This article is contributed. See the original author and article here.
N/A — N/A |
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. |
2021-12-16 |
not yet calculated |
CVE-2021-45095 MISC MISC |
addons-ssh — addons-ssh |
** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against complex social engineering situations. |
2021-12-16 |
not yet calculated |
CVE-2021-45099 MISC MISC |
ajaxsoundstudio — ajaxsoundstudio |
Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name. |
2021-12-17 |
not yet calculated |
CVE-2021-41499 MISC |
alac_decoder — alac_decoder |
In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237. |
2021-12-17 |
not yet calculated |
CVE-2021-0674 MISC |
anchor — cms |
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations. |
2021-12-15 |
not yet calculated |
CVE-2021-44116 MISC |
anonaddy — anonaddy |
A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. |
2021-12-15 |
not yet calculated |
CVE-2021-42216 MISC MISC MISC |
apache — log4j2 |
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3. |
2021-12-18 |
not yet calculated |
CVE-2021-45105 MISC CONFIRM MLIST DEBIAN MISC CISCO |
apache — nifi |
In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information. |
2021-12-17 |
not yet calculated |
CVE-2021-44145 MISC MLIST |
apache — sling_commons_messaging_mail |
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of “man in the middle” attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. Apache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default. – https://javaee.github.io/javamail/docs/SSLNOTES.txt – https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html – https://github.com/eclipse-ee4j/mail/issues/429 |
2021-12-14 |
not yet calculated |
CVE-2021-44549 MISC |
apple — ios |
GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass. |
2021-12-16 |
not yet calculated |
CVE-2021-3179 MISC MISC MISC |
apple — ios |
An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar. |
2021-12-16 |
not yet calculated |
CVE-2021-40835 MISC MISC |
apusys — apusys |
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05670549. |
2021-12-17 |
not yet calculated |
CVE-2021-0897 MISC |
apusys — apusys |
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656488. |
2021-12-17 |
not yet calculated |
CVE-2021-0903 MISC |
apusys — apusys |
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656484. |
2021-12-17 |
not yet calculated |
CVE-2021-0902 MISC |
apusys — apusys |
In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618. |
2021-12-17 |
not yet calculated |
CVE-2021-0901 MISC |
apusys — apusys |
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672055. |
2021-12-17 |
not yet calculated |
CVE-2021-0900 MISC |
apusys — apusys |
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672059. |
2021-12-17 |
not yet calculated |
CVE-2021-0899 MISC |
apusys — apusys |
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672071. |
2021-12-17 |
not yet calculated |
CVE-2021-0898 MISC |
apusys — apusys |
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05722511. |
2021-12-17 |
not yet calculated |
CVE-2021-0678 MISC |
apusys — apusys |
In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781. |
2021-12-17 |
not yet calculated |
CVE-2021-0679 MISC |
apusys — apusys |
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474. |
2021-12-17 |
not yet calculated |
CVE-2021-0893 MISC |
apusys — apusys |
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672038. |
2021-12-17 |
not yet calculated |
CVE-2021-0894 MISC |
apusys — apusys |
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672003. |
2021-12-17 |
not yet calculated |
CVE-2021-0895 MISC |
apusys — apusys |
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05671206. |
2021-12-17 |
not yet calculated |
CVE-2021-0896 MISC |
atomix — atomix |
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node. |
2021-12-16 |
not yet calculated |
CVE-2020-35213 MISC |
atomix — atomix |
An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations. |
2021-12-16 |
not yet calculated |
CVE-2020-35214 MISC |
atomix — atomix |
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information. |
2021-12-16 |
not yet calculated |
CVE-2020-35209 MISC |
atomix — atomix |
A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages. |
2021-12-16 |
not yet calculated |
CVE-2020-35210 MISC |
atomix — atomix |
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext. |
2021-12-16 |
not yet calculated |
CVE-2020-35211 MISC |
atomix — atomix |
An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states. |
2021-12-16 |
not yet calculated |
CVE-2020-35215 MISC |
atomix — atomix |
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages. |
2021-12-16 |
not yet calculated |
CVE-2020-35216 MISC |
audio_aurisys_hal — audio_aurisys_hal |
In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326. |
2021-12-17 |
not yet calculated |
CVE-2021-0673 MISC |
auth0 — auth0 |
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. |
2021-12-16 |
not yet calculated |
CVE-2021-43812 MISC CONFIRM |
bitdefender — endpoint_security_tools |
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272 |
2021-12-16 |
not yet calculated |
CVE-2021-3959 MISC |
bitdefender — gravityzone |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272 |
2021-12-16 |
not yet calculated |
CVE-2021-3960 MISC |
bookstack — bookstack |
bookstack is vulnerable to Improper Access Control |
2021-12-15 |
not yet calculated |
CVE-2021-4119 MISC CONFIRM |
bus_pass_management_system — bus_pass_management_system |
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. |
2021-12-16 |
not yet calculated |
CVE-2021-44315 MISC MISC |
bus_pass_management_system — bus_pass_management_system
|
In Bus Pass Management System v1.0, parameters ‘pagedes’ and `About Us` are affected with a Stored Cross-site scripting vulnerability. |
2021-12-16 |
not yet calculated |
CVE-2021-44317 MISC MISC |
catfish — catfish |
Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via a Google search in url:/catfishcms/index.php/admin/Index/addmenu.htmland then the .html file on the website that uses this editor (the file suffix is allowed). |
2021-12-15 |
not yet calculated |
CVE-2021-45018 MISC |
catfish — catfish |
Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1.* when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as your malicious url address in the Add Menu column. |
2021-12-15 |
not yet calculated |
CVE-2021-45017 MISC |
cbioportal — cbioportal |
A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json. |
2021-12-16 |
not yet calculated |
CVE-2021-38244 MISC MISC |
ccu_driver — ccu_driver |
In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827154; Issue ID: ALPS05827154. |
2021-12-17 |
not yet calculated |
CVE-2021-0677 MISC |
convos-chat — convos-chat |
A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before 6.32. |
2021-12-17 |
not yet calculated |
CVE-2021-42584 MISC MISC MISC |
cvxopt — cvxopt |
Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects. |
2021-12-17 |
not yet calculated |
CVE-2021-41500 MISC |
discourse — discourse |
discourse-footnote is a library providing footnotes for posts in Discourse. ### Impact When posting an inline footnote wrapped in `<a>` tags (e.g. `<a>^[footnote]</a>`, the resulting rendered HTML would include a nested `<a>`, which is stripped by Nokogiri because it is not valid. This then caused a javascript error on topic pages because we were looking for an `<a>` element inside the footnote reference span and getting its ID, and because it did not exist we got a null reference error in javascript. Users are advised to update to version 0.2. As a workaround editing offending posts from the rails console or the database console for self-hosters, or disabling the plugin in the admin panel can mitigate this issue. |
2021-12-14 |
not yet calculated |
CVE-2021-43827 MISC CONFIRM |
dojo — dojo |
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. |
2021-12-17 |
not yet calculated |
CVE-2021-23450 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
dojo — dojo |
All versions of package http-server-node are vulnerable to Directory Traversal via use of –path-as-is. |
2021-12-17 |
not yet calculated |
CVE-2021-23797 CONFIRM |
elabftw — elabftw |
eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows any authenticated user to gain access to arbitrary accounts by setting a specially crafted email address. This vulnerability impacts all instances that have not set an explicit email domain name allowlist. Note that whereas neither administrators nor targeted users are notified of a change, an attacker will need to control an account. The default settings require administrators to validate newly created accounts. The problem has been patched. Users should upgrade to at least version 4.2.0. For users unable to upgrade enabling an email domain allow list (from Sysconfig panel, Security tab) will completely resolve the issue. |
2021-12-16 |
not yet calculated |
CVE-2021-43833 CONFIRM MISC |
elabftw — elabftw |
eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the (default) local password mechanism. Users should upgrade to at least version 4.2.0. |
2021-12-16 |
not yet calculated |
CVE-2021-43834 MISC CONFIRM |
fatpipe_network — fatpipe_warp_ipvpn_and_mpvpn_software |
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005. |
2021-12-15 |
not yet calculated |
CVE-2021-27859 CONFIRM MISC MISC |
fatpipe_network — fatpipe_warp_ipvpn_and_mpvpn_software |
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL “/fpui/jsp/index.jsp” leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004. |
2021-12-15 |
not yet calculated |
CVE-2021-27858 CONFIRM MISC MISC |
fatpipe_network — fatpipe_warp_ipvpn_and_mpvpn_software |
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003. |
2021-12-15 |
not yet calculated |
CVE-2021-27857 MISC CONFIRM MISC |
fatpipe_network — fatpipe_warp_ipvpn_and_mpvpn_software |
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named “cmuser” that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002. |
2021-12-15 |
not yet calculated |
CVE-2021-27856 MISC CONFIRM MISC |
fatpipe_network — fatpipe_warp_ipvpn_and_mpvpn_software |
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001. |
2021-12-15 |
not yet calculated |
CVE-2021-27855 MISC MISC CONFIRM |
fiberhome — onu_gpon_an5506 |
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon. |
2021-12-16 |
not yet calculated |
CVE-2021-42912 MISC MISC MISC |
fortiguard — forticlientems |
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol. |
2021-12-16 |
not yet calculated |
CVE-2021-41028 CONFIRM |
ftpshell — ftpshell |
A buffer overflow vulnerability in the Virtual Path Mapping component of FTPShell v6.83 allows attackers to cause a denial of service (DoS). |
2021-12-17 |
not yet calculated |
CVE-2020-18077 MISC |
galette — galette |
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with “member” privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds. |
2021-12-16 |
not yet calculated |
CVE-2021-41262 MISC CONFIRM |
galette — galette |
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been resolved in the 0.9.6 release and all users are advised to upgrade. There are no known workarounds. |
2021-12-16 |
not yet calculated |
CVE-2021-41261 CONFIRM MISC |
galette — galette |
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue. |
2021-12-16 |
not yet calculated |
CVE-2021-41260 CONFIRM MISC |
geniezone_driver — geniezone_driver |
In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009. |
2021-12-17 |
not yet calculated |
CVE-2021-0676 MISC |
gnu — binutils |
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. |
2021-12-15 |
not yet calculated |
CVE-2021-45078 MISC MISC |
google — android |
In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible disclosure of freed kernel heap memory due to a use after free. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187851056References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-1042 MISC |
google — android |
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel |
2021-12-15 |
not yet calculated |
CVE-2021-39648 MISC |
google — android |
In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857506 |
2021-12-15 |
not yet calculated |
CVE-2021-1003 MISC |
google — android |
In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194533433 |
2021-12-15 |
not yet calculated |
CVE-2021-1002 MISC |
google — android |
In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190435883 |
2021-12-15 |
not yet calculated |
CVE-2021-1001 MISC |
google — android |
In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196046570References: Upstream kernel |
2021-12-15 |
not yet calculated |
CVE-2021-0961 MISC |
google — android |
In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel information due to uninitialized data. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-120612905References: Upstream kernel |
2021-12-15 |
not yet calculated |
CVE-2021-39636 MISC |
google — android |
In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193579873References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-39637 MISC |
google — android |
In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195607566References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-39638 MISC |
google — android |
In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. This could lead to local escalation of privilege with physical access to device internals with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198291476References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-39639 MISC |
google — android |
In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157294279References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-39640 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-39641 MISC |
google — android |
In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195731663References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-39642 MISC |
google — android |
In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195573629References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-39643 MISC |
google — android |
In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible reinitialization of TEE due to improper locking. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198713939References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-39647 MISC |
google — android |
In regmap_exit of regmap.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049006References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-39649 MISC |
google — android |
In TBD of TBD, there is a possible downgrade attack due to under utilized anti-rollback protections. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194697257References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-1043 MISC |
google — android |
In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-169763055References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-39650 MISC |
google — android |
In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN confirmation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193438173References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-39651 MISC |
google — android |
In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194499021References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-39652 MISC |
google — android |
In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193443223References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-39653 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-39655 MISC |
google — android |
In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel |
2021-12-15 |
not yet calculated |
CVE-2021-39656 MISC |
google — android |
In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel |
2021-12-15 |
not yet calculated |
CVE-2021-39657 MISC |
google — android |
In update of km_compat.cpp, there is a possible loss of potentially sensitive data due to a logic error in the code. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200041882 |
2021-12-15 |
not yet calculated |
CVE-2021-0958 MISC |
google — android |
In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-189942532 |
2021-12-15 |
not yet calculated |
CVE-2021-0956 MISC |
google — android |
In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-192085766 |
2021-12-15 |
not yet calculated |
CVE-2021-0955 MISC |
google — android |
In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-143559931 |
2021-12-15 |
not yet calculated |
CVE-2021-0954 MISC |
google — android |
In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278 |
2021-12-15 |
not yet calculated |
CVE-2021-0953 MISC |
google — android |
In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-190286685 |
2021-12-15 |
not yet calculated |
CVE-2021-0650 MISC |
google — android |
In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197749180 |
2021-12-15 |
not yet calculated |
CVE-2021-1004 MISC |
google — android |
In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530889 |
2021-12-15 |
not yet calculated |
CVE-2021-1005 MISC |
google — android |
In several functions of DatabaseManager.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183961974 |
2021-12-15 |
not yet calculated |
CVE-2021-1006 MISC |
google — android |
In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186404356 |
2021-12-15 |
not yet calculated |
CVE-2021-1013 MISC |
google — android |
In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195570681References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-1044 MISC |
google — android |
Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-1045 MISC |
google — android |
In (TBD) of (TBD), there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182950799References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-1041 MISC |
google — android |
In valid_ipc_dram_addr of cm_access_control.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197966306References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-1047 MISC |
google — android |
In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel |
2021-12-15 |
not yet calculated |
CVE-2021-1048 MISC |
google — android |
In onCreate of BluetoothPairingSelectionFragment.java, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182810085 |
2021-12-15 |
not yet calculated |
CVE-2021-1040 MISC |
google — android |
In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182808318 |
2021-12-15 |
not yet calculated |
CVE-2021-1039 MISC |
google — android |
In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine whether an app is installed, without querypermissions due to a missing permission check. This could lead to localinformation disclosure with no additional execution privileges needed. Userinteraction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193441322 |
2021-12-15 |
not yet calculated |
CVE-2021-1034 MISC |
google — android |
In getMimeGroup of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-184745603 |
2021-12-15 |
not yet calculated |
CVE-2021-1032 MISC |
google — android |
In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194697004 |
2021-12-15 |
not yet calculated |
CVE-2021-1031 MISC |
google — android |
In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186530496 |
2021-12-15 |
not yet calculated |
CVE-2021-1015 MISC |
google — android |
In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186776740 |
2021-12-15 |
not yet calculated |
CVE-2021-1014 MISC |
google — android |
In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-182583850 |
2021-12-15 |
not yet calculated |
CVE-2021-1017 MISC |
google — android |
In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195412179 |
2021-12-15 |
not yet calculated |
CVE-2021-1012 MISC |
google — android |
In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189858128 |
2021-12-15 |
not yet calculated |
CVE-2021-1009 MISC |
google — android |
In btu_hcif_process_event of btu_hcif.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-167759047 |
2021-12-15 |
not yet calculated |
CVE-2021-1007 MISC |
google — android |
In setPackageStoppedState of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-188219307 |
2021-12-15 |
not yet calculated |
CVE-2021-1011 MISC |
google — android |
In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197327688 |
2021-12-15 |
not yet calculated |
CVE-2021-1008 MISC |
google — android |
In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195609074References: N/A |
2021-12-15 |
not yet calculated |
CVE-2021-1046 MISC |
google — android |
In getSigningKeySet of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857801 |
2021-12-15 |
not yet calculated |
CVE-2021-1010 MISC |
gradio — gradio |
Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access any files on the host computer if they know the file names or file paths. This is limited only by the host operating system. Paths are opened in read only mode. The problem has been patched in gradio 2.5.0. |
2021-12-15 |
not yet calculated |
CVE-2021-43831 MISC CONFIRM |
hashicorp — vault_and_vault_enterprise |
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0. |
2021-12-17 |
not yet calculated |
CVE-2021-45042 MISC MISC |
hillrom — welch_allyn_cardio_products |
The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges. |
2021-12-15 |
not yet calculated |
CVE-2021-43935 MISC |
htcondor — htcondor |
An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow. |
2021-12-16 |
not yet calculated |
CVE-2021-45102 MISC |
htcondor — htcondor |
An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users’ jobs and/or read their data. |
2021-12-16 |
not yet calculated |
CVE-2021-45101 MISC |
ibm — bmc_firmware |
BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267. |
2021-12-15 |
not yet calculated |
CVE-2021-29847 CONFIRM XF |
ibm — business_automation_workflow |
IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209165. |
2021-12-17 |
not yet calculated |
CVE-2021-38883 CONFIRM XF |
irfanview — irfanview |
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ReadXPM_W+0x0000000000000531. |
2021-12-15 |
not yet calculated |
CVE-2020-23545 MISC MISC MISC |
ivanti — workspace_control |
Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity. |
2021-12-15 |
not yet calculated |
CVE-2019-19138 MISC MISC |
jflyfox — jfinal_cms |
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service. |
2021-12-16 |
not yet calculated |
CVE-2021-37262 MISC |
jsx-slack — jsx-slack |
jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into `<blockquote>` tag, an internal regular expression for escaping characters may consume an excessive amount of computing resources. jsx-slack v4.5.1 has patched to a regex for escaping blockquote characters. Users are advised to upgrade as soon as possible. |
2021-12-17 |
not yet calculated |
CVE-2021-43838 MISC CONFIRM |
knime — knime |
KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator’s password in a file without appropriate file access controls, allowing all local users to read its content. |
2021-12-16 |
not yet calculated |
CVE-2021-45097 MISC |
knime — knime |
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. |
2021-12-16 |
not yet calculated |
CVE-2021-45096 MISC MISC MISC |
ksmbd — ksmbd |
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption. |
2021-12-16 |
not yet calculated |
CVE-2021-45100 MISC MISC MISC |
laravel-filemanager — laravel-filemanager |
This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: – Install a package with a web Laravel application. – Navigate to the Upload window – Upload an image file, then capture the request – Edit the request contents with a malicious file (webshell) – Enter the path of file uploaded on URL – Remote Code Execution **Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories). |
2021-12-17 |
not yet calculated |
CVE-2021-23814 CONFIRM CONFIRM |
lattelatte — lattelatte |
This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions. |
2021-12-17 |
not yet calculated |
CVE-2021-23803 CONFIRM CONFIRM CONFIRM |
limesurvey — limesurvey |
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI. |
2021-12-14 |
not yet calculated |
CVE-2018-10228 MISC |
listary — listary |
An issue was discovered in Listary through 6. An attacker can create a .pipeListary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim’s token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds). |
2021-12-14 |
not yet calculated |
CVE-2021-41065 MISC MISC |
listary — listary |
An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will not ask for permissions again if a user tries to access files on the system from Listary itself (it will bypass UAC protection; there is no privilege validation of the current user that runs via Listary). |
2021-12-14 |
not yet calculated |
CVE-2021-41066 MISC MISC |
livehelperchat — livehelperchat |
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) |
2021-12-18 |
not yet calculated |
CVE-2021-4131 CONFIRM MISC |
livehelperchat — livehelperchat |
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) |
2021-12-16 |
not yet calculated |
CVE-2021-4123 MISC CONFIRM |
livehelperchat — livehelperchat |
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
2021-12-17 |
not yet calculated |
CVE-2021-4132 CONFIRM MISC |
logback — logback |
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. |
2021-12-16 |
not yet calculated |
CVE-2021-42550 MISC MISC CONFIRM |
matrix — libolm |
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver’s session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web. |
2021-12-14 |
not yet calculated |
CVE-2021-44538 MISC MISC |
mattermost — mattermost |
Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post. |
2021-12-17 |
not yet calculated |
CVE-2021-37863 MISC MISC |
mattermost — mattermost |
Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token. |
2021-12-17 |
not yet calculated |
CVE-2021-37862 MISC MISC |
mediawiki — mediawiki |
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn’t have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead. |
2021-12-17 |
not yet calculated |
CVE-2021-44857 CONFIRM MISC |
mediawiki — mediawiki |
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents. |
2021-12-17 |
not yet calculated |
CVE-2021-45038 CONFIRM MISC |
meetecho — janus-gateway |
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
2021-12-16 |
not yet calculated |
CVE-2021-4124 CONFIRM MISC |
message_bus — message_bus |
message_bus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled (default off) are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user were to gain access to the diagnostic route. The impact is also greater if there is no proxy for your web application as the number of steps up the directories is not bounded. For deployments which uses a proxy, the impact varies. For example, If a request goes through a proxy like Nginx with `merge_slashes` enabled, the number of steps up the directories that can be read is limited to 3 levels. This issue has been patched in version 3.3.7. Users unable to upgrade should ensure that MessageBus::Diagnostics is disabled. |
2021-12-17 |
not yet calculated |
CVE-2021-43840 CONFIRM MISC |
microsoft — 4k_wireless_display_adapter |
Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43899 MISC |
microsoft — appx |
Windows AppX Installer Spoofing Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43890 MISC |
microsoft — asp.net_core_and_visual_studio |
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43877 MISC |
microsoft — biztalk_esb_toolkit |
Microsoft BizTalk ESB Toolkit Spoofing Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43892 MISC |
microsoft — bot_framework_sdk |
Bot Framework SDK Remote Code Execution Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43225 MISC |
microsoft — defender |
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882. |
2021-12-15 |
not yet calculated |
CVE-2021-43889 MISC |
microsoft — defender |
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. |
2021-12-15 |
not yet calculated |
CVE-2021-42311 MISC |
microsoft — defender |
Microsoft Defender for IoT Information Disclosure Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43888 MISC |
microsoft — defender |
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. |
2021-12-15 |
not yet calculated |
CVE-2021-41365 MISC |
microsoft — defender |
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43889. |
2021-12-15 |
not yet calculated |
CVE-2021-43882 MISC |
microsoft — defender |
Microsoft Defender for IOT Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-42312 MISC |
microsoft — defender |
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. |
2021-12-15 |
not yet calculated |
CVE-2021-42310 MISC |
microsoft — defender |
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. |
2021-12-15 |
not yet calculated |
CVE-2021-42313 MISC |
microsoft — defender |
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. |
2021-12-15 |
not yet calculated |
CVE-2021-42314 MISC |
microsoft — defender |
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-43882, CVE-2021-43889. |
2021-12-15 |
not yet calculated |
CVE-2021-42315 MISC |
microsoft — excel |
Microsoft Excel Remote Code Execution Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43256 MISC |
microsoft — jet_red_database_engine_and_access_connectivity_engine |
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-42293 MISC |
microsoft — nfts |
NTFS Set Short Name Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43240 MISC |
microsoft — office |
Visual Basic for Applications Information Disclosure Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-42295 MISC |
microsoft — office |
Microsoft Office Trust Center Spoofing Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43255 MISC |
microsoft — office |
Microsoft Office Graphics Remote Code Execution Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43875 MISC |
microsoft — office |
Microsoft Office app Remote Code Execution Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43905 MISC |
microsoft — powershell |
Microsoft PowerShell Spoofing Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43896 MISC |
microsoft — sharepoint |
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42309. |
2021-12-15 |
not yet calculated |
CVE-2021-42294 MISC |
microsoft — sharepoint |
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42294. |
2021-12-15 |
not yet calculated |
CVE-2021-42309 MISC |
microsoft — sharepoint |
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242. |
2021-12-15 |
not yet calculated |
CVE-2021-42320 MISC |
microsoft — sharepoint_server |
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42320. |
2021-12-15 |
not yet calculated |
CVE-2021-43242 MISC |
microsoft — storage_spaces_controller |
Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43235. |
2021-12-15 |
not yet calculated |
CVE-2021-43227 MISC |
microsoft — visual_studio |
Visual Studio Code Remote Code Execution Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43891 MISC |
microsoft — visual_studio |
Visual Studio Code WSL Extension Remote Code Execution Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43907 MISC |
microsoft — visual_studio |
Visual Studio Code Spoofing Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43908 MISC |
microsoft — vp9_video_extensions |
VP9 Video Extensions Information Disclosure Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43243 MISC |
microsoft — windows |
Remote Desktop Client Remote Code Execution Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43233 MISC |
microsoft — windows |
Windows Kernel Information Disclosure Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43244 MISC |
microsoft — windows |
Windows TCP/IP Driver Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43247 MISC |
microsoft — windows |
Windows Installer Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43883 MISC |
microsoft — windows |
Windows Recovery Environment Agent Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43239 MISC |
microsoft — windows |
Windows Remote Access Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43238 MISC |
microsoft — windows |
Windows Setup Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43237 MISC |
microsoft — windows |
Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43222. |
2021-12-15 |
not yet calculated |
CVE-2021-43236 MISC |
microsoft — windows |
Windows Fax Service Remote Code Execution Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43234 MISC |
microsoft — windows |
Windows Event Tracing Remote Code Execution Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43232 MISC |
microsoft — windows |
Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43230. |
2021-12-15 |
not yet calculated |
CVE-2021-43231 MISC |
microsoft — windows |
Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43231. |
2021-12-15 |
not yet calculated |
CVE-2021-43230 MISC |
microsoft — windows |
A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the “keybase git lfs-config” command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user’s Git repository could leverage this vulnerability to potentially execute arbitrary Windows commands on a user’s local system. |
2021-12-14 |
not yet calculated |
CVE-2021-34426 MISC |
microsoft — windows |
Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43230, CVE-2021-43231. |
2021-12-15 |
not yet calculated |
CVE-2021-43229 MISC |
microsoft — windows |
SymCrypt Denial of Service Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43228 MISC |
microsoft — windows |
Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43207. |
2021-12-15 |
not yet calculated |
CVE-2021-43226 MISC |
microsoft — windows |
Windows Common Log File System Driver Information Disclosure Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43224 MISC |
microsoft — windows |
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43223 MISC |
microsoft — windows |
Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43236. |
2021-12-15 |
not yet calculated |
CVE-2021-43222 MISC |
microsoft — windows |
DirectX Graphics Kernel File Denial of Service Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43219 MISC |
microsoft — windows |
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43217 MISC |
microsoft — windows |
Windows Media Center Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-40441 MISC |
microsoft — windows |
Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43216 MISC |
microsoft — windows |
iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution |
2021-12-15 |
not yet calculated |
CVE-2021-43215 MISC |
microsoft — windows |
Web Media Extensions Remote Code Execution Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43214 MISC |
microsoft — windows |
Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43226. |
2021-12-15 |
not yet calculated |
CVE-2021-43207 MISC |
microsoft — windows |
Windows Print Spooler Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-41333 MISC |
microsoft — windows_device_management |
Windows Mobile Device Management Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43880 MISC |
microsoft — windows_digital_media_receiver |
Windows Digital Media Receiver Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43248 MISC |
microsoft — windows_digital_tv_tuner |
Windows Digital TV Tuner Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43245 MISC |
microsoft — windows_encrypting_file_system |
Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43893 MISC |
microsoft — windows_hyper-v |
Windows Hyper-V Denial of Service Vulnerability |
2021-12-15 |
not yet calculated |
CVE-2021-43246 MISC |
mitsubishi_electric — gx_works2 |
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file. |
2021-12-17 |
not yet calculated |
CVE-2021-20608 MISC MISC MISC |
mitsubishi_electric — gx_works2_melsoft_navigator_and_ezsocket |
Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, MELSOFT Navigator all versions and EZSocket all versions allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker. |
2021-12-17 |
not yet calculated |
CVE-2021-20606 MISC MISC MISC |
mitsubishi_electric — gx_works2_melsoft_navigator_and_ezsocket |
Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, MELSOFT Navigator all versions and EZSocket all versions allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker. |
2021-12-17 |
not yet calculated |
CVE-2021-20607 MISC MISC MISC |
mongodb — mongodb_servier |
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server v4.4 versions prior to 4.4.6. |
2021-12-15 |
not yet calculated |
CVE-2021-20330 MISC |
motorola_solutions — avigilon_devices |
Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180. |
2021-12-15 |
not yet calculated |
CVE-2021-38701 CONFIRM MISC |
numpy — numpy |
Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. |
2021-12-17 |
not yet calculated |
CVE-2021-41495 MISC |
numpy — numpy |
Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. |
2021-12-17 |
not yet calculated |
CVE-2021-41496 MISC |
numpy — numpy |
Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects. |
2021-12-17 |
not yet calculated |
CVE-2021-34141 MISC |
numpy — numpy |
A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. |
2021-12-17 |
not yet calculated |
CVE-2021-33430 MISC |
opencast — opencast |
Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE requests. This bypasses restrictions otherwise put on these types of requests and aids in cross-site request forgery (CSRF) attacks, which would otherwise not be possible. The vulnerability allows attackers to craft links or forms which may change the server state. This issue is fixed in Opencast 9.10 and 10.0. You can mitigate the problem by setting the `SameSite=Strict` attribute for your cookies. If this is a viable option for you depends on your integrations. We strongly recommend updating in any case. |
2021-12-14 |
not yet calculated |
CVE-2021-43807 CONFIRM MISC MISC |
opencast — opencast |
Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast’s host machines and making them available via the web interface. Before Opencast 9.10 and 10.6, Opencast would open and include local files during ingests. Attackers could exploit this to include most local files the process has read access to, extracting secrets from the host machine. An attacker would need to have the privileges required to add new media to exploit this. But these are often widely given. The issue has been fixed in Opencast 10.6 and 11.0. You can mitigate this issue by narrowing down the read access Opencast has to files on the file system using UNIX permissions or mandatory access control systems like SELinux. This cannot prevent access to files Opencast needs to read though and we highly recommend updating. |
2021-12-14 |
not yet calculated |
CVE-2021-43821 CONFIRM MISC MISC MISC |
openemr — openemr |
An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI. |
2021-12-17 |
not yet calculated |
CVE-2021-41843 MISC MISC MISC FULLDISC |
openssl — libssl |
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). |
2021-12-14 |
not yet calculated |
CVE-2021-4044 CONFIRM CONFIRM |
opf — openproject |
OpenProject is a web-based project management software. OpenProject versions >= 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the “Edit budgets” permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in the `reassign_to_id` parameter. The vulnerability has been fixed in version 12.0.4. Versions prior to 12.0.0 are not affected. If you’re upgrading from an older version, ensure you are upgrading to at least version 12.0.4. If you are unable to upgrade in a timely fashion, the following patch can be applied: https://github.com/opf/openproject/pull/9983.patch |
2021-12-14 |
not yet calculated |
CVE-2021-43830 MISC MISC MISC CONFIRM |
owncast — owncast |
Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-src is required to be set to blob for the video player. |
2021-12-14 |
not yet calculated |
CVE-2021-39183 CONFIRM |
parallels — remote_application_server |
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password. |
2021-12-17 |
not yet calculated |
CVE-2020-8968 CONFIRM |
peopledoc– vault-cli |
vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix `!template!`, vault-cli interprets the rest of the contents of the secret as a Jinja2 template. Jinja2 is a powerful templating engine and is not designed to safely render arbitrary templates. An attacker controlling a jinja2 template rendered on a machine can trigger arbitrary code, making this a Remote Code Execution (RCE) risk. If the content of the vault can be completely trusted, then this is not a problem. Otherwise, if your threat model includes cases where an attacker can manipulate a secret value read from the vault using vault-cli, then this vulnerability may impact you. In 3.0.0, the code related to interpreting vault templated secrets has been removed entirely. Users are advised to upgrade as soon as possible. For users unable to upgrade a workaround does exist. Using the environment variable `VAULT_CLI_RENDER=false` or the flag `–no-render` (placed between `vault-cli` and the subcommand, e.g. `vault-cli –no-render get-all`) or adding `render: false` to the vault-cli configuration yaml file disables rendering and removes the vulnerability. Using the python library, you can use: `vault_cli.get_client(render=False)` when creating your client to get a client that will not render templated secrets and thus operates securely. |
2021-12-16 |
not yet calculated |
CVE-2021-43837 MISC MISC CONFIRM |
phpgurukul — phpgurukul |
Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary account. |
2021-12-16 |
not yet calculated |
CVE-2021-26800 MISC MISC |
pyo_&it — pyo_&it |
Buffer overflow in ajaxsoundstudio.com Pyo < and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name. |
2021-12-17 |
not yet calculated |
CVE-2021-41498 MISC |
rapid7 — insight_agent |
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at “C:DLLspython3.dll,” which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent’s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629. |
2021-12-14 |
not yet calculated |
CVE-2021-4007 MISC CONFIRM |
rare-technologies — bounter |
Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash bucket. |
2021-12-17 |
not yet calculated |
CVE-2021-41497 MISC |
rizinorg — rizin |
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade. |
2021-12-13 |
not yet calculated |
CVE-2021-43814 MISC CONFIRM MISC |
sap — grc_access_control |
SAP GRC Access Control – versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges. |
2021-12-14 |
not yet calculated |
CVE-2021-44233 MISC MISC |
sap — saf-t_framework_transaction_saftn_g |
SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server. |
2021-12-14 |
not yet calculated |
CVE-2021-44232 MISC MISC |
seafile — seafile |
Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn’t check whether it’s associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue. |
2021-12-14 |
not yet calculated |
CVE-2021-43820 CONFIRM MISC |
securitashome — home_alarm_system |
An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. This lets an adversary, among other things, disarm an armed system. |
2021-12-15 |
not yet calculated |
CVE-2021-40170 MISC CONFIRM |
securitashome — home_alarm_system |
The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system. |
2021-12-15 |
not yet calculated |
CVE-2021-40171 MISC MISC |
semcms — semcms |
A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account’s password. |
2021-12-17 |
not yet calculated |
CVE-2020-18078 MISC |
semcms — semcms |
The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query. |
2021-12-17 |
not yet calculated |
CVE-2020-18081 MISC |
sick — sopas_et |
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable. |
2021-12-17 |
not yet calculated |
CVE-2021-32499 MISC |
sick — sopas_et |
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator |
2021-12-17 |
not yet calculated |
CVE-2021-32498 MISC |
sick — sopas_et |
SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks. |
2021-12-17 |
not yet calculated |
CVE-2021-32497 MISC |
siemens — modelsim_simulation_and_questa_simulation |
A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property (IP) data in accordance with the IEEE 1735 recommended practice. This could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE 1735 recommended practice. |
2021-12-14 |
not yet calculated |
CVE-2021-42023 CONFIRM |
siemens — simcenter_star-ccm+_viewer |
A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < 2021.3.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. |
2021-12-14 |
not yet calculated |
CVE-2021-42024 CONFIRM |
siemens — sinumerik_edge |
A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server. |
2021-12-14 |
not yet calculated |
CVE-2021-42027 CONFIRM |
snipe-it — snipe-it |
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) |
2021-12-18 |
not yet calculated |
CVE-2021-4130 CONFIRM MISC |
snipe-it — snipe-it |
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
2021-12-14 |
not yet calculated |
CVE-2021-4108 MISC CONFIRM |
sourcecodester_vehice_service_management_system — sourcecodester_vehice_service_management_system |
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Owner fullname parameter in a Send Service Request in vehicle_service. |
2021-12-16 |
not yet calculated |
CVE-2021-41962 MISC |
stackstorm — stackstorm |
In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to backwards compatibility. Stackstorm now sets sandboxed mode for jinja by default. |
2021-12-15 |
not yet calculated |
CVE-2021-44657 MISC MISC MISC MISC |
sulu — sulu |
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language. |
2021-12-15 |
not yet calculated |
CVE-2021-43836 CONFIRM MISC |
sulu — sulu |
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually. |
2021-12-15 |
not yet calculated |
CVE-2021-43835 CONFIRM MISC |
suricata — suricata |
An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it’s possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client’s request. These packets will not trigger a Suricata reject action. |
2021-12-16 |
not yet calculated |
CVE-2021-45098 MISC MISC MISC MISC |
suse — longhorn |
A Improper Access Control vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3. |
2021-12-17 |
not yet calculated |
CVE-2021-36779 CONFIRM CONFIRM |
suse — longhorn |
A Improper Access Control vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3v. |
2021-12-17 |
not yet calculated |
CVE-2021-36780 CONFIRM CONFIRM |
tcman_gim — tcman_gim |
TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information. |
2021-12-17 |
not yet calculated |
CVE-2021-40851 CONFIRM |
tcman_gim — tcman_gim |
TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information. |
2021-12-17 |
not yet calculated |
CVE-2021-40853 CONFIRM |
tcman_gim — tcman_gim |
TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx. |
2021-12-17 |
not yet calculated |
CVE-2021-40850 CONFIRM |
tcman_gim — tcman_gim |
TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information. |
2021-12-17 |
not yet calculated |
CVE-2021-40852 CONFIRM |
teeworlds — teeworlds |
Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client’s stack causing denial of service or code execution. |
2021-12-15 |
not yet calculated |
CVE-2021-43518 MISC MISC |
thinfinity — virtualui |
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. |
2021-12-16 |
not yet calculated |
CVE-2021-45092 MISC |
thinkphp5 — thinkphp5 |
SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php. |
2021-12-15 |
not yet calculated |
CVE-2021-44350 MISC |
tibco_software_inc — spotfire_server |
The Spotfire Server component of TIBCO Software Inc.’s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Server: versions 10.10.6 and below, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, and TIBCO Spotfire Server: versions 11.5.0 and 11.6.0. |
2021-12-14 |
not yet calculated |
CVE-2021-43051 CONFIRM CONFIRM |
tp-link — tp-link |
An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before V1_211117 could allow an attacker to send a specially crafted HTTP/0.9 packet that could cause a cache poisoning attack. |
2021-12-17 |
not yet calculated |
CVE-2021-41451 MISC MISC MISC |
trend_micro — maximum_security |
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service. |
2021-12-16 |
not yet calculated |
CVE-2021-44023 MISC MISC |
tuleap — tuleap |
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with read access to a CVS repository could execute arbitrary SQL queries. Tuleap instances without an active CVS repositories are not impacted. The following versions contain the fix: Tuleap Community Edition 13.2.99.155, Tuleap Enterprise Edition 13.1-7, and Tuleap Enterprise Edition 13.2-6. |
2021-12-15 |
not yet calculated |
CVE-2021-43806 CONFIRM MISC MISC MISC |
tuleap — tuleap |
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. The following versions contain the fix: Tuleap Community Edition 13.2.99.83, Tuleap Enterprise Edition 13.1-6, and Tuleap Enterprise Edition 13.2-4. |
2021-12-15 |
not yet calculated |
CVE-2021-43782 MISC CONFIRM MISC MISC MISC |
tuleap — tuleap |
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. This issue has been patched in Tuleap Community Edition 13.2.99.31, Tuleap Enterprise Edition 13.1-5, and Tuleap Enterprise Edition 13.2-3. |
2021-12-15 |
not yet calculated |
CVE-2021-41276 CONFIRM MISC MISC MISC |
uipath_app_studio — uipath_app_studio |
An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization. |
2021-12-14 |
not yet calculated |
CVE-2021-44043 MISC MISC |
uipath_assistant — uipath_assistant |
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the –dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim’s machine or capture NTLM credentials by supplying a networked or WebDAV file path. |
2021-12-14 |
not yet calculated |
CVE-2021-44041 MISC MISC |
uipath_assistant — uipath_assistant |
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the –process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the injected content does not match an existing process). A determined attacker could leverage this to execute JavaScript in the context of the Electron application. |
2021-12-14 |
not yet calculated |
CVE-2021-44042 MISC MISC |
vaultcli — vaultcli |
Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43227. |
2021-12-15 |
not yet calculated |
CVE-2021-43235 MISC |
vmware — workspace_one_uem_console |
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. |
2021-12-17 |
not yet calculated |
CVE-2021-22054 MISC |
wechat-php-sdk — wechat-php-sdk
|
Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php. |
2021-12-17 |
not yet calculated |
CVE-2021-43678 MISC MISC |
wolters_kluwer — teammate_am |
Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files. |
2021-12-17 |
not yet calculated |
CVE-2021-44035 MISC MISC |
wordpress — wordpress |
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin. |
2021-12-15 |
not yet calculated |
CVE-2021-36888 CONFIRM CONFIRM |
xorg — xserver |
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
2021-12-17 |
not yet calculated |
CVE-2021-4009 MISC MISC FEDORA FEDORA |
xorg — xserver |
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
2021-12-17 |
not yet calculated |
CVE-2021-4010 MISC MISC FEDORA FEDORA |
xorg — xserver |
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
2021-12-17 |
not yet calculated |
CVE-2021-4008 MISC MISC FEDORA FEDORA |
xorg — xserver |
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
2021-12-17 |
not yet calculated |
CVE-2021-4011 MISC MISC FEDORA FEDORA |
yetiforcecrm — yetiforcecrm |
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
2021-12-16 |
not yet calculated |
CVE-2021-4121 MISC CONFIRM |
zimbra — zimbra_collaboration |
An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. |
2021-12-15 |
not yet calculated |
CVE-2020-18985 MISC |
zimbra — zimbra_collaboration |
A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection. |
2021-12-15 |
not yet calculated |
CVE-2020-18984 MISC |
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments