10web — photo_gallery |
The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action |
2021-12-06 |
4.3 |
CVE-2021-25041
CONFIRM
MISC |
74cms — 74cms |
74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vulnerability via /index.php?m=&c=help&a=help_list&key. |
2021-12-08 |
4.3 |
CVE-2020-22421
MISC |
admidio — admidio |
Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12. |
2021-12-07 |
4.3 |
CVE-2021-43810
MISC
MISC
CONFIRM
MISC |
adobe — bridge |
Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file. |
2021-12-07 |
4.3 |
CVE-2021-44187
MISC
MISC |
adobe — bridge |
Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file. |
2021-12-07 |
4.3 |
CVE-2021-44186
MISC
MISC |
adobe — bridge |
Adobe Bridge versions 11.1.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious RGB file. |
2021-12-07 |
4.3 |
CVE-2021-44185
MISC
MISC |
allegro — allegro |
An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking. |
2021-12-08 |
6.2 |
CVE-2021-42110
MISC
MISC |
apereo — central_authentication_service |
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints. |
2021-12-07 |
4.3 |
CVE-2021-42567
CONFIRM
MISC |
atlassian — jira_software_data_center |
Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects’ Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. The affected versions are before version 8.19.1. |
2021-12-08 |
5 |
CVE-2021-41311
MISC |
atlassian — jira_software_data_center |
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user’s Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The affected versions of Jira Server and Data Center are before version 8.19.1. |
2021-12-08 |
5 |
CVE-2021-41309
MISC |
b2evolution — b2evolution_cms |
b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges. |
2021-12-06 |
6.8 |
CVE-2021-31631
MISC |
bkw — solar-log_500_firmware |
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. |
2021-12-07 |
4 |
CVE-2021-34544
MISC
MISC
MISC |
calibre-ebook — calibre |
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. |
2021-12-07 |
5 |
CVE-2021-44686
MISC
MISC
MISC |
chamilo — chamilo_lms |
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file. |
2021-12-03 |
6 |
CVE-2021-35413
MISC
MISC
MISC
MISC |
citrix — application_delivery_controller_firmware |
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. |
2021-12-07 |
4.3 |
CVE-2021-22956
MISC |
citrix — application_delivery_controller_firmware |
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. |
2021-12-07 |
4.3 |
CVE-2021-22955
MISC |
couchbase — sync_gateway |
An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sync Gateway.) |
2021-12-07 |
5.5 |
CVE-2021-43963
CONFIRM |
douco — douphp |
DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php. |
2021-12-08 |
4.3 |
CVE-2021-3370
MISC |
dzzoffice — dzzoffice |
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)). |
2021-12-03 |
4.3 |
CVE-2021-43673
MISC |
elastic — enterprise_search |
An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible. |
2021-12-07 |
4 |
CVE-2021-37940
MISC |
elgg — elgg |
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor |
2021-12-03 |
5 |
CVE-2021-3980
MISC
CONFIRM |
email_log_project — email_log |
The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue |
2021-12-06 |
4.3 |
CVE-2021-24924
MISC |
esri — arcgis_enterprise |
An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features. |
2021-12-07 |
5 |
CVE-2021-29115
CONFIRM |
esri — arcgis_server |
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. |
2021-12-07 |
4.3 |
CVE-2021-29116
CONFIRM |
esri — arcgis_server |
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page. |
2021-12-07 |
4.3 |
CVE-2021-29113
CONFIRM |
firefly-iii — firefly_iii |
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) |
2021-12-04 |
4.3 |
CVE-2021-4005
CONFIRM
MISC |
fortinet — fortianalyzer |
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. |
2021-12-08 |
4.6 |
CVE-2021-42757
CONFIRM |
fortinet — fortiauthenticator |
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests. |
2021-12-08 |
4.3 |
CVE-2021-43067
CONFIRM |
fortinet — fortiauthenticator |
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal. |
2021-12-09 |
5.5 |
CVE-2021-43068
CONFIRM |
fortinet — forticlient |
An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater. |
2021-12-09 |
5 |
CVE-2021-36167
CONFIRM |
fortinet — forticlient |
A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions. |
2021-12-09 |
4.9 |
CVE-2021-43204
CONFIRM |
fortinet — forticlient_enterprise_management_server |
An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages. |
2021-12-08 |
6.4 |
CVE-2021-41030
CONFIRM |
fortinet — forticlient_enterprise_management_server |
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data |
2021-12-09 |
4 |
CVE-2021-36189
CONFIRM |
fortinet — fortios |
A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images. |
2021-12-08 |
6.8 |
CVE-2021-36173
CONFIRM |
fortinet — fortios |
A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering. |
2021-12-08 |
5 |
CVE-2021-26108
CONFIRM |
fortinet — fortiproxy |
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability. |
2021-12-08 |
5.1 |
CVE-2021-26103
CONFIRM |
fortinet — fortiproxy |
A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page. |
2021-12-08 |
5 |
CVE-2021-41024
CONFIRM |
fortinet — fortiproxy |
An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features. |
2021-12-08 |
4.6 |
CVE-2021-26110
CONFIRM |
fortinet — fortiweb |
A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller. |
2021-12-09 |
6.5 |
CVE-2021-43071
CONFIRM |
fortinet — fortiweb |
A url redirection to untrusted site (‘open redirect’) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests to error handlers |
2021-12-08 |
5.8 |
CVE-2021-36191
CONFIRM |
fortinet — fortiweb |
A url redirection to untrusted site (‘open redirect’) in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers. |
2021-12-08 |
5.8 |
CVE-2021-43064
CONFIRM |
fortinet — fortiweb |
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets |
2021-12-08 |
5 |
CVE-2021-41014
CONFIRM |
fortinet — fortiweb |
Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests. |
2021-12-08 |
6.5 |
CVE-2021-41017
CONFIRM |
fortinet — fortiweb |
A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage. |
2021-12-08 |
4.3 |
CVE-2021-43063
CONFIRM |
fortinet — fortiweb |
A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler |
2021-12-08 |
4.3 |
CVE-2021-41015
CONFIRM |
fortinet — fortiweb |
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device. |
2021-12-08 |
4.6 |
CVE-2021-41027
CONFIRM |
fortinet — fortiweb |
A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers |
2021-12-08 |
4.3 |
CVE-2021-36188
CONFIRM |
fortinet — fortiweb |
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. |
2021-12-08 |
6.5 |
CVE-2021-36180
CONFIRM |
fortinet — fortiweb |
A unintended proxy or intermediary (‘confused deputy’) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests. |
2021-12-08 |
6.5 |
CVE-2021-36190
CONFIRM |
fortinet — fortiweb |
Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests. |
2021-12-09 |
6.5 |
CVE-2021-36194
CONFIRM |
fortinet — fortiweb |
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs. |
2021-12-08 |
5 |
CVE-2021-41013
CONFIRM |
gitlab — gitlab |
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database’s encrypted content |
2021-12-06 |
5 |
CVE-2021-22170
MISC
CONFIRM |
gl-inet — gl-ar150_firmware |
GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name. |
2021-12-07 |
4.3 |
CVE-2021-44148
MISC |
goautodial — goautodial |
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly, allowing the caller to specify any values for these parameters and successfully authenticate. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
2021-12-07 |
5 |
CVE-2021-43175
MISC |
goautodial — goautodial |
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize the user input that specifies the action. This permits an attacker to execute any PHP source file with a .php extension that is present on the disk and readable by the GOautodial web server process. Combined with CVE-2021-43175, it is possible for the attacker to do this without valid credentials. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
2021-12-07 |
6.5 |
CVE-2021-43176
MISC |
google — android |
An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities. |
2021-12-08 |
4.6 |
CVE-2021-25512
MISC |
google — android |
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability. |
2021-12-08 |
4.6 |
CVE-2021-25511
MISC |
google — android |
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution. |
2021-12-08 |
4.6 |
CVE-2021-25510
MISC |
google — android |
An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution. |
2021-12-08 |
4.6 |
CVE-2021-25517
MISC |
google — android |
An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information. |
2021-12-08 |
4.3 |
CVE-2021-25514
MISC |
grafana — grafana |
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. |
2021-12-07 |
5 |
CVE-2021-43798
CONFIRM
MISC
MISC
CONFIRM
MISC
MLIST
MLIST |
hashicorp — nomad |
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1. |
2021-12-03 |
6 |
CVE-2021-43415
MISC
MISC |
huawei — emui |
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious application processes occupy system resources. |
2021-12-07 |
5 |
CVE-2021-37043
MISC |
huawei — emui |
There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
2021-12-07 |
5 |
CVE-2021-37038
MISC |
huawei — emui |
There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause some services to restart. |
2021-12-07 |
5 |
CVE-2021-37047
MISC |
huawei — emui |
There is a Logic bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information. |
2021-12-07 |
5 |
CVE-2021-37055
MISC |
huawei — emui |
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. |
2021-12-07 |
6.4 |
CVE-2021-37021
MISC |
huawei — emui |
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read. |
2021-12-07 |
6.4 |
CVE-2021-37041
MISC
MISC |
huawei — emui |
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read. |
2021-12-07 |
6.4 |
CVE-2021-37042
MISC
MISC |
huawei — emui |
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. |
2021-12-07 |
6.4 |
CVE-2021-37020
MISC |
huawei — harmonyos |
There is a Service logic vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. |
2021-12-08 |
5 |
CVE-2021-37053
MISC
MISC
MISC |
huawei — harmonyos |
There is an Exception log vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause address information leakage. |
2021-12-08 |
5 |
CVE-2021-37052
MISC
MISC |
huawei — harmonyos |
There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
2021-12-08 |
5 |
CVE-2021-37050
MISC
MISC |
huawei — harmonyos |
There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
2021-12-08 |
5 |
CVE-2021-37054
MISC
MISC |
huawei — harmonyos |
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user’s nickname is maliciously tampered with. |
2021-12-07 |
5 |
CVE-2021-37058
MISC |
huawei — harmonyos |
There is a Uncontrolled Resource Consumption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Screen projection application denial of service. |
2021-12-07 |
5 |
CVE-2021-37061
MISC |
huawei — harmonyos |
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to SAMGR Heap Address Leakage. |
2021-12-07 |
5 |
CVE-2021-37060
MISC |
huawei — harmonyos |
There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. |
2021-12-07 |
5 |
CVE-2021-37076
MISC |
huawei — harmonyos |
There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. |
2021-12-07 |
5 |
CVE-2021-37090
MISC |
huawei — harmonyos |
There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers which can isolate and read synchronization files of other applications across the UID sandbox. |
2021-12-07 |
5 |
CVE-2021-37086
MISC |
huawei — harmonyos |
There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Denial of Service Attacks. |
2021-12-07 |
5 |
CVE-2021-37083
MISC |
huawei — harmonyos |
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to nearby crash. |
2021-12-07 |
5 |
CVE-2021-37081
MISC |
huawei — harmonyos |
There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. |
2021-12-07 |
5 |
CVE-2021-37080
MISC |
huawei — harmonyos |
There is a Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote Denial of Service. |
2021-12-07 |
5 |
CVE-2021-37078
MISC |
huawei — harmonyos |
There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. |
2021-12-08 |
5 |
CVE-2021-37075
MISC
MISC |
huawei — harmonyos |
There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages. |
2021-12-08 |
5 |
CVE-2021-37093
MISC
MISC |
huawei — harmonyos |
There is a Incorrect Calculation of Buffer Size vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory crash. |
2021-12-07 |
5 |
CVE-2021-37072
MISC |
huawei — harmonyos |
There is a Business Logic Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to persistent dos. |
2021-12-07 |
5 |
CVE-2021-37071
MISC |
huawei — harmonyos |
There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. |
2021-12-07 |
5 |
CVE-2021-37070
MISC |
huawei — harmonyos |
There is a Resource Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of Service Attacks. |
2021-12-07 |
5 |
CVE-2021-37068
MISC |
huawei — harmonyos |
There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality impacted. |
2021-12-07 |
5 |
CVE-2021-37067
MISC |
huawei — harmonyos |
There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. |
2021-12-07 |
5 |
CVE-2021-37066
MISC |
huawei — harmonyos |
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to fake visitors to control PC,play a video,etc. |
2021-12-07 |
5 |
CVE-2021-37048
MISC |
huawei — harmonyos |
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete any file. |
2021-12-07 |
6.4 |
CVE-2021-37099
MISC |
huawei — harmonyos |
There is a Permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. |
2021-12-08 |
5 |
CVE-2021-37044
MISC
MISC |
huawei — harmonyos |
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to device cannot be used properly. |
2021-12-07 |
5 |
CVE-2021-37014
MISC |
huawei — harmonyos |
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting. |
2021-12-08 |
6.8 |
CVE-2021-37040
MISC
MISC |
huawei — harmonyos |
There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to motionhub crash. |
2021-12-07 |
4.3 |
CVE-2021-37082
MISC |
huawei — harmonyos |
There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the detection result is tampered with. |
2021-12-07 |
4.3 |
CVE-2021-37073
MISC |
huawei — harmonyos |
There is an Out-of-bounds read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds memory access. |
2021-12-08 |
6.4 |
CVE-2021-37051
MISC
MISC
MISC |
huawei — harmonyos |
There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage. |
2021-12-07 |
6.4 |
CVE-2021-37062
MISC |
huawei — harmonyos |
There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to arbitrary file created. |
2021-12-07 |
6.4 |
CVE-2021-37064
MISC |
huawei — harmonyos |
There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality or Availability impacted. |
2021-12-07 |
6.4 |
CVE-2021-37065
MISC |
huawei — harmonyos |
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete arbitrary file by system_app permission. |
2021-12-07 |
6.4 |
CVE-2021-37079
MISC |
huawei — harmonyos |
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can create arbitrary file. |
2021-12-07 |
6.4 |
CVE-2021-37087
MISC |
huawei — harmonyos |
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can write any content to any file. |
2021-12-07 |
6.4 |
CVE-2021-37088
MISC |
huawei — harmonyos |
There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. |
2021-12-08 |
5 |
CVE-2021-37092
MISC
MISC |
huawei — harmonyos |
There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. |
2021-12-08 |
5.8 |
CVE-2021-37069
MISC
MISC |
huawei — harmonyos |
There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed. |
2021-12-07 |
5 |
CVE-2021-37100
MISC |
huawei — harmonyos |
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to user privacy disclosed. |
2021-12-07 |
5 |
CVE-2021-37096
MISC |
huawei — harmonyos |
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system denial of service. |
2021-12-07 |
5 |
CVE-2021-37094
MISC |
huawei — harmonyos |
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. |
2021-12-07 |
5 |
CVE-2021-37091
MISC |
huawei — magic_ui |
There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information. |
2021-12-07 |
5 |
CVE-2021-37056
MISC
MISC |
ibm — cognos_analytics |
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212. |
2021-12-03 |
5.5 |
CVE-2021-29867
CONFIRM
XF |
ibm — cognos_analytics |
IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339. |
2021-12-03 |
5 |
CVE-2021-20470
XF
CONFIRM |
ibm — cognos_analytics |
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794. |
2021-12-03 |
4.3 |
CVE-2021-20493
XF
CONFIRM |
ibm — cognos_analytics |
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091 |
2021-12-03 |
5 |
CVE-2021-29719
CONFIRM
XF |
ibm — cognos_analytics |
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087. |
2021-12-03 |
4 |
CVE-2021-29716
CONFIRM
XF |
ibm — cognos_analytics |
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167. |
2021-12-03 |
6.8 |
CVE-2021-29756
CONFIRM
XF |
inveniosoftware — invenio-drafts-resources |
Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default installation of InvenioRDM. An authenticated a user is able via REST API calls to publish draft records of other users if they know the record identifier and the draft validates (e.g. all require fields filled out). An attacker is not able to modify the data in the record, and thus e.g. *cannot* change a record from restricted to public. The problem is patched in Invenio-Drafts-Resources v0.13.7 and 0.14.6, which is part of InvenioRDM v6.0.1 and InvenioRDM v7.0 respectively. |
2021-12-06 |
4 |
CVE-2021-43781
MISC
CONFIRM |
ivanti — avalanche |
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. |
2021-12-07 |
6.5 |
CVE-2021-42124
MISC |
ivanti — avalanche |
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. |
2021-12-07 |
5.5 |
CVE-2021-42133
MISC |
ivanti — avalanche |
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. |
2021-12-07 |
6.5 |
CVE-2021-42125
MISC |
ivanti — avalanche |
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. |
2021-12-07 |
6.5 |
CVE-2021-42126
MISC |
ivanti — avalanche |
A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. |
2021-12-07 |
6.5 |
CVE-2021-42129
MISC |
ivanti — avalanche |
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. |
2021-12-07 |
6.5 |
CVE-2021-42130
MISC |
ivanti — avalanche |
A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. |
2021-12-07 |
6.5 |
CVE-2021-42131
MISC |
ivanti — avalanche |
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. |
2021-12-07 |
6.5 |
CVE-2021-42132
MISC |
johnsoncontrols — kantech_entrapass |
Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data. |
2021-12-06 |
5 |
CVE-2021-36198
CERT
CONFIRM |
kaseya — unitrends_backup |
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation. |
2021-12-06 |
6.5 |
CVE-2021-43040
MISC |
kaseya — unitrends_backup |
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application. |
2021-12-06 |
6.5 |
CVE-2021-43041
MISC |
kaseya — unitrends_backup |
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM. |
2021-12-06 |
6.9 |
CVE-2021-43037
MISC |
kaseya — unitrends_backup |
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule. |
2021-12-06 |
4 |
CVE-2021-43043
MISC |
kaseya — unitrends_backup |
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation. |
2021-12-06 |
4.6 |
CVE-2021-43034
MISC |
kaseya — unitrends_backup |
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access. |
2021-12-06 |
6.4 |
CVE-2021-43039
MISC |
kaseya — unitrends_backup |
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user. |
2021-12-06 |
6.5 |
CVE-2021-43038
MISC |
knime — knime_server |
KNIME Server before 4.13.4 allows XSS via the old WebPortal login page. |
2021-12-08 |
4.3 |
CVE-2021-44726
MISC |
knime — knime_server |
KNIME Server before 4.13.4 allows directory traversal in a request for a client profile. |
2021-12-08 |
5 |
CVE-2021-44725
MISC |
laravel — framework |
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request. |
2021-12-08 |
4.3 |
CVE-2021-43808
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC
MISC |
linuxfoundation — runc |
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug. |
2021-12-06 |
6 |
CVE-2021-43784
MISC
MISC
MISC
CONFIRM
MISC
MLIST |
livehelperchat — live_helper_chat |
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) |
2021-12-07 |
4.3 |
CVE-2021-4049
MISC
CONFIRM |
livehelperchat — live_helper_chat |
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
2021-12-08 |
4.3 |
CVE-2021-4050
MISC
CONFIRM |
mcafee — database_security |
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server. |
2021-12-08 |
5.5 |
CVE-2021-31850
CONFIRM |
mozilla — firefox |
When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should have access to. This was fixed to provide the pre-redirect URL. This is related to CVE-2021-43532 but in the context of Web Extensions. This vulnerability affects Firefox < 94. |
2021-12-08 |
4.3 |
CVE-2021-43531
MISC
MISC |
mozilla — firefox |
The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user’s computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. |
2021-12-08 |
6.8 |
CVE-2021-38510
MISC
MISC
MISC
MISC |
mozilla — firefox |
Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. |
2021-12-08 |
4.3 |
CVE-2021-43536
MISC
MISC
MISC
MISC |
mozilla — firefox |
Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. |
2021-12-08 |
6.8 |
CVE-2021-43534
MISC
MISC
MISC
MISC |
mozilla — firefox |
When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox < 94. |
2021-12-08 |
4.3 |
CVE-2021-43533
MISC
MISC |
mozilla — firefox |
The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. |
2021-12-08 |
4.3 |
CVE-2021-38507
MISC
MISC
MISC
MISC |
mozilla — firefox |
A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94. |
2021-12-08 |
4.3 |
CVE-2021-43530
MISC
MISC |
mozilla — firefox |
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. |
2021-12-08 |
6.8 |
CVE-2021-43535
MISC
MISC
MISC
MISC |
mozilla — firefox |
An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. |
2021-12-08 |
6.8 |
CVE-2021-43537
MISC
MISC
MISC
MISC |
mozilla — firefox |
Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. |
2021-12-08 |
4.3 |
CVE-2021-38506
MISC
MISC
MISC
MISC |
mozilla — firefox |
Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker’s choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. |
2021-12-08 |
4.3 |
CVE-2021-38509
MISC
MISC
MISC
MISC |
mozilla — firefox |
By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. |
2021-12-08 |
4.3 |
CVE-2021-38508
MISC
MISC
MISC
MISC |
mozilla — firefox |
Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user’s Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. |
2021-12-08 |
4.3 |
CVE-2021-38505
MISC
MISC
MISC
MISC |
mozilla — firefox |
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. |
2021-12-08 |
4.3 |
CVE-2021-43538
MISC
MISC
MISC
MISC |
mozilla — firefox |
Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. |
2021-12-08 |
4.3 |
CVE-2021-43545
MISC
MISC
MISC
MISC |
mozilla — firefox |
The ‘Copy Image Link’ context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows – in conjunction with a Content Security Policy that stopped a redirection chain in the middle – the final image URL could be one that contained an authentication token used to takeover a user account. If a website tricked a user into copy and pasting the image link back to the page, the page would be able to steal the authentication tokens. This was fixed by making the action return the original URL, before any redirects. This vulnerability affects Firefox < 94. |
2021-12-08 |
5.8 |
CVE-2021-43532
MISC
MISC |
mozilla — firefox |
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. |
2021-12-08 |
4.3 |
CVE-2021-43541
MISC
MISC
MISC
MISC |
mozilla — firefox |
WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95. |
2021-12-08 |
4.3 |
CVE-2021-43540
MISC
MISC |
mozilla — firefox |
Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. |
2021-12-08 |
6.8 |
CVE-2021-43539
MISC
MISC
MISC
MISC |
mozilla — firefox |
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. |
2021-12-08 |
4.3 |
CVE-2021-43546
MISC
MISC
MISC
MISC |
mozilla — firefox |
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. |
2021-12-08 |
4.3 |
CVE-2021-43542
MISC
MISC
MISC
MISC |
mozilla — firefox |
Documents loaded with the CSP sandbox directive could have escaped the sandbox’s script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. |
2021-12-08 |
4.3 |
CVE-2021-43543
MISC
MISC
MISC
MISC |
mozilla — firefox |
When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95. |
2021-12-08 |
4.3 |
CVE-2021-43544
MISC
MISC |
mozilla — thunderbird |
Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0. |
2021-12-08 |
4.3 |
CVE-2021-43528
MISC
MISC |
nebulab — solidus |
Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order’s email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity. |
2021-12-07 |
5 |
CVE-2021-43805
CONFIRM
MISC |
online_enrollment_management_system_project — online_enrollment_management_system |
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter. |
2021-12-07 |
6.5 |
CVE-2021-40578
MISC |
opendesign — drawings_explorer |
An out-of-bounds write vulnerability exists when reading a TIF file using Open Design Alliance (ODA) Drawings Explorer before 2022.11. The specific issue exists after loading TIF files. Crafted data in a TIF file can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. |
2021-12-05 |
6.8 |
CVE-2021-44048
MISC |
opendesign — drawings_sdk |
An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. |
2021-12-05 |
6.8 |
CVE-2021-44045
MISC |
opendesign — drawings_sdk |
A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. |
2021-12-05 |
6.8 |
CVE-2021-44047
MISC |
opendesign — drawings_sdk |
An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG (4 extraneous bytes before the marker 0xca) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. |
2021-12-05 |
6.8 |
CVE-2021-44044
MISC |
opendesign — prc_sdk |
An out-of-bounds write vulnerability exists when reading U3D files in Open Design Alliance PRC SDK before 2022.11. An unchecked return value of a function (verifying input data from a U3D file) leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process. |
2021-12-05 |
6.8 |
CVE-2021-44046
MISC |
pimcore — pimcore |
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
2021-12-10 |
4.3 |
CVE-2021-4081
MISC
CONFIRM |
piwigo — piwigo |
Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. |
2021-12-06 |
6.5 |
CVE-2021-40313
MISC |
profilepress — loginwp |
The LoginWP (Formerly Peter’s Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue |
2021-12-06 |
4.3 |
CVE-2021-24939
MISC |
racktables_project — racktables |
Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter. |
2021-12-07 |
4.3 |
CVE-2020-19611
MISC
MISC |
requarks — wiki.js |
Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible on a Wiki.js server running on Windows, when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and that no web application firewall solution (e.g. cloudflare) strips potentially malicious URLs. Commit number 414033de9dff66a327e3f3243234852f468a9d85 fixes this vulnerability by sanitizing the path before it is passed on to the storage module. The sanitization step removes any windows directory traversal sequences from the path. As a workaround, disable any storage module with local asset caching capabilities (Local File System, Git). |
2021-12-06 |
4.3 |
CVE-2021-43800
MISC
CONFIRM
MISC |
showdoc — showdoc |
showdoc is vulnerable to URL Redirection to Untrusted Site |
2021-12-03 |
5.8 |
CVE-2021-4000
CONFIRM
MISC |
snipeitapp — snipe-it |
snipe-it is vulnerable to Server-Side Request Forgery (SSRF) |
2021-12-06 |
6.5 |
CVE-2021-4075
MISC
CONFIRM |
solardatasystems — solar-log_500_firmware |
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. |
2021-12-07 |
5 |
CVE-2021-34543
MISC
MISC
MISC |
solarwinds — serv-u |
Serv-U server responds with valid CSRFToken when the request contains only Session. |
2021-12-06 |
6.8 |
CVE-2021-35242
MISC
MISC |
solarwinds — serv-u |
When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. |
2021-12-06 |
6.8 |
CVE-2021-35245
MISC
MISC |
sonicwall — global_vpn_client |
SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system. |
2021-12-08 |
6.9 |
CVE-2021-20047
CONFIRM |
sonicwall — sma_200_firmware |
A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. |
2021-12-08 |
6.5 |
CVE-2021-20043
CONFIRM |
sonicwall — sma_200_firmware |
A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a ‘nobody’ user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. |
2021-12-08 |
5 |
CVE-2021-20040
CONFIRM |
squaredup — squaredup |
An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in the log files downloaded by an authenticated administrator user), leading to the ability to read arbitrary files on the server filesystems. |
2021-12-07 |
4 |
CVE-2021-40095
MISC
MISC |
tawk — tawk.to_live_chat |
The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users (including simple subscribers) to change the ‘tawkto-embed-widget-page-id’ and ‘tawkto-embed-widget-widget-id’ parameters. Any authenticated user can thus link the vulnerable website to their own Tawk.to instance. Consequently, they will be able to monitor the vulnerable website and interact with its visitors (receive contact messages, answer, …). They will also be able to display an arbitrary Knowledge Base. The second one will remove the live chat widget from pages. |
2021-12-06 |
6 |
CVE-2021-24914
MISC |
tiny — plupload |
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file. |
2021-12-03 |
6.8 |
CVE-2021-23562
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM |
tmate — tmate-ssh-server |
Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling. |
2021-12-07 |
4.4 |
CVE-2021-44513
MISC
MISC |
tmate — tmate-ssh-server |
World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory. |
2021-12-07 |
4.4 |
CVE-2021-44512
MISC
MISC |
trustwave — modsecurity |
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4. |
2021-12-07 |
5 |
CVE-2021-42717
MISC |
ui — unifi_switch_firmware |
A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later. |
2021-12-07 |
6.1 |
CVE-2021-44527
MISC |
veritas — enterprise_vault |
An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14076). |
2021-12-06 |
6.8 |
CVE-2021-44678
MISC |
veritas — enterprise_vault |
An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14078). |
2021-12-06 |
6.8 |
CVE-2021-44677
MISC |
veritas — enterprise_vault |
An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14074). |
2021-12-06 |
6.8 |
CVE-2021-44679
MISC |
veritas — enterprise_vault |
An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14075). |
2021-12-06 |
6.8 |
CVE-2021-44680
MISC |
veritas — enterprise_vault |
An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14080). |
2021-12-06 |
6.8 |
CVE-2021-44681
MISC |
veritas — enterprise_vault |
An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor’s security alert for this vulnerability (VTS21-003, ZDI-CAN-14079). |
2021-12-06 |
6.8 |
CVE-2021-44682
MISC |
vim — vim |
vim is vulnerable to Use After Free |
2021-12-06 |
6.8 |
CVE-2021-4069
CONFIRM
MISC
FEDORA |
vinga — wr-n300u_firmware |
VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component. |
2021-12-06 |
6.5 |
CVE-2021-43469
MISC |
woocommerce — woocommerce_currency_switcher |
The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected cross-Site Scripting issue |
2021-12-06 |
4.3 |
CVE-2021-24938
MISC |
wp_google_fonts_project — wp_google_fonts |
The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated user) before outputing them in attributes, leading Reflected Cross-Site Scripting issues |
2021-12-06 |
4.3 |
CVE-2021-24935
CONFIRM
MISC |
wpserveur — wps_hide_login |
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. |
2021-12-06 |
5 |
CVE-2021-24917
MISC
MISC |
wso2 — api_manager |
In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.) |
2021-12-07 |
4.3 |
CVE-2021-36760
MISC
MISC |
xen — xen |
grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. This bug was fortuitously fixed by code cleanup in Xen 4.14, and backported to security-supported Xen branches as a prerequisite of the fix for XSA-378. |
2021-12-07 |
6.9 |
CVE-2021-28703
MISC |