171
CONFIRM
MISC
MISC
MISC
MISC emerson — wireless_1410_gateway_firmware The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. 2021-10-22 4 CVE-2021-42536
CONFIRM emerson — wireless_1410_gateway_firmware The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure. 2021-10-22 6.5 CVE-2021-42542
CONFIRM emerson — wireless_1410_gateway_firmware The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality. 2021-10-22 6.5 CVE-2021-42540
CONFIRM emerson — wireless_1410_gateway_firmware The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk. 2021-10-22 6.5 CVE-2021-38485
CONFIRM emerson — wireless_1410_gateway_firmware The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input. 2021-10-22 6.5 CVE-2021-42538
CONFIRM emerson — wireless_1410_gateway_firmware The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change. 2021-10-22 6.5 CVE-2021-42539
CONFIRM facebook — hhvm HHVM supports the use of an “admin” server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0. 2021-10-26 5.5 CVE-2019-3556
CONFIRM
CONFIRM
CONFIRM firefly-iii — firefly_iii firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 2021-10-27 4.3 CVE-2021-3900
MISC
CONFIRM freeswitch — freeswitch FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication. 2021-10-26 5 CVE-2021-41157
CONFIRM
MISC
MISC
FULLDISC freeswitch — freeswitch FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH’s SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. Abuse of this vulnerability allows attackers to potentially recover gateway passwords by performing a fast offline password cracking attack on the challenge response. The attacker does not require special network privileges, such as the ability to sniff the FreeSWITCH’s network traffic, to exploit this issue. Instead, what is required for this attack to work is the ability to cause the victim server to send SIP request messages to the malicious party. Additionally, to exploit this issue, the attacker needs to specify the correct realm which might in some cases be considered secret. However, because many gateways are actually public, this information can easily be retrieved. The vulnerability appears to be due to the code which handles challenges in `sofia_reg.c`, `sofia_reg_handle_sip_r_challenge()` which does not check if the challenge is originating from the actual gateway. The lack of these checks allows arbitrary UACs (and gateways) to challenge any request sent by FreeSWITCH with the realm of the gateway being targeted. This issue is patched in version 10.10.7. Maintainers recommend that one should create an association between a SIP session for each gateway and its realm to make a check be put into place for this association when responding to challenges. 2021-10-26 5 CVE-2021-41158
CONFIRM
MISC
FULLDISC freeswitch — freeswitch Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion. By abusing this vulnerability, an attacker is able to crash any FreeSWITCH instance by flooding it with SIP messages, leading to Denial of Service. The attack does not require authentication and can be carried out over UDP, TCP or TLS. This issue was patched in version 1.10.7. 2021-10-25 5 CVE-2021-41145
CONFIRM
MISC
FULLDISC freeswitch — freeswitch FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls can be terminated by remote attackers. This attack can be done continuously, thus denying encrypted calls during the attack. When a media port that is handling SRTP traffic is flooded with a specially crafted SRTP packet, the call is terminated leading to denial of service. This issue was reproduced when using the SDES key exchange mechanism in a SIP environment as well as when using the DTLS key exchange mechanism in a WebRTC environment. The call disconnection occurs due to line 6331 in the source file `switch_rtp.c`, which disconnects the call when the total number of SRTP errors reach a hard-coded threshold (100). By abusing this vulnerability, an attacker is able to disconnect any ongoing calls that are using SRTP. The attack does not require authentication or any special foothold in the caller’s or the callee’s network. This issue is patched in version 1.10.7. 2021-10-25 5 CVE-2021-41105
CONFIRM
MISC
FULLDISC froala — wysiwyg-editor A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML. 2021-10-26 4.3 CVE-2020-22864
MISC
MISC game-server-status_project — game-server-status The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page 2021-10-25 6.5 CVE-2021-24662
MISC gjson_project — gjson GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack. 2021-10-22 5 CVE-2021-42836
MISC
MISC
MISC
MISC
MISC google — android In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-153358911 2021-10-22 4.4 CVE-2021-0483
MISC google — android In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173789633References: Upstream kernel 2021-10-25 4.6 CVE-2021-0936
MISC google — android In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-67013844 2021-10-22 4.7 CVE-2021-0651
MISC google — android In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-193444889 2021-10-22 4.9 CVE-2021-0706
MISC google — android In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551397; Issue ID: ALPS05551397. 2021-10-25 5 CVE-2021-0630
MISC google — android In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551435; Issue ID: ALPS05551435. 2021-10-25 5 CVE-2021-0631
MISC helpu — helpuviewer An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator. 2021-10-27 4.6 CVE-2020-7867
MISC huawei — emui There is a Configuration defects in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. 2021-10-28 5 CVE-2021-22405
MISC huawei — emui There is a Directory traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. 2021-10-28 5 CVE-2021-22404
MISC huawei — emui There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability can affect service integrity. 2021-10-28 5 CVE-2021-22401
MISC huawei — emui There is a DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS attacks. 2021-10-28 5 CVE-2021-22402
MISC huawei — fusioncube_firmware There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. 2021-10-27 5 CVE-2021-37130
MISC huawei — ips_module_firmware There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20. 2021-10-27 5 CVE-2021-37129
MISC huawei — manageone There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. 2021-10-27 6 CVE-2021-37131
MISC ibm — business_automation_workflow IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204833. 2021-10-22 4.3 CVE-2021-29835
CONFIRM
XF ibm — engineering_lifecycle_optimization IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025. 2021-10-27 6 CVE-2021-29774
XF
CONFIRM ibm — planning_analytics IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755. 2021-10-27 5 CVE-2021-20526
CONFIRM
XF ingeteam — ingepac_da_au_firmware Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device´s web service could exploit this vulnerability in order to obtain different configuration files. 2021-10-25 5 CVE-2017-20007
CONFIRM jquery — jquery_ui jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. 2021-10-26 4.3 CVE-2021-41182
CONFIRM
MISC
MISC jquery — jquery_ui jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. 2021-10-26 4.3 CVE-2021-41183
MISC
MISC
CONFIRM
MISC jquery — jquery_ui jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. 2021-10-26 4.3 CVE-2021-41184
MISC
CONFIRM
MISC jquery-reply-to-comment_project — jquery-reply-to-comment The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its ‘Quote String’ and ‘Reply String’ settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue. 2021-10-25 4.3 CVE-2021-24543
MISC kumilabs — swift_file_transfer Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables. 2021-10-22 5 CVE-2020-23038
MISC macs_cms_project — macs_cms Macrob7 Macs Framework Content Management System – 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module. 2021-10-22 4.3 CVE-2020-23047
MISC macs_cms_project — macs_cms Macrob7 Macs Framework Content Management System – 1.14f was discovered to contain a SQL injection vulnerability via the ‘roleId’ parameter of the `editRole` and `deletUser` modules. 2021-10-22 6.5 CVE-2020-23045
MISC madeportable — playable Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file. 2021-10-22 4.6 CVE-2020-36485
MISC mangboard — mang_board A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter. The order_type parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information. 2021-10-26 5 CVE-2021-26609
MISC mcafee — epolicy_orchestrator Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator’s entries were not correctly sanitized. 2021-10-22 4.3 CVE-2021-31835
CONFIRM medianavi — smacom MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up requests containing the user password via a man in the middle attack. 2021-10-22 4.3 CVE-2020-23036
MISC mycodo_project — mycodo Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has been applied and a release made. Users should upgrade to version 8.12.7. As a workaround, users may manually apply the changes from the fix commit. 2021-10-26 4 CVE-2021-41185
CONFIRM
MISC
MISC
MISC nameko — nameko Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file. 2021-10-26 6.8 CVE-2021-41078
MISC
MISC nextcloud — deck Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. There are no known workarounds aside from upgrading. 2021-10-25 5.5 CVE-2021-39225
CONFIRM
MISC
MISC nextcloud — nextcloud_server Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or `UserRateThrottle`) was thus not rate limited on instances not having a memory cache backend configured. In the case of a default installation, this would notably include the rate-limits on the two factor codes. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 22.2.0. As a workaround, enable a memory cache backend in `config.php`. 2021-10-25 5.5 CVE-2021-41177
CONFIRM
MISC
MISC nextcloud — officeonline Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the OfficeOnline application is upgraded to 1.1.1. As a workaround, one may disable the OfficeOnline application in the app settings. 2021-10-25 5 CVE-2021-39224
CONFIRM
MISC nextcloud — richdocuments Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the Richdocuments application is upgraded to 3.8.6 or 4.2.3. As a workaround, disable the Richdocuments application in the app settings. 2021-10-25 5 CVE-2021-39223
MISC
CONFIRM
MISC nextcloud — server Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG file that mimics the Nextcloud login form and send a specially crafted link to victims. The XSS risk here is mitigated due to the fact that Nextcloud employs a strict Content-Security-Policy disallowing execution of arbitrary JavaScript. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading. 2021-10-25 4 CVE-2021-41178
MISC
MISC
CONFIRM nextcloud — server Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn’t enforced for pages marked as public. Any page marked as `@PublicPage` could thus be accessed with a valid user session that isn’t authenticated. This particularly affects the Nextcloud Talk application, as this could be leveraged to gain access to any private chat channel without going through the Two-Factor flow. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading. 2021-10-25 4 CVE-2021-41179
MISC
MISC
CONFIRM nxp — mcuxpresso_software_development_kit NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback(). 2021-10-25 4.6 CVE-2021-38258
MISC nxp — mcuxpresso_software_development_kit NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor(). 2021-10-25 4.6 CVE-2021-38260
MISC onepeloton — peloton Exposure of senstive information to an unauthorised actor in the “com.onepeloton.erlich” mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application. 2021-10-25 5 CVE-2021-40527
CONFIRM onepeloton — ttr01_firmware Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike 2021-10-25 5 CVE-2021-40526
CONFIRM online_student_admission_system_project — online_student_admission_system Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution. 2021-10-26 6.5 CVE-2021-37372
MISC
MISC
MISC parallels — parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13581. 2021-10-25 4.6 CVE-2021-34856
N/A
N/A parallels — parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13601. 2021-10-25 4.6 CVE-2021-34857
N/A
N/A parallels — parallels_desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the WinAppHelper component. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13543. 2021-10-25 4.6 CVE-2021-34864
N/A permalink_manager_lite_project — permalink_manager_lite The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection 2021-10-25 6.5 CVE-2021-24769
MISC pterodactyl — panel Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel’s sign-out endpoint. This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. **No user details are leaked, nor is any user data affected, this is simply an annoyance at worst.** This is fixed in version 1.6.3. 2021-10-25 4.3 CVE-2021-41176
MISC
CONFIRM
MISC rasa — rasa_x Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file. 2021-10-22 4.3 CVE-2021-42556
MISC
CONFIRM sanskruti — st-daily-tip The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its ‘Default Text to Display if no tips’ setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, leading to a Stored Cross-Site Scripting issue 2021-10-25 6.8 CVE-2021-24487
MISC seeddms — seeddms SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters. 2021-10-22 4.3 CVE-2020-23048
MISC sky_file_project — sky_file Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via ‘null’ path commands. 2021-10-22 5 CVE-2020-23040
MISC sky_file_project — sky_file An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands. 2021-10-22 4 CVE-2020-36488
MISC skyworth — penguin_aurora_box_firmware Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a specific link to remotely control the TV. 2021-10-26 6.4 CVE-2021-41873
MISC solarwinds — kiwi_syslog_server The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies. 2021-10-27 5 CVE-2021-35233
MISC
MISC solarwinds — kiwi_syslog_server As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: “ComputerHKEY_LOCAL_MACHINESYSTEMControlSet001ServicesKiwi Syslog ServerParametersApplication”. 2021-10-25 4.6 CVE-2021-35231
MISC
MISC solarwinds — kiwi_syslog_server The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent. 2021-10-27 5 CVE-2021-35235
MISC
MISC solarwinds — kiwi_syslog_server The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP, there is a potential for the cookie can be sent in clear text. 2021-10-27 5 CVE-2021-35236
MISC
MISC sourcecodester — news247_cms Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search function in articles. 2021-10-28 4.3 CVE-2021-41728
MISC strategy11 — formidable_form_builder The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Link gets clicked, Javascript code can be executed. The vulnerability is due to insufficient sanitization of the “data-frmverify” tag for links in the web-based entry inspection page of affected systems. A successful exploitation incomibantion with CSRF could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These actions include stealing the users account by changing their password or allowing attackers to submit their own code through an authenticated user resulting in Remote Code Execution. If an authenticated user who is able to edit WordPress PHP Code in any kind, clicks the malicious link, PHP code can be edited. 2021-10-25 6.8 CVE-2021-24884
MISC
MISC
MISC swiftfiletransfer — swift_file_transfer Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself. 2021-10-22 4.3 CVE-2020-36502
MISC swiftfiletransfer — swift_file_transfer Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the ‘path’ parameter of the ‘list’ and ‘download’ exception-handling. 2021-10-22 4.3 CVE-2020-36486
MISC taotesting — tao_assessment_platform TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code. 2021-10-22 6 CVE-2020-23050
MISC teamviewer — teamviewer This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13697. 2021-10-25 6.8 CVE-2021-34859
N/A
N/A tonec — internet_download_manager Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file. 2021-10-22 6.6 CVE-2020-23060
MISC trane — tracer_concierge The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. 2021-10-27 6.5 CVE-2021-38450
CONFIRM trane — tracer_sc_firmware The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms. 2021-10-22 4.3 CVE-2021-42534
CONFIRM user-agent_switcher_and_manager_project — user-agent_switcher_and_manager A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field. 2021-10-22 4.3 CVE-2020-23054
MISC user_registration_&_login_and_user_management_system_with_admin_panel_project — user_registration_&_login_and_user_management_system_with_admin_panel Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields. 2021-10-22 4.3 CVE-2020-23051
MISC wp_debugging_project — wp_debugging The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any capability and CSRF checks, as a result, the settings can be updated by unauthenticated users. 2021-10-25 4.3 CVE-2021-24779
MISC wpchill — check_&_log_email The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the “order” and “orderby” GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues 2021-10-25 6.5 CVE-2021-24774
MISC yop-poll — yop-poll The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting 2021-10-25 4.3 CVE-2021-24885
CONFIRM
MISC

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

%d bloggers like this: