This article is contributed. See the original author and article here.

N/A — N/A
  IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. IBM X-Force ID: 210162. 2021-10-06 not yet calculated CVE-2021-38923
XF
CONFIRM N/A — N/A
  ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. 2021-10-04 not yet calculated CVE-2021-41591
MISC
MISC
MISC
MISC accel-ppp — accel-ppp
  ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication. 2021-10-07 not yet calculated CVE-2021-42054
MISC adobe — acrobat_reader_dc
  Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2021-10-07 not yet calculated CVE-2021-40725
MISC adobe — acrobat_reader_dc
  Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2021-10-07 not yet calculated CVE-2021-40726
MISC adobe — xmp_toolkit_sdk
  XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file. 2021-10-04 not yet calculated CVE-2021-36051
MISC afian — filerun_2021.03.26
  Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. 2021-10-05 not yet calculated CVE-2021-35505
MISC
MISC afian — filerun_2021.03.26
  Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. 2021-10-05 not yet calculated CVE-2021-35504
MISC
MISC akamai — enterprise_application_access_client
  In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution. 2021-10-04 not yet calculated CVE-2021-40683
MISC
CONFIRM alkacon — opencms
  An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server’s file system by uploading a crafted SVG document. 2021-10-08 not yet calculated CVE-2021-3312
MISC
MISC apache — http_server_2.4
  While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. 2021-10-05 not yet calculated CVE-2021-41524
MISC
MLIST
FEDORA
CISCO apache — http_server_2.4.49
  A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration “require all denied”, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. 2021-10-05 not yet calculated CVE-2021-41773
MISC
MLIST
MLIST
MLIST
MISC
MLIST
MISC
MLIST
MLIST
MLIST
CISCO
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST apache — http_server_2.4.50
  It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration “require all denied”, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. 2021-10-07 not yet calculated CVE-2021-42013
MISC
MLIST
MLIST
MLIST
CISCO
JVN
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST apache — openoffice
  While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packaging should upgrade to the latest version of Apache OpenOffice. 2021-10-07 not yet calculated CVE-2021-28129
MISC
MLIST
MLIST
MLIST apache — openoffice
  Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a “Billion Laughs” entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched. 2021-10-07 not yet calculated CVE-2021-40439
MISC
MLIST
MLIST
MLIST axis — axis_devices
  A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients. 2021-10-05 not yet calculated CVE-2021-31987
MISC axis — axis_devices
  A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email. 2021-10-05 not yet calculated CVE-2021-31988
MISC axis — axis_devices
  User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. 2021-10-05 not yet calculated CVE-2021-31986
MISC ballistix_mod_utility — ballistix_mod_utility
  Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call (mapping physical memory into a virtual address space). Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITYSYSTEM. 2021-10-04 not yet calculated CVE-2021-41285
MISC
MISC biqs_it_biqs-drive — biqs_it_biqs-drive
  A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. 2021-10-04 not yet calculated CVE-2021-39433
MISC
MISC bosch — rexrooth_indramotion_mlc_and_indralogic_xlc
  Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system. 2021-10-04 not yet calculated CVE-2021-23857
CONFIRM bosch — rexrooth_indramotion_mlc_and_indralogic_xlc
  The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables. 2021-10-04 not yet calculated CVE-2021-23855
CONFIRM bosch — rexrooth_indramotion_mlc_and_indralogic_xlc
  Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource. 2021-10-04 not yet calculated CVE-2021-23858
CONFIRM boston_scientific — zoom_latitude_programmer/recorder/monitor_model_3120 An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted. 2021-10-04 not yet calculated CVE-2021-38394
MISC boston_scientific — zoom_latitude_programmer/recorder/monitor_model_3120 The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities. 2021-10-04 not yet calculated CVE-2021-38398
MISC boston_scientific — zoom_latitude_programmer/recorder/monitor_model_3120 An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password. 2021-10-04 not yet calculated CVE-2021-38400
MISC boston_scientific — zoom_latitude_programmer/recorder/monitor_model_3120 The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB. 2021-10-04 not yet calculated CVE-2021-38396
MISC boston_scientific — zoom_latitude_programmer/recorder/monitor_model_3120
  A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world. 2021-10-04 not yet calculated CVE-2021-38392
MISC cisco — anyconnect_secure_mobility_client
  A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for shared library files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with root privileges. To exploit this vulnerability, the attacker must have a valid account on the system. 2021-10-06 not yet calculated CVE-2021-34788
CISCO cisco — asyncos
  A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management in the proxy service of an affected device. An attacker could exploit this vulnerability by establishing a large number of HTTPS connections to the affected device. A successful exploit could allow the attacker to cause the system to stop processing new connections, which could result in a DoS condition. Note: Manual intervention may be required to recover from this situation. 2021-10-06 not yet calculated CVE-2021-34698
CISCO cisco — asyncos_software
  A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device. 2021-10-06 not yet calculated CVE-2021-1534
CISCO cisco — ata_190_series_analog_telephone_adapter_software
  Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2021-10-06 not yet calculated CVE-2021-34710
CISCO cisco — ata_190_series_analog_telephone_adapter_software
  Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2021-10-06 not yet calculated CVE-2021-34735
CISCO cisco — business_220_series_smart_switches_firmware
  Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory. 2021-10-06 not yet calculated CVE-2021-34744
CISCO cisco — business_220_series_smart_switches_firmware
  Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory. 2021-10-06 not yet calculated CVE-2021-34757
CISCO cisco — dna_center
  A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application. 2021-10-06 not yet calculated CVE-2021-34782
CISCO cisco — identity_services_engine
  A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the web application to perform arbitrary HTTP requests on behalf of the attacker. 2021-10-06 not yet calculated CVE-2021-34706
CISCO cisco — identity_services_engine
  A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker with read-only administrator access to the web-based management interface could exploit this vulnerability by browsing to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. 2021-10-06 not yet calculated CVE-2021-34702
CISCO cisco — identity_services_engine
  A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting and modifying specific internode communications from one ISE persona to another ISE persona. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying operating system. To exploit this vulnerability, the attacker would need to decrypt HTTPS traffic between two ISE personas that are located on separate nodes. 2021-10-06 not yet calculated CVE-2021-1594
CISCO cisco — intersight_virtual_appliance
  A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device. 2021-10-06 not yet calculated CVE-2021-34748
CISCO cisco — ip_phone_software
  A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system. 2021-10-06 not yet calculated CVE-2021-34711
CISCO cisco — orbital
  A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage. This vulnerability is due to improper validation of URL paths in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted URL. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability, known as an open redirect attack, is used in phishing attacks to persuade users to visit malicious sites. 2021-10-06 not yet calculated CVE-2021-34772
CISCO cisco — small_business_220_series_smart_switches
  Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. 2021-10-06 not yet calculated CVE-2021-34779
CISCO cisco — small_business_220_series_smart_switches
  Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. 2021-10-06 not yet calculated CVE-2021-34780
CISCO cisco — small_business_220_series_smart_switches
  Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. 2021-10-06 not yet calculated CVE-2021-34775
CISCO cisco — small_business_220_series_smart_switches
  Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. 2021-10-06 not yet calculated CVE-2021-34776
CISCO cisco — small_business_220_series_smart_switches
  Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. 2021-10-06 not yet calculated CVE-2021-34777
CISCO cisco — small_business_220_series_smart_switches
  Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities. 2021-10-06 not yet calculated CVE-2021-34778
CISCO cisco — smart_software_manager_on-prem
  A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource. A successful exploit could allow the attacker to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI. 2021-10-06 not yet calculated CVE-2021-34766
CISCO cisco — telepresence_collaboration_endpoint_and_roomos_software
  A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot. 2021-10-06 not yet calculated CVE-2021-34758
CISCO cisco — vision_dynamic_signage_director
  A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2021-10-06 not yet calculated CVE-2021-34742
CISCO cobbler — cobbler Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. 2021-10-04 not yet calculated CVE-2021-40324
MISC
MISC cobbler — cobbler Cobbler before 3.3.0 allows authorization bypass for modification of settings. 2021-10-04 not yet calculated CVE-2021-40325
MISC
MISC cobbler — cobbler
  Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. 2021-10-04 not yet calculated CVE-2021-40323
MISC
MISC concretecms — concrete5
  A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N 2021-10-07 not yet calculated CVE-2021-22958
MISC
MISC containerd — containerd
  containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. 2021-10-04 not yet calculated CVE-2021-41103
MISC
CONFIRM digi — realport
  An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution. 2021-10-08 not yet calculated CVE-2021-35977
MISC digi — realport
  An issue was discovered in Digi RealPort through 4.8.488.0. The ‘encrypted’ mode is vulnerable to man-in-the-middle attacks and does not perform authentication. 2021-10-08 not yet calculated CVE-2021-35979
MISC digi — realport
  In Digi RealPort through 4.8.488.0, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server’s access password. The attacker may then crack this hash offline in order to successfully login to the server. 2021-10-08 not yet calculated CVE-2021-36767
MISC django — unicorn
  The Unicorn framework through 0.35.3 for Django allows XSS via component.name. 2021-10-07 not yet calculated CVE-2021-42053
MISC
MISC
MISC emlog — emlog
  emlog v6.0 contains a vulnerability in the component admintemplate.php, which allows attackers to getshell via a crafted Zip file. 2021-10-06 not yet calculated CVE-2020-21654
MISC extensible_service_proxy — extensible_service_proxy
  Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header “X-Endpoint-API-UserInfo”, the application can use it to do authorization. But if there are two “X-Endpoint-API-UserInfo” headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two “X-Endpoint-API-UserInfo” headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the “X-Endpoint-API-UserInfo” header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If your docker image is using tag “:1”, needs to re-start the container to pick up the new version. The tag “:1” will automatically point to the latest version. * If your docker image tag pings to a specific minor version, e.g. “:1.57”. You need to update it to “:1.58” and re-start the container. There are no workaround for this issue. 2021-10-07 not yet calculated CVE-2021-41130
MISC
MISC
CONFIRM
MISC f-secure — antivirus_engine
  A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. 2021-10-06 not yet calculated CVE-2021-33602
MISC f-secure — atlant
  A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. 2021-10-08 not yet calculated CVE-2021-33603
MISC
MISC f-secure — atlant
  A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. 2021-10-08 not yet calculated CVE-2021-40832
MISC
MISC flatpak — flatpak
  Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak’s denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version. 2021-10-08 not yet calculated CVE-2021-41133
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC forcepoint — ngfw_engine
  Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured. 2021-10-04 not yet calculated CVE-2021-41530
MISC fortiguard — fortianalyzer
  An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks. 2021-10-06 not yet calculated CVE-2021-24021
CONFIRM fortiguard — fortianalyzervm_and_fortimanagervm
  An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext. 2021-10-06 not yet calculated CVE-2021-36170
CONFIRM fortiguard — forticlientems
  A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages. 2021-10-06 not yet calculated CVE-2020-15941
CONFIRM fortiguard — forticlientems
  An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) 2021-10-06 not yet calculated CVE-2021-24019
CONFIRM fortiguard — fortinet_fortisdnconnector
  A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup. 2021-10-06 not yet calculated CVE-2021-36178
CONFIRM fortiguard — fortiwebmanager
  An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device. 2021-10-06 not yet calculated CVE-2021-36175
CONFIRM gclib — gffline
  An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file. 2021-10-04 not yet calculated CVE-2021-42006
MISC gfos_workforce_management — gfos_workforce_management
  In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user’s credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement. 2021-10-04 not yet calculated CVE-2021-38618
MISC gila_cms — gila_cms
  A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim’s browser. 2021-10-04 not yet calculated CVE-2021-39486
MISC gila_cms — gila_cms
  Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure. 2021-10-04 not yet calculated CVE-2021-37777
MISC gitlab — gitlab A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file. 2021-10-04 not yet calculated CVE-2021-39877
MISC
MISC
CONFIRM gitlab — gitlab A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code. 2021-10-05 not yet calculated CVE-2021-39878
MISC
MISC
CONFIRM gitlab — gitlab
  Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs. 2021-10-04 not yet calculated CVE-2021-39900
MISC
CONFIRM gitlab — gitlab
  A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens. 2021-10-05 not yet calculated CVE-2021-39866
CONFIRM
MISC
MISC gitlab — gitlab_cc/ee In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands. 2021-10-04 not yet calculated CVE-2021-39874
MISC
MISC
CONFIRM gitlab — gitlab_ce/ee In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call. 2021-10-04 not yet calculated CVE-2021-39871
CONFIRM
MISC
MISC gitlab — gitlab_ce/ee In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration. 2021-10-05 not yet calculated CVE-2021-39872
CONFIRM
MISC
MISC gitlab — gitlab_ce/ee In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response. 2021-10-04 not yet calculated CVE-2021-39873
MISC
MISC
CONFIRM gitlab — gitlab_ce/ee In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export. 2021-10-04 not yet calculated CVE-2021-39868
MISC
CONFIRM
MISC gitlab — gitlab_ce/ee In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project. 2021-10-05 not yet calculated CVE-2021-39869
MISC
MISC
CONFIRM gitlab — gitlab_ce/ee In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks. 2021-10-05 not yet calculated CVE-2021-39894
MISC
CONFIRM gitlab — gitlab_ce/ee
  In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues. 2021-10-04 not yet calculated CVE-2021-39896
CONFIRM
MISC gitlab — gitlab_ce/ee
  In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint. 2021-10-05 not yet calculated CVE-2021-39875
CONFIRM
MISC
MISC gitlab — gitlab_ce/ee
  Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim’s session to disable two-factor authentication 2021-10-04 not yet calculated CVE-2021-39879
CONFIRM
MISC gitlab — gitlab_ce/ee
  In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks. 2021-10-05 not yet calculated CVE-2021-39867
CONFIRM
MISC gitlab — gitlab_ce/ee
  In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user. 2021-10-05 not yet calculated CVE-2021-39882
MISC
CONFIRM gitlab — gitlab_ce/ee
  In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations. 2021-10-04 not yet calculated CVE-2021-39899
CONFIRM
MISC gitlab — gitlab_ee In all versions of GitLab EE since version 13.10, a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates. 2021-10-05 not yet calculated CVE-2021-39888
MISC
CONFIRM
MISC gitlab — gitlab_ee
  A Stored XSS in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim’s behalf via malicious approval rule names 2021-10-04 not yet calculated CVE-2021-39885
MISC
CONFIRM
MISC gitlab — gitlab_ee
  In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project. 2021-10-05 not yet calculated CVE-2021-39884
MISC
CONFIRM
MISC gitlab — gitlab_ee
  Improper authorization checks in GitLab EE > 13.11 allows subgroup members to see epics from all parent subgroups. 2021-10-04 not yet calculated CVE-2021-39883
CONFIRM
MISC google — chrome Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37962
MISC
MISC
FEDORA google — chrome Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37961
MISC
MISC
FEDORA google — chrome Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37963
MISC
MISC
FEDORA google — chrome Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. 2021-10-08 not yet calculated CVE-2021-37964
MISC
MISC
FEDORA google — chrome Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37965
MISC
MISC
FEDORA google — chrome Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37966
MISC
MISC
FEDORA google — chrome Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37958
MISC
MISC
FEDORA google — chrome Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37968
MISC
MISC
FEDORA google — chrome Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. 2021-10-08 not yet calculated CVE-2021-37969
MISC
MISC
FEDORA google — chrome Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37970
MISC
MISC
FEDORA google — chrome Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37971
MISC
MISC
FEDORA google — chrome Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37957
MISC
MISC
FEDORA google — chrome Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37959
MISC
MISC
FEDORA google — chrome Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37967
MISC
MISC
FEDORA google — chrome Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37975
MISC
MISC google — chrome Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37976
MISC
MISC google — chrome Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37974
MISC
MISC google — chrome Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37973
MISC
MISC
FEDORA google — chrome Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37972
MISC
MISC
FEDORA
FEDORA google — chrome
  Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-37956
MISC
MISC
FEDORA google — chrome
  Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-30633
MISC
MISC
FEDORA google — chrome
  Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-30626
MISC
MISC
FEDORA google — chrome
  Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-30625
MISC
MISC
FEDORA google — chrome
  Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-30627
MISC
MISC
FEDORA google — chrome
  Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-30628
MISC
MISC
FEDORA google — chrome
  Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-30629
MISC
MISC
FEDORA google — chrome
  Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-30630
MISC
MISC
FEDORA google — chrome
  Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2021-10-08 not yet calculated CVE-2021-30632
MISC
MISC
FEDORA google — slo_generator
  SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173 2021-10-04 not yet calculated CVE-2021-22557
CONFIRM
MISC hashicorp — nomad_and_nomad_enterprise HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6. 2021-10-07 not yet calculated CVE-2021-41865
MISC hashicorp — vault_and_vault_enterprise
  HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4. 2021-10-08 not yet calculated CVE-2021-41802
MISC hongcms — hongcms
  HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. 2021-10-04 not yet calculated CVE-2020-21431
MISC hygeia — hygeia
  Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports (Statistics & BAG MED) contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get executed upon ingestion of the exported file. There is no validation or sanitization of these formula fields and so malicious may construct malicious code. This vulnerability has been resolved in version 1.30.4. There are no workarounds and all users are advised to upgrade their package. 2021-10-06 not yet calculated CVE-2021-41128
MISC
MISC
MISC
CONFIRM
MISC ibm — app_connect_enterprise_certified_container
  IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630. 2021-10-08 not yet calculated CVE-2021-29906
CONFIRM
XF ibm — sterling_b2b_integrator
  IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246. 2021-10-07 not yet calculated CVE-2021-20571
XF
CONFIRM ibm — sterling_b2b_integrator_standard_edition
  IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656. 2021-10-07 not yet calculated CVE-2021-29700
CONFIRM
XF ibm — sterling_b2b_integrator_standard_edition
  IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171. 2021-10-06 not yet calculated CVE-2021-38925
CONFIRM
XF ibm — sterling_b2b_integrator_standard_edition
  IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734. 2021-10-06 not yet calculated CVE-2021-29798
CONFIRM
XF ibm — sterling_b2b_integrator_standard_edition
  IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204912. 2021-10-06 not yet calculated CVE-2021-29836
CONFIRM
XF ibm — sterling_b2b_integrator_standard_edition
  IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913. 2021-10-06 not yet calculated CVE-2021-29837
XF
CONFIRM ibm — sterling_b2b_integrator_standard_edition
  IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205684. 2021-10-06 not yet calculated CVE-2021-29855
XF
CONFIRM ibm — sterling_b2b_integrator_standard_edition
  IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506. 2021-10-06 not yet calculated CVE-2021-29903
CONFIRM
XF ibm — sterling_file_gateway
  IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567. 2021-10-07 not yet calculated CVE-2021-20375
CONFIRM
XF ibm — sterling_file_gateway
  IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090. 2021-10-08 not yet calculated CVE-2020-4654
CONFIRM
XF ibm — sterling_file_gateway
  IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user’s service due to insufficient permission checking. IBM X-Force ID: 195518. 2021-10-07 not yet calculated CVE-2021-20372
XF
CONFIRM ibm — sterling_file_gateway
  IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170. 2021-10-07 not yet calculated CVE-2021-20552
CONFIRM
XF ibm — sterling_file_gateway
  IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568. 2021-10-07 not yet calculated CVE-2021-20376
CONFIRM
XF ibm — sterling_file_gateway
  IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503. 2021-10-07 not yet calculated CVE-2021-20481
CONFIRM
XF ibm — sterling_file_gateway
  IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790. 2021-10-07 not yet calculated CVE-2021-20489
XF
CONFIRM ibm — sterling_file_gateway
  IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230. 2021-10-07 not yet calculated CVE-2021-20561
XF
CONFIRM ibm — sterling_file_gateway
  IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397. 2021-10-07 not yet calculated CVE-2021-20584
CONFIRM
XF ibm — sterling_file_gateway
  IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944. 2021-10-07 not yet calculated CVE-2021-20473
CONFIRM
XF ibm — ts7700_management_interface
  The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747. 2021-10-06 not yet calculated CVE-2021-29908
CONFIRM
XF icehrm — icehrm
  The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser. 2021-10-04 not yet calculated CVE-2021-38823
MISC integria_ims — integria_ims Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS). 2021-10-07 not yet calculated CVE-2021-3834
CONFIRM
CONFIRM integria_ims — integria_ims
  Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability. 2021-10-07 not yet calculated CVE-2021-3832
CONFIRM
CONFIRM integria_ims — integria_ims
  Integria IMS login check uses a loose comparator (“==”) to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords. 2021-10-07 not yet calculated CVE-2021-3833
CONFIRM
CONFIRM intelliants — subrion_cms
  A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode. 2021-10-08 not yet calculated CVE-2021-41947
MISC jeecms — jeecms
  JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2021-10-07 not yet calculated CVE-2020-21729
MISC jenkins — git_plugin
  Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. 2021-10-06 not yet calculated CVE-2021-21684
CONFIRM
MLIST jenkins — jenkins
  Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows. 2021-10-06 not yet calculated CVE-2021-21682
CONFIRM
MLIST jenkins — jenkins
  The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files. 2021-10-06 not yet calculated CVE-2021-21683
CONFIRM
MLIST lancom — lcos
  In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. (However, changing the password of the root user via LANconfig does change the password of the root user for SNMPv3 access.) 2021-10-07 not yet calculated CVE-2021-33903
MISC laravel — booking_system_booking_core
  Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser. 2021-10-04 not yet calculated CVE-2021-37333
MISC laravel — booking_system_booking_core
  Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar, an XSS will trigger. 2021-10-04 not yet calculated CVE-2021-37330
MISC laravel — booking_system_booking_core
  Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL. 2021-10-04 not yet calculated CVE-2021-37331
MISC lcds_laquis_scada — lcds_laquis_scada
  LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution. 2021-10-04 not yet calculated CVE-2021-41579
MISC liftoff — gate_one
  An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list. 2021-10-06 not yet calculated CVE-2020-19003
MISC lightning_network — blockstream_c-lightning
  Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. 2021-10-04 not yet calculated CVE-2021-41592
MISC
MISC
MISC
MISC
MISC lightning_network — lightning_labs
  Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure. 2021-10-04 not yet calculated CVE-2021-41593
MISC
MISC
MISC
MISC
MISC
MISC limesurvey — limesurvey
  The “File upload question” functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. 2021-10-08 not yet calculated CVE-2021-42112
MISC
MISC linux — linux_kernel
  The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. 2021-10-05 not yet calculated CVE-2021-42008
MISC
MISC
MISC maian_cart — maian_cart
  Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin. 2021-10-07 not yet calculated CVE-2021-32172
MISC
MISC
MISC
MISC mediawiki — mediawiki
  An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query. 2021-10-06 not yet calculated CVE-2021-42043
MISC
MISC mediawiki — mediawiki
  An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript. 2021-10-06 not yet calculated CVE-2021-42042
MISC
MISC mediawiki — mediawiki
  An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log. 2021-10-06 not yet calculated CVE-2021-42041
MISC
MISC mediawiki — mediawiki
  An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion. 2021-10-06 not yet calculated CVE-2021-42040
MISC
MISC mediawiki — mediawiki
  The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings[‘functionalRichness’] = 0;` or disable DynamicPageList3 to mitigate. 2021-10-04 not yet calculated CVE-2021-41118
MISC
MISC
CONFIRM mediawiki — mediawiki
  An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript. 2021-10-06 not yet calculated CVE-2021-42044
MISC
MISC meross — msg100_devices
  Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message). 2021-10-07 not yet calculated CVE-2021-35067
MISC
MISC mitsubishi_electric — got_and_tension_controller
  Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets. 2021-10-07 not yet calculated CVE-2021-20605
MISC
MISC mitsubishi_electric — got_and_tension_controller
  Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets. 2021-10-07 not yet calculated CVE-2021-20604
MISC
MISC mitsubishi_electric — got_and_tension_controller
  Improper Handling of Exceptional Conditions vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets. 2021-10-07 not yet calculated CVE-2021-20602
MISC
MISC mitsubishi_electric — got_and_tension_controller 
  Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets. 2021-10-07 not yet calculated CVE-2021-20603
MISC
MISC mitsubishi_electric — melsec_iq-r_series_c_controller_module_r12ccpu-v
  Uncontrolled resource consumption in MELSEC iQ-R series C Controller Module R12CCPU-V all versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up. 2021-10-08 not yet calculated CVE-2021-20600
MISC
MISC
MISC mkdocs — mkdocs
  ** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1. 2021-10-07 not yet calculated CVE-2021-40978
MISC
MISC
MISC
MISC moby — moby
  Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers. 2021-10-04 not yet calculated CVE-2021-41091
MISC
CONFIRM myscada_mydesigner_8.20.0 — myscada_mydesigner_8.20.0
  mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This would typically lead to code execution. 2021-10-04 not yet calculated CVE-2021-41578
MISC myucms — myucms
  Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component controllerConfig.php, which can be exploited via the add() method. 2021-10-06 not yet calculated CVE-2020-21650
MISC myucms — myucms
  Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component controllerpoint.php, which can be exploited via the add() method. 2021-10-06 not yet calculated CVE-2020-21651
MISC myucms — myucms
  Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component controllerConfig.php, which can be exploited via the addqq() method. 2021-10-06 not yet calculated CVE-2020-21652
MISC myucms — myucms
  Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component controllerindex.php, which can be exploited via the sj() method. 2021-10-06 not yet calculated CVE-2020-21653
MISC myucms — myucms
  Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component controllerindex.php, which can be exploited via the sql() method. 2021-10-06 not yet calculated CVE-2020-21649
MISC nagios_enterprises — nagiosxi Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files. 2021-10-05 not yet calculated CVE-2021-37223
MISC
MISC netsarang — xshell
  Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. 2021-10-07 not yet calculated CVE-2021-42095
MISC node.js — node.js
  Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. 2021-10-07 not yet calculated CVE-2021-22930
MISC
MISC october — october_cms
  October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the october/october package. There are no workarounds for this issue and all users should update. 2021-10-06 not yet calculated CVE-2021-41126
CONFIRM
MISC octopus — server
  When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. 2021-10-07 not yet calculated CVE-2021-26556
MISC octopus — tentacle
  When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. 2021-10-07 not yet calculated CVE-2021-26557
MISC onionshare — onionshare
  An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the –chat feature. 2021-10-04 not yet calculated CVE-2021-41867
MISC
MISC onionshare — onionshare
  OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the –receive functionality. 2021-10-04 not yet calculated CVE-2021-41868
MISC
MISC open5gs — open5gs
  ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with “internet” as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, ‘i’ gets interpreted as 105 bytes to copy from the source buffer to the destination buffer. 2021-10-07 not yet calculated CVE-2021-41794
MISC opensns — opensns
  OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter. 2021-10-07 not yet calculated CVE-2020-21726
MISC opensns — opensns
  OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter. 2021-10-07 not yet calculated CVE-2020-21725
MISC ping_identity — pingfederate
  Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. 2021-10-07 not yet calculated CVE-2021-41770
MISC
MISC polycom — poly_vvx_400/410
  Poly VVX 400/410 through 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process. 2021-10-04 not yet calculated CVE-2021-41322
MISC
MISC postgressql — postgressql
  A flaw was found in postgresql. Using an UPDATE … RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. 2021-10-08 not yet calculated CVE-2021-32029
MISC
MISC pterodactyl — pterodactyl
  Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user must target an account with two-factor authentication enabled, and then must provide a correct two-factor authentication token before being authenticated as that user. Due to a validation flaw in the logic handling user authentication during the two-factor authentication process a malicious user can trick the system into loading credentials for an arbitrary user by modifying the token sent to the server. This authentication flaw is present in the `LoginCheckpointController@__invoke` method which handles two-factor authentication for a user. This controller looks for a request input parameter called `confirmation_token` which is expected to be a 64 character random alpha-numeric string that references a value within the Panel’s cache containing a `user_id` value. This value is then used to fetch the user that attempted to login, and lookup their two-factor authentication token. Due to the design of this system, any element in the cache that contains only digits could be referenced by a malicious user, and whatever value is stored at that position would be used as the `user_id`. There are a few different areas of the Panel that store values into the cache that are integers, and a user who determines what those cache keys are could pass one of those keys which would cause this code pathway to reference an arbitrary user. At its heart this is a high-risk login bypass vulnerability. However, there are a few additional conditions that must be met in order for this to be successfully executed, notably: 1.) The account referenced by the malicious cache key must have two-factor authentication enabled. An account without two-factor authentication would cause an exception to be triggered by the authentication logic, thusly exiting this authentication flow. 2.) Even if the malicious user is able to reference a valid cache key that references a valid user account with two-factor authentication, they must provide a valid two-factor authentication token. However, due to the design of this endpoint once a valid user account is found with two-factor authentication enabled there is no rate-limiting present, thusly allowing an attacker to brute force combinations until successful. This leads to a third condition that must be met: 3.) For the duration of this attack sequence the cache key being referenced must continue to exist with a valid `user_id` value. Depending on the specific key being used for this attack, this value may disappear quickly, or be changed by other random user interactions on the Panel, outside the control of the attacker. In order to mitigate this vulnerability the underlying authentication logic was changed to use an encrypted session store that the user is therefore unable to control the value of. This completely removed the use of a user-controlled value being used. In addition, the code was audited to ensure this type of vulnerability is not present elsewhere. 2021-10-06 not yet calculated CVE-2021-41129
MISC
MISC
MISC
CONFIRM raymart_dg/ahmed_helal_hotel-mgmt-system — raymart_dg/ahmed_helal_hotel-mgmt-system
  A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php. 2021-10-04 not yet calculated CVE-2021-41651
MISC
MISC red_hat — openjdk-1.8_and_openjdk-11_containers
  An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2021-10-06 not yet calculated CVE-2021-20264
MISC redis — redis Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. 2021-10-04 not yet calculated CVE-2021-32687
CONFIRM
MISC redis — redis
  Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. 2021-10-04 not yet calculated CVE-2021-32628
MISC
CONFIRM redis — redis
  Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates. 2021-10-04 not yet calculated CVE-2021-32675
MISC
CONFIRM redis — redis
  Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. 2021-10-04 not yet calculated CVE-2021-32762
CONFIRM
MISC redis — redis
  Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. 2021-10-04 not yet calculated CVE-2021-32627
MISC
CONFIRM redis — redis
  Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. 2021-10-04 not yet calculated CVE-2021-41099
MISC
CONFIRM redis — redis
  Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. 2021-10-04 not yet calculated CVE-2021-32626
MISC
CONFIRM samsung — bluetoothsettingsprovider
  An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information. 2021-10-06 not yet calculated CVE-2021-25472
MISC samsung — cmfa_framework
  SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information. 2021-10-06 not yet calculated CVE-2021-25482
MISC samsung — dsp_kernel_driver
  A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. 2021-10-06 not yet calculated CVE-2021-25475
MISC samsung — exynos_cp_booting_drive
  An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory. 2021-10-06 not yet calculated CVE-2021-25481
MISC samsung — exynos_cp_chipset
  A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. 2021-10-06 not yet calculated CVE-2021-25479
MISC samsung — exynos_cp_chipset
  A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. 2021-10-06 not yet calculated CVE-2021-25478
MISC samsung — factoryaircommandmanager
  Path traversal vulnerability in FactoryAirCommandManager prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket. 2021-10-06 not yet calculated CVE-2021-25485
MISC samsung — inputmanagerservice
  Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event. 2021-10-06 not yet calculated CVE-2021-25484
MISC samsung — ipcdump
  Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log. 2021-10-06 not yet calculated CVE-2021-25486
MISC samsung — keymaster
  A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process. 2021-10-06 not yet calculated CVE-2021-25490
MISC

samsung — livfivextractor_library

Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read. 2021-10-06 not yet calculated CVE-2021-25483
MISC samsung — mediatek_rrc_protocol
  An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service. 2021-10-06 not yet calculated CVE-2021-25477
MISC samsung — mfc_driver
  A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference. 2021-10-06 not yet calculated CVE-2021-25491
MISC

samsung — modem_interface_driver

Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read. 2021-10-06 not yet calculated CVE-2021-25488
MISC samsung — modem_interface_driver
  Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. 2021-10-06 not yet calculated CVE-2021-25489
MISC samsung — modem_interface_driver
  Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer. 2021-10-06 not yet calculated CVE-2021-25487
MISC samsung — notes
  Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read. 2021-10-06 not yet calculated CVE-2021-25492
MISC samsung — notes
  Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read 2021-10-06 not yet calculated CVE-2021-25493
MISC samsung — notes
  A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. 2021-10-06 not yet calculated CVE-2021-25494
MISC samsung — notes
  A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. 2021-10-06 not yet calculated CVE-2021-25495
MISC samsung — notes
  A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. 2021-10-06 not yet calculated CVE-2021-25496
MISC samsung — notes
  A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. 2021-10-06 not yet calculated CVE-2021-25497
MISC samsung — notes
  A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. 2021-10-06 not yet calculated CVE-2021-25498
MISC samsung — qualcomm_modem
  A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection. 2021-10-06 not yet calculated CVE-2021-25480
MISC

samsung — samsungaccountsdksigninactivity_of_galaxy_store

Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store. 2021-10-06 not yet calculated CVE-2021-25499
MISC samsung — security_mode_command
  A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion. 2021-10-06 not yet calculated CVE-2021-25471
MISC samsung — systemui
  Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset. 2021-10-06 not yet calculated CVE-2021-25473
MISC samsung — systemui
  Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset. 2021-10-06 not yet calculated CVE-2021-25474
MISC samsung — teegris_secure_os
  An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE. 2021-10-06 not yet calculated CVE-2021-25470
MISC samsung — vision_dsp_kernel_driver
  Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library. 2021-10-06 not yet calculated CVE-2021-25467
MISC samsung — widevine_ta
  An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE. 2021-10-06 not yet calculated CVE-2021-25476
MISC samsung — widevine_trustlet
  A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address. 2021-10-06 not yet calculated CVE-2021-25468
MISC samsung — widevine_trustlet
  A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution. 2021-10-06 not yet calculated CVE-2021-25469
MISC scrapy — scrapy
  Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`, or as requests reached through redirects. Upgrade to Scrapy 2.5.1 and use the new `http_auth_domain` spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.5.1 is not an option, you may upgrade to Scrapy 1.8.1 instead. If you cannot upgrade, set your HTTP authentication credentials on a per-request basis, using for example the `w3lib.http.basic_auth_header` function to convert your credentials into a value that you can assign to the `Authorization` header of your request, instead of defining your credentials globally using `HttpAuthMiddleware`. 2021-10-06 not yet calculated CVE-2021-41125
MISC
MISC
CONFIRM
MISC scrapy-splash — scrapy-splash
  Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth) (i.e. the `http_user` and `http_pass` spider attributes) for Splash authentication will have any non-Splash request expose your credentials to the request target. This includes `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`. Upgrade to scrapy-splash 0.8.0 and use the new `SPLASH_USER` and `SPLASH_PASS` settings instead to set your Splash authentication credentials safely. If you cannot upgrade, set your Splash request credentials on a per-request basis, [using the `splash_headers` request parameter](https://github.com/scrapy-plugins/scrapy-splash/tree/0.8.x#http-basic-auth), instead of defining them globally using the [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth). Alternatively, make sure all your requests go through Splash. That includes disabling the [robots.txt middleware](https://docs.scrapy.org/en/latest/topics/downloader-middleware.html#topics-dlmw-robots). 2021-10-05 not yet calculated CVE-2021-41124
MISC
CONFIRM silverstripe — silverstripe
  Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass. 2021-10-07 not yet calculated CVE-2021-28661
MISC
MISC silverstripe — silverstripe_framework
  SilverStripe Framework through 4.8.1 allows XSS. 2021-10-07 not yet calculated CVE-2021-36150
MISC
MISC sophos — hitmanpro
  A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318. 2021-10-08 not yet calculated CVE-2021-25271
CONFIRM sophos — hitmanpro.alert
  A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. 2021-10-08 not yet calculated CVE-2021-25270
CONFIRM suitecrm — suitecrm
  SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality. 2021-10-04 not yet calculated CVE-2021-41596
CONFIRM
CONFIRM
MISC
MISC
MISC suitecrm — suitecrm
  SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. 2021-10-04 not yet calculated CVE-2021-41869
MISC
MISC
MISC
MISC
MISC suitecrm — suitecrm
  SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality. 2021-10-04 not yet calculated CVE-2021-41595
MISC
CONFIRM
CONFIRM
MISC sylius — sylius/paypalplugin
  sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id (/pay-with-paypal/{id}) and therefore it was easy to predict. The problem is that the Credit card form has prefilled “credit card holder” field with the Customer’s first and last name and hence this can lead to personally identifiable information exposure. Additionally, the mentioned form did not require authentication. The problem has been patched in Sylius/PayPalPlugin 1.2.4 and 1.3.1. If users are unable to update they can override a sylius_paypal_plugin_pay_with_paypal_form route and change its URL parameters to (for example) {orderToken}/{paymentId}, then override the SyliusPayPalPluginControllerPayWithPayPalFormAction service, to operate on the payment taken from the repository by these 2 values. It would also require usage of custom repository method. Additionally, one could override the @SyliusPayPalPlugin/payWithPaypal.html.twig template, to add contingencies: [‘SCA_ALWAYS’] line in hostedFields.submit(…) function call (line 421). It would then have to be handled in the function callback. 2021-10-05 not yet calculated CVE-2021-41120
MISC
MISC
CONFIRM tad_book3 — tad_book3
  Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks. 2021-10-08 not yet calculated CVE-2021-41563
MISC tad_book3 — tad_book3
  Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission. 2021-10-08 not yet calculated CVE-2021-41974
MISC tad_honor — tad_honor
  Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in. 2021-10-08 not yet calculated CVE-2021-41564
MISC tad_uploader — tad_uploader
  The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks. 2021-10-08 not yet calculated CVE-2021-41567
MISC tad_uploader — tad_uploader
  Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in. 2021-10-08 not yet calculated CVE-2021-41976
MISC tad_web — tad_web
  Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system. 2021-10-08 not yet calculated CVE-2021-41568
MISC tadtools — tadtools
  TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks. 2021-10-08 not yet calculated CVE-2021-41565
MISC tadtools — tadtools
  The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in. 2021-10-08 not yet calculated CVE-2021-41566
MISC tadtools — tadtools
  TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in. 2021-10-08 not yet calculated CVE-2021-41975
MISC teddy — teddy
  This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string). 2021-10-07 not yet calculated CVE-2021-23447
MISC
MISC
MISC thinkphp50-cms — thinkphp50-cms
  ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha. 2021-10-07 not yet calculated CVE-2020-21865
MISC tracker — ardour
  Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext. 2021-10-08 not yet calculated CVE-2020-22617
MISC
MISC trend_micro — multiple_products
  An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2021-10-06 not yet calculated CVE-2021-3848
MISC verint — workforce_optimization
  Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter. 2021-10-08 not yet calculated CVE-2021-41825
MISC
MISC visual_tools — dvr_vx16
  In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py Uaer-Agent HTTP header. 2021-10-07 not yet calculated CVE-2021-42071
MISC
MISC vitec — exterity_iptv_products
  VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root. 2021-10-08 not yet calculated CVE-2021-42109
MISC
MISC vyperlang — vyper
  Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0. 2021-10-05 not yet calculated CVE-2021-41122
CONFIRM
MISC vyperlang — vyper
  Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0. 2021-10-06 not yet calculated CVE-2021-41121
CONFIRM
MISC waimai — waimai_super_cms
  waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add. 2021-10-05 not yet calculated CVE-2020-21506
MISC waimai — waimai_super_cms
  waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?&m=Public&a=login. 2021-10-05 not yet calculated CVE-2020-21504
MISC waimai — waimai_super_cms
  waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave. 2021-10-05 not yet calculated CVE-2020-21505
MISC waimai — waimai_super_cms
  waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free. 2021-10-05 not yet calculated CVE-2020-21503
MISC wdja — wdja
  WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php. 2021-10-06 not yet calculated CVE-2020-21648
MISC wdja — wdja
  A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL. 2021-10-06 not yet calculated CVE-2020-21658
MISC webtareas — webtareas
  webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the application because it is related on how each URL is echoed back on every response page. 2021-10-08 not yet calculated CVE-2021-41918
MISC webtareas — webtareas
  webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application. 2021-10-08 not yet calculated CVE-2021-41920
MISC webtareas — webtareas
  webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers. 2021-10-08 not yet calculated CVE-2021-41919
MISC webtareas — webtareas
  A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim’s knowledge, by enticing an authenticated admin user to visit an attacker’s web page. 2021-10-08 not yet calculated CVE-2021-41916
MISC webtareas — webtareas
  webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter. 2021-10-08 not yet calculated CVE-2021-41917
MISC wire — wire
  Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentication cookie. See wire-ios-sync-engine and wire-ios-transport references. This is the root advisory that pulls the changes together. 2021-10-04 not yet calculated CVE-2021-41093
MISC
MISC
MISC
MISC
CONFIRM wire — wire
  Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, however it will fail silently if no device passcode is set. The user has no indication that encryption at rest is not active since the feature is hidden to them. This issue has been resolved in version 3.70 2021-10-04 not yet calculated CVE-2021-41094
MISC
CONFIRM wire-server — wire-server
  Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as means of authentication by the client for less critical requests to the backend, the ability to change the email address with a short-lived token constitutes a privilege escalation attack. Since the attacker can change the password after setting the email address to one that they control, changing the email address can result in an account takeover by the attacker. Short-lived tokens can be requested from the backend by Wire clients using the long lived tokens, after which the long lived tokens can be stored securely, for example on the devices key chain. The short lived tokens can then be used to authenticate the client towards the backend for frequently performed actions such as sending and receiving messages. While short-lived tokens should not be available to an attacker per-se, they are used more often and in the shape of an HTTP header, increasing the risk of exposure to an attacker relative to the long-lived tokens, which are stored and transmitted in cookies. If you are running an on-prem instance and provision all users with SCIM, you are not affected by this issue (changing email is blocked for SCIM users). SAML single-sign-on is unaffected by this issue, and behaves identically before and after this update. The reason is that the email address used as SAML NameID is stored in a different location in the databse from the one used to contact the user outside wire. Version 2021-08-16 and later provide a new end-point that requires both the long-lived client cookie and `Authorization` header. The old end-point has been removed. If you are running an on-prem instance with at least some of the users invited or provisioned via SAML SSO and you cannot update then you can block `/self/email` on nginz (or in any other proxies or firewalls you may have set up). You don’t need to discriminate by verb: `/self/email` only accepts `PUT` and `DELETE`, and `DELETE` is almost never used. 2021-10-04 not yet calculated CVE-2021-41100
CONFIRM wordpress — wordpress The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 – 7.5.2.727. 2021-10-06 not yet calculated CVE-2021-39350
MISC
MISC wordpress — wordpress The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows attackers to exfiltrate sensitive information from vulnerable sites. This issue affects versions 2.0.0 – 4.0.2. 2021-10-06 not yet calculated CVE-2021-39351
MISC
MISC wordpress — wordpress
  The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases with their payment accounts. This affects versions 3.0.0 – 3.3.9. 2021-10-04 not yet calculated CVE-2021-39347
MISC
MISC xen — certain_pci_devices
  PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, “RMRR”). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption. 2021-10-06 not yet calculated CVE-2021-28702
MISC
MLIST xiuno — xiuno_bbs
  A cross-site scripting (XSS) vulnerability in the component installinstall.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0. 2021-10-04 not yet calculated CVE-2020-21494
MISC
MISC xiuno — xiuno_bbs
  A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter. 2021-10-04 not yet calculated CVE-2020-21495
MISC
MISC xiuno — xiuno_bbs
  A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter. 2021-10-04 not yet calculated CVE-2020-21496
MISC
MISC xiuno — xiuno_bbs
  An issue in the component routeuser.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames. 2021-10-04 not yet calculated CVE-2020-21493
MISC
MISC xyhcms — xyhcms
  XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index. 2021-10-06 not yet calculated CVE-2020-21656
MISC zammad — zammad An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket. 2021-10-07 not yet calculated CVE-2021-42092
MISC zammad — zammad An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration. 2021-10-07 not yet calculated CVE-2021-42091
MISC zammad — zammad An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled. 2021-10-07 not yet calculated CVE-2021-42090
MISC zammad — zammad An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information. 2021-10-07 not yet calculated CVE-2021-42089
MISC zammad — zammad An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled. 2021-10-07 not yet calculated CVE-2021-42088
MISC zammad — zammad An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API. 2021-10-07 not yet calculated CVE-2021-42087
MISC zammad — zammad An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request. 2021-10-07 not yet calculated CVE-2021-42086
MISC zammad — zammad An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar. 2021-10-07 not yet calculated CVE-2021-42085
MISC zammad — zammad An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service. 2021-10-07 not yet calculated CVE-2021-42084
MISC zammad — zammad
  An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers. 2021-10-07 not yet calculated CVE-2021-42093
MISC zammad — zammad
  An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages. 2021-10-07 not yet calculated CVE-2021-42094
MISC zehpyr_project-rtos — zephyr
  Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5 2021-10-05 not yet calculated CVE-2021-3581
MISC zehpyr_project-rtos — zephyr_json_decoder
  Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 2021-10-05 not yet calculated CVE-2021-3510
MISC zephyrproject-rtos — zephyr
  Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363 2021-10-05 not yet calculated CVE-2021-3625
MISC zephyrproject-rtos — zephyr
  BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63 2021-10-05 not yet calculated CVE-2021-3436
MISC zephyrproject-rtos — zephyr
  DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364 2021-10-05 not yet calculated CVE-2021-3319
MISC zoho — manageengine_admanager_plus Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. 2021-10-07 not yet calculated CVE-2021-37930
MISC
MISC zoho — manageengine_admanager_plus Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. 2021-10-07 not yet calculated CVE-2021-37931
MISC
MISC zoho — manageengine_admanager_plus Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. 2021-10-07 not yet calculated CVE-2021-37921
MISC
MISC zoho — manageengine_admanager_plus Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another. 2021-10-07 not yet calculated CVE-2021-37922
MISC
MISC zoho — manageengine_admanager_plus Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. 2021-10-07 not yet calculated CVE-2021-37923
MISC
MISC

zoho — manageengine_admanager_plus

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. 2021-10-07 not yet calculated CVE-2021-37918
MISC
MISC zoho — manageengine_admanager_plus Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. 2021-10-07 not yet calculated CVE-2021-37924
MISC
MISC zoho — manageengine_admanager_plus Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. 2021-10-07 not yet calculated CVE-2021-37926
MISC
MISC zoho — manageengine_admanager_plus Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. 2021-10-07 not yet calculated CVE-2021-37928
MISC
MISC zoho — manageengine_admanager_plus Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. 2021-10-07 not yet calculated CVE-2021-37929
MISC
MISC zoho — manageengine_admanager_plus Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. 2021-10-07 not yet calculated CVE-2021-37920
MISC
MISC zoho — manageengine_admanager_plus
  Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. 2021-10-07 not yet calculated CVE-2021-38298
CONFIRM

zoho — manageengine_admanager_plus
 

Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution. 2021-10-07 not yet calculated CVE-2021-37919
MISC
MISC zoho — manageengine_admanager_plus
  Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution. 2021-10-07 not yet calculated CVE-2021-37762
MISC
MISC zoho — zoho
  A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application’s users and not the application itself while using your application as the attack’s vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4. 2021-10-05 not yet calculated CVE-2021-33849
MISC
MISC zulip — zulip
  Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure “linkifiers” that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organization administrators could subject the server to a denial-of-service via regular expression complexity attacks; most simply, by configuring a quadratic-time regular expression in a linkifier, and sending messages that exploited it. A regular expression attempted to parse the user-provided regexes to verify that they were safe from ReDoS — this was both insufficient, as well as _itself_ subject to ReDoS if the organization administrator entered a sufficiently complex invalid regex. Affected users should [upgrade to the just-released Zulip 4.7](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-to-a-release), or [`main`](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository). 2021-10-07 not yet calculated CVE-2021-41115
CONFIRM
MISC
MISC

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.