This article is contributed. See the original author and article here.
adobe — after_effects |
Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2021-11-18 |
4.3 |
CVE-2021-40761 MISC |
adobe — after_effects |
Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2021-11-18 |
4.3 |
CVE-2021-40756 MISC |
adobe — animate |
Acrobat Animate versions 21.0.9 (and earlier)is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2021-11-18 |
4.3 |
CVE-2021-42525 MISC |
adobe — animate |
Adobe Animate version 21.0.9 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted FLA file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2021-11-18 |
4.3 |
CVE-2021-42268 MISC |
adobe — campaign |
Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server. |
2021-11-17 |
5 |
CVE-2021-40745 MISC |
adobe — experience_manager |
Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by an improper access control vulnerability that leads to a security feature bypass. By manipulating referer headers, an unauthenticated attacker could gain access to arbitrary pages that they are not authorized to access. |
2021-11-16 |
5 |
CVE-2021-42725 MISC |
advantech — webaccess_hmi_designer |
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer |
2021-11-15 |
4.6 |
CVE-2021-42706 MISC |
advantech — webaccess_hmi_designer |
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. |
2021-11-15 |
4.3 |
CVE-2021-42703 MISC |
aifu — cashier_accounting_management_system |
The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters. |
2021-11-16 |
4 |
CVE-2021-42337 MISC |
alquistai — alquist |
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. |
2021-11-15 |
5 |
CVE-2021-43495 MISC |
alquistai — alquist |
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access. |
2021-11-12 |
5 |
CVE-2021-43492 MISC |
amd — epyc_7003_firmware |
When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used. |
2021-11-16 |
4.6 |
CVE-2021-26315 MISC |
amd — epyc_7003_firmware |
Race condition in PSP FW could allow less privileged x86 code to perform PSP SMM operations. |
2021-11-16 |
4.4 |
CVE-2020-12951 MISC |
amd — epyc_7003_firmware |
Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components. |
2021-11-16 |
4.9 |
CVE-2021-26336 MISC |
amd — epyc_7003_firmware |
A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections. |
2021-11-16 |
4.6 |
CVE-2020-12961 MISC |
amd — epyc_7232p_firmware |
Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity. |
2021-11-16 |
4.6 |
CVE-2021-26323 MISC |
amd — epyc_7601_firmware |
Insufficient validation of BIOS image length by PSP Firmware could lead to arbitrary code execution. |
2021-11-16 |
4.6 |
CVE-2020-12944 MISC |
amd — epyc_7601_firmware |
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. |
2021-11-16 |
4.9 |
CVE-2021-26321 MISC |
amd — epyc_7601_firmware |
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”. |
2021-11-16 |
5 |
CVE-2021-26322 MISC |
amd — epyc_7f72_firmware |
Insufficient input validation in PSP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service. |
2021-11-16 |
6.6 |
CVE-2020-12946 MISC |
amd — radeon_software |
Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution . |
2021-11-15 |
4.6 |
CVE-2020-12929 MISC |
amd — radeon_software |
Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service. |
2021-11-15 |
4.6 |
CVE-2020-12903 MISC |
amd — radeon_software |
A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information. |
2021-11-15 |
4.6 |
CVE-2020-12964 MISC |
amd — radeon_software |
Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation. |
2021-11-15 |
4.6 |
CVE-2020-12962 MISC |
amd — radeon_software |
An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service. |
2021-11-15 |
4.6 |
CVE-2020-12900 MISC |
amd — radeon_software |
Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. |
2021-11-15 |
4.6 |
CVE-2020-12898 MISC |
amd — radeon_software |
Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. |
2021-11-15 |
4.6 |
CVE-2020-12902 MISC |
amd — radeon_software |
Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service. |
2021-11-15 |
4.6 |
CVE-2020-12895 MISC |
amd — radeon_software |
An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution. |
2021-11-15 |
4.4 |
CVE-2020-12892 MISC |
amd — radeon_software |
Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service. |
2021-11-15 |
4.6 |
CVE-2020-12893 MISC |
apache — ozone |
In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. |
2021-11-19 |
6.5 |
CVE-2021-39236 MISC MLIST |
apache — ozone |
In Apache Ozone before 1.2.0, Ozone Datanode doesn’t check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block. |
2021-11-19 |
4 |
CVE-2021-39235 MISC MLIST |
apache — ozone |
In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL. |
2021-11-19 |
4.9 |
CVE-2021-39234 MISC MLIST |
apache — ozone |
In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client. |
2021-11-19 |
6.4 |
CVE-2021-39233 MISC MLIST |
apache — ozone |
In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins. |
2021-11-19 |
6.5 |
CVE-2021-39232 MISC MLIST |
apache — ozone |
In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints. |
2021-11-19 |
5 |
CVE-2021-41532 MISC MLIST |
apache — ozone |
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration. |
2021-11-19 |
6.4 |
CVE-2021-39231 MISC MLIST |
apache — superset |
Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way. |
2021-11-12 |
4 |
CVE-2021-41972 CONFIRM CONFIRM |
apache — superset |
Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs. |
2021-11-17 |
4 |
CVE-2021-42250 CONFIRM MLIST |
arangodb — arangodb |
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system. |
2021-11-16 |
6 |
CVE-2021-25940 MISC MISC |
area17 — twill |
twill is vulnerable to Cross-Site Request Forgery (CSRF) |
2021-11-13 |
4.3 |
CVE-2021-3932 CONFIRM MISC |
asus — gt-axe11000_firmware |
ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users’ connections by sending specially crafted SAE authentication frames. |
2021-11-12 |
5 |
CVE-2021-37910 MISC |
atmail — atmail |
** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
2021-11-15 |
4.3 |
CVE-2021-43574 MISC MISC |
binatoneglobal — halo+_camera_firmware |
Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker. |
2021-11-12 |
5 |
CVE-2021-3792 CONFIRM |
binatoneglobal — halo+_camera_firmware |
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device. |
2021-11-12 |
5.8 |
CVE-2021-3577 CONFIRM |
binatoneglobal — halo+_camera_firmware |
An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware. |
2021-11-12 |
5 |
CVE-2021-3793 CONFIRM |
binatoneglobal — halo+_camera_firmware |
A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services. |
2021-11-12 |
4.6 |
CVE-2021-3787 CONFIRM |
binatoneglobal — halo+_camera_firmware |
An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device. |
2021-11-12 |
4.6 |
CVE-2021-3788 CONFIRM |
broadcom — emulex_hba_manager |
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated. |
2021-11-12 |
6.4 |
CVE-2021-42775 MISC CONFIRM |
broadcom — emulex_hba_manager |
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated. |
2021-11-12 |
5 |
CVE-2021-42773 MISC CONFIRM |
busybox — busybox |
An attacker-controlled pointer free in Busybox’s hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. |
2021-11-15 |
6.8 |
CVE-2021-42377 N/A |
busybox — busybox |
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function |
2021-11-15 |
6.5 |
CVE-2021-42378 N/A |
busybox — busybox |
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function |
2021-11-15 |
6.5 |
CVE-2021-42379 N/A |
busybox — busybox |
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function |
2021-11-15 |
6.5 |
CVE-2021-42380 N/A |
busybox — busybox |
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function |
2021-11-15 |
6.5 |
CVE-2021-42381 N/A |
busybox — busybox |
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function |
2021-11-15 |
6.5 |
CVE-2021-42382 N/A |
busybox — busybox |
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function |
2021-11-15 |
6.5 |
CVE-2021-42384 N/A |
busybox — busybox |
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function |
2021-11-15 |
6.5 |
CVE-2021-42383 N/A |
busybox — busybox |
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function |
2021-11-15 |
6.5 |
CVE-2021-42385 N/A |
busybox — busybox |
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function |
2021-11-15 |
6.5 |
CVE-2021-42386 N/A |
cacti — cacti |
Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. |
2021-11-14 |
4.3 |
CVE-2020-14424 CONFIRM CONFIRM |
calibre-web_project — calibre-web |
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application. |
2021-11-16 |
6.8 |
CVE-2021-25965 MISC MISC |
clustering_project — clustering |
Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. |
2021-11-12 |
5 |
CVE-2021-43496 MISC |
codingforentrepreneurs — opencv_rest_api |
OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. |
2021-11-12 |
5 |
CVE-2021-43494 MISC |
cron-utils_project — cron-utils |
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron annotation to validate untrusted Cron expressions are affected. The issue was patched and a new version was released. Please upgrade to version 9.1.6. There are no known workarounds known. |
2021-11-15 |
6.8 |
CVE-2021-41269 MISC MISC CONFIRM MISC |
darwin — factor |
In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. |
2021-11-16 |
4.3 |
CVE-2021-25982 MISC MISC |
darwin — factor |
In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. |
2021-11-16 |
4.3 |
CVE-2021-25983 MISC MISC |
darwin — factor |
In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. |
2021-11-16 |
4.3 |
CVE-2021-25984 MISC MISC |
dell — emc_powerscale_onefs |
Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions. |
2021-11-12 |
5 |
CVE-2021-21528 MISC |
dell — emc_powerscale_onefs |
Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB. |
2021-11-12 |
4 |
CVE-2021-36305 MISC |
discourse — discourse |
Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. |
2021-11-15 |
5 |
CVE-2021-41271 CONFIRM MISC |
discourse — rails_multisite |
rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails’ signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different ‘sites’ within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture. |
2021-11-15 |
6 |
CVE-2021-41263 MISC CONFIRM |
django-helpdesk_project — django-helpdesk |
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
2021-11-13 |
4.3 |
CVE-2021-3945 MISC CONFIRM |
dotnetfoundation — piranha_cms |
In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known. |
2021-11-16 |
4 |
CVE-2021-25976 CONFIRM MISC |
email_log_project — email_log |
The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the “orderby” and “order” GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections |
2021-11-17 |
6.5 |
CVE-2021-24758 MISC |
firefly-iii — firefly_iii |
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) |
2021-11-13 |
4.3 |
CVE-2021-3921 CONFIRM MISC |
fruity_project — fruity |
An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::from_ptr on a pointer to the string buffer, the string is terminated at the first ” byte, which might not be the end of the string. |
2021-11-15 |
5 |
CVE-2021-43620 MISC MISC MISC |
gesundheit-bewegt — colorful_categories |
The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack |
2021-11-17 |
4.3 |
CVE-2021-24802 MISC |
gmplib — gmp |
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. |
2021-11-15 |
5 |
CVE-2021-43618 MISC MISC MISC |
gnu — mailman |
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. |
2021-11-12 |
4.3 |
CVE-2021-43331 MISC CONFIRM |
gnu — mailman |
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack. |
2021-11-12 |
4 |
CVE-2021-43332 MISC CONFIRM |
google — android |
In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05673424; Issue ID: ALPS05673424. |
2021-11-18 |
4.6 |
CVE-2021-0655 MISC |
google — android |
In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ID: ALPS05709376. |
2021-11-18 |
4.6 |
CVE-2021-0656 MISC |
google — android |
In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672103; Issue ID: ALPS05672103. |
2021-11-18 |
4.6 |
CVE-2021-0657 MISC |
google — android |
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107. |
2021-11-18 |
4.6 |
CVE-2021-0658 MISC |
google — android |
In ccu, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827158; Issue ID: ALPS05827158. |
2021-11-18 |
4.6 |
CVE-2021-0664 MISC |
google — android |
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670581; Issue ID: ALPS05670581. |
2021-11-18 |
4.6 |
CVE-2021-0667 MISC |
grafana — grafana |
Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users’ roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag. |
2021-11-15 |
6.5 |
CVE-2021-41244 MISC CONFIRM MLIST |
ibm — iris_xe_max_dedicated_graphics |
Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access. |
2021-11-17 |
4.6 |
CVE-2021-0121 MISC |
ibm — security_guardium_key_lifecycle_manager |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 212782. |
2021-11-15 |
4.3 |
CVE-2021-38977 CONFIRM XF |
ibm — security_guardium_key_lifecycle_manager |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792. |
2021-11-15 |
5 |
CVE-2021-38983 XF CONFIRM |
ibm — security_guardium_key_lifecycle_manager |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783. |
2021-11-15 |
4.3 |
CVE-2021-38978 CONFIRM XF |
ibm — security_guardium_key_lifecycle_manager |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785. |
2021-11-15 |
5 |
CVE-2021-38979 XF CONFIRM |
ibm — security_guardium_key_lifecycle_manager |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
2021-11-12 |
4 |
CVE-2021-38985 XF CONFIRM |
ibm — security_guardium_key_lifecycle_manager |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
2021-11-12 |
4 |
CVE-2021-38973 CONFIRM XF |
ibm — security_guardium_key_lifecycle_manager |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779. |
2021-11-15 |
4 |
CVE-2021-38974 CONFIRM XF |
ibm — security_guardium_key_lifecycle_manager |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
2021-11-12 |
4 |
CVE-2021-38972 XF CONFIRM |
ibm — security_guardium_key_lifecycle_manager |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788. |
2021-11-15 |
5 |
CVE-2021-38981 XF CONFIRM |
ibm — security_guardium_key_lifecycle_manager |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793. |
2021-11-15 |
5 |
CVE-2021-38984 XF CONFIRM |
ibm — security_guardium_key_lifecycle_manager |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780. |
2021-11-15 |
4 |
CVE-2021-38975 XF CONFIRM |
ibm — security_siteprotector_system |
IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing ‘HttpOnly’ flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129. |
2021-11-12 |
5 |
CVE-2020-4146 CONFIRM XF |
idreamsoft — icms |
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. |
2021-11-12 |
6.8 |
CVE-2020-21141 MISC |
insert_pages_project — insert_pages |
The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie private), using a shortcode. Password protected posts/pages are not affected by such issue. |
2021-11-17 |
4 |
CVE-2021-24851 CONFIRM MISC |
intel — ax210_firmware |
Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. |
2021-11-17 |
6.8 |
CVE-2021-0078 MISC |
intel — ax210_firmware |
Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. |
2021-11-17 |
5.8 |
CVE-2021-0071 MISC |
intel — ax210_firmware |
Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
2021-11-17 |
6.1 |
CVE-2021-0063 MISC |
intel — ax210_firmware |
Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-11-17 |
4.6 |
CVE-2021-0064 MISC |
intel — ax210_firmware |
Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-11-17 |
4.6 |
CVE-2021-0065 MISC |
intel — ax210_firmware |
Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
2021-11-17 |
6.1 |
CVE-2021-0079 MISC |
intel — endpoint_management_assistant |
Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network access. |
2021-11-17 |
5 |
CVE-2021-0013 MISC |
intel — nuc7i3dn_firmware |
Improper authentication in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-11-17 |
4.6 |
CVE-2021-0096 MISC |
intel — nuc_hdmi_firmware_update_tool |
Improper access control in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-11-17 |
4.6 |
CVE-2021-33089 MISC |
intel — nuc_m15_laptop_kit_lapbc510_firmware |
Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access. |
2021-11-17 |
4.9 |
CVE-2021-33086 MISC |
intel — nuc_m15_laptop_kit_management_engine_driver_pack |
Improper authentication in the installer for the Intel(R) NUC M15 Laptop Kit Management Engine driver pack before version 15.0.10.1508 may allow an authenticated user to potentially enable denial of service via local access. |
2021-11-17 |
4.9 |
CVE-2021-33087 MISC |
intel — safestring_library |
Integer overflow in the Safestring library maintained by Intel(R) may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-11-17 |
4.6 |
CVE-2021-33106 MISC |
intel — thunderbolt_non-dch_driver |
Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. |
2021-11-17 |
4.6 |
CVE-2020-8741 MISC |
jenkins — owasp_dependency-check |
Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
2021-11-12 |
5.5 |
CVE-2021-43577 CONFIRM MLIST |
jenkins — performance |
Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
2021-11-12 |
4 |
CVE-2021-21701 CONFIRM MLIST MISC |
jenkins — pom2config |
Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. |
2021-11-12 |
4.3 |
CVE-2021-43576 CONFIRM MLIST MISC |
jenkins — squash_tm_publisher |
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string. |
2021-11-12 |
5.5 |
CVE-2021-43578 CONFIRM MLIST |
lenovo — antilles |
A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi. |
2021-11-12 |
6.8 |
CVE-2021-3840 CONFIRM |
lenovo — ideacentre_c5-14mb05_firmware |
A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the “BIOS Password At Boot Device List” BIOS setting is Yes. |
2021-11-12 |
6.9 |
CVE-2021-3519 CONFIRM |
linphone — belle-sip |
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via ” ” in the display name of a From header. |
2021-11-12 |
5 |
CVE-2021-43611 MISC MISC |
linphone — belle-sip |
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056. |
2021-11-12 |
5 |
CVE-2021-43610 MISC MISC |
linux — linux_kernel |
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. |
2021-11-17 |
4.6 |
CVE-2021-43975 MISC MISC |
llhttp — llhttp |
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6. |
2021-11-15 |
6.4 |
CVE-2021-22959 MISC |
min — minio_console |
Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affected and are advised to update to 0.12.3 or newer. Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod, then disable the external identity provider authentication by unset the CONSOLE_IDP_URL, CONSOLE_IDP_CLIENT_ID, CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token. |
2021-11-15 |
6.8 |
CVE-2021-41266 MISC CONFIRM |
montala — resourcespace |
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim’s browser. |
2021-11-15 |
4.3 |
CVE-2021-41951 MISC |
montala — resourcespace |
A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users. |
2021-11-15 |
6.4 |
CVE-2021-41950 MISC MISC |
mousewheel_smooth_scroll_project — mousewheel_smooth_scroll |
The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have CSRF check in place on its settings page, which could allow attackers to make a logged in admin change them via a CSRF attack |
2021-11-17 |
4.3 |
CVE-2021-24852 MISC |
my_tickets_project — my_tickets |
The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins |
2021-11-17 |
4.3 |
CVE-2021-24796 MISC |
nextcloud — talk |
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Talk application is upgraded to patched versions 10.0.7, 10.1.4, 11.1.2, 11.2.0 or 12.0.0. As a workaround, use a browser that has support for Content-Security-Policy. |
2021-11-15 |
4.3 |
CVE-2021-39222 CONFIRM MISC MISC |
ni — ni_service_locator |
There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. |
2021-11-12 |
4.6 |
CVE-2021-42563 MISC |
ohmyz — ohmyzsh |
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command |
2021-11-12 |
5.1 |
CVE-2021-3934 CONFIRM MISC |
opendesign — drawings_sdk |
An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. |
2021-11-14 |
4.3 |
CVE-2021-43273 MISC MISC MISC |
opendesign — drawings_software_developemnt_kit |
An Out-of-bounds Read vulnerability exists in the OBJ file reading procedure in Open Design Alliance Drawings SDK before 2022.11. The lack of validating the input length can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. |
2021-11-14 |
6.8 |
CVE-2021-43278 MISC |
opendesign — drawings_software_development_kit |
A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. |
2021-11-14 |
6.8 |
CVE-2021-43275 MISC |
opendesign — drawings_software_development_kit |
A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. |
2021-11-14 |
6.8 |
CVE-2021-43274 MISC |
opendesign — drawings_software_development_kit |
A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. |
2021-11-14 |
6.8 |
CVE-2021-43280 MISC |
opendesign — drawings_software_development_kit |
An Out-of-Bounds Write vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. |
2021-11-14 |
6.8 |
CVE-2021-43336 MISC |
opendesign — drawings_software_development_kit |
An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. |
2021-11-14 |
6.8 |
CVE-2021-43390 MISC |
opendesign — drawings_software_development_kit |
An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. |
2021-11-14 |
6.8 |
CVE-2021-43391 MISC |
opendesign — oda_prc_software_development_kit |
An out-of-bounds read vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. |
2021-11-14 |
6.8 |
CVE-2021-43277 MISC |
opendesign — oda_prc_software_development_kit |
An out-of-bounds write vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. |
2021-11-14 |
6.8 |
CVE-2021-43279 MISC |
opendesign — oda_viewer |
An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA Viewer before 2022.8. Crafted data in a DWF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process |
2021-11-14 |
6.8 |
CVE-2021-43276 MISC |
optical_character_recognition_project — optical_character_recognition |
A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c. |
2021-11-17 |
6.8 |
CVE-2021-33481 MISC MISC |
optical_character_recognition_project — optical_character_recognition |
A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c. |
2021-11-17 |
6.8 |
CVE-2021-33479 MISC MISC |
optical_character_recognition_project — optical_character_recognition |
An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c. |
2021-11-17 |
4.3 |
CVE-2021-33480 MISC MISC MISC |
orckestra — c1_cms |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14740. |
2021-11-15 |
6.5 |
CVE-2021-34992 MISC MISC |
osisoft — pi_vision |
PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property. |
2021-11-17 |
4 |
CVE-2021-43553 MISC |
preview_e-mails_for_woocommerce_project — preview_e-mails_for_woocommerce |
The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the search_order parameter found in the ~/views/form.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.6.8. |
2021-11-19 |
4.3 |
CVE-2021-42363 MISC MISC MISC |
qnap — qmailagent |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later |
2021-11-13 |
4.3 |
CVE-2021-34357 MISC |
qr_redirector_project — qr_redirector |
The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects |
2021-11-17 |
4.3 |
CVE-2021-24853 MISC |
qualcomm — apq8009_firmware |
Possible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
2021-11-12 |
6.4 |
CVE-2021-30284 CONFIRM |
qualcomm — apq8009_firmware |
Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
2021-11-12 |
4.6 |
CVE-2021-30264 CONFIRM |
qualcomm — apq8009_firmware |
Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking |
2021-11-12 |
4.6 |
CVE-2021-30266 CONFIRM |
qualcomm — apq8017_firmware |
Possible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
2021-11-12 |
6.4 |
CVE-2021-1981 CONFIRM |
qualcomm — apq8053_firmware |
Possible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and Route statistics in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
2021-11-12 |
4.6 |
CVE-2021-30265 CONFIRM |
qualcomm — aqt1000_firmware |
Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
2021-11-12 |
6.9 |
CVE-2021-1921 CONFIRM |
qualcomm — aqt1000_firmware |
Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking |
2021-11-12 |
5 |
CVE-2021-1903 CONFIRM |
qualcomm — aqt1000_firmware |
Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music |
2021-11-12 |
4.4 |
CVE-2021-30263 CONFIRM |
qualcomm — ar8035_firmware |
Possible denial of service scenario due to improper input validation of received NAS OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
2021-11-12 |
5 |
CVE-2021-1982 CONFIRM |
ruijie — rg-uac_6000-e50_firmware |
Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting (XSS) vulnerability via the rule_name parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
2021-11-16 |
4.3 |
CVE-2020-21639 MISC |
ruijie — rg-uac_firmware |
Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors. |
2021-11-16 |
5 |
CVE-2020-21627 MISC |
schedmd — slurm |
SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access. |
2021-11-17 |
4 |
CVE-2021-43337 MISC MISC CONFIRM CONFIRM |
servermanagement_project — servermanagement |
ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code. |
2021-11-12 |
5 |
CVE-2021-43493 MISC |
showdoc — showdoc |
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) |
2021-11-13 |
5.8 |
CVE-2021-3775 MISC CONFIRM |
showdoc — showdoc |
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) |
2021-11-13 |
5.8 |
CVE-2021-3776 MISC CONFIRM |
showdoc — showdoc |
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) |
2021-11-13 |
4.3 |
CVE-2021-3683 CONFIRM MISC |
simple_jwt_login_project — simple_jwt_login |
The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site takeover. |
2021-11-17 |
6.8 |
CVE-2021-24804 MISC |
smartertools — smartermail |
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS. |
2021-11-17 |
4.3 |
CVE-2021-43977 MISC MISC |
snipeitapp — snipe-it |
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) |
2021-11-13 |
4.3 |
CVE-2021-3931 CONFIRM MISC |
talariax — sendquick_alert_plus_server_admin |
A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management. |
2021-11-14 |
6.5 |
CVE-2021-26795 MISC MISC |
vice — webopac |
Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks. |
2021-11-15 |
4.3 |
CVE-2021-42838 MISC |
webfactoryltd — wp_reset_pro |
Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. |
2021-11-18 |
5.5 |
CVE-2021-36909 MISC CONFIRM MISC |
webfactoryltd — wp_reset_pro |
Cross-Site Request Forgery (CSRF) vulnerability leading to Database Reset in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows attackers to trick authenticated into making unintentional database reset. |
2021-11-18 |
6.8 |
CVE-2021-36908 CONFIRM CONFIRM CONFIRM |
wordpress_popular_posts_project — wordpress_popular_posts |
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2. |
2021-11-17 |
6.5 |
CVE-2021-42362 MISC MISC MISC MISC |
wp-buy — seo_redirection-301_redirect_manager |
The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed |
2021-11-17 |
6.5 |
CVE-2021-24847 MISC |
wp_performance_score_booster_project — wp_performance_score_booster |
The WP Performance Score Booster WordPress plugin before 2.1 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. |
2021-11-17 |
4.3 |
CVE-2021-24776 MISC |
xwp — stream |
The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue. |
2021-11-17 |
6.5 |
CVE-2021-24772 MISC CONFIRM |
yop-poll — yop_poll |
The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll – Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of custom label parameters – vote button label , results link label and back to vote caption label. |
2021-11-17 |
4.3 |
CVE-2021-24834 MISC CONFIRM MISC |
zoho — manageengine_remote_access_plus_server |
Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more. |
2021-11-17 |
6.5 |
CVE-2021-42956 MISC |
zohocorp — manageengine_remote_access_plus |
Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc. |
2021-11-17 |
4.6 |
CVE-2021-42954 MISC |
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments