Security Bulletin 22 Sep 2021

Published on 22 Sep 2021

Updated on 22 Sep 2021

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2021-33032A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows remote unauthenticated attackers to execute system commands as root via a simple HTTP request.10https://nvd.nist.gov/vuln/detail/CVE-2021-33032
CVE-2019-10940A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity, and availability of the affected system and underlying components. At the time of advisory publication no public exploitation of this security vulnerability was known.9.9https://nvd.nist.gov/vuln/detail/CVE-2019-10940
CVE-2021-32834Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.9.9https://nvd.nist.gov/vuln/detail/CVE-2021-32834
CVE-2021-32835Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.9.9https://nvd.nist.gov/vuln/detail/CVE-2021-32835
CVE-2016-0746Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-0746
CVE-2019-17495A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-17495
CVE-2020-10683dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-10683
CVE-2018-1285Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-1285
CVE-2020-13417An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-13417
CVE-2020-9633Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-9633
CVE-2020-15205In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-15205
CVE-2020-15208In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-15208
CVE-2020-27955Git LFS 2.12.0 allows Remote Code Execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27955
CVE-2021-21304Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being exploited. There is no evidence this vulnerability impacts versions 1.x.x since the vulnerable method was added as part of the v2 rewrite. This vulnerability also impacts v2.x.x beta/alpha versions. Version 2.7.0 includes a patch for this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21304
CVE-2021-21307Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21307
CVE-2020-35636A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-35636
CVE-2021-26295Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-26295
CVE-2021-29012DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus provides permanent access if stolen.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-29012
CVE-2021-27905The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-27905
CVE-2021-29200Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack9.8https://nvd.nist.gov/vuln/detail/CVE-2021-29200
CVE-2021-30128Apache OFBiz has unsafe deserialization prior to 17.12.07 version9.8https://nvd.nist.gov/vuln/detail/CVE-2021-30128
CVE-2021-32198EmTec ZOC through 8.02.4 allows remote servers to cause a denial of service (Windows GUI hang) by telling the ZOC window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or similar delay upon processing a title change.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32198
CVE-2021-20698Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.300 and prior to it, P484 R3.300 and prior to it, P554 R3.300 and prior to it, V404 R3.300 and prior to it, V484 R3.300 and prior to it, V554 R3.300 and prior to it, V404-T R3.300 and prior to it, V484-T R3.300 and prior to it, V554-T R3.300 and prior to it, C501 R2.100 and prior to it, C551 R2.100 and prior to it, C431 R2.100 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-20698
CVE-2021-20699Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.300 and prior to it, P484 R3.300 and prior to it, P554 R3.300 and prior to it, V404 R3.300 and prior to it, V484 R3.300 and prior to it, V554 R3.300 and prior to it, V404-T R3.300 and prior to it, V484-T R3.300 and prior to it, V554-T R3.300 and prior to it, C501 R2.100 and prior to it, C551 R2.100 and prior to it, C431 R2.100 and prior to it) allows an attacker a buffer overflow and to execute remote code by sending long parameters that contains specific characters in http request.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-20699
CVE-2021-26691In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow9.8https://nvd.nist.gov/vuln/detail/CVE-2021-26691
CVE-2021-25948Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-25948
CVE-2021-25949Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-25949
CVE-2021-3013ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-3013
CVE-2021-22915Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-22915
CVE-2021-32682elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32682
CVE-2021-24370The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-24370
CVE-2021-24376The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP file in it and then it is not removed from the disk. It is a bypass of CVE-2020-24948 which allows sending a PHP file via the "Import Settings" functionality to achieve Remote Code Execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-24376
CVE-2010-1435Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.9.8https://nvd.nist.gov/vuln/detail/CVE-2010-1435
CVE-2021-28958Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-28958
CVE-2021-35474Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-35474
CVE-2021-35042Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-35042
CVE-2021-35209An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against the whitelist of hosts Zimbra is allowed to proxy to (the zimbraProxyAllowedDomains setting).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-35209
CVE-2021-32512QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32512
CVE-2021-32513QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32513
CVE-2021-32520Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32520
CVE-2021-32521Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. Suggest contacting with QSAN and refer to recommendations in QSAN Document.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32521
CVE-2021-32522Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN Document.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32522
CVE-2021-32529Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32529
CVE-2021-32530OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32530
CVE-2021-32533The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32533
CVE-2021-32534QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32534
CVE-2021-32535The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32535
CVE-2021-34552Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-34552
CVE-2021-34473Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-34473
CVE-2021-34523Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34470.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-34523
CVE-2020-35427SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-35427
CVE-2021-26765SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-26765
CVE-2021-32810crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32810
CVE-2021-36483DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-36483
CVE-2021-24499The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-24499
CVE-2021-37608Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-37608
CVE-2021-26084In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-26084
CVE-2021-37421Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-37421
CVE-2021-39378A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the NamesList.php str parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-39378
CVE-2021-3766objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')9.8https://nvd.nist.gov/vuln/detail/CVE-2021-3766
CVE-2021-40540ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info initialization and a con_info->request NULL check for certain malformed HTTP requests.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40540
CVE-2020-7832A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7832
CVE-2021-30793A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-30793
CVE-2021-30805A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-30805
CVE-2021-1770A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A logic issue was addressed with improved state management.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1770
CVE-2021-1829A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1829
CVE-2021-1834An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1834
CVE-2021-1864A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1864
CVE-2021-1882A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to gain elevated privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1882
CVE-2021-30655An application may be able to execute arbitrary code with system privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. The issue was addressed with improved permissions logic.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-30655
CVE-2021-30678A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-30678
CVE-2021-30690Multiple issues in apache were addressed by updating apache to version 2.4.46. This issue is fixed in Security Update 2021-004 Mojave. Multiple issues in apache.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-30690
CVE-2020-24672A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: .9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24672
CVE-2020-19138Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".9.8https://nvd.nist.gov/vuln/detail/CVE-2020-19138
CVE-2020-26772Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the 'AjaxRun()' function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-26772
CVE-2021-36440Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-36440
CVE-2021-40814The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40814
CVE-2021-40818scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40818
CVE-2020-26300systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-26300
CVE-2021-1933UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1933
CVE-2021-36161Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.139.8https://nvd.nist.gov/vuln/detail/CVE-2021-36161
CVE-2021-37579The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check (when enabled) and reaching a deserialization operation with native java serialization. Apache Dubbo 2.7.13, 3.0.2 fixed this issue by quickly fail when any unrecognized request was found.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-37579
CVE-2021-38408A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-38408
CVE-2021-38540The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-38540
CVE-2021-28909BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an attack chain to gain SSH root access.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-28909
CVE-2021-28911BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface. This is usable and part of an attack chain to gain SSH root access.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-28911
CVE-2021-28913BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the root SSH key passphrase. This is usable and part of an attack chain to gain SSH root access.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-28913
CVE-2021-38360The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-38360
CVE-2021-40373playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40373
CVE-2021-37423Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-37423
CVE-2021-37422Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-37422
CVE-2021-38833SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-38833
CVE-2021-37909WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-37909
CVE-2021-37913The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-37913
CVE-2021-1976A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1976
CVE-2021-30571Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.9.6https://nvd.nist.gov/vuln/detail/CVE-2021-30571
CVE-2020-11580An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate.9.1https://nvd.nist.gov/vuln/detail/CVE-2020-11580
CVE-2020-15175In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.9.1https://nvd.nist.gov/vuln/detail/CVE-2020-15175
CVE-2021-26291Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html9.1https://nvd.nist.gov/vuln/detail/CVE-2021-26291
CVE-2021-35942The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-35942
CVE-2021-37593PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-37593
CVE-2021-39185Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null Origin Attack. The problem is fixed in 0.21.27, 0.22.3, 0.23.2, and 1.0.0-M25. The original `CORS` implementation and `CORSConfig` are deprecated. See the GitHub GHSA for more information, including code examples and workarounds.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-39185
CVE-2021-22704A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-22704
CVE-2020-15202In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.9https://nvd.nist.gov/vuln/detail/CVE-2020-15202
CVE-2020-15207In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the `DCHECK` does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.9https://nvd.nist.gov/vuln/detail/CVE-2020-15207

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2019-14287In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \\#$((0xffffffff))" command.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-14287
CVE-2020-6402Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6402
CVE-2020-3757Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-3757
CVE-2020-11582An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.)8.8https://nvd.nist.gov/vuln/detail/CVE-2020-11582
CVE-2020-3217A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient length restrictions when the onePK Topology Discovery Service parses Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol message to an affected device. An exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges, or to cause a process crash, which could result in a reload of the device and cause a DoS condition.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-3217
CVE-2020-3219A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input to the web UI. A successful exploit could allow an attacker to execute arbitrary commands with administrative privileges on an affected device.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-3219
CVE-2020-6496Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6496
CVE-2020-15195In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-15195
CVE-2020-21564An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-21564
CVE-2021-21035Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21035
CVE-2021-27890SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-27890
CVE-2021-28961applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-28961
CVE-2021-30480Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30480
CVE-2021-26543The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-26543
CVE-2021-32629Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a Wasm program. This bug was introduced in the new backend on 2020-09-08 and first included in a release on 2020-09-30, but the new backend was not the default prior to 0.73. The recently-released version 0.73 with default settings, and prior versions with an explicit build flag to select the new backend, are vulnerable. The bug in question performs a sign-extend instead of a zero-extend on a value loaded from the stack, under a specific set of circumstances. If those circumstances occur, the bug could allow access to memory addresses upto 2GiB before the start of the Wasm program heap. If the heap bound is larger than 2GiB, then it would be possible to read memory from a computable range dependent on the size of the heaps bound. The impact of this bug is highly dependent on heap implementation, specifically: * if the heap has bounds checks, and * does not rely exclusively on guard pages, and * the heap bound is 2GiB or smaller * then this bug cannot be used to reach memory from another Wasm program heap. The impact of the vulnerability is mitigated if there is no memory mapped in the range accessible using this bug, for example, if there is a 2 GiB guard region before the Wasm program heap. The bug in question performs a sign-extend instead of a zero-extend on a value loaded from the stack, when the register allocator reloads a spilled integer value narrower than 64 bits. This interacts poorly with another optimization: the instruction selector elides a 32-to-64-bit zero-extend operator when we know that an instruction producing a 32-bit value actually zeros the upper 32 bits of its destination register. Hence, we rely on these zeroed bits, but the type of the value is still i32, and the spill/reload reconstitutes those bits as the sign extension of the i32’s MSB. The issue would thus occur when: * An i32 value in a Wasm program is greater than or equal to 0x8000_0000; * The value is spilled and reloaded by the register allocator due to high register pressure in the program between the value’s definition and its use; * The value is produced by an instruction that we know to be “special� in that it zeroes the upper 32 bits of its destination: add, sub, mul, and, or; * The value is then zero-extended to 64 bits in the Wasm program; * The resulting 64-bit value is used. Under these circumstances there is a potential sandbox escape when the i32 value is a pointer. The usual code emitted for heap accesses zero-extends the Wasm heap address, adds it to a 64-bit heap base, and accesses the resulting address. If the zero-extend becomes a sign-extend, the program could reach backward and access memory up to 2GiB before the start of its heap. In addition to assessing the nature of the code generation bug in Cranelift, we have also determined that under specific circumstances, both Lucet and Wasmtime using this version of Cranelift may be exploitable. See referenced GitHub Advisory for more details.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-32629
CVE-2020-22015Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-22015
CVE-2020-22031A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-22031
CVE-2020-22016A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-22016
CVE-2020-22022A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-22022
CVE-2020-22023A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-22023
CVE-2020-22025A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-22025
CVE-2020-22032A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-22032
CVE-2020-22036A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-22036
CVE-2021-31342The ugeom2d.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-31342
CVE-2021-31343The jutil.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT files. This could result in an out-of-bounds write past the end of an allocation structure. An attacker could leverage this vulnerability to execute code in the context of the current process.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-31343
CVE-2021-24347The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".8.8https://nvd.nist.gov/vuln/detail/CVE-2021-24347
CVE-2021-24354A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-24354
CVE-2021-30544Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30544
CVE-2021-30545Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30545
CVE-2021-30546Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30546
CVE-2021-30548Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30548
CVE-2021-30549Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30549
CVE-2021-30550Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30550
CVE-2021-30551Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30551
CVE-2021-30552Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30552
CVE-2021-30553Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30553
CVE-2021-29966Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29966
CVE-2021-34824Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-34824
CVE-2021-30554Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30554
CVE-2021-30555Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30555
CVE-2021-30556Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30556
CVE-2021-30557Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30557
CVE-2021-34527Windows Print Spooler Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2021-34527
CVE-2021-21775A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21775
CVE-2021-21779A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21779
CVE-2021-21806An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21806
CVE-2021-32679Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to trick users into downloading malicious files with a benign file extension. This would show in UI behaviours where Nextcloud applications would display a benign file extension (e.g. JPEG), but the file will actually be downloaded with an executable file extension. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. Administrators of Nextcloud instances do not have a workaround available, but developers of Nextcloud apps may manually escape the file name before passing it into `DownloadResponse`.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-32679
CVE-2021-32688Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications (e.g. DAV sync clients), and can also be configured by the user to not have any filesystem access. Due to a lacking permission check, the tokens were able to change their own permissions in versions prior to 19.0.13, 20.0.11, and 21.0.3. Thus fileystem limited tokens were able to grant themselves access to the filesystem. The issue is patched in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds aside from upgrading.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-32688
CVE-2021-34501Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34518.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-34501
CVE-2021-24453The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure8.8https://nvd.nist.gov/vuln/detail/CVE-2021-24453
CVE-2021-3246A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-3246
CVE-2021-32756ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will allow an attacker to execute arbitrary code with root privileges on the host system. There are patches for this issue in releases named jansa-4, kasparov-2, and lasker-1. If possible, restrict users, via RBAC, to only the part of the application that they need access to. While MiqExpression is widely used throughout the product, restricting users can limit the surface of the attack.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-32756
CVE-2021-26762SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-26762
CVE-2021-26764SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-26764
CVE-2021-36741An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-36741
CVE-2021-30561Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30561
CVE-2021-30565Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30565
CVE-2021-30566Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30566
CVE-2021-30567Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30567
CVE-2021-30568Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30568
CVE-2021-30569Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30569
CVE-2021-30572Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30572
CVE-2021-30573Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30573
CVE-2021-30574Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30574
CVE-2021-30575Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30575
CVE-2021-30576Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30576
CVE-2021-30578Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30578
CVE-2021-30579Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30579
CVE-2021-30581Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30581
CVE-2021-30585Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30585
CVE-2021-30586Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30586
CVE-2021-30588Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30588
CVE-2021-34480Scripting Engine Memory Corruption Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2021-34480
CVE-2020-22403The express-cart package through 1.1.10 for Node.js allows CSRF.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-22403
CVE-2021-30858A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30858
CVE-2021-30590Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30590
CVE-2021-30591Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30591
CVE-2021-30592Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30592
CVE-2021-30598Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30598
CVE-2021-30599Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30599
CVE-2021-30600Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30600
CVE-2021-30601Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30601
CVE-2021-30602Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30602
CVE-2021-30604Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30604
CVE-2021-35223The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-35223
CVE-2021-28550Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-28550
CVE-2021-28553Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-28553
CVE-2021-28558Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-28558
CVE-2021-28560Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-28560
CVE-2021-28561Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-28561
CVE-2021-28564Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Write vulnerability within the ImageTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-28564
CVE-2021-28565Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-28565
CVE-2021-30606Chromium: CVE-2021-30606 Use after free in Blink8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30606
CVE-2021-30607Chromium: CVE-2021-30607 Use after free in Permissions8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30607
CVE-2021-30608Chromium: CVE-2021-30608 Use after free in Web Share8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30608
CVE-2021-30609Chromium: CVE-2021-30609 Use after free in Sign-In8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30609
CVE-2021-30610Chromium: CVE-2021-30610 Use after free in Extensions API8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30610
CVE-2021-30611Chromium: CVE-2021-30611 Use after free in WebRTC8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30611
CVE-2021-30612Chromium: CVE-2021-30612 Use after free in WebRTC8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30612
CVE-2021-30613Chromium: CVE-2021-30613 Use after free in Base internals8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30613
CVE-2021-30614Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30614
CVE-2021-30616Chromium: CVE-2021-30616 Use after free in Media8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30616
CVE-2021-30618Chromium: CVE-2021-30618 Inappropriate implementation in DevTools8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30618
CVE-2021-30620Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30620
CVE-2021-30622Chromium: CVE-2021-30622 Use after free in WebApp Installs8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30622
CVE-2021-30623Chromium: CVE-2021-30623 Use after free in Bookmarks8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30623
CVE-2021-30624Chromium: CVE-2021-30624 Use after free in Autofill8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30624
CVE-2020-7877A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-7877
CVE-2021-30749Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30749
CVE-2021-30795A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30795
CVE-2021-30799Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30799
CVE-2021-30800This issue was addressed with improved checks. This issue is fixed in iOS 14.7. Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30800
CVE-2021-30802A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30802
CVE-2021-35217Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-35217
CVE-2021-1817A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1817
CVE-2021-1851A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1851
CVE-2021-1867An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, macOS Big Sur 11.3. A malicious application may be able to execute arbitrary code with kernel privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1867
CVE-2021-1874A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to execute arbitrary code with kernel privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1874
CVE-2021-1876A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1876
CVE-2021-30661A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30661
CVE-2021-30663An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30663
CVE-2021-30665A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30665
CVE-2021-30666A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30666
CVE-2021-30677This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30677
CVE-2021-30688A malicious application may be able to break out of its sandbox. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A path handling issue was addressed with improved validation.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30688
CVE-2021-30707This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted audio file may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30707
CVE-2021-21897A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21897
CVE-2021-38388Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38388
CVE-2021-38723FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38723
CVE-2020-19263A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-19263
CVE-2021-39230Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-39230
CVE-2021-41084http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values (`Header.value`), Status reason phrases (`Status.reason`), URI paths (`Uri.Path`), URI authority registered names (`URI.RegName`) (through 0.21). This issue has been resolved in versions 0.21.30, 0.22.5, 0.23.4, and 1.0.0-M27 perform the following. As a matter of practice http4s services and client applications should sanitize any user input in the aforementioned fields before returning a request or response to the backend. The carriage return, newline, and null characters are the most threatening.8.7https://nvd.nist.gov/vuln/detail/CVE-2021-41084
CVE-2021-41086jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying _anything_ from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to `innerHTML` allowing for javascript injection and thus XSS. Users are advised to update to version 4.9.11 to resolve.8.7https://nvd.nist.gov/vuln/detail/CVE-2021-41086
CVE-2020-3283A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload.8.6https://nvd.nist.gov/vuln/detail/CVE-2020-3283
CVE-2020-3221A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device.8.6https://nvd.nist.gov/vuln/detail/CVE-2020-3221
CVE-2020-3225Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to insufficient input processing of CIP traffic. An attacker could exploit these vulnerabilities by sending crafted CIP traffic to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.8.6https://nvd.nist.gov/vuln/detail/CVE-2020-3225
CVE-2020-3226A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on received SIP messages. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service condition.8.6https://nvd.nist.gov/vuln/detail/CVE-2020-3226
CVE-2020-3228A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because crafted SXP packets are mishandled. An attacker could exploit this vulnerability by sending specifically crafted SXP packets to the affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.8.6https://nvd.nist.gov/vuln/detail/CVE-2020-3228
CVE-2020-3304A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition. Note: This vulnerability applies to IP Version 4 (IPv4) and IP Version 6 (IPv6) HTTP traffic.8.6https://nvd.nist.gov/vuln/detail/CVE-2020-3304
CVE-2021-32833Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4.0 and may not be patched in later versions. Known vulnerable routes are /Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer, /Images/Ratings/theme/name and /Images/MediaInfo/theme/name. For more details including proof of concept code, refer to the referenced GHSL-2021-051. This issue may lead to unauthorized access to the system especially when Emby Server is configured to be accessible from the Internet.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-32833
CVE-2021-1939Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables8.4https://nvd.nist.gov/vuln/detail/CVE-2021-1939
CVE-2021-1947Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking8.4https://nvd.nist.gov/vuln/detail/CVE-2021-1947
CVE-2021-30260Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking8.4https://nvd.nist.gov/vuln/detail/CVE-2021-30260
CVE-2021-30261Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables8.4https://nvd.nist.gov/vuln/detail/CVE-2021-30261
CVE-2020-11581An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-11581
CVE-2020-3238A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not affect the device that is hosting Cisco IOx.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-3238
CVE-2020-28052An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-28052
CVE-2020-36254scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-36254
CVE-2021-20305A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-20305
CVE-2021-34551PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-34551
CVE-2021-3603PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-3603
CVE-2021-24377The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-24377
CVE-2021-32708Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-32708
CVE-2020-4945IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-4945
CVE-2021-30593Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-30593
CVE-2021-21996An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-21996
CVE-2021-30717A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-30717
CVE-2021-3051An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-3051
CVE-2021-32836ZStack is open source IaaS(infrastructure as a service) software. In ZStack before versions 3.10.12 and 4.1.6 there is a pre-auth unsafe deserialization vulnerability in the REST API. An attacker in control of the request body will be able to provide both the class name and the data to be deserialized and therefore will be able to instantiate an arbitrary type and assign arbitrary values to its fields. This issue may lead to a Denial Of Service. If a suitable gadget is available, then an attacker may also be able to exploit this vulnerability to gain pre-auth remote code execution. For additional details see the referenced GHSL-2021-087.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-32836
CVE-2021-34718A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-34718
CVE-2021-39214mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While a smuggled request is still captured as part of another request's body, it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless one uses mitmproxy to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 7.0.3 and above.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-39214
CVE-2021-31206Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-34473.8https://nvd.nist.gov/vuln/detail/CVE-2021-31206
CVE-2021-34470Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34523.8https://nvd.nist.gov/vuln/detail/CVE-2021-34470
CVE-2021-41083Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any mailing list password, as well as the Dada Mail Root Password - which could effectively shut out actual list owners of the mailing list and allow the bad actor complete and unfettered control of your mailing list. This vulnerability also affects profile logins. For this vulnerability to work, the target of the bad actor would need to be logged into the list control panel themselves. This CSRF vulnerability in Dada Mail affects all versions of Dada Mail v11.15.1 and below. Although we know of no known CSRF exploits that have happened in the wild, this vulnerability has been confirmed by our testing, and by a third party. Users are advised to update to version 11.16.0.8https://nvd.nist.gov/vuln/detail/CVE-2021-41083
CVE-2016-6185The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-6185
CVE-2019-20044In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().7.8https://nvd.nist.gov/vuln/detail/CVE-2019-20044
CVE-2020-0822An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-0822
CVE-2020-3950VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-3950
CVE-2020-24559A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24559
CVE-2020-14386A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-14386
CVE-2020-4607IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-4607
CVE-2020-24436Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24436
CVE-2020-28948Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-28948
CVE-2020-28949Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-28949
CVE-2021-3156Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3156
CVE-2021-27027An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27027
CVE-2021-27028A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27028
CVE-2021-27030A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27030
CVE-2021-27031A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27031
CVE-2021-29457Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-29457
CVE-2021-31607In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31607
CVE-2021-25407A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-25407
CVE-2021-32946An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32946
CVE-2021-32936An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32936
CVE-2021-32944A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32944
CVE-2021-32948An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32948
CVE-2021-32952An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32952
CVE-2021-34388Bootloader contains a vulnerability in NVIDIA TegraBoot where a potential heap overflow might allow an attacker to control all the RAM after the heap block, leading to denial of service or code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-34388
CVE-2021-3500A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3500
CVE-2020-4610IBM Security Secret Server (IBM Security Verify Privilege Manager 10.8.2 ) could allow a local user to execute code due to improper integrity checks. IBM X-Force ID: 184919.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-4610
CVE-2021-35039kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-35039
CVE-2021-22555A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space7.8https://nvd.nist.gov/vuln/detail/CVE-2021-22555
CVE-2021-3612An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3612
CVE-2021-22921Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-22921
CVE-2021-34313A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13354)7.8https://nvd.nist.gov/vuln/detail/CVE-2021-34313
CVE-2021-34318A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13403)7.8https://nvd.nist.gov/vuln/detail/CVE-2021-34318
CVE-2021-34330A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13430)7.8https://nvd.nist.gov/vuln/detail/CVE-2021-34330
CVE-2021-22000VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. A malicious actor with non-administrative privileges may exploit this vulnerability to elevate privileges to administrator level on the Windows operating system having VMware ThinApp installed on it.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-22000
CVE-2021-33751Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34460, CVE-2021-34510, CVE-2021-34512, CVE-2021-34513.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-33751
CVE-2021-34510Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33751, CVE-2021-34460, CVE-2021-34512, CVE-2021-34513.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-34510
CVE-2021-35449The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-35449
CVE-2019-25051objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).7.8https://nvd.nist.gov/vuln/detail/CVE-2019-25051
CVE-2021-33909fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-33909
CVE-2021-37576arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-37576
CVE-2021-30577Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30577
CVE-2021-38166In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-38166
CVE-2021-32931An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32931
CVE-2021-32939FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32939
CVE-2021-32947FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32947
CVE-2021-1106NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1106
CVE-2021-1107NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1107
CVE-2021-36770Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-36770
CVE-2021-26431Windows Recovery Environment Agent Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-26431
CVE-2021-34478Microsoft Office Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-34478
CVE-2021-21867An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21867
CVE-2021-21868An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21868
CVE-2021-30860An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30860
CVE-2021-28697grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-28697
CVE-2021-33019A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-33019
CVE-2021-3770vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3770
CVE-2021-33285In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing of the records proceeds into the wild.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-33285
CVE-2021-33289In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-33289
CVE-2021-35268In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-35268
CVE-2021-35269NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-35269
CVE-2021-33286In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-33286
CVE-2021-33287In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-33287
CVE-2021-35266In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-35266
CVE-2021-35267NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-35267
CVE-2021-39251A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39251
CVE-2021-39252A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39252
CVE-2021-39253A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39253
CVE-2021-39254A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39254
CVE-2021-39255A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39255
CVE-2021-39256A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39256
CVE-2021-39258A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39258
CVE-2021-39259A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39259
CVE-2021-39260A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39260
CVE-2021-39261A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39261
CVE-2021-39262A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39262
CVE-2021-39263A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39263
CVE-2021-28701Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-28701
CVE-2021-30725A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30725
CVE-2021-30726A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30726
CVE-2021-30728An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30728
CVE-2021-30748A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30748
CVE-2021-30752Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An out-of-bounds read was addressed with improved input validation.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30752
CVE-2021-30760An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30760
CVE-2021-30765An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30765
CVE-2021-30766An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30766
CVE-2021-30772This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30772
CVE-2021-30774A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. A malicious application may be able to gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30774
CVE-2021-30775A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted audio file may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30775
CVE-2021-30777An injection issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30777
CVE-2021-30779This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing a maliciously crafted image may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30779
CVE-2021-30780An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A malicious application may be able to gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30780
CVE-2021-30781This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A local attacker may be able to cause unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30781
CVE-2021-30784Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.5. A local attacker may be able to execute code on the Apple T2 Security Chip.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30784
CVE-2021-30785A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted image may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30785
CVE-2021-30787This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to cause unexpected system termination or write kernel memory.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30787
CVE-2021-30789An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30789
CVE-2021-30790An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30790
CVE-2021-30792An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted image may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30792
CVE-2020-27942A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing a maliciously crafted font file may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-27942
CVE-2021-1762An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1762
CVE-2021-1812A logic issue was addressed with improved validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to execute arbitrary code with system privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1812
CVE-2021-1813A validation issue was addressed with improved logic. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1813
CVE-2021-1814This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, watchOS 7.4. Processing a maliciously crafted image may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1814
CVE-2021-1816A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1816
CVE-2021-1833This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to gain elevated privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1833
CVE-2021-1838This issue was addressed with improved checks. This issue is fixed in iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1838
CVE-2021-1839The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1839
CVE-2021-1840A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1840
CVE-2021-1841A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. An out-of-bounds write issue was addressed with improved bounds checking.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1841
CVE-2021-1843This issue was addressed with improved checks. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1843
CVE-2021-1847A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1847
CVE-2021-1853A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1853
CVE-2021-1858Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds write issue was addressed with improved bounds checking.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1858
CVE-2021-1868A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1868
CVE-2021-1875A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1875
CVE-2021-1880This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, watchOS 7.4. Processing a maliciously crafted image may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1880
CVE-2021-1881An out-of-bounds read was addressed with improved input validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted font file may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1881
CVE-2021-1885An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1885
CVE-2021-30653This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30653
CVE-2021-30664An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30664
CVE-2021-30672A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30672
CVE-2021-30675A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30675
CVE-2021-30679This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An application may be able to gain elevated privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30679
CVE-2021-30680A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4. A local user may be able to load unsigned kernel extensions.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30680
CVE-2021-30681A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30681
CVE-2021-30683A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application could execute arbitrary code leading to compromise of user information.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30683
CVE-2021-30684A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A remote attacker may cause an unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30684
CVE-2021-30693A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30693
CVE-2021-30701This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30701
CVE-2021-30703A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30703
CVE-2021-30704A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30704
CVE-2021-30708An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30708
CVE-2021-30712A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30712
CVE-2021-30713A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30713
CVE-2021-35526Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).7.8https://nvd.nist.gov/vuln/detail/CVE-2021-35526
CVE-2021-36216LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-36216
CVE-2021-30605Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30605
CVE-2021-34719Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-34719
CVE-2021-34728Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-34728
CVE-2021-1934Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1934
CVE-2021-30295Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30295
CVE-2020-3235A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability by using SNMPv3, the attacker must know the user credentials for the affected system.7.7https://nvd.nist.gov/vuln/detail/CVE-2020-3235
CVE-2016-0742The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-0742
CVE-2017-7529Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-7529
CVE-2018-16843nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-16843
CVE-2018-16844nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-16844
CVE-2019-0205In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-0205
CVE-2019-10172A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-10172
CVE-2020-5398In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-5398
CVE-2020-3259A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-3259
CVE-2020-3272A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-3272
CVE-2020-3230A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The vulnerability is due to incorrect handling of crafted IKEv2 SA-Init packets. An attacker could exploit this vulnerability by sending crafted IKEv2 SA-Init packets to the affected device. An exploit could allow the attacker to cause the affected device to reach the maximum incoming negotiation limits and prevent further IKEv2 security associations from being formed.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-3230
CVE-2020-3263A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system. If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-3263
CVE-2020-15203In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-15203
CVE-2020-15206In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using `tensorflow-serving` or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and 2.3.0 but not yet backported to earlier versions). However, this was not enough, as #41097 reports a different failure mode. The issue is patched in commit adf095206f25471e864a8e63a0f1caef53a0e3a6, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-15206
CVE-2020-36193Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36193
CVE-2021-26118While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-26118
CVE-2020-17516Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-17516
CVE-2021-29376ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-29376
CVE-2020-6590Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6590
CVE-2021-29262When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-29262
CVE-2020-21041Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service7.5https://nvd.nist.gov/vuln/detail/CVE-2020-21041
CVE-2020-20178Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest version is affected by a denial of service vulnerability in the affected payout function. Once the length of this array is too long, it will result in an exception. Attackers can make attacks by creating a series of account addresses.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-20178
CVE-2020-1920A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-1920
CVE-2020-13950Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13950
CVE-2021-26690Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service7.5https://nvd.nist.gov/vuln/detail/CVE-2021-26690
CVE-2021-34555OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-34555
CVE-2021-22904The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-22904
CVE-2021-31618Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-31618
CVE-2021-30468A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-30468
CVE-2021-33813An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33813
CVE-2021-29702Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-29702
CVE-2021-34825Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-34825
CVE-2021-29059A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-29059
CVE-2020-27511An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-27511
CVE-2010-4816It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.7.5https://nvd.nist.gov/vuln/detail/CVE-2010-4816
CVE-2021-29703Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-29703
CVE-2021-27577Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-27577
CVE-2021-32565Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32565
CVE-2021-34549An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-34549
CVE-2021-34550An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor7.5https://nvd.nist.gov/vuln/detail/CVE-2021-34550
CVE-2021-31530Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-31530
CVE-2021-32566Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32566
CVE-2021-32567Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32567
CVE-2021-32736think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. The vulnerability is patched in version 1.1.3.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32736
CVE-2021-35197In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-35197
CVE-2021-32740Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32740
CVE-2021-32514Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32514
CVE-2021-32516Path traversal vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32516
CVE-2021-32517Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32517
CVE-2021-32518A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32518
CVE-2021-32519Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.2, QSAN XEVO v2.1.0, and QSAN SANOS v2.1.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32519
CVE-2021-32527Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function. Suggest contacting with QSAN and refer to recommendations in QSAN Document.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32527
CVE-2021-32532Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32532
CVE-2021-36377Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-36377
CVE-2021-30639A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-30639
CVE-2021-33807Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33807
CVE-2021-32705Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32705
CVE-2021-1945Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1945
CVE-2021-35517When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-35517
CVE-2021-36090When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-36090
CVE-2021-35527Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-35527
CVE-2021-0283A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut down as a result of these sent packets. A potential indicator of compromise will be the following message in the log files: "eventd[13955]: SYSTEM_ABNORMAL_SHUTDOWN: System abnormally shut down" These issue are only triggered by traffic destined to the device. Transit traffic will not trigger these issues. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 16.1 version 16.1R1 and later versions; 16.2 version 16.2R1 and later versions; 17.1 version 17.1R1 and later versions; 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S12; 17.4 version 17.4R1 and later versions; 18.1 versions prior to 18.1R3-S13; 18.2 version 18.2R1 and later versions; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; 21.2 versions prior to 21.2R2.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-0283
CVE-2021-3649chatwoot is vulnerable to Inefficient Regular Expression Complexity7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3649
CVE-2021-22146All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-22146
CVE-2021-2388Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-2388
CVE-2021-32761Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32761
CVE-2021-33629isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33629
CVE-2021-31292An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-31292
CVE-2021-36386report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-36386
CVE-2021-37601muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-37601
CVE-2021-37847crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-37847
CVE-2021-37848common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-37848
CVE-2021-3580A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3580
CVE-2021-38512An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling (aka HRS) can occur, potentially leading to credential disclosure.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38512
CVE-2021-38604In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38604
CVE-2021-33193A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33193
CVE-2021-38758Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38758
CVE-2021-25218In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-25218
CVE-2020-36475An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36475
CVE-2020-36478An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36478
CVE-2021-30603Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-30603
CVE-2021-23437The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-23437
CVE-2021-36717Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the "Name" parameter, the attacker can return to the root directory and open the host file. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-36717
CVE-2021-39500Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39500
CVE-2020-19765An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-19765
CVE-2020-19766The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-19766
CVE-2021-1784A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1784
CVE-2021-1808A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1808
CVE-2021-1809A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1809
CVE-2021-1849An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to bypass Privacy preferences.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1849
CVE-2021-1859A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. Locked Notes content may have been unexpectedly unlocked.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1859
CVE-2021-30660An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to disclose kernel memory.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-30660
CVE-2021-30698A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-30698
CVE-2021-30715A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-30715
CVE-2021-33982An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33982
CVE-2021-3053An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. This issue does not affect Prisma Access.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3053
CVE-2021-40346An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40346
CVE-2020-19137Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".7.5https://nvd.nist.gov/vuln/detail/CVE-2020-19137
CVE-2021-32484In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964917.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32484
CVE-2021-32485In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964926.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32485
CVE-2021-32486In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964928.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32486
CVE-2021-32487In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500736; Issue ID: ALPS04938456.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32487
CVE-2021-28910BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-28910
CVE-2021-37414Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows anyone to get a valid user's APIKEY without authentication.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-37414
CVE-2021-39215Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue is fixed in Jitsi Meet 2.0.5963. There are no known workarounds aside from updating.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39215
CVE-2021-32839sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\\r\\n' in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround don't use the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. The issues has been fixed in sqlparse 0.4.2.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32839
CVE-2021-32838Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32838
CVE-2020-26301ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-26301
CVE-2021-41082Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were not able to view the posts in the leaked private message despite seeing it in their inbox. The problematic commit was reverted around 32 minutes after it was made. Users are encouraged to upgrade to the latest commit if they are running Discourse against the `tests-passed` branch.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41082
CVE-2021-3713An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-3713
CVE-2021-34713A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An attacker could exploit this vulnerability by sending specific types of Ethernet frames on the segment where the affected line cards are attached. A successful exploit could allow the attacker to cause the affected line card to reboot.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-34713
CVE-2019-10086In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.7.3https://nvd.nist.gov/vuln/detail/CVE-2019-10086
CVE-2020-0570Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.7.3https://nvd.nist.gov/vuln/detail/CVE-2020-0570
CVE-2020-7565A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.7.3https://nvd.nist.gov/vuln/detail/CVE-2020-7565
CVE-2020-7566A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.7.3https://nvd.nist.gov/vuln/detail/CVE-2020-7566
CVE-2020-7461In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit.7.3https://nvd.nist.gov/vuln/detail/CVE-2020-7461
CVE-2020-35452Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow7.3https://nvd.nist.gov/vuln/detail/CVE-2020-35452
CVE-2021-1108NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system.7.3https://nvd.nist.gov/vuln/detail/CVE-2021-1108
CVE-2021-30662This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution.7.3https://nvd.nist.gov/vuln/detail/CVE-2021-30662
CVE-2020-3218A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code with root privileges on the underlying Linux shell. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by first creating a malicious file on the affected device itself and then uploading a second malicious file to the device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or bypass licensing requirements on the device.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-3218
CVE-2020-8260A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-8260
CVE-2021-29350SQL injection in the getip function in conn/function.php in ??100-???????? 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-29350
CVE-2021-31207Microsoft Exchange Server Security Feature Bypass Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2021-31207
CVE-2021-23024On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-23024
CVE-2021-32523Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-32523
CVE-2021-32524Command injection vulnerability in QSAN Storage Manager allows remote privileged users to execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-32524
CVE-2021-32525The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interface with the administrator’s credential, entering the hard-coded password of the debug mode to execute the restricted system instructions. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-32525
CVE-2021-34785Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-34785
CVE-2021-39459Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-39459
CVE-2021-28912BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key passphrase known as 'eibPort string'. This is usable and the final part of an attack chain to gain SSH root access.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-28912
CVE-2017-12613When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.7.1https://nvd.nist.gov/vuln/detail/CVE-2017-12613
CVE-2020-24558A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-24558
CVE-2020-15193In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a `reinterpret_cast` Since the `PyObject` is a Python object, not a TensorFlow Tensor, the cast to `EagerTensor` fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-15193
CVE-2021-32938Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-32938
CVE-2021-32940An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-32940
CVE-2021-32950An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-32950
CVE-2021-32078An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-32078
CVE-2021-32610In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-32610
CVE-2021-0002Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-0002
CVE-2021-1110NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel components.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-1110
CVE-2021-35940An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-35940
CVE-2021-30788This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-30788
CVE-2021-1828A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An application may be able to cause unexpected system termination or write kernel memory.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-1828
CVE-2021-30676A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A local user may be able to cause unexpected system termination or read kernel memory.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-30676
CVE-2021-30710A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-30710
CVE-2021-30719A local user may be able to cause unexpected system termination or read kernel memory. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. An out-of-bounds read issue was addressed by removing the vulnerable code.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-30719
CVE-2021-33542Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.7https://nvd.nist.gov/vuln/detail/CVE-2021-33542
CVE-2021-40490A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.7https://nvd.nist.gov/vuln/detail/CVE-2021-40490
CVE-2021-30786A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.7https://nvd.nist.gov/vuln/detail/CVE-2021-30786
CVE-2021-30652A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges.7https://nvd.nist.gov/vuln/detail/CVE-2021-30652
CVE-2021-30290Possible null pointer dereference due to race condition between timeline fence signal and time line fence destroy in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile7https://nvd.nist.gov/vuln/detail/CVE-2021-30290
CVE-2021-30594Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.6.8https://nvd.nist.gov/vuln/detail/CVE-2021-30594
CVE-2021-30597Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.6.8https://nvd.nist.gov/vuln/detail/CVE-2021-30597
CVE-2021-28694IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696).6.8https://nvd.nist.gov/vuln/detail/CVE-2021-28694
CVE-2021-28695IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696).6.8https://nvd.nist.gov/vuln/detail/CVE-2021-28695
CVE-2021-28696IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696).6.8https://nvd.nist.gov/vuln/detail/CVE-2021-28696
CVE-2021-39213GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround.6.8https://nvd.nist.gov/vuln/detail/CVE-2021-39213
CVE-2021-39205Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading.6.8https://nvd.nist.gov/vuln/detail/CVE-2021-39205
CVE-2020-3204A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to cause memory corruption or execute the code with root privileges on the underlying OS of the affected device.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-3204
CVE-2020-3214A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-3214
CVE-2021-0462In the NXP NFC firmware, there is a possible insecure firmware update due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1687996956.7https://nvd.nist.gov/vuln/detail/CVE-2021-0462
CVE-2021-34394Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-34394
CVE-2021-1584A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-1584
CVE-2021-34708Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-34708
CVE-2021-34721Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-34721
CVE-2021-34722Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-34722
CVE-2021-20117Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-20117
CVE-2021-20118Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-20118
CVE-2021-3054A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7; PAN-OS 10.1 versions earlier than PAN-OS 10.1.2. This issue does not affect Prisma Access.6.6https://nvd.nist.gov/vuln/detail/CVE-2021-3054
CVE-2020-8492Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-8492
CVE-2020-6311Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version ? 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. This may result in privilege escalation and may expose restricted banking data.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-6311
CVE-2020-5421In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-5421
CVE-2020-15210In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-15210
CVE-2021-21297Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-21297
CVE-2021-3482A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3482
CVE-2021-29447Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-29447
CVE-2021-3524A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \\r as a header separator, thus a new flaw has been created.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3524
CVE-2020-22020Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-22020
CVE-2020-22021Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-22021
CVE-2020-22026Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-22026
CVE-2020-22028Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-22028
CVE-2021-20579IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-20579
CVE-2021-29777IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-29777
CVE-2021-32722GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb70568e20e961ea1cb70904454a671b1d are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load balancing and a lack of an appropriate index. As a workaround, one may avoid use of the extension unless additional rate limit at the MediaWiki level or via PoolCounter / MySQL is enabled. A patch is available in version 48be7adb70568e20e961ea1cb70904454a671b1d.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32722
CVE-2021-28690x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-28690
CVE-2021-20461IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-20461
CVE-2021-32506Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3 .6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32506
CVE-2021-32507Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32507
CVE-2021-32508Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32508
CVE-2021-32509Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32509
CVE-2021-32526Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attackers to access arbitrary password files. Suggest contacting with QSAN and refer to recommendations in QSAN Document.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32526
CVE-2021-32537Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system crashed.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32537
CVE-2021-30640A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30640
CVE-2021-34558The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-34558
CVE-2021-32767TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32767
CVE-2021-22145A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-22145
CVE-2021-22144In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-22144
CVE-2021-30580Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30580
CVE-2021-30582Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30582
CVE-2021-30583Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30583
CVE-2021-30584Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30584
CVE-2021-22922When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-22922
CVE-2021-32728The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to previously downloaded public certificate. If the Nextcloud instance serves a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. This issue is fixed in Nextcloud Desktop Client version 3.3.0. There are no known workarounds aside from upgrading.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32728
CVE-2021-28555Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-28555
CVE-2021-30615Chromium: CVE-2021-30615 Cross-origin data leak in Navigation6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30615
CVE-2021-30617Chromium: CVE-2021-30617 Policy bypass in Blink6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30617
CVE-2021-30619Chromium: CVE-2021-30619 UI Spoofing in Autofill6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30619
CVE-2021-30621Chromium: CVE-2021-30621 UI Spoofing in Autofill6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30621
CVE-2021-31609The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-31609
CVE-2021-31612The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure, allowing attackers in radio range to trigger a deadlock via a crafted LMP packet.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-31612
CVE-2021-38698HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-38698
CVE-2021-30721A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30721
CVE-2021-30755Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5. An out-of-bounds read was addressed with improved input validation.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30755
CVE-2021-30783An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A sandboxed process may be able to circumvent sandbox restrictions.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30783
CVE-2021-30796A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing a maliciously crafted image may lead to a denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30796
CVE-2021-1811A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-1811
CVE-2021-1820A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-1820
CVE-2021-1857A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-1857
CVE-2021-1860A memory initialization issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to disclose kernel memory.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-1860
CVE-2021-1873An API issue in Accessibility TCC permissions was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to unexpectedly leak a user's credentials from secure text fields.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-1873
CVE-2021-1878An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-1878
CVE-2021-30659A validation issue was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. A malicious application may be able to leak sensitive user information.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30659
CVE-2021-3055An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.6. This issue does not affect Prisma Access.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3055
CVE-2021-40797An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-40797
CVE-2021-40812The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-40812
CVE-2021-39458Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-39458
CVE-2020-19143Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-19143
CVE-2020-19144Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-19144
CVE-2021-38721FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2021-38721
CVE-2020-19264A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-19264
CVE-2021-39210GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue is fixed in version 9.5.6. As a workaround, one may avoid using the "remember me" feature.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-39210
CVE-2021-39228Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case, affected versions of Tremor and the tremor-script crate maintains references to memory that might have been freed already. And these memory regions can be accessed by retrieving the `state`, e.g. send it over TCP or HTTP. This requires the Tremor server (or any other program using tremor-script) to execute a tremor-script script that uses the mentioned language construct. The issue has been patched in version 0.11.6 by removing the optimization and always cloning the target expression of a Merge or Patch. If an upgrade is not possible, a possible workaround is to avoid the optimization by introducing a temporary variable and not immediately reassigning to `state`.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-39228
CVE-2020-15705GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.6.4https://nvd.nist.gov/vuln/detail/CVE-2020-15705
CVE-2020-14308In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.6.4https://nvd.nist.gov/vuln/detail/CVE-2020-14308
CVE-2021-37159hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.6.4https://nvd.nist.gov/vuln/detail/CVE-2021-37159
CVE-2021-34709Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.6.4https://nvd.nist.gov/vuln/detail/CVE-2021-34709
CVE-2021-1109NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams.6.3https://nvd.nist.gov/vuln/detail/CVE-2021-1109
CVE-2021-30714A race condition was addressed with improved state handling. This issue is fixed in iOS 14.6 and iPadOS 14.6. An application may be able to cause unexpected system termination or write kernel memory.6.3https://nvd.nist.gov/vuln/detail/CVE-2021-30714
CVE-2021-39219Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never use `unsafe` then it should not be possible to have memory unsafety issues in their embeddings of Wasmtime. An issue was discovered in the safe API of `Linker::func_*` APIs. These APIs were previously not sound when one `Engine` was used to create the `Linker` and then a different `Engine` was used to create a `Store` and then the `Linker` was used to instantiate a module into that `Store`. Cross-`Engine` usage of functions is not supported in Wasmtime and this can result in type confusion of function pointers, resulting in being able to safely call a function with the wrong type. Triggering this bug requires using at least two `Engine` values in an embedding and then additionally using two different values with a `Linker` (one at the creation time of the `Linker` and another when instantiating a module with the `Linker`). It's expected that usage of more-than-one `Engine` in an embedding is relatively rare since an `Engine` is intended to be a globally shared resource, so the expectation is that the impact of this issue is relatively small. The fix implemented is to change this behavior to `panic!()` in Rust instead of silently allowing it. Using different `Engine` instances with a `Linker` is a programmer bug that `wasmtime` catches at runtime. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime and are using more than one `Engine` in your embedding it's recommended to instead use only one `Engine` for the entire program if possible. An `Engine` is designed to be a globally shared resource that is suitable to have only one for the lifetime of an entire process. If using multiple `Engine`s is required then code should be audited to ensure that `Linker` is only used with one `Engine`.6.3https://nvd.nist.gov/vuln/detail/CVE-2021-39219
CVE-2021-39218Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses `externref`s, the host creates non-null `externrefs`, Wasmtime performs a garbage collection (GC), and there has to be a Wasm frame on the stack that is at a GC safepoint where there are no live references at this safepoint, and there is a safepoint with live references earlier in this frame's function. Under this scenario, Wasmtime would incorrectly use the GC stack map for the safepoint from earlier in the function instead of the empty safepoint. This would result in Wasmtime treating arbitrary stack slots as `externref`s that needed to be rooted for GC. At the *next* GC, it would be determined that nothing was referencing these bogus `externref`s (because nothing could ever reference them, because they are not really `externref`s) and then Wasmtime would deallocate them and run `<ExternRef as Drop>::drop` on them. This results in a free of memory that is not necessarily on the heap (and shouldn't be freed at this moment even if it was), as well as potential out-of-bounds reads and writes. Even though support for `externref`s (via the reference types proposal) is enabled by default, unless you are creating non-null `externref`s in your host code or explicitly triggering GCs, you cannot be affected by this bug. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime at this time, you can avoid this bug by disabling the reference types proposal by passing `false` to `wasmtime::Config::wasm_reference_types`.6.3https://nvd.nist.gov/vuln/detail/CVE-2021-39218
CVE-2021-39227ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. One workaround is available: Check if there is `__proto__` in the object keys. Omit it before using it as an parameter in these affected methods. Or in `echarts.util.merge` and `setOption` if project is using ECharts.6.2https://nvd.nist.gov/vuln/detail/CVE-2021-39227
CVE-2018-16845nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.6.1https://nvd.nist.gov/vuln/detail/CVE-2018-16845
CVE-2020-1760A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-1760
CVE-2020-24553Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-24553
CVE-2020-6324SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim?s browser leading to Reflected Cross Site Scripting.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-6324
CVE-2021-22881The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-22881
CVE-2021-27889Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-27889
CVE-2021-29011DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name, or address field (under admin.php).6.1https://nvd.nist.gov/vuln/detail/CVE-2021-29011
CVE-2021-20293A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-20293
CVE-2021-20733Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-20733
CVE-2021-27659exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-27659
CVE-2021-31721Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-31721
CVE-2021-33214In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-33214
CVE-2021-31961Windows InstallService Elevation of Privilege Vulnerability6.1https://nvd.nist.gov/vuln/detail/CVE-2021-31961
CVE-2021-23411Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-23411
CVE-2021-32792mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-32792
CVE-2021-37746textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-37746
CVE-2021-24477The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing the issue to be exploited via a CSRF attack.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-24477
CVE-2021-32806Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal prior to 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the 'is url in portal' check for security, mostly to see if it is safe to redirect to a url. A url like `https://example.org` is not in the portal. The url `https:example.org` without slashes is considered to be in the portal. When redirecting, some browsers go to `https://example.org`, others give an error. Attackers may use this to redirect victims to their site, especially as part of a phishing attack. The problem has been patched in Products.isurlinportal 1.2.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-32806
CVE-2021-1113NVIDIA camera firmware contains a vulnerability where an unauthorized modification by camera resources may result in complete denial of service and loss of partial data integrity for all clients.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-1113
CVE-2021-35061Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-35061
CVE-2021-30744Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-30744
CVE-2021-1825An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-1825
CVE-2021-1826A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-1826
CVE-2021-30689A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-30689
CVE-2021-32805Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where the `next-site` domain is different from the application you are protecting as a workaround.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-32805
CVE-2020-19515qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\\install\\modules\\database_config.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-19515
CVE-2021-38321The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selected_menu parameter found in the ~/custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38321
CVE-2021-35976The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-35976
CVE-2021-38326The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38326
CVE-2021-38327The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38327
CVE-2021-38328The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38328
CVE-2021-38329The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38329
CVE-2021-38330The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38330
CVE-2021-38331The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38331
CVE-2021-38332The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38332
CVE-2021-38333The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38333
CVE-2021-38334The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38334
CVE-2021-38335The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38335
CVE-2021-38336The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38336
CVE-2021-38337The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38337
CVE-2021-38338The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38338
CVE-2021-38339The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38339
CVE-2021-38340The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38340
CVE-2021-38341The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38341
CVE-2021-38347The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38347
CVE-2021-38348The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpas_id parameter found in the ~/inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38348
CVE-2021-38349The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38349
CVE-2021-38350The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the ~/analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38350
CVE-2021-38351The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38351
CVE-2021-38352The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38352
CVE-2021-38353The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38353
CVE-2021-38354The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38354
CVE-2021-38355The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the ~/bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38355
CVE-2021-38357The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the ~/sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38357
CVE-2021-38358The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38358
CVE-2021-38359The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-38359
CVE-2021-3646btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')6.1https://nvd.nist.gov/vuln/detail/CVE-2021-3646
CVE-2021-39325The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-39325
CVE-2020-14311There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.6https://nvd.nist.gov/vuln/detail/CVE-2020-14311
CVE-2019-6147Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database. When the database is corrupted, the SMC might produce an incorrect IPsec configuration for the Forcepoint Next Generation Firewall (NGFW), possibly resulting in settings that are weaker than expected. All SMC versions lower than 6.5.12 or 6.7.1 are vulnerable.5.9https://nvd.nist.gov/vuln/detail/CVE-2019-6147
CVE-2020-15209In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.5.9https://nvd.nist.gov/vuln/detail/CVE-2020-15209
CVE-2020-1971The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).5.9https://nvd.nist.gov/vuln/detail/CVE-2020-1971
CVE-2021-3449An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).5.9https://nvd.nist.gov/vuln/detail/CVE-2021-3449
CVE-2021-22895Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-22895
CVE-2021-36221Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-36221
CVE-2021-30722An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-30722
CVE-2021-1884A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-1884
CVE-2021-30696An attacker in a privileged network position may be able to misrepresent application state. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A logic issue was addressed with improved state management.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-30696
CVE-2021-30716A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to perform denial of service.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-30716
CVE-2021-31810An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).5.8https://nvd.nist.gov/vuln/detail/CVE-2021-31810
CVE-2021-41087in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versions authenticated attackers posing as functionaries (i.e., within a trusted set of users for a layout) are able to create attestations that may bypass DISALLOW rules in the same layout. An attacker with access to trusted private keys, may issue an attestation that contains a disallowed artifact by including path traversal semantics (e.g., foo vs dir/../foo). Exploiting this vulnerability is dependent on the specific policy applied. The problem has been fixed in version 0.3.0.5.6https://nvd.nist.gov/vuln/detail/CVE-2021-41087
CVE-2019-12400In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.5.5https://nvd.nist.gov/vuln/detail/CVE-2019-12400
CVE-2020-10727A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-10727
CVE-2021-27029The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading to a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-27029
CVE-2021-3527A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3527
CVE-2020-13938Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows5.5https://nvd.nist.gov/vuln/detail/CVE-2020-13938
CVE-2021-28687HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of them. When the "soft reset" feature was implemented, the libxl__domain_suspend_state structure didn't require any initialization or disposal. At some point later, an initialization function was introduced for the structure; but the "soft reset" path wasn't refactored to call the initialization function. When a guest nwo initiates a "soft reboot", uninitialized data structure leads to an assert() when later code finds the structure in an unexpected state. The effect of this is to crash the process monitoring the guest. How this affects the system depends on the structure of the toolstack. For xl, this will have no security-relevant effect: every VM has its own independent monitoring process, which contains no state. The domain in question will hang in a crashed state, but can be destroyed by `xl destroy` just like any other non-cooperating domain. For daemon-based toolstacks linked against libxl, such as libvirt, this will crash the toolstack, losing the state of any in-progress operations (localized DoS), and preventing further administrator operations unless the daemon is configured to restart automatically (system-wide DoS). If crashes "leak" resources, then repeated crashes could use up resources, also causing a system-wide DoS.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-28687
CVE-2021-34693net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-34693
CVE-2021-34390Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-34390
CVE-2021-34391Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-34391
CVE-2021-29157Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-29157
CVE-2021-28693xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-28693
CVE-2021-36373When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-36373
CVE-2021-36374When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-36374
CVE-2021-33910basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-33910
CVE-2021-35477In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-35477
CVE-2021-34556In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-34556
CVE-2021-38114libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-38114
CVE-2021-3566Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3566
CVE-2021-38208net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-38208
CVE-2021-37616Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-37616
CVE-2021-37618Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-37618
CVE-2021-37619Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.5.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-37619
CVE-2021-37620Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-37620
CVE-2021-37621Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-37621
CVE-2021-37622Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-37622
CVE-2021-34335Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-34335
CVE-2021-37615Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-37615
CVE-2021-1112NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1112
CVE-2021-28698long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren't in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starving other domains or causing issues in the hypervisor itself. Note that a domain may map its own grants, i.e. there is no need for multiple domains to be involved here. A pair of "cooperating" guests may, however, cause the effects to be more severe.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-28698
CVE-2021-28699inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of requests has to occur because the interface structure layouts commonly differ between 32- and 64-bit. The translation of the request to obtain the frame numbers of the grant status table involves translating the resulting array of frame numbers. Since the space used to carry out the translation is limited, the translation layer tells the core function the capacity of the array within translation space. Unfortunately the core function then only enforces array bounds to be below 8 times the specified value, and would write past the available space if enough frame numbers needed storing.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-28699
CVE-2021-39257A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-39257
CVE-2021-30723An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30723
CVE-2021-30731This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina. An unprivileged application may be able to capture USB devices.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30731
CVE-2021-30746An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30746
CVE-2021-30750The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3. A malicious application may be able to access the user's recent contacts.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30750
CVE-2021-30751This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass certain Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30751
CVE-2021-30753Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An out-of-bounds read was addressed with improved input validation.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30753
CVE-2021-30756A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30756
CVE-2021-30757This issue was addressed by enabling hardened runtime. This issue is fixed in iMovie 10.2.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30757
CVE-2021-30768A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. A sandboxed process may be able to circumvent sandbox restrictions.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30768
CVE-2021-30769A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30769
CVE-2021-30770A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30770
CVE-2021-30773An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious application may be able to bypass code signing checks.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30773
CVE-2021-30776A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Playing a malicious audio file may lead to an unexpected application termination.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30776
CVE-2021-30778This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30778
CVE-2021-30782This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to access restricted files.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30782
CVE-2021-30791An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted file may disclose user information.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30791
CVE-2021-1739A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1739
CVE-2021-1740A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1740
CVE-2021-1807A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1807
CVE-2021-1810A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1810
CVE-2021-1815A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1815
CVE-2021-1822A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1822
CVE-2021-1830An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1830
CVE-2021-1831The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1831
CVE-2021-1832Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logic.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1832
CVE-2021-1836A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1836
CVE-2021-1846Processing a maliciously crafted audio file may disclose restricted memory. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds read was addressed with improved input validation.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1846
CVE-2021-1848The issue was addressed with improved UI handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to view sensitive information in the app switcher.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1848
CVE-2021-1852An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1852
CVE-2021-1877An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1877
CVE-2021-1883This issue was addressed with improved checks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted server messages may lead to heap corruption.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1883
CVE-2021-30654This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30654
CVE-2021-30656An access issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to determine kernel memory layout.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30656
CVE-2021-30657A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30657
CVE-2021-30658This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30658
CVE-2021-30669A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may bypass Gatekeeper checks.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30669
CVE-2021-30673An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to access a user's call history.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30673
CVE-2021-30674This issue was addressed with improved checks. This issue is fixed in iOS 14.6 and iPadOS 14.6. A malicious application may disclose restricted memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30674
CVE-2021-30682A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30682
CVE-2021-30685This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Parsing a maliciously crafted audio file may lead to disclosure of user information.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30685
CVE-2021-30686An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted audio file may disclose restricted memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30686
CVE-2021-30687An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user information.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30687
CVE-2021-30691An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30691
CVE-2021-30692An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30692
CVE-2021-30694An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30694
CVE-2021-30695An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30695
CVE-2021-30697A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak sensitive user information.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30697
CVE-2021-30700This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to disclosure of user information.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30700
CVE-2021-30705This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted ASTC file may disclose memory contents.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30705
CVE-2021-30706Processing a maliciously crafted image may lead to disclosure of user information. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. This issue was addressed with improved checks.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30706
CVE-2021-30709This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30709
CVE-2021-34771A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by running a specific command. A successful exploit could allow the attacker to view sensitive configuration information that their privileges might not otherwise allow them to access.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-34771
CVE-2021-1935Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1935
CVE-2021-30294Potential null pointer dereference in KGSL GPU auxiliary command due to improper validation of user input in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30294
CVE-2019-16562Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptions.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-16562
CVE-2021-32106In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. As a result, arbitrary Javascript code can get executed.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-32106
CVE-2021-27658exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-27658
CVE-2021-31813Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-31813
CVE-2021-36563The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts), the XSS payload will be triggered when the user accesses some specific sections of the application. In the same sense a very dangerous potential way would be when an attacker who has the monitor role (not administrator) manages to get a stored XSS to steal the secretAutomation (for the use of the API in administrator mode) and thus be able to create another administrator user who has high privileges on the CheckMK monitoring web console. Another way is that persistent XSS allows an attacker to modify the displayed content or change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-36563
CVE-2021-24473The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles).5.4https://nvd.nist.gov/vuln/detail/CVE-2021-24473
CVE-2021-38152index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-38152
CVE-2021-35948Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-35948
CVE-2021-30667A logic issue was addressed with improved validation. This issue is fixed in iOS 14.6 and iPadOS 14.6. An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-30667
CVE-2021-3052A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.20; PAN-OS 9.0 versions earlier than 9.0.14; PAN-OS 9.1 versions earlier than 9.1.10; PAN-OS 10.0 versions earlier than 10.0.2. This issue does not affect Prisma Access.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-3052
CVE-2021-31274In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-31274
CVE-2021-36870Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &polyname #2, &polyname, &address.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-36870
CVE-2021-36871Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-36871
CVE-2021-34650The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-34650
CVE-2016-0747The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.5.3https://nvd.nist.gov/vuln/detail/CVE-2016-0747
CVE-2019-20372NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-20372
CVE-2020-3307A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send incorrect information to the system log on the affected system.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-3307
CVE-2020-3244A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-3244
CVE-2020-15190In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-15190
CVE-2020-15191In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-15191
CVE-2020-15204In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-15204
CVE-2020-13956Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-13956
CVE-2020-5147SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-5147
CVE-2020-27223In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-27223
CVE-2021-30048Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-30048
CVE-2019-17567Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-17567
CVE-2021-30641Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'5.3https://nvd.nist.gov/vuln/detail/CVE-2021-30641
CVE-2021-24374The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-24374
CVE-2021-24379The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side5.3https://nvd.nist.gov/vuln/detail/CVE-2021-24379
CVE-2021-35525PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless."5.3https://nvd.nist.gov/vuln/detail/CVE-2021-35525
CVE-2021-32515Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-32515
CVE-2021-32528Observable behavioral discrepancy vulnerability in QSAN Storage Manager allows remote attackers to obtain the system information without permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-32528
CVE-2021-22918Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().5.3https://nvd.nist.gov/vuln/detail/CVE-2021-22918
CVE-2021-32678Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. No workarounds aside from upgrading are known to exist.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-32678
CVE-2021-33037Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-33037
CVE-2021-32703Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-32703
CVE-2021-34429For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-34429
CVE-2021-22923When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-22923
CVE-2021-22925curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-22925
CVE-2021-3642A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-3642
CVE-2021-38165Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-38165
CVE-2021-22939If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-22939
CVE-2021-34434In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-34434
CVE-2021-28559Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global variables and objects.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-28559
CVE-2021-1837A certificate validation issue was addressed. This issue is fixed in iOS 14.5 and iPadOS 14.5. An attacker in a privileged network position may be able to alter network traffic.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-1837
CVE-2021-36215LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-36215
CVE-2021-38725Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php5.3https://nvd.nist.gov/vuln/detail/CVE-2021-38725
CVE-2021-39189Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-39189
CVE-2021-39211GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-39211
CVE-2021-39327The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-39327
CVE-2021-1865An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen.5https://nvd.nist.gov/vuln/detail/CVE-2021-1865
CVE-2020-3242A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to obtain the API key of another user, which would allow the attacker to impersonate the account of that user on the affected device. To exploit this vulnerability, the attacker must have administrative privileges on the device.4.9https://nvd.nist.gov/vuln/detail/CVE-2020-3242
CVE-2021-33203Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-33203
CVE-2021-24119In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-24119
CVE-2021-28700xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-28700
CVE-2021-27022A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).4.9https://nvd.nist.gov/vuln/detail/CVE-2021-27022
CVE-2021-34786Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-34786
CVE-2020-15211In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.4.8https://nvd.nist.gov/vuln/detail/CVE-2020-15211
CVE-2020-24723Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1.4.8https://nvd.nist.gov/vuln/detail/CVE-2020-24723
CVE-2021-33515The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.4.8https://nvd.nist.gov/vuln/detail/CVE-2021-33515
CVE-2020-3206A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerability exists because the affected software does not properly validate 802.11w disassociation and deauthentication PMFs that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PMF from a valid, authenticated client on a network adjacent to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device.4.7https://nvd.nist.gov/vuln/detail/CVE-2020-3206
CVE-2020-4885IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909.4.7https://nvd.nist.gov/vuln/detail/CVE-2020-4885
CVE-2021-34557XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.4.6https://nvd.nist.gov/vuln/detail/CVE-2021-34557
CVE-2021-1835This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to access notes from the lock screen.4.6https://nvd.nist.gov/vuln/detail/CVE-2021-1835
CVE-2021-30668This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A person with physical access to a Mac may be able to bypass Login Window during a software update.4.6https://nvd.nist.gov/vuln/detail/CVE-2021-30668
CVE-2021-30699A window management issue was addressed with improved state management. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be able to view restricted content from the lockscreen.4.6https://nvd.nist.gov/vuln/detail/CVE-2021-30699
CVE-2021-30702A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A person with physical access to a Mac may be able to bypass Login Window.4.6https://nvd.nist.gov/vuln/detail/CVE-2021-30702
CVE-2021-1114NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, where use after free may lead to complete denial of service.4.4https://nvd.nist.gov/vuln/detail/CVE-2021-1114
CVE-2021-1824This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application with root privileges may be able to access private information.4.4https://nvd.nist.gov/vuln/detail/CVE-2021-1824
CVE-2020-6797By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6797
CVE-2020-15192In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failures is not properly checked. Since each of the above methods can return an error status, the `status` value must be checked before continuing. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-15192
CVE-2021-22769A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-22769
CVE-2021-29959When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-29959
CVE-2021-29960Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-29960
CVE-2021-29961When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-29961
CVE-2020-28200The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-28200
CVE-2021-32510QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-32510
CVE-2021-32511QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary directories via the file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-32511
CVE-2021-2369Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2021-2369
CVE-2021-30587Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-30587
CVE-2021-30589Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-30589
CVE-2021-32587An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-32587
CVE-2021-30596Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-30596
CVE-2021-34765A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit could allow the attacker to download sensitive files that should be restricted, which could result in disclosure of sensitive information.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-34765
CVE-2021-28557Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to leak sensitive system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-28557
CVE-2020-27940This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-27940
CVE-2021-1854A call termination issue with was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A legacy cellular network can automatically answer an incoming call when an ongoing call ends or drops. .4.3https://nvd.nist.gov/vuln/detail/CVE-2021-1854
CVE-2021-1861An issue existed in determining cache occupancy. The issue was addressed through improved logic. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to track users by setting state in a cache.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-1861
CVE-2021-1872A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. Muting a CallKit call while ringing may not result in mute being enabled.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-1872
CVE-2021-30718This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A non-privileged user may be able to modify restricted settings.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-30718
CVE-2021-33981An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing licenses.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-33981
CVE-2021-3049An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-3049
CVE-2021-22239An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-22239
CVE-2021-39208SharpCompress is a fully managed C# library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to prevent extraction outside the destination directory the destinationFileName path is verified to begin with fullDestinationDirectoryPath. However, prior to version 0.29.0, it is not enforced that fullDestinationDirectoryPath ends with slash. If the destinationDirectory is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints the arbitrary file creation impact is limited and depends on the use case. This issue is fixed in SharpCompress version 0.29.0.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-39208
CVE-2021-34395Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service.4.2https://nvd.nist.gov/vuln/detail/CVE-2021-34395
CVE-2021-3592An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.3.8https://nvd.nist.gov/vuln/detail/CVE-2021-3592
CVE-2021-3593An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.3.8https://nvd.nist.gov/vuln/detail/CVE-2021-3593
CVE-2021-3594An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.3.8https://nvd.nist.gov/vuln/detail/CVE-2021-3594
CVE-2021-3595An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.3.8https://nvd.nist.gov/vuln/detail/CVE-2021-3595
CVE-2021-34428For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.3.5https://nvd.nist.gov/vuln/detail/CVE-2021-34428
CVE-2021-1111Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and information disclosure across all components.3.5https://nvd.nist.gov/vuln/detail/CVE-2021-1111
CVE-2020-24426Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.3.3https://nvd.nist.gov/vuln/detail/CVE-2020-24426
CVE-2020-24434Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.3.3https://nvd.nist.gov/vuln/detail/CVE-2020-24434
CVE-2021-32680Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-32680
CVE-2021-3655A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-3655
CVE-2021-33738A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405)3.3https://nvd.nist.gov/vuln/detail/CVE-2021-33738
CVE-2021-36016Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to read arbitrary file system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-36016
CVE-2021-30803A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access a user’s recent Contacts.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-30803
CVE-2021-30804A permissions issue was addressed with improved validation. This issue is fixed in iOS 14.7. A malicious application may be able to access Find My data.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-30804
CVE-2021-30671A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to send unauthorized Apple events to Finder.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-30671
CVE-2021-22898curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.3.1https://nvd.nist.gov/vuln/detail/CVE-2021-22898
CVE-2021-2341Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).3.1https://nvd.nist.gov/vuln/detail/CVE-2021-2341
CVE-2020-24439Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update process.2.8https://nvd.nist.gov/vuln/detail/CVE-2020-24439
CVE-2021-28163In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.2.7https://nvd.nist.gov/vuln/detail/CVE-2021-28163
CVE-2021-40537Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation.2.7https://nvd.nist.gov/vuln/detail/CVE-2021-40537
CVE-2021-29473Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. Please see our security policy for information about Exiv2 security.2.5https://nvd.nist.gov/vuln/detail/CVE-2021-29473
CVE-2021-1862Description: A person with physical access may be able to access contacts. This issue is fixed in iOS 14.5 and iPadOS 14.5. Impact: An issue with Siri search access to information was addressed with improved logic.2.4https://nvd.nist.gov/vuln/detail/CVE-2021-1862
CVE-2021-1863An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone number.2.4https://nvd.nist.gov/vuln/detail/CVE-2021-1863
CVE-2011-2516Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2011-2516
CVE-2013-0021Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability."https://nvd.nist.gov/vuln/detail/CVE-2013-0021
CVE-2013-2153The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue."https://nvd.nist.gov/vuln/detail/CVE-2013-2153
CVE-2013-2154Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function.https://nvd.nist.gov/vuln/detail/CVE-2013-2154
CVE-2013-2155Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions.https://nvd.nist.gov/vuln/detail/CVE-2013-2155
CVE-2013-2156Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute.https://nvd.nist.gov/vuln/detail/CVE-2013-2156
CVE-2013-2172jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."https://nvd.nist.gov/vuln/detail/CVE-2013-2172
CVE-2013-2210Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154.https://nvd.nist.gov/vuln/detail/CVE-2013-2210
CVE-2013-4517Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.https://nvd.nist.gov/vuln/detail/CVE-2013-4517
CVE-2013-0340expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.https://nvd.nist.gov/vuln/detail/CVE-2013-0340
CVE-2014-4611Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.https://nvd.nist.gov/vuln/detail/CVE-2014-4611
CVE-2014-8152Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.https://nvd.nist.gov/vuln/detail/CVE-2014-8152
CVE-2021-33549Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-33549
CVE-2021-25665A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2021.2.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13700)https://nvd.nist.gov/vuln/detail/CVE-2021-25665
CVE-2021-37176A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). The femap.exe application lacks proper validation of user-supplied data when parsing modfem files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14260)https://nvd.nist.gov/vuln/detail/CVE-2021-37176
CVE-2021-23031On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.https://nvd.nist.gov/vuln/detail/CVE-2021-23031
CVE-2021-23036On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.https://nvd.nist.gov/vuln/detail/CVE-2021-23036
CVE-2021-23025On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.https://nvd.nist.gov/vuln/detail/CVE-2021-23025
CVE-2021-23028On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.https://nvd.nist.gov/vuln/detail/CVE-2021-23028
CVE-2021-23030On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.https://nvd.nist.gov/vuln/detail/CVE-2021-23030
CVE-2021-23026BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.https://nvd.nist.gov/vuln/detail/CVE-2021-23026
CVE-2021-23027On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.https://nvd.nist.gov/vuln/detail/CVE-2021-23027
CVE-2021-23029On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.https://nvd.nist.gov/vuln/detail/CVE-2021-23029
CVE-2021-3706adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flaghttps://nvd.nist.gov/vuln/detail/CVE-2021-3706
CVE-2021-3751libmobi is vulnerable to Out-of-bounds Writehttps://nvd.nist.gov/vuln/detail/CVE-2021-3751
CVE-2021-3777nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexityhttps://nvd.nist.gov/vuln/detail/CVE-2021-3777
CVE-2021-3778vim is vulnerable to Heap-based Buffer Overflowhttps://nvd.nist.gov/vuln/detail/CVE-2021-3778
CVE-2020-35340A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read.https://nvd.nist.gov/vuln/detail/CVE-2020-35340
CVE-2021-22147Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.https://nvd.nist.gov/vuln/detail/CVE-2021-22147
CVE-2021-22148Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.https://nvd.nist.gov/vuln/detail/CVE-2021-22148
CVE-2021-22149Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.https://nvd.nist.gov/vuln/detail/CVE-2021-22149
CVE-2021-26434Visual Studio Elevation of Privilege Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-26434
CVE-2021-26435Windows Scripting Engine Memory Corruption Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-26435
CVE-2021-26437Visual Studio Code Spoofing Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-26437
CVE-2021-36952Visual Studio Remote Code Execution Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-36952
CVE-2021-36954Windows Bind Filter Driver Elevation of Privilege Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-36954
CVE-2021-36955Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36963, CVE-2021-38633.https://nvd.nist.gov/vuln/detail/CVE-2021-36955
CVE-2021-36956Azure Sphere Information Disclosure Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-36956
CVE-2021-36959Windows Authenticode Spoofing Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-36959
CVE-2021-36960Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36972.https://nvd.nist.gov/vuln/detail/CVE-2021-36960
CVE-2021-36961Windows Installer Denial of Service Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-36961
CVE-2021-36962Windows Installer Information Disclosure Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-36962
CVE-2021-36963Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-38633.https://nvd.nist.gov/vuln/detail/CVE-2021-36963
CVE-2021-36964Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38630.https://nvd.nist.gov/vuln/detail/CVE-2021-36964
CVE-2021-36965Windows WLAN AutoConfig Service Remote Code Execution Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-36965
CVE-2021-36966Windows Subsystem for Linux Elevation of Privilege Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-36966
CVE-2021-36967Windows WLAN AutoConfig Service Elevation of Privilege Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-36967
CVE-2021-36968Windows DNS Elevation of Privilege Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-36968
CVE-2021-36969Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38635, CVE-2021-38636.https://nvd.nist.gov/vuln/detail/CVE-2021-36969
CVE-2021-36972Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36960.https://nvd.nist.gov/vuln/detail/CVE-2021-36972
CVE-2021-36973Windows Redirected Drive Buffering System Elevation of Privilege Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-36973
CVE-2021-36974Windows SMB Elevation of Privilege Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-36974
CVE-2021-36975Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639.https://nvd.nist.gov/vuln/detail/CVE-2021-36975
CVE-2021-38624Windows Key Storage Provider Security Feature Bypass Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-38624
CVE-2021-38625Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38626.https://nvd.nist.gov/vuln/detail/CVE-2021-38625
CVE-2021-38626Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38625.https://nvd.nist.gov/vuln/detail/CVE-2021-38626
CVE-2021-38628Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38638.https://nvd.nist.gov/vuln/detail/CVE-2021-38628
CVE-2021-38629Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-38629
CVE-2021-38630Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36964.https://nvd.nist.gov/vuln/detail/CVE-2021-38630
CVE-2021-38632BitLocker Security Feature Bypass Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-38632
CVE-2021-38633Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-36963.https://nvd.nist.gov/vuln/detail/CVE-2021-38633
CVE-2021-38634Microsoft Windows Update Client Elevation of Privilege Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-38634
CVE-2021-38635Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36969, CVE-2021-38636.https://nvd.nist.gov/vuln/detail/CVE-2021-38635
CVE-2021-38636Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36969, CVE-2021-38635.https://nvd.nist.gov/vuln/detail/CVE-2021-38636
CVE-2021-38637Windows Storage Information Disclosure Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-38637
CVE-2021-38638Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38628.https://nvd.nist.gov/vuln/detail/CVE-2021-38638
CVE-2021-38639Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975.https://nvd.nist.gov/vuln/detail/CVE-2021-38639
CVE-2021-38644Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-38644
CVE-2021-38645Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38648, CVE-2021-38649.https://nvd.nist.gov/vuln/detail/CVE-2021-38645
CVE-2021-38646Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-38646
CVE-2021-38647Open Management Infrastructure Remote Code Execution Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-38647
CVE-2021-38648Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38649.https://nvd.nist.gov/vuln/detail/CVE-2021-38648
CVE-2021-38649Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38648.https://nvd.nist.gov/vuln/detail/CVE-2021-38649
CVE-2021-38650Microsoft Office Spoofing Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-38650
CVE-2021-38651Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-38652.https://nvd.nist.gov/vuln/detail/CVE-2021-38651
CVE-2021-38652Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-38651.https://nvd.nist.gov/vuln/detail/CVE-2021-38652
CVE-2021-38653Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38654.https://nvd.nist.gov/vuln/detail/CVE-2021-38653
CVE-2021-38654Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38653.https://nvd.nist.gov/vuln/detail/CVE-2021-38654
CVE-2021-38655Microsoft Excel Remote Code Execution Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-38655
CVE-2021-38656Microsoft Word Remote Code Execution Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-38656
CVE-2021-38657Microsoft Office Graphics Component Information Disclosure Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-38657
CVE-2021-38658Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38660.https://nvd.nist.gov/vuln/detail/CVE-2021-38658
CVE-2021-38659Microsoft Office Remote Code Execution Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-38659
CVE-2021-38660Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38658.https://nvd.nist.gov/vuln/detail/CVE-2021-38660
CVE-2021-38661HEVC Video Extensions Remote Code Execution Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-38661
CVE-2021-38667Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38671, CVE-2021-40447.https://nvd.nist.gov/vuln/detail/CVE-2021-38667
CVE-2021-38669Microsoft Edge (Chromium-based) Tampering Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-38669
CVE-2021-38671Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-40447.https://nvd.nist.gov/vuln/detail/CVE-2021-38671
CVE-2021-3780peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')https://nvd.nist.gov/vuln/detail/CVE-2021-3780
CVE-2021-3783yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')https://nvd.nist.gov/vuln/detail/CVE-2021-3783
CVE-2021-3785yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')https://nvd.nist.gov/vuln/detail/CVE-2021-3785
CVE-2021-40440Microsoft Dynamics Business Central Cross-site Scripting Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-40440
CVE-2021-40444Microsoft MSHTML Remote Code Execution Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-40444
CVE-2021-40447Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-38671.https://nvd.nist.gov/vuln/detail/CVE-2021-40447
CVE-2021-40448Microsoft Accessibility Insights for Android Information Disclosure Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-40448
CVE-2021-41061In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows attackers to break encryption by triggering reboots.https://nvd.nist.gov/vuln/detail/CVE-2021-41061
CVE-2020-3960VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory.https://nvd.nist.gov/vuln/detail/CVE-2020-3960
CVE-2021-27662The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01https://nvd.nist.gov/vuln/detail/CVE-2021-27662
CVE-2021-30137Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points.https://nvd.nist.gov/vuln/detail/CVE-2021-30137
CVE-2021-39307PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.https://nvd.nist.gov/vuln/detail/CVE-2021-39307
CVE-2021-3794vuelidate is vulnerable to Inefficient Regular Expression Complexityhttps://nvd.nist.gov/vuln/detail/CVE-2021-3794
CVE-2021-3796vim is vulnerable to Use After Freehttps://nvd.nist.gov/vuln/detail/CVE-2021-3796
CVE-2021-3797hestiacp is vulnerable to Use of Wrong Operator in String Comparisonhttps://nvd.nist.gov/vuln/detail/CVE-2021-3797
CVE-2021-3801prism is vulnerable to Inefficient Regular Expression Complexityhttps://nvd.nist.gov/vuln/detail/CVE-2021-3801
CVE-2021-40845The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.https://nvd.nist.gov/vuln/detail/CVE-2021-40845
CVE-2020-19146Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.https://nvd.nist.gov/vuln/detail/CVE-2020-19146
CVE-2020-19147Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'.https://nvd.nist.gov/vuln/detail/CVE-2020-19147
CVE-2020-19148Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.https://nvd.nist.gov/vuln/detail/CVE-2020-19148
CVE-2020-19150Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'.https://nvd.nist.gov/vuln/detail/CVE-2020-19150
CVE-2020-19151Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.https://nvd.nist.gov/vuln/detail/CVE-2020-19151
CVE-2020-19154Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.https://nvd.nist.gov/vuln/detail/CVE-2020-19154
CVE-2020-19155Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'.https://nvd.nist.gov/vuln/detail/CVE-2020-19155
CVE-2020-19156Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.https://nvd.nist.gov/vuln/detail/CVE-2020-19156
CVE-2020-19157Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'.https://nvd.nist.gov/vuln/detail/CVE-2020-19157
CVE-2020-19158Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.https://nvd.nist.gov/vuln/detail/CVE-2020-19158
CVE-2020-19159Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'.https://nvd.nist.gov/vuln/detail/CVE-2020-19159
CVE-2021-21798An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21798
CVE-2021-38156In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.https://nvd.nist.gov/vuln/detail/CVE-2021-38156
CVE-2021-27044A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2021-27044
CVE-2021-40157A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system.https://nvd.nist.gov/vuln/detail/CVE-2021-40157
CVE-2021-39209GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading.https://nvd.nist.gov/vuln/detail/CVE-2021-39209
CVE-2020-21121Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file.https://nvd.nist.gov/vuln/detail/CVE-2020-21121
CVE-2020-21122UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.https://nvd.nist.gov/vuln/detail/CVE-2020-21122
CVE-2020-21124UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.https://nvd.nist.gov/vuln/detail/CVE-2020-21124
CVE-2020-21125An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2020-21125
CVE-2020-21126MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.https://nvd.nist.gov/vuln/detail/CVE-2020-21126
CVE-2020-21127MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.https://nvd.nist.gov/vuln/detail/CVE-2020-21127
CVE-2021-27045A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-27045
CVE-2021-27046A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files.https://nvd.nist.gov/vuln/detail/CVE-2021-27046
CVE-2021-37412The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar.https://nvd.nist.gov/vuln/detail/CVE-2021-37412
CVE-2021-39392The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.https://nvd.nist.gov/vuln/detail/CVE-2021-39392
CVE-2021-3795semver-regex is vulnerable to Inefficient Regular Expression Complexityhttps://nvd.nist.gov/vuln/detail/CVE-2021-3795
CVE-2021-40155A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-40155
CVE-2021-40156A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-40156
CVE-2021-40238A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the "Error Log" page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the "Cron Jobs" functionality of Webuzo.https://nvd.nist.gov/vuln/detail/CVE-2021-40238
CVE-2021-20433IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345.https://nvd.nist.gov/vuln/detail/CVE-2021-20433
CVE-2021-28901Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the (1) NOM_CLI , (2) ADRESSE , (3) ADRESSE2, (4) LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the (5) nom_liste parameter to /eshop/products/json/addCustomerFavorite.https://nvd.nist.gov/vuln/detail/CVE-2021-28901
CVE-2021-29750IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201778.https://nvd.nist.gov/vuln/detail/CVE-2021-29750
CVE-2021-29773IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865.https://nvd.nist.gov/vuln/detail/CVE-2021-29773
CVE-2021-40964A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.https://nvd.nist.gov/vuln/detail/CVE-2021-40964
CVE-2021-40965A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.https://nvd.nist.gov/vuln/detail/CVE-2021-40965
CVE-2021-40966A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server.https://nvd.nist.gov/vuln/detail/CVE-2021-40966
CVE-2021-33690Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries. Due to this, the threat actor could completely compromise sensitive data residing on the Server and impact its availability.Note: The impact of this vulnerability depends on whether SAP NetWeaver Development Infrastructure (NWDI) runs on the intranet or internet. The CVSS score reflects the impact considering the worst-case scenario that it runs on the internet.https://nvd.nist.gov/vuln/detail/CVE-2021-33690
CVE-2021-33691NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to a victim. If the victim has an active session when the crafted script gets executed, the threat actor could compromise information in victims session, and gain access to some sensitive information also.https://nvd.nist.gov/vuln/detail/CVE-2021-33691
CVE-2021-33692SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories.https://nvd.nist.gov/vuln/detail/CVE-2021-33692
CVE-2021-33693SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution.https://nvd.nist.gov/vuln/detail/CVE-2021-33693
CVE-2021-33694SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2021-33694
CVE-2021-33695Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate.https://nvd.nist.gov/vuln/detail/CVE-2021-33695
CVE-2021-33696SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site.https://nvd.nist.gov/vuln/detail/CVE-2021-33696
CVE-2021-33697Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2021-33697
CVE-2021-33698SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation.https://nvd.nist.gov/vuln/detail/CVE-2021-33698
CVE-2021-33700SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application.https://nvd.nist.gov/vuln/detail/CVE-2021-33700
CVE-2021-33701DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability.https://nvd.nist.gov/vuln/detail/CVE-2021-33701
CVE-2021-33704The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users.https://nvd.nist.gov/vuln/detail/CVE-2021-33704
CVE-2021-33705The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g. POST, GET) to any internal or external server. This can result in the accessing or modification of data accessible from the Portal but will not affect its availability.https://nvd.nist.gov/vuln/detail/CVE-2021-33705
CVE-2021-37912The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.https://nvd.nist.gov/vuln/detail/CVE-2021-37912
CVE-2021-40862HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1.https://nvd.nist.gov/vuln/detail/CVE-2021-40862
CVE-2016-20012OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session.https://nvd.nist.gov/vuln/detail/CVE-2016-20012
CVE-2020-21321emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.https://nvd.nist.gov/vuln/detail/CVE-2020-21321
CVE-2020-21322An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file.https://nvd.nist.gov/vuln/detail/CVE-2020-21322
CVE-2020-21480An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file.https://nvd.nist.gov/vuln/detail/CVE-2020-21480
CVE-2020-21481An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file.https://nvd.nist.gov/vuln/detail/CVE-2020-21481
CVE-2020-21482A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attackers to obtain the administrator's cookie via a crafted payload in the Name field under the Message Board modulehttps://nvd.nist.gov/vuln/detail/CVE-2020-21482
CVE-2020-21483An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.https://nvd.nist.gov/vuln/detail/CVE-2020-21483
CVE-2021-33044The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.https://nvd.nist.gov/vuln/detail/CVE-2021-33044
CVE-2021-33045The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.https://nvd.nist.gov/vuln/detail/CVE-2021-33045
CVE-2021-40639Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.https://nvd.nist.gov/vuln/detail/CVE-2021-40639
CVE-2021-40881An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-40881
CVE-2021-39128Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.https://nvd.nist.gov/vuln/detail/CVE-2021-39128
CVE-2020-14109There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12https://nvd.nist.gov/vuln/detail/CVE-2020-14109
CVE-2020-14130Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809https://nvd.nist.gov/vuln/detail/CVE-2020-14130
CVE-2021-40066The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v11.76 and Mobility v12.14.https://nvd.nist.gov/vuln/detail/CVE-2021-40066
CVE-2021-40067The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v12.14.https://nvd.nist.gov/vuln/detail/CVE-2021-40067
CVE-2020-14119There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12https://nvd.nist.gov/vuln/detail/CVE-2020-14119
CVE-2020-14124There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12.https://nvd.nist.gov/vuln/detail/CVE-2020-14124
CVE-2021-34571Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM.https://nvd.nist.gov/vuln/detail/CVE-2021-34571
CVE-2021-34572Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data.https://nvd.nist.gov/vuln/detail/CVE-2021-34572
CVE-2021-34573In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events.https://nvd.nist.gov/vuln/detail/CVE-2021-34573
CVE-2021-34576In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties.https://nvd.nist.gov/vuln/detail/CVE-2021-34576
CVE-2021-27340OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-27340
CVE-2021-27341OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-27341
CVE-2021-34798Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.https://nvd.nist.gov/vuln/detail/CVE-2021-34798
CVE-2021-36160A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).https://nvd.nist.gov/vuln/detail/CVE-2021-36160
CVE-2021-39239A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.https://nvd.nist.gov/vuln/detail/CVE-2021-39239
CVE-2021-39275ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.https://nvd.nist.gov/vuln/detail/CVE-2021-39275
CVE-2021-40438A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.https://nvd.nist.gov/vuln/detail/CVE-2021-40438
CVE-2021-41079Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2021-41079
CVE-2021-29752IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.https://nvd.nist.gov/vuln/detail/CVE-2021-29752
CVE-2021-29763IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.https://nvd.nist.gov/vuln/detail/CVE-2021-29763
CVE-2021-29825IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.https://nvd.nist.gov/vuln/detail/CVE-2021-29825
CVE-2021-29842IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.https://nvd.nist.gov/vuln/detail/CVE-2021-29842
CVE-2021-40669SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.https://nvd.nist.gov/vuln/detail/CVE-2021-40669
CVE-2021-40670SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.https://nvd.nist.gov/vuln/detail/CVE-2021-40670
CVE-2020-21529fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.https://nvd.nist.gov/vuln/detail/CVE-2020-21529
CVE-2020-21530fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.https://nvd.nist.gov/vuln/detail/CVE-2020-21530
CVE-2020-21531fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.https://nvd.nist.gov/vuln/detail/CVE-2020-21531
CVE-2020-21532fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.https://nvd.nist.gov/vuln/detail/CVE-2020-21532
CVE-2020-21533fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.https://nvd.nist.gov/vuln/detail/CVE-2020-21533
CVE-2020-21534fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.https://nvd.nist.gov/vuln/detail/CVE-2020-21534
CVE-2020-21535fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.https://nvd.nist.gov/vuln/detail/CVE-2020-21535
CVE-2020-21594libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.https://nvd.nist.gov/vuln/detail/CVE-2020-21594
CVE-2020-21595libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.https://nvd.nist.gov/vuln/detail/CVE-2020-21595
CVE-2020-21596libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.https://nvd.nist.gov/vuln/detail/CVE-2020-21596
CVE-2020-21597libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.https://nvd.nist.gov/vuln/detail/CVE-2020-21597
CVE-2020-21598libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.https://nvd.nist.gov/vuln/detail/CVE-2020-21598
CVE-2020-21599libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.https://nvd.nist.gov/vuln/detail/CVE-2020-21599
CVE-2020-21600libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.https://nvd.nist.gov/vuln/detail/CVE-2020-21600
CVE-2020-21601libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.https://nvd.nist.gov/vuln/detail/CVE-2020-21601
CVE-2020-21602libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.https://nvd.nist.gov/vuln/detail/CVE-2020-21602
CVE-2020-21603libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.https://nvd.nist.gov/vuln/detail/CVE-2020-21603
CVE-2020-21604libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.https://nvd.nist.gov/vuln/detail/CVE-2020-21604
CVE-2020-21605libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.https://nvd.nist.gov/vuln/detail/CVE-2020-21605
CVE-2020-21606libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.https://nvd.nist.gov/vuln/detail/CVE-2020-21606
CVE-2021-41314Certain NETGEAR smart switches are affected by a \\n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or overwrite) a file with specific content (e.g., the "2" string). This leads to admin session crafting and therefore gaining full web UI admin privileges by an unauthenticated attacker. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.https://nvd.nist.gov/vuln/detail/CVE-2021-41314
CVE-2021-20790Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2021-20790
CVE-2021-20791Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2021-20791
CVE-2021-20825Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2021-20825
CVE-2021-20828Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote attacker to inject an arbitrary script via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2021-20828
CVE-2021-3805object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')https://nvd.nist.gov/vuln/detail/CVE-2021-3805
CVE-2021-3803nth-check is vulnerable to Inefficient Regular Expression Complexityhttps://nvd.nist.gov/vuln/detail/CVE-2021-3803
CVE-2021-3804taro is vulnerable to Inefficient Regular Expression Complexityhttps://nvd.nist.gov/vuln/detail/CVE-2021-3804
CVE-2021-3807ansi-regex is vulnerable to Inefficient Regular Expression Complexityhttps://nvd.nist.gov/vuln/detail/CVE-2021-3807
CVE-2021-3810code-server is vulnerable to Inefficient Regular Expression Complexityhttps://nvd.nist.gov/vuln/detail/CVE-2021-3810
CVE-2021-3811adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')https://nvd.nist.gov/vuln/detail/CVE-2021-3811
CVE-2021-3812adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')https://nvd.nist.gov/vuln/detail/CVE-2021-3812
CVE-2021-41303Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.https://nvd.nist.gov/vuln/detail/CVE-2021-41303
CVE-2021-23442This affects all versions of package @cookiex/deep. The global proto object can be polluted using the __proto__ object.https://nvd.nist.gov/vuln/detail/CVE-2021-23442
CVE-2021-31842XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.https://nvd.nist.gov/vuln/detail/CVE-2021-31842
CVE-2021-31843Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location.https://nvd.nist.gov/vuln/detail/CVE-2021-31843
CVE-2021-31844A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.https://nvd.nist.gov/vuln/detail/CVE-2021-31844
CVE-2021-31845A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.https://nvd.nist.gov/vuln/detail/CVE-2021-31845
CVE-2021-41315The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-41315
CVE-2021-41316The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector.https://nvd.nist.gov/vuln/detail/CVE-2021-41316
CVE-2019-9060An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1).https://nvd.nist.gov/vuln/detail/CVE-2019-9060
CVE-2021-38304Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access.https://nvd.nist.gov/vuln/detail/CVE-2021-38304
CVE-2021-41317XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths.https://nvd.nist.gov/vuln/detail/CVE-2021-41317
CVE-2021-40825nLight ECLYPSE (nECY) system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of an affected device. nECY system controllers utilize an encrypted channel to secure SensorViewTM configuration and monitoring software and nECY to nECY communications. Impacted devices are at risk of exploitation. A remote attacker with IP access to an impacted device could submit lighting control commands to the nECY by leveraging the default key. A successful attack may result in the attacker gaining the ability to modify lighting conditions or gain the ability to update the software on lighting devices. The impacted key is referred to as the SensorView Password in the nECY nLight Explorer Interface and the Gateway Password in the SensorView application. An attacker cannot authenticate to or modify the configuration or software of the nECY system controller.https://nvd.nist.gov/vuln/detail/CVE-2021-40825
CVE-2020-12080A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash.https://nvd.nist.gov/vuln/detail/CVE-2020-12080
CVE-2020-12082A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).https://nvd.nist.gov/vuln/detail/CVE-2020-12082
CVE-2020-12083An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).https://nvd.nist.gov/vuln/detail/CVE-2020-12083
CVE-2021-41326In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.https://nvd.nist.gov/vuln/detail/CVE-2021-41326
CVE-2021-38402Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2021-38402
CVE-2021-38404Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2021-38404
CVE-2021-38406Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2021-38406
CVE-2021-38412Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in.https://nvd.nist.gov/vuln/detail/CVE-2021-38412
CVE-2021-39216Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple `externref`s from the host to a Wasm instance at the same time, either by passing multiple `externref`s as arguments from host code to a Wasm function, or returning multiple `externref`s to Wasm from a multi-value return function defined in the host. If you do not have host code that matches one of these shapes, then you are not impacted. If Wasmtime's `VMExternRefActivationsTable` became filled to capacity after passing the first `externref` in, then passing in the second `externref` could trigger a garbage collection. However the first `externref` is not rooted until we pass control to Wasm, and therefore could be reclaimed by the collector if nothing else was holding a reference to it or otherwise keeping it alive. Then, when control was passed to Wasm after the garbage collection, Wasm could use the first `externref`, which at this point has already been freed. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. The bug has been fixed, and users should upgrade to Wasmtime 0.30.0. If you cannot upgrade Wasmtime yet, you can avoid the bug by disabling reference types support in Wasmtime by passing `false` to `wasmtime::Config::wasm_reference_types`.https://nvd.nist.gov/vuln/detail/CVE-2021-39216
CVE-2021-41380RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data.https://nvd.nist.gov/vuln/detail/CVE-2021-41380
CVE-2021-41383setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field.https://nvd.nist.gov/vuln/detail/CVE-2021-41383
CVE-2020-21547Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.https://nvd.nist.gov/vuln/detail/CVE-2020-21547
CVE-2020-21548Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c.https://nvd.nist.gov/vuln/detail/CVE-2020-21548
CVE-2021-41387seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.https://nvd.nist.gov/vuln/detail/CVE-2021-41387
CVE-2021-41390In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.https://nvd.nist.gov/vuln/detail/CVE-2021-41390
CVE-2021-41391In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover.https://nvd.nist.gov/vuln/detail/CVE-2021-41391
CVE-2021-41392static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.https://nvd.nist.gov/vuln/detail/CVE-2021-41392
CVE-2021-3806A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.https://nvd.nist.gov/vuln/detail/CVE-2021-3806
CVE-2021-41393Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.https://nvd.nist.gov/vuln/detail/CVE-2021-41393
CVE-2021-41394Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.https://nvd.nist.gov/vuln/detail/CVE-2021-41394
CVE-2021-41395Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.https://nvd.nist.gov/vuln/detail/CVE-2021-41395
CVE-2021-23441All versions of package com.jsoniter:jsoniter are vulnerable to Deserialization of Untrusted Data via malicious JSON strings. This may lead to a Denial of Service, and in certain cases, code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-23441
CVE-2021-41073loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.https://nvd.nist.gov/vuln/detail/CVE-2021-41073
CVE-2021-40690All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.https://nvd.nist.gov/vuln/detail/CVE-2021-40690
CVE-2021-38300arch/mips/net/bpf_jit.c in the Linux kernel through 5.14.6 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.https://nvd.nist.gov/vuln/detail/CVE-2021-38300
CVE-2021-24396A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin through 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.https://nvd.nist.gov/vuln/detail/CVE-2021-24396
CVE-2021-24397The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.https://nvd.nist.gov/vuln/detail/CVE-2021-24397
CVE-2021-24398The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice.https://nvd.nist.gov/vuln/detail/CVE-2021-24398
CVE-2021-24399The check_order function of The Sorter WordPress plugin through 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.https://nvd.nist.gov/vuln/detail/CVE-2021-24399
CVE-2021-24400The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.https://nvd.nist.gov/vuln/detail/CVE-2021-24400
CVE-2021-24401The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.https://nvd.nist.gov/vuln/detail/CVE-2021-24401
CVE-2021-24402The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributorshttps://nvd.nist.gov/vuln/detail/CVE-2021-24402
CVE-2021-24403The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributorshttps://nvd.nist.gov/vuln/detail/CVE-2021-24403
CVE-2021-24404The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query ran twice.https://nvd.nist.gov/vuln/detail/CVE-2021-24404
CVE-2021-24511The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.https://nvd.nist.gov/vuln/detail/CVE-2021-24511
CVE-2021-24525The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute).https://nvd.nist.gov/vuln/detail/CVE-2021-24525
CVE-2021-24530The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedhttps://nvd.nist.gov/vuln/detail/CVE-2021-24530
CVE-2021-24582The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue.https://nvd.nist.gov/vuln/detail/CVE-2021-24582
CVE-2021-24583The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be performed via CSRF against a logged in with such capabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-24583
CVE-2021-24584The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the edit_posts capability (contributor+) to update arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be perform via CSRF against a logged in with such capability. In versions before 2.3.19, the lack of sanitisation and escaping in some of the fields, like the descritption could also lead to Stored XSS issueshttps://nvd.nist.gov/vuln/detail/CVE-2021-24584
CVE-2021-24585The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address (along other less sensitive data) of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the edit_posts capability. Combined with the other Unauthorised Event Timeslot Modification issue (https://wpscan.com/reports/submissions/4699/) where an arbitrary user ID can be set, this could allow low privilege users with the edit_posts capability (such as author) to retrieve sensitive User data by iterating over the user_idhttps://nvd.nist.gov/vuln/detail/CVE-2021-24585
CVE-2021-24587The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue.https://nvd.nist.gov/vuln/detail/CVE-2021-24587
CVE-2021-24596The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedhttps://nvd.nist.gov/vuln/detail/CVE-2021-24596
CVE-2021-24597The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload usedhttps://nvd.nist.gov/vuln/detail/CVE-2021-24597
CVE-2021-24600The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.https://nvd.nist.gov/vuln/detail/CVE-2021-24600
CVE-2021-24604The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowedhttps://nvd.nist.gov/vuln/detail/CVE-2021-24604
CVE-2021-24606The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+https://nvd.nist.gov/vuln/detail/CVE-2021-24606
CVE-2021-24609The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowedhttps://nvd.nist.gov/vuln/detail/CVE-2021-24609
CVE-2021-24613The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowedhttps://nvd.nist.gov/vuln/detail/CVE-2021-24613
CVE-2021-24618The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user (as low as subscriber), or unauthenticated user via a CSRF vector to update them and perform such attack.https://nvd.nist.gov/vuln/detail/CVE-2021-24618
CVE-2021-24635The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URLhttps://nvd.nist.gov/vuln/detail/CVE-2021-24635
CVE-2021-24636The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious linkhttps://nvd.nist.gov/vuln/detail/CVE-2021-24636
CVE-2021-24637The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gutenberg block.https://nvd.nist.gov/vuln/detail/CVE-2021-24637
CVE-2021-24638The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website.https://nvd.nist.gov/vuln/detail/CVE-2021-24638
CVE-2021-24639The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server.https://nvd.nist.gov/vuln/detail/CVE-2021-24639
CVE-2021-24640The WordPress Slider Block Gutenslider plugin before 5.2.0 does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site Scripting attackshttps://nvd.nist.gov/vuln/detail/CVE-2021-24640
CVE-2021-24657The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue.https://nvd.nist.gov/vuln/detail/CVE-2021-24657
CVE-2021-24663The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCEhttps://nvd.nist.gov/vuln/detail/CVE-2021-24663
CVE-2021-24741The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.https://nvd.nist.gov/vuln/detail/CVE-2021-24741
CVE-2019-16651An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and DNS rebinding to leak the WAN IP address of a user (if they are using certain VPN implementations, this would decloak them).https://nvd.nist.gov/vuln/detail/CVE-2019-16651
CVE-2020-21913International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.https://nvd.nist.gov/vuln/detail/CVE-2020-21913
CVE-2021-39402MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors.https://nvd.nist.gov/vuln/detail/CVE-2021-39402
CVE-2021-40674An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.https://nvd.nist.gov/vuln/detail/CVE-2021-40674
CVE-2020-20891Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2020-20891
CVE-2020-20892An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.https://nvd.nist.gov/vuln/detail/CVE-2020-20892
CVE-2020-20893Buffer Overflow vulnerability in function activate in libavfilter/af_afade.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2020-20893
CVE-2020-20894Buffer Overflow vulnerability in function gaussian_blur in libavfilter/vf_edgedetect.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2020-20894
CVE-2020-20895Buffer Overflow vulnerability in function filter_vertically_##name in libavfilter/vf_avgblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2020-20895
CVE-2020-20896An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.https://nvd.nist.gov/vuln/detail/CVE-2020-20896
CVE-2020-20897Buffer Overflow vulnerability in function filter_slice in libavfilter/vf_bm3d.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2020-20897
CVE-2020-20898Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2020-20898
CVE-2020-20899Buffer Overflow vulnerability in function config_props in libavfilter/vf_bwdif.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2020-20899
CVE-2020-20900Buffer Overflow vulnerability in function gaussian_blur in libavfilter/vf_edgedetect.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2020-20900
CVE-2020-20901Buffer Overflow vulnerability in function filter_frame in libavfilter/vf_fieldorder.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2020-20901
CVE-2020-20902A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information.https://nvd.nist.gov/vuln/detail/CVE-2020-20902
CVE-2020-21468A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS).https://nvd.nist.gov/vuln/detail/CVE-2020-21468
CVE-2021-32265An issue was discovered in Bento4 through v1.6.0-637. A global-buffer-overflow exists in the function AP4_MemoryByteStream::WritePartial() located in Ap4ByteStream.cpp. It allows an attacker to cause code execution or information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2021-32265
CVE-2021-32268Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac through 20200801, allows attackers to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-32268
CVE-2021-32269An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-32269
CVE-2021-32270An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-32270
CVE-2021-32271An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odf_dump.c. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-32271
CVE-2021-32272An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-32272
CVE-2021-32273An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-32273
CVE-2021-32274An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-32274
CVE-2021-32275An issue was discovered in faust through v2.30.5. A NULL pointer dereference exists in the function CosPrim::computeSigOutput() located in cosprim.hh. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-32275
CVE-2021-32276An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-32276
CVE-2021-32277An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-32277
CVE-2021-32278An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-32278
CVE-2021-32280An issue was discovered in fig2dev through 20200520. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-32280
CVE-2021-32281An issue was discovered in gravity through 0.8.1. A heap-buffer-overflow exists in the function gnode_function_add_upvalue located in gravity_ast.c. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-32281
CVE-2021-32282An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ircode_add_check() located in gravity_ircode.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-32282
CVE-2021-32283An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function gravity_string_to_value() located in gravity_value.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-32283
CVE-2021-32284An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ircode_register_pop_context_protect() located in gravity_ircode.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-32284
CVE-2021-32285An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function list_iterator_next() located in gravity_core.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-32285
CVE-2021-32286An issue was discovered in hcxtools through 6.1.6. A global-buffer-overflow exists in the function pcapngoptionwalk located in hcxpcapngtool.c. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-32286
CVE-2021-32287An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicWidth() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-32287
CVE-2021-32288An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicHeight() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-32288
CVE-2021-32289An issue was discovered in heif through through v3.6.2. A NULL pointer dereference exists in the function convertByteStreamToRBSP() located in nalutil.cpp. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-32289
CVE-2021-32294An issue was discovered in libgig through 20200507. A heap-buffer-overflow exists in the function RIFF::List::GetSubList located in RIFF.cpp. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-32294
CVE-2021-32297An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-32297
CVE-2021-32298An issue was discovered in libiff through 20190123. A global-buffer-overflow exists in the function IFF_errorId located in error.c. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-32298
CVE-2021-32299An issue was discovered in pbrt through 20200627. A stack-buffer-overflow exists in the function pbrt::ParamSet::ParamSet() located in paramset.h. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-32299
CVE-2021-38089Buffer Overflow vulnerability in function config_input in libavfilter/vf_bm3d.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2021-38089
CVE-2021-38090Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2021-38090
CVE-2021-38091Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2021-38091
CVE-2021-38092Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2021-38092
CVE-2021-38093Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2021-38093
CVE-2021-38094Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2021-38094
CVE-2021-39514An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the function ACLosslessScan::ParseMCU() located in aclosslessscan.cpp. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39514
CVE-2021-39515An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function SampleInterleavedLSScan::ParseMCU() located in sampleinterleavedlsscan.cpp. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39515
CVE-2021-39516An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function HuffmanDecoder::Get() located in huffmandecoder.hpp. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39516
CVE-2021-39517An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::ReconstructUnsampled() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39517
CVE-2021-39518An issue was discovered in libjpeg through 2020021. LineBuffer::FetchRegion() in linebuffer.cpp has a heap-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2021-39518
CVE-2021-39519An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PullQData() located in blockbitmaprequester.cpp It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39519
CVE-2021-39520An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39520
CVE-2021-39521An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39521
CVE-2021-39522An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2021-39522
CVE-2021-39523An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39523
CVE-2021-39525An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2021-39525
CVE-2021-39527An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2021-39527
CVE-2021-39528An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free.https://nvd.nist.gov/vuln/detail/CVE-2021-39528
CVE-2021-39530An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2021-39530
CVE-2021-39531An issue was discovered in libslax through v0.22.1. slaxLexer() in slaxlexer.c has a stack-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2021-39531
CVE-2021-39532An issue was discovered in libslax through v0.22.1. A NULL pointer dereference exists in the function slaxLexer() located in slaxlexer.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39532
CVE-2021-39533An issue was discovered in libslax through v0.22.1. slaxLexer() in slaxlexer.c has a heap-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2021-39533
CVE-2021-39534An issue was discovered in libslax through v0.22.1. slaxIsCommentStart() in slaxlexer.c has a heap-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2021-39534
CVE-2021-39535An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer dereference exists in JIT code. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39535
CVE-2021-39536An issue was discovered in libxsmm through v1.16.1-93. The JIT code has a heap-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2021-39536
CVE-2021-39537An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2021-39537
CVE-2021-39538An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the function node::ObjNode::Value() located in objnode.cpp. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39538
CVE-2021-39539An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the function node::BDCNode::~BDCNode() located in bdcnode.cpp. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39539
CVE-2021-39540An issue was discovered in pdftools through 20200714. A stack-buffer-overflow exists in the function Analyze::AnalyzePages() located in analyze.cpp. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-39540
CVE-2021-39541An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the function Analyze::AnalyzeXref() located in analyze.cpp. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39541
CVE-2021-39542An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the function Font::Size() located in font.cpp. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39542
CVE-2021-39543An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the function Analyze::AnalyzeRoot() located in analyze.cpp. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39543
CVE-2021-39544An issue was discovered in sela through 20200412. file::WavFile::writeToFile() in wav_file.c has a heap-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2021-39544
CVE-2021-39545An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function rice::RiceDecoder::process() located in rice_decoder.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39545
CVE-2021-39546An issue was discovered in sela through 20200412. rice::RiceDecoder::process() in rice_decoder.cpp has a heap-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2021-39546
CVE-2021-39547An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function lpc::SampleGenerator::process() located in sample_generator.cpp. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39547
CVE-2021-39548An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function frame::FrameDecoder::process() located in frame_decoder.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39548
CVE-2021-39549An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function file::WavFile::WavFile() located in wav_file.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39549
CVE-2021-39550An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.cpp has a heap-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2021-39550
CVE-2021-39551An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.c has a heap-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2021-39551
CVE-2021-39552An issue was discovered in sela through 20200412. file::WavFile::readFromFile() in wav_file.c has a heap-based buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2021-39552
CVE-2021-39553An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function grealloc() located in gmem.cc. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39553
CVE-2021-39554An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function Lexer::Lexer() located in Lexer.cc. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39554
CVE-2021-39555An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D0() located in InfoOutputDev.cc. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39555
CVE-2021-39556An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D1() located in InfoOutputDev.cc. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39556
CVE-2021-39557An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function copyString() located in gmem.cc. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39557
CVE-2021-39558An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function VectorGraphicOutputDev::drawGeneralImage() located in VectorGraphicOutputDev.cc. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-39558
CVE-2021-39559An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function GString::~GString() located in GString.cc. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39559
CVE-2021-39561An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function Gfx::opSetFillColorN() located in Gfx.cc. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-39561
CVE-2021-39562An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function FileStream::makeSubStream() located in Stream.cc. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39562
CVE-2021-39563An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_DumpActions() located in swfaction.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39563
CVE-2021-39564An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_DumpActions() located in swfaction.c. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-39564
CVE-2021-39569An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function OpAdvance() located in swfaction.c. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-39569
CVE-2021-39574An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function pool_read() located in pool.c. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-39574
CVE-2021-39575An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function dump_method() located in abc.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39575
CVE-2021-39577An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function main() located in swfdump.c. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-39577
CVE-2021-39579An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function string_hash() located in q.c. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-39579
CVE-2021-39582An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_GetPlaceObject() located in swfobject.c. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-39582
CVE-2021-39583An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_string2() located in pool.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39583
CVE-2021-39584An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function namespace_set_hash() located in pool.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39584
CVE-2021-39585An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function traits_dump() located in abc.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39585
CVE-2021-39587An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_DumpABC() located in abc.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39587
CVE-2021-39588An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_ReadABC() located in abc.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39588
CVE-2021-39589An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function parse_metadata() located in abc.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39589
CVE-2021-39590An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function params_dump() located in abc.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39590
CVE-2021-39591An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_GetShapeBoundingBox() located in swfshape.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39591
CVE-2021-39592An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_uint() located in pool.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39592
CVE-2021-39593An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_FontExtract_DefineFontInfo() located in swftext.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39593
CVE-2021-39594Other An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function updateusage() located in swftext.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39594
CVE-2021-39595An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function rfx_alloc() located in mem.c. It allows an attacker to cause code Execution.https://nvd.nist.gov/vuln/detail/CVE-2021-39595
CVE-2021-39596An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_parse() located in code.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39596
CVE-2021-39597An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_dump2() located in code.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39597
CVE-2021-39598An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function callcode() located in code.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2021-39598
CVE-2020-8561A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.https://nvd.nist.gov/vuln/detail/CVE-2020-8561
CVE-2021-25740A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.https://nvd.nist.gov/vuln/detail/CVE-2021-25740
CVE-2021-25741A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.https://nvd.nist.gov/vuln/detail/CVE-2021-25741
CVE-2021-29806IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204264.https://nvd.nist.gov/vuln/detail/CVE-2021-29806
CVE-2021-29807IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204265.https://nvd.nist.gov/vuln/detail/CVE-2021-29807
CVE-2021-29808IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204269.https://nvd.nist.gov/vuln/detail/CVE-2021-29808
CVE-2021-29809IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204270.https://nvd.nist.gov/vuln/detail/CVE-2021-29809
CVE-2021-29811IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user. IBM X-Force ID: 204329.https://nvd.nist.gov/vuln/detail/CVE-2021-29811
CVE-2021-29817IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204343.https://nvd.nist.gov/vuln/detail/CVE-2021-29817
CVE-2021-29818IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204345.https://nvd.nist.gov/vuln/detail/CVE-2021-29818
CVE-2021-29819IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204346.https://nvd.nist.gov/vuln/detail/CVE-2021-29819
CVE-2021-29820IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204347.https://nvd.nist.gov/vuln/detail/CVE-2021-29820
CVE-2021-29821IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204348.https://nvd.nist.gov/vuln/detail/CVE-2021-29821
CVE-2021-29856IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. IBM X-Force ID: 205685.https://nvd.nist.gov/vuln/detail/CVE-2021-29856
CVE-2021-38899IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575.https://nvd.nist.gov/vuln/detail/CVE-2021-38899
CVE-2020-19915Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php.https://nvd.nist.gov/vuln/detail/CVE-2020-19915
CVE-2020-16630TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairing to pair with a victim BLE device based on TI chips and generate an authenticated-and-MITM-protection LTK. If a fake mobile with the victim mobile’s MAC address uses Just Works and pairs with the victim device, the generated LTK still has the property of authenticated-and-MITM-protection. Therefore, the fake mobile can access attributes with the authenticated read/write permission.https://nvd.nist.gov/vuln/detail/CVE-2020-16630
CVE-2021-39229Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack on an inefficient regular expression. The vulnerable regular expression is [here](https://github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py#L356-L359). The problem has been patched in release version 0.9.5.1. Users who are unable to upgrade are advised to remove `apprise/plugins/NotifyIFTTT.py` to eliminate the service.https://nvd.nist.gov/vuln/detail/CVE-2021-39229
CVE-2021-20037SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.https://nvd.nist.gov/vuln/detail/CVE-2021-20037
CVE-2021-20829Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.https://nvd.nist.gov/vuln/detail/CVE-2021-20829
CVE-2021-26333An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.https://nvd.nist.gov/vuln/detail/CVE-2021-26333
CVE-2021-31917A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.https://nvd.nist.gov/vuln/detail/CVE-2021-31917
CVE-2021-0869In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-179620905 References: N/Ahttps://nvd.nist.gov/vuln/detail/CVE-2021-0869
CVE-2021-28960ManageEngine Desktop Central before build 10.0.683 allows Unauthenticated Remote Code Execution during communication with Notification Server.https://nvd.nist.gov/vuln/detail/CVE-2021-28960
CVE-2021-37419ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.https://nvd.nist.gov/vuln/detail/CVE-2021-37419
CVE-2021-37420ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.https://nvd.nist.gov/vuln/detail/CVE-2021-37420
CVE-2021-37424ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.https://nvd.nist.gov/vuln/detail/CVE-2021-37424
CVE-2021-37741ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2021-37741
CVE-2021-41531NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.https://nvd.nist.gov/vuln/detail/CVE-2021-41531
CVE-2021-41525An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior.https://nvd.nist.gov/vuln/detail/CVE-2021-41525
CVE-2021-29795IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557.https://nvd.nist.gov/vuln/detail/CVE-2021-29795
CVE-2021-29831IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775.https://nvd.nist.gov/vuln/detail/CVE-2021-29831
CVE-2021-23443This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used.https://nvd.nist.gov/vuln/detail/CVE-2021-23443
CVE-2021-23444This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.https://nvd.nist.gov/vuln/detail/CVE-2021-23444
CVE-2021-40868In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.https://nvd.nist.gov/vuln/detail/CVE-2021-40868
CVE-2021-40847The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled by default. This daemon connects to Circle and NETGEAR to obtain version information and updates to the circled daemon and its filtering database. However, database updates from NETGEAR are unsigned and downloaded via cleartext HTTP. As such, an attacker with the ability to perform a MitM attack on the device can respond to circled update requests with a crafted, compressed database file, the extraction of which gives the attacker the ability to overwrite executable files with attacker-controlled code. This affects R6400v2 1.0.4.106, R6700 1.0.2.16, R6700v3 1.0.4.106, R6900 1.0.2.16, R6900P 1.3.2.134, R7000 1.0.11.123, R7000P 1.3.2.134, R7850 1.0.5.68, R7900 1.0.4.38, R8000 1.0.4.68, and RS400 1.5.0.68.https://nvd.nist.gov/vuln/detail/CVE-2021-40847
CVE-2020-19551Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.https://nvd.nist.gov/vuln/detail/CVE-2020-19551
CVE-2020-19553Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.https://nvd.nist.gov/vuln/detail/CVE-2020-19553
CVE-2020-19554Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.https://nvd.nist.gov/vuln/detail/CVE-2020-19554