Security Bulletin 6 Oct 2021

Published on 06 Oct 2021

Updated on 06 Oct 2021

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Critical vulnerabilities with a base score of 9.0 to 10.0
High vulnerabilities with a base score of 7.0 to 8.9
Medium vulnerabilities with a base score of 4.0 to 6.9
Low vulnerabilities with a base score of 0.1 to 3.9
None vulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2020-26301 ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0. 10 https://nvd.nist.gov/vuln/detail/CVE-2020-26301
CVE-2021-23031 On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2021-23031
CVE-2020-12083 An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). 9.9 https://nvd.nist.gov/vuln/detail/CVE-2020-12083
CVE-2016-10033 The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \\" (backslash double quote) in a crafted Sender property. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-10033
CVE-2016-10045 The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-10045
CVE-2018-0315 A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device or cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are running Cisco IOS XE Software Release Fuji 16.7.1 or Fuji 16.8.1 and are configured to use AAA for login authentication. Cisco Bug IDs: CSCvi25380. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-0315
CVE-2019-11831 The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-11831
CVE-2019-10910 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-10910
CVE-2020-8955 irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8955
CVE-2020-9760 An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9760
CVE-2020-9671 Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9671
CVE-2020-9682 Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9682
CVE-2020-14343 A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-14343
CVE-2021-20314 Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20314
CVE-2021-38613 The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38613
CVE-2021-34345 A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34345
CVE-2021-33044 The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33044
CVE-2021-33045 The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33045
CVE-2021-39275 ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39275
CVE-2021-41303 Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41303
CVE-2021-39227 ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. One workaround is available: Check if there is `__proto__` in the object keys. Omit it before using it as an parameter in these affected methods. Or in `echarts.util.merge` and `setOption` if project is using ECharts. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39227
CVE-2021-39228 Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case, affected versions of Tremor and the tremor-script crate maintains references to memory that might have been freed already. And these memory regions can be accessed by retrieving the `state`, e.g. send it over TCP or HTTP. This requires the Tremor server (or any other program using tremor-script) to execute a tremor-script script that uses the mentioned language construct. The issue has been patched in version 0.11.6 by removing the optimization and always cloning the target expression of a Merge or Patch. If an upgrade is not possible, a possible workaround is to avoid the optimization by introducing a temporary variable and not immediately reassigning to `state`. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39228
CVE-2021-38412 Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38412
CVE-2021-41392 static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41392
CVE-2021-41393 Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41393
CVE-2021-23441 All versions of package com.jsoniter:jsoniter are vulnerable to Deserialization of Untrusted Data via malicious JSON strings. This may lead to a Denial of Service, and in certain cases, code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23441
CVE-2021-24741 The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24741
CVE-2021-31917 A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31917
CVE-2021-0869 In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-179620905 References: N/A 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0869
CVE-2021-28960 ManageEngine Desktop Central before build 10.0.683 allows Unauthenticated Remote Code Execution during communication with Notification Server. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28960
CVE-2021-37419 ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37419
CVE-2021-37424 ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37424
CVE-2021-23444 This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23444
CVE-2021-31819 In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31819
CVE-2021-37925 Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37925
CVE-2021-37927 Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37927
CVE-2019-6288 Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-6288
CVE-2021-22941 Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22941
CVE-2021-32959 Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32959
CVE-2021-21913 An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21913
CVE-2021-41428 Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= 12.5.1001.5 in DATEV programs v14.1 allows attacker to escalate privileges via insufficient configuration of service components. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41428
CVE-2020-4690 IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-4690
CVE-2021-26794 Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26794
CVE-2021-22869 An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22869
CVE-2021-34348 A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34348
CVE-2021-34351 A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34351
CVE-2021-38299 Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An attacker that controls a user's system is able to login to a vulnerable service using an attached FIDO2 authenticator without passing a check of the user presence. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38299
CVE-2021-40098 An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40098
CVE-2021-36219 An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a branch in trustedEcdsaSign that frees a non-initialized pointer from the stack. An attacker can chain multiple enclave calls to prepare a stack that contains a valid address. This address is then freed, resulting in compromised integrity of the enclave. This was resolved after v1.58.3 and not reproducible in sgxwallet v1.77.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36219
CVE-2021-37539 Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37539
CVE-2021-24666 The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24666
CVE-2021-36879 Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36879
CVE-2021-36880 Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36880
CVE-2021-37761 Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37761
CVE-2021-41558 The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41558
CVE-2021-38124 Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38124
CVE-2021-36363 Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36363
CVE-2021-36364 Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36364
CVE-2021-36365 Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36365
CVE-2021-36366 Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36366
CVE-2021-38303 A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0.7.29360. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38303
CVE-2021-36745 A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36745
CVE-2021-35943 Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35943
CVE-2020-18683 Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-18683
CVE-2020-18685 Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-18685
CVE-2021-41290 ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41290
CVE-2021-41292 ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41292
CVE-2021-41296 ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41296
CVE-2021-41299 ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41299
CVE-2021-41300 ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41300
CVE-2021-41301 ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41301
CVE-2021-20578 IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20578
CVE-2020-20796 FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-20796
CVE-2020-20797 FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-20797
CVE-2021-34352 A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34352
CVE-2021-39226 Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39226
CVE-2021-20790 Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2021-20790
CVE-2021-20791 Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors. 9.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20791
CVE-2021-33701 DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-33701
CVE-2021-24638 The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24638
CVE-2021-40684 Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40684
CVE-2021-40102 An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method). 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40102
CVE-2021-41110 cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de (dated 2021-09-30) contains a patch. There are no available workarounds aside from installing the patch. The SnakeYaml constructor, by default, allows any data to be parsed. To fix the issue the object needs to be created with a `SafeConstructor` object, as seen in the patch. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41110
CVE-2021-40438 A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. 9 https://nvd.nist.gov/vuln/detail/CVE-2021-40438

OTHER VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2017-12678 In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-12678
CVE-2018-8256 A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-8256
CVE-2019-1904 A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software with the HTTP Server feature enabled. The default state of the HTTP Server feature is version dependent. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-1904
CVE-2020-1416 An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-1416
CVE-2020-3425 Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-3425
CVE-2021-30123 FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30123
CVE-2021-30542 Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30542
CVE-2021-30543 Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30543
CVE-2021-39139 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39139
CVE-2021-38714 In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38714
CVE-2021-30858 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30858
CVE-2021-23026 BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23026
CVE-2021-3796 vim is vulnerable to Use After Free 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3796
CVE-2021-41314 Certain NETGEAR smart switches are affected by a \\n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or overwrite) a file with specific content (e.g., the "2" string). This leads to admin session crafting and therefore gaining full web UI admin privileges by an unauthenticated attacker. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41314
CVE-2021-41315 The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41315
CVE-2020-21547 Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-21547
CVE-2020-21548 Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-21548
CVE-2021-41387 seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41387
CVE-2021-24606 The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+ 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24606
CVE-2021-32265 An issue was discovered in Bento4 through v1.6.0-637. A global-buffer-overflow exists in the function AP4_MemoryByteStream::WritePartial() located in Ap4ByteStream.cpp. It allows an attacker to cause code execution or information disclosure. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32265
CVE-2021-32294 An issue was discovered in libgig through 20200507. A heap-buffer-overflow exists in the function RIFF::List::GetSubList located in RIFF.cpp. It allows an attacker to cause code Execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32294
CVE-2021-32297 An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32297
CVE-2021-32298 An issue was discovered in libiff through 20190123. A global-buffer-overflow exists in the function IFF_errorId located in error.c. It allows an attacker to cause code Execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32298
CVE-2021-39531 An issue was discovered in libslax through v0.22.1. slaxLexer() in slaxlexer.c has a stack-based buffer overflow. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39531
CVE-2021-39533 An issue was discovered in libslax through v0.22.1. slaxLexer() in slaxlexer.c has a heap-based buffer overflow. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39533
CVE-2021-39534 An issue was discovered in libslax through v0.22.1. slaxIsCommentStart() in slaxlexer.c has a heap-based buffer overflow. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39534
CVE-2021-39536 An issue was discovered in libxsmm through v1.16.1-93. The JIT code has a heap-based buffer overflow. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39536
CVE-2021-39537 An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39537
CVE-2021-41083 Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any mailing list password, as well as the Dada Mail Root Password - which could effectively shut out actual list owners of the mailing list and allow the bad actor complete and unfettered control of your mailing list. This vulnerability also affects profile logins. For this vulnerability to work, the target of the bad actor would need to be logged into the list control panel themselves. This CSRF vulnerability in Dada Mail affects all versions of Dada Mail v11.15.1 and below. Although we know of no known CSRF exploits that have happened in the wild, this vulnerability has been confirmed by our testing, and by a third party. Users are advised to update to version 11.16.0. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41083
CVE-2021-37741 ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37741
CVE-2020-19551 Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-19551
CVE-2021-38112 In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38112
CVE-2021-22952 A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22952
CVE-2020-19951 A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-19951
CVE-2021-41088 Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a result, if the user has the web UI backend open and visits a compromised or malicious website, the website can send arbitrary code to the endpoint in localhost. All Elvish releases from 0.14.0 onward no longer include the the web UI, although it is still possible for the user to build a version from source that includes the web UI. The issue can be patched for previous versions by removing the web UI (found in web, pkg/web or pkg/prog/web, depending on the exact version). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41088
CVE-2021-41583 vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VPN access. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41583
CVE-2021-40309 A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40309
CVE-2021-41617 sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41617
CVE-2021-40097 An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40097
CVE-2021-3819 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3819
CVE-2021-40108 An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40108
CVE-2021-36874 Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36874
CVE-2021-36876 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36876
CVE-2020-20693 A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-20693
CVE-2021-34636 The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.7. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34636
CVE-2021-41764 A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a CSRF attack and send them to the attacker. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41764
CVE-2021-41295 ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the system. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41295
CVE-2021-41297 ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41297
CVE-2021-41298 ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41298
CVE-2021-3626 The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3626
CVE-2021-32765 Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32765
CVE-2021-41113 TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41113
CVE-2021-23434 This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-23434
CVE-2021-40825 nLight ECLYPSE (nECY) system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of an affected device. nECY system controllers utilize an encrypted channel to secure SensorViewTM configuration and monitoring software and nECY to nECY communications. Impacted devices are at risk of exploitation. A remote attacker with IP access to an impacted device could submit lighting control commands to the nECY by leveraging the default key. A successful attack may result in the attacker gaining the ability to modify lighting conditions or gain the ability to update the software on lighting devices. The impacted key is referred to as the SensorView Password in the nECY nLight Explorer Interface and the Gateway Password in the SensorView application. An attacker cannot authenticate to or modify the configuration or software of the nECY system controller. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-40825
CVE-2021-1615 A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-1615
CVE-2021-1622 A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service (DoS) condition. This vulnerability is due to a deadlock condition in the code when processing COPS packets under certain conditions. An attacker could exploit this vulnerability by sending COPS packets with high burst rates to an affected device. A successful exploit could allow the attacker to cause the CPU to consume excessive resources, which prevents other control plane processes from obtaining resources and results in a DoS. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-1622
CVE-2021-1624 A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to mishandling of the rate limiting feature within the QuantumFlow Processor. An attacker could exploit this vulnerability by sending large amounts of traffic that would be subject to NAT and rate limiting through an affected device. A successful exploit could allow the attacker to cause the QuantumFlow Processor utilization to reach 100 percent on the affected device, resulting in a DoS condition. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-1624
CVE-2021-34697 A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service (DoS) attacks to or through the affected device. This vulnerability is due to incorrect programming of the half-opened connections limit, TCP SYN flood limit, or TCP SYN cookie features when the features are configured in vulnerable releases of Cisco IOS XE Software. An attacker could exploit this vulnerability by attempting to flood traffic to or through the affected device. A successful exploit could allow the attacker to initiate a DoS attack to or through an affected device. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-34697
CVE-2021-39826 Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-39826
CVE-2021-3682 A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3682
CVE-2021-39141 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39141
CVE-2021-39144 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39144
CVE-2021-39145 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39145
CVE-2021-39146 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39146
CVE-2021-39147 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39147
CVE-2021-39148 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39148
CVE-2021-39149 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39149
CVE-2021-39151 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39151
CVE-2021-39153 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39153
CVE-2021-39154 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39154
CVE-2021-39150 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39150
CVE-2021-39152 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39152
CVE-2021-3546 A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-3546
CVE-2021-36823 Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin (versions <= 6.8). Stored XSS possible via unsanitized input fields of the plugin settings, some of the payloads could make the frontend and the backend inaccessible. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-36823
CVE-2021-41116 Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-41116
CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2016-5385
CVE-2020-3474 Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-3474
CVE-2020-3475 Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-3475
CVE-2021-36621 Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36621
CVE-2021-40153 squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40153
CVE-2021-41316 The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41316
CVE-2021-24636 The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24636
CVE-2021-24639 The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24639
CVE-2021-25741 A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25741
CVE-2021-29831 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29831
CVE-2021-22949 A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team" 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-22949
CVE-2021-22953 A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team" 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-22953
CVE-2021-41588 In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41588
CVE-2020-20514 A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-20514
CVE-2021-29742 IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483. 8 https://nvd.nist.gov/vuln/detail/CVE-2021-29742
CVE-2021-41390 In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. 8 https://nvd.nist.gov/vuln/detail/CVE-2021-41390
CVE-2016-2568 pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2016-2568
CVE-2018-16177 Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2018-16177
CVE-2020-26181 Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26181
CVE-2021-21867 An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21867
CVE-2021-21868 An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21868
CVE-2021-21869 An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21869
CVE-2021-3770 vim is vulnerable to Heap-based Buffer Overflow 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3770
CVE-2021-3778 vim is vulnerable to Heap-based Buffer Overflow 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3778
CVE-2020-21529 fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-21529
CVE-2020-21531 fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-21531
CVE-2020-21532 fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-21532
CVE-2020-21533 fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-21533
CVE-2020-21534 fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-21534
CVE-2021-31843 Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31843
CVE-2021-31844 A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31844
CVE-2021-38402 Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38402
CVE-2021-38404 Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38404
CVE-2021-38406 Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38406
CVE-2021-41073 loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41073
CVE-2021-38300 arch/mips/net/bpf_jit.c in the Linux kernel through 5.14.6 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38300
CVE-2021-32268 Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac before 1.0.1 allows attackers to execute arbitrary code. The fixed version is 1.0.1. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32268
CVE-2021-32271 An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odf_dump.c. It allows an attacker to cause code Execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32271
CVE-2021-32272 An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32272
CVE-2021-32273 An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32273
CVE-2021-32274 An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32274
CVE-2021-32277 An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32277
CVE-2021-32278 An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32278
CVE-2021-32281 An issue was discovered in gravity through 0.8.1. A heap-buffer-overflow exists in the function gnode_function_add_upvalue located in gravity_ast.c. It allows an attacker to cause code Execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32281
CVE-2021-32284 An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ircode_register_pop_context_protect() located in gravity_ircode.c. It allows an attacker to cause Denial of Service. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32284
CVE-2021-32286 An issue was discovered in hcxtools through 6.1.6. A global-buffer-overflow exists in the function pcapngoptionwalk located in hcxpcapngtool.c. It allows an attacker to cause code Execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32286
CVE-2021-32287 An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicWidth() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32287
CVE-2021-32288 An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicHeight() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32288
CVE-2021-32299 An issue was discovered in pbrt through 20200627. A stack-buffer-overflow exists in the function pbrt::ParamSet::ParamSet() located in paramset.h. It allows an attacker to cause code Execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32299
CVE-2021-20037 SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20037
CVE-2021-31841 A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31841
CVE-2021-31847 Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31847
CVE-2021-21991 The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21991
CVE-2021-1419 A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1419
CVE-2021-33035 Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33035
CVE-2021-26750 DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26750
CVE-2021-2464 Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-2464
CVE-2021-0610 In memory management driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05411456. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0610
CVE-2021-0611 In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425810. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0611
CVE-2021-0612 In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425834. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0612
CVE-2021-23243 In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23243
CVE-2021-39818 Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39818
CVE-2021-39819 Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39819
CVE-2021-39823 Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39823
CVE-2021-39824 Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious png file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39824
CVE-2021-39825 Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TTF file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39825
CVE-2021-40700 Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40700
CVE-2021-40701 Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40701
CVE-2021-40702 Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40702
CVE-2021-40703 Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40703
CVE-2021-40709 Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted SVG file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40709
CVE-2021-41535 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13771). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41535
CVE-2021-41536 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13778). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41536
CVE-2021-41537 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13789). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41537
CVE-2021-41539 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13773). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41539
CVE-2021-41540 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13776). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41540
CVE-2021-29360 A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29360
CVE-2021-29361 A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29361
CVE-2021-29362 A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29362
CVE-2021-29363 A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29363
CVE-2021-29367 A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29367
CVE-2021-35028 A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35028
CVE-2021-28547 Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get permissions of any directory under the administrator authority. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28547
CVE-2021-39821 Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39821
CVE-2021-39829 Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39829
CVE-2021-39830 Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39830
CVE-2021-39831 Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39831
CVE-2021-39832 Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39832
CVE-2021-39837 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm deleteItemAt action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39837
CVE-2021-39838 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetCaption action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39838
CVE-2021-39839 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm getItem action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39839
CVE-2021-39840 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForms that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39840
CVE-2021-39841 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39841
CVE-2021-39842 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39842
CVE-2021-39843 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39843
CVE-2021-39863 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39863
CVE-2021-40710 Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40710
CVE-2021-40715 Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .exr file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40715
CVE-2021-3747 The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3747
CVE-2021-36051 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36051
CVE-2021-1623 A vulnerability in the Simple Network Management Protocol (SNMP) punt handling function of Cisco cBR-8 Converged Broadband Routers could allow an authenticated, remote attacker to overload a device punt path, resulting in a denial of service (DoS) condition. This vulnerability is due to the punt path being overwhelmed by large quantities of SNMP requests. An attacker could exploit this vulnerability by sending a large number of SNMP requests to an affected device. A successful exploit could allow the attacker to overload the device punt path, resulting in a DoS condition. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2021-1623
CVE-2018-0177 A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device. This vulnerability affects Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches that are running Cisco IOS XE Software Release 16.1.1 or later, until the first fixed release, and are configured with an IPv4 address. Cisco Bug IDs: CSCvd80714. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-0177
CVE-2019-0227 A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-0227
CVE-2019-10911 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-10911
CVE-2019-7254 Linear eMerge E3-Series devices allow File Inclusion. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-7254
CVE-2018-16871 A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-16871
CVE-2019-12657 A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-12657
CVE-2019-0205 In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-0205
CVE-2020-9759 A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-9759
CVE-2020-3479 A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of Border Gateway Protocol (BGP) update messages that contain crafted EVPN attributes. An attacker could exploit this vulnerability by sending BGP update messages with specific, malformed attributes to an affected device. A successful exploit could allow the attacker to cause an affected device to crash, resulting in a DoS condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-3479
CVE-2020-13949 In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13949
CVE-2020-26556 Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-26556
CVE-2021-35197 In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-35197
CVE-2021-20497 IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20497
CVE-2021-3673 A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3673
CVE-2021-37605 In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being being validated / updated prior to message authentication. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37605
CVE-2021-38604 In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38604
CVE-2021-40516 WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40516
CVE-2021-41077 The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. In particular, the desired behavior (if .travis.yml has been created locally by a customer, and added to git) is for a Travis service to perform builds in a way that prevents public access to customer-specific secret environment data such as signing keys, access credentials, and API tokens. However, during the stated 8-day interval, secret data could be revealed to an unauthorized actor who forked a public repository and printed files during a build process. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41077
CVE-2021-23030 On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23030
CVE-2021-34798 Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34798
CVE-2021-36160 A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36160
CVE-2021-40690 All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40690
CVE-2021-32839 sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\\r\\n' in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround don't use the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. The issues has been fixed in sqlparse 0.4.2. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32839
CVE-2021-32838 Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32838
CVE-2021-41082 Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were not able to view the posts in the leaked private message despite seeing it in their inbox. The problematic commit was reverted around 32 minutes after it was made. Users are encouraged to upgrade to the latest commit if they are running Discourse against the `tests-passed` branch. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41082
CVE-2021-39229 Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack on an inefficient regular expression. The vulnerable regular expression is [here](https://github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py#L356-L359). The problem has been patched in release version 0.9.5.1. Users who are unable to upgrade are advised to remove `apprise/plugins/NotifyIFTTT.py` to eliminate the service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39229
CVE-2021-37420 ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37420
CVE-2021-41531 NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41531
CVE-2021-41382 Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41382
CVE-2021-40875 Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40875
CVE-2021-41011 LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41011
CVE-2020-23469 gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23469
CVE-2020-23478 Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23478
CVE-2021-22019 The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22019
CVE-2021-32963 Null pointer dereference in SuiteLink server while processing commands 0x03/0x10 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32963
CVE-2021-32971 Null pointer dereference in SuiteLink server while processing command 0x07 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32971
CVE-2021-32979 Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32979
CVE-2021-32987 Null pointer dereference in SuiteLink server while processing command 0x0b 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32987
CVE-2021-32999 Improper handling of exceptional conditions in SuiteLink server while processing command 0x01 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32999
CVE-2021-38864 IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38864
CVE-2021-41584 Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41584
CVE-2021-41586 In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41586
CVE-2021-41587 In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41587
CVE-2021-40655 An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40655
CVE-2021-31605 furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31605
CVE-2021-31606 furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31606
CVE-2021-34570 Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34570
CVE-2021-40103 An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40103
CVE-2021-40104 An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40104
CVE-2021-3820 inflect is vulnerable to Inefficient Regular Expression Complexity 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3820
CVE-2021-3822 jsoneditor is vulnerable to Inefficient Regular Expression Complexity 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3822
CVE-2021-3828 nltk is vulnerable to Inefficient Regular Expression Complexity 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3828
CVE-2021-36218 An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GCMEncrypt allows an out-of-bounds write, resulting in a segfault and compromised enclave. This issue describes a buffer overflow, which was resolved prior to v1.77.0 and not reproducible in latest sgxwallet v1.77.0 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36218
CVE-2021-35027 A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-35027
CVE-2021-35944 Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-35944
CVE-2021-35945 Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-35945
CVE-2020-20128 LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-20128
CVE-2021-41827 Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41827
CVE-2021-41828 Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41828
CVE-2021-41829 Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41829
CVE-2021-41291 ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41291
CVE-2021-41293 ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41293
CVE-2021-41109 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular (non-LiveQuery) queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscription on the `Parse.User` class, all session tokens created during user sign-ups will be broadcast as part of the LiveQuery payload. A patch in version 4.10.4 removes session tokens from the LiveQuery payload. As a workaround, set `user.acl(new Parse.ACL())` in a beforeSave trigger to make the user private already on sign-up. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41109
CVE-2020-20665 rudp v0.6 was discovered to contain a memory leak in the component main.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-20665
CVE-2021-29894 IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29894
CVE-2021-32626 Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32626
CVE-2021-32627 Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32627
CVE-2021-32675 Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32675
CVE-2021-32687 Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32687
CVE-2021-32762 Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32762
CVE-2021-41099 Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41099
CVE-2021-41120 sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id (/pay-with-paypal/{id}) and therefore it was easy to predict. The problem is that the Credit card form has prefilled "credit card holder" field with the Customer's first and last name and hence this can lead to personally identifiable information exposure. Additionally, the mentioned form did not require authentication. The problem has been patched in Sylius/PayPalPlugin 1.2.4 and 1.3.1. If users are unable to update they can override a sylius_paypal_plugin_pay_with_paypal_form route and change its URL parameters to (for example) {orderToken}/{paymentId}, then override the Sylius\\PayPalPlugin\\Controller\\PayWithPayPalFormAction service, to operate on the payment taken from the repository by these 2 values. It would also require usage of custom repository method. Additionally, one could override the @SyliusPayPalPlugin/payWithPaypal.html.twig template, to add contingencies: ['SCA_ALWAYS'] line in hostedFields.submit(...) function call (line 421). It would then have to be handled in the function callback. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41120
CVE-2021-3712 ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3712
CVE-2021-3713 An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3713
CVE-2021-1621 A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of certain Layer 2 frames. An attacker could exploit this vulnerability by sending specific Layer 2 frames on the segment the router is connected to. A successful exploit could allow the attacker to cause a queue wedge on the interface, resulting in a DoS condition. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-1621
CVE-2021-28613 Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Exploitation of this issue requires local access, administrator privileges and user interaction. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-28613
CVE-2021-41093 Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentication cookie. See wire-ios-sync-engine and wire-ios-transport references. This is the root advisory that pulls the changes together. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-41093
CVE-2021-41100 Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as means of authentication by the client for less critical requests to the backend, the ability to change the email address with a short-lived token constitutes a privilege escalation attack. Since the attacker can change the password after setting the email address to one that they control, changing the email address can result in an account takeover by the attacker. Short-lived tokens can be requested from the backend by Wire clients using the long lived tokens, after which the long lived tokens can be stored securely, for example on the devices key chain. The short lived tokens can then be used to authenticate the client towards the backend for frequently performed actions such as sending and receiving messages. While short-lived tokens should not be available to an attacker per-se, they are used more often and in the shape of an HTTP header, increasing the risk of exposure to an attacker relative to the long-lived tokens, which are stored and transmitted in cookies. If you are running an on-prem instance and provision all users with SCIM, you are not affected by this issue (changing email is blocked for SCIM users). SAML single-sign-on is unaffected by this issue, and behaves identically before and after this update. The reason is that the email address used as SAML NameID is stored in a different location in the databse from the one used to contact the user outside wire. Version 2021-08-16 and later provide a new end-point that requires both the long-lived client cookie and `Authorization` header. The old end-point has been removed. If you are running an on-prem instance with at least some of the users invited or provisioned via SAML SSO and you cannot update then you can block `/self/email` on nginz (or in any other proxies or firewalls you may have set up). You don't need to discriminate by verb: `/self/email` only accepts `PUT` and `DELETE`, and `DELETE` is almost never used. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-41100
CVE-2021-31845 A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-31845
CVE-2021-40981 ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\\ASUS\\GamingCenterLib directory. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-40981
CVE-2021-35982 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user via DLL hijacking. Exploitation of this issue requires user interaction. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-35982
CVE-2021-40708 Adobe Genuine Service versions 7.3 (and earlier) are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code. User interaction is required to abuse this vulnerability. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-40708
CVE-2021-41302 ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41302
CVE-2021-20533 IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-20533
CVE-2021-41383 setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-41383
CVE-2021-24397 The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-24397
CVE-2021-24398 The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-24398
CVE-2021-24400 The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-24400
CVE-2021-24401 The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-24401
CVE-2021-24402 The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-24402
CVE-2021-24403 The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-24403
CVE-2021-24511 The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-24511
CVE-2021-24663 The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-24663
CVE-2021-39402 MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-39402
CVE-2021-40099 An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-40099
CVE-2021-34349 A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-34349
CVE-2020-20692 GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-20692
CVE-2021-3561 An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3561
CVE-2020-23267 An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23267
CVE-2021-3583 A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3583
CVE-2021-31836 Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-31836
CVE-2021-1612 A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-1612
CVE-2021-22948 Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-22948
CVE-2021-36286 Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36286
CVE-2021-40490 A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-40490
CVE-2021-32466 An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-32466
CVE-2021-29699 IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29699
CVE-2020-3423 A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The vulnerability is due to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts. An attacker with valid administrative credentials could exploit this vulnerability by submitting a malicious Lua script. When this file is processed, an exploitable buffer overflow condition could occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux OS of the affected device. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-3423
CVE-2020-27339 In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5). 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-27339
CVE-2021-34723 A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-34723
CVE-2021-36283 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-36283
CVE-2017-11189 unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application. NOTE: one of the several test cases in the references may be the same as what was separately reported as CVE-2017-14121. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2017-11189
CVE-2018-11439 The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-11439
CVE-2018-14773 An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects \\Symfony\\Component\\HttpFoundation\\Request::prepareRequestUri() where X-Original-URL and X_REWRITE_URL are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-14773
CVE-2020-3428 A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect parsing of HTTP packets while performing HTTP-based endpoint device classifications. An attacker could exploit this vulnerability by sending a crafted HTTP packet to an affected device. A successful exploit could cause an affected device to reboot, resulting in a DoS condition. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-3428
CVE-2021-3544 Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3544
CVE-2021-3545 An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3545
CVE-2021-20537 IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20537
CVE-2021-37750 The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37750
CVE-2021-3634 A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3634
CVE-2020-19143 Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-19143
CVE-2020-19144 Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-19144
CVE-2021-41395 Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41395
CVE-2021-24585 The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address (along other less sensitive data) of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the edit_posts capability. Combined with the other Unauthorised Event Timeslot Modification issue (https://wpscan.com/reports/submissions/4699/) where an arbitrary user ID can be set, this could allow low privilege users with the edit_posts capability (such as author) to retrieve sensitive User data by iterating over the user_id 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24585
CVE-2020-20902 A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-20902
CVE-2021-39514 An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the function ACLosslessScan::ParseMCU() located in aclosslessscan.cpp. It allows an attacker to cause Denial of Service. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39514
CVE-2021-39532 An issue was discovered in libslax through v0.22.1. A NULL pointer dereference exists in the function slaxLexer() located in slaxlexer.c. It allows an attacker to cause Denial of Service. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39532
CVE-2021-39535 An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer dereference exists in JIT code. It allows an attacker to cause Denial of Service. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39535
CVE-2021-39230 Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39230
CVE-2021-41087 in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versions authenticated attackers posing as functionaries (i.e., within a trusted set of users for a layout) are able to create attestations that may bypass DISALLOW rules in the same layout. An attacker with access to trusted private keys, may issue an attestation that contains a disallowed artifact by including path traversal semantics (e.g., foo vs dir/../foo). Exploiting this vulnerability is dependent on the specific policy applied. The problem has been fixed in version 0.3.0. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41087
CVE-2021-34647 The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34647
CVE-2021-21992 The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21992
CVE-2021-1589 A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A successful exploit could allow the attacker to gain unauthorized access to administrative credentials that could be used in further attacks. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1589
CVE-2021-22018 The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22018
CVE-2021-22950 Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team" 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22950
CVE-2021-36749 In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36749
CVE-2021-40654 An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40654
CVE-2021-31604 furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31604
CVE-2021-41385 The third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenticated user to obtain access to server configuration details via SSRF. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41385
CVE-2021-26587 A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update - HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26587
CVE-2021-24652 The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultp_options values. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24652
CVE-2021-36877 Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36877
CVE-2021-39827 Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39827
CVE-2021-39828 Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39828
CVE-2021-40712 Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40712
CVE-2021-36134 Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent unauthenticated attacker to write to arbitrary memory potentially leading to a Denial of Service (DoS). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36134
CVE-2020-20662 libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_example1.c. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-20662
CVE-2020-20663 libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_connection.c. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-20663
CVE-2020-20664 libiec_iccp_mod v1.5 contains a segmentation violation in the component server_example1.c. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-20664
CVE-2021-35201 NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-35201
CVE-2021-40109 A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed and loads the contents of the file from the redirected-to server. Files of disallowed types can be uploaded. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2021-40109
CVE-2021-39140 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39140
CVE-2021-39216 Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple `externref`s from the host to a Wasm instance at the same time, either by passing multiple `externref`s as arguments from host code to a Wasm function, or returning multiple `externref`s to Wasm from a multi-value return function defined in the host. If you do not have host code that matches one of these shapes, then you are not impacted. If Wasmtime's `VMExternRefActivationsTable` became filled to capacity after passing the first `externref` in, then passing in the second `externref` could trigger a garbage collection. However the first `externref` is not rooted until we pass control to Wasm, and therefore could be reclaimed by the collector if nothing else was holding a reference to it or otherwise keeping it alive. Then, when control was passed to Wasm after the garbage collection, Wasm could use the first `externref`, which at this point has already been freed. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. The bug has been fixed, and users should upgrade to Wasmtime 0.30.0. If you cannot upgrade Wasmtime yet, you can avoid the bug by disabling reference types support in Wasmtime by passing `false` to `wasmtime::Config::wasm_reference_types`. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39216
CVE-2021-39219 Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never use `unsafe` then it should not be possible to have memory unsafety issues in their embeddings of Wasmtime. An issue was discovered in the safe API of `Linker::func_*` APIs. These APIs were previously not sound when one `Engine` was used to create the `Linker` and then a different `Engine` was used to create a `Store` and then the `Linker` was used to instantiate a module into that `Store`. Cross-`Engine` usage of functions is not supported in Wasmtime and this can result in type confusion of function pointers, resulting in being able to safely call a function with the wrong type. Triggering this bug requires using at least two `Engine` values in an embedding and then additionally using two different values with a `Linker` (one at the creation time of the `Linker` and another when instantiating a module with the `Linker`). It's expected that usage of more-than-one `Engine` in an embedding is relatively rare since an `Engine` is intended to be a globally shared resource, so the expectation is that the impact of this issue is relatively small. The fix implemented is to change this behavior to `panic!()` in Rust instead of silently allowing it. Using different `Engine` instances with a `Linker` is a programmer bug that `wasmtime` catches at runtime. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime and are using more than one `Engine` in your embedding it's recommended to instead use only one `Engine` for the entire program if possible. An `Engine` is designed to be a globally shared resource that is suitable to have only one for the lifetime of an entire process. If using multiple `Engine`s is required then code should be audited to ensure that `Linker` is only used with one `Engine`. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39219
CVE-2021-39218 Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses `externref`s, the host creates non-null `externrefs`, Wasmtime performs a garbage collection (GC), and there has to be a Wasm frame on the stack that is at a GC safepoint where there are no live references at this safepoint, and there is a safepoint with live references earlier in this frame's function. Under this scenario, Wasmtime would incorrectly use the GC stack map for the safepoint from earlier in the function instead of the empty safepoint. This would result in Wasmtime treating arbitrary stack slots as `externref`s that needed to be rooted for GC. At the *next* GC, it would be determined that nothing was referencing these bogus `externref`s (because nothing could ever reference them, because they are not really `externref`s) and then Wasmtime would deallocate them and run `<ExternRef as Drop>::drop` on them. This results in a free of memory that is not necessarily on the heap (and shouldn't be freed at this moment even if it was), as well as potential out-of-bounds reads and writes. Even though support for `externref`s (via the reference types proposal) is enabled by default, unless you are creating non-null `externref`s in your host code or explicitly triggering GCs, you cannot be affected by this bug. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime at this time, you can avoid this bug by disabling the reference types proposal by passing `false` to `wasmtime::Config::wasm_reference_types`. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39218
CVE-2021-39845 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39845
CVE-2021-41091 Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41091
CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-11358
CVE-2019-12823 Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-12823
CVE-2020-9281 A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-9281
CVE-2020-25901 Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25901
CVE-2021-20208 A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-20208
CVE-2021-24286 The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24286
CVE-2021-24287 The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24287
CVE-2021-33829 A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-33829
CVE-2021-39307 PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-39307
CVE-2021-24657 The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24657
CVE-2020-19915 Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-19915
CVE-2021-39325 The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-39325
CVE-2021-34650 The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-34650
CVE-2021-20829 Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-20829
CVE-2021-23443 This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23443
CVE-2021-40868 In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40868
CVE-2020-19554 Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-19554
CVE-2021-37860 Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-37860
CVE-2021-3824 OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3824
CVE-2021-39246 Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network). 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-39246
CVE-2016-6555 OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2016-6555
CVE-2016-6556 OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2016-6556
CVE-2020-20508 Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-20508
CVE-2021-23054 On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23054
CVE-2021-40105 An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40105
CVE-2021-40106 An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40106
CVE-2021-24632 The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24632
CVE-2021-40711 Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40711
CVE-2021-40714 Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40714
CVE-2021-30086 Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-30086
CVE-2021-37267 Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-37267
CVE-2021-20554 IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-20554
CVE-2021-40921 Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40921
CVE-2021-40922 Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40922
CVE-2021-40923 Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40923
CVE-2021-40924 Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40924
CVE-2021-40925 Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER["PHP_SELF"] parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40925
CVE-2021-40926 Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40926
CVE-2021-40927 Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40927
CVE-2021-40928 Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40928
CVE-2021-40968 Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40968
CVE-2021-40969 Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40969
CVE-2021-40970 Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40970
CVE-2021-40971 Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40971
CVE-2021-40972 Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40972
CVE-2021-40973 Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40973
CVE-2021-40975 Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40975
CVE-2021-41461 Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41461
CVE-2021-41462 Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41462
CVE-2021-41463 Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41463
CVE-2021-41464 Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41464
CVE-2021-41465 Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41465
CVE-2021-41467 Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41467
CVE-2021-29795 IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557. 6 https://nvd.nist.gov/vuln/detail/CVE-2021-29795
CVE-2021-40530 The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-40530
CVE-2021-3806 A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-3806
CVE-2021-38153 Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-38153
CVE-2021-40713 Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-40713
CVE-2021-1625 A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying traffic. This vulnerability exists because ICMP and UDP responder-to-initiator flows are not inspected when the Zone-Based Policy Firewall has either Unified Threat Defense (UTD) or Application Quality of Experience (AppQoE) configured. An attacker could exploit this vulnerability by attempting to send UDP or ICMP flows through the network. A successful exploit could allow the attacker to inject traffic through the Zone-Based Policy Firewall, resulting in traffic being dropped because it is incorrectly classified or in incorrect reporting figures being produced by high-speed logging (HSL). 5.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1625
CVE-2021-34696 A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. 5.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34696
CVE-2021-35203 NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-35203
CVE-2021-41101 wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `.wire.com` (including `wire.com`). This means that if somebody were to find an XSS vector in any of the subdomains, they could use it to talk to the Wire API using the user's Cookie. A patch does not exist, but a workaround does. To make sure that a compromise of one subdomain does not yield access to the cookie of another, one may limit the `Access-Control-Allow-Origin` header to apps that actually require the cookie (account-pages, team-settings and the webapp). 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-41101
CVE-2017-14121 The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2017-14121
CVE-2019-19797 read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2019-19797
CVE-2020-15250 In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15250
CVE-2020-4944 IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-4944
CVE-2020-21675 A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-21675
CVE-2020-21676 A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-21676
CVE-2021-1810 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1810
CVE-2020-21530 fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-21530
CVE-2020-21535 fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-21535
CVE-2021-31842 XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31842
CVE-2020-21913 International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-21913
CVE-2021-32269 An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32269
CVE-2021-32270 An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32270
CVE-2021-32275 An issue was discovered in faust through v2.30.5. A NULL pointer dereference exists in the function CosPrim::computeSigOutput() located in cosprim.hh. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32275
CVE-2021-32276 An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32276
CVE-2021-32280 An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32280
CVE-2021-32282 An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ircode_add_check() located in gravity_ircode.c. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32282
CVE-2021-32283 An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function gravity_string_to_value() located in gravity_value.c. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32283
CVE-2021-32285 An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function list_iterator_next() located in gravity_core.c. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32285
CVE-2021-32289 An issue was discovered in heif through through v3.6.2. A NULL pointer dereference exists in the function convertByteStreamToRBSP() located in nalutil.cpp. It allows an attacker to cause Denial of Service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32289
CVE-2021-41525 An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41525
CVE-2020-23266 An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23266
CVE-2020-23269 An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23269
CVE-2020-23273 Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23273
CVE-2021-1546 A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1546
CVE-2021-22020 The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22020
CVE-2021-20435 IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20435
CVE-2021-38863 IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38863
CVE-2021-41581 x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\\0' termination. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41581
CVE-2021-21742 There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21742
CVE-2021-0421 In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381235. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0421
CVE-2021-0422 In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381071. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0422
CVE-2021-0423 In memory management driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05385714. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0423
CVE-2021-0424 In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05393787. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0424
CVE-2021-0425 In memory management driver, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05400059. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0425
CVE-2021-29358 A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to cause a denial of service (DOS) via a crafted PVR file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29358
CVE-2021-39849 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39849
CVE-2021-39850 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39850
CVE-2021-39851 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39851
CVE-2021-39852 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39852
CVE-2021-39853 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39853
CVE-2021-39854 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39854
CVE-2021-40716 XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40716
CVE-2018-10023 Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenticated comment). 5.4 https://nvd.nist.gov/vuln/detail/CVE-2018-10023
CVE-2021-24176 The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24176
CVE-2021-32808 ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-32808
CVE-2021-32809 ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-32809
CVE-2021-37695 ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-37695
CVE-2021-41391 In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-41391
CVE-2021-24582 The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24582
CVE-2021-24584 The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the edit_posts capability (contributor+) to update arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be perform via CSRF against a logged in with such capability. In versions before 2.3.19, the lack of sanitisation and escaping in some of the fields, like the descritption could also lead to Stored XSS issues 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24584
CVE-2021-24587 The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24587
CVE-2021-24597 The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24597
CVE-2021-24618 The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user (as low as subscriber), or unauthenticated user via a CSRF vector to update them and perform such attack. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24618
CVE-2021-24635 The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24635
CVE-2021-24637 The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gutenberg block. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24637
CVE-2021-24640 The WordPress Slider Block Gutenslider plugin before 5.2.0 does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24640
CVE-2020-19553 Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-19553
CVE-2021-41086 jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying _anything_ from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to `innerHTML` allowing for javascript injection and thus XSS. Users are advised to update to version 4.9.11 to resolve. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-41086
CVE-2021-36872 Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type]. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-36872
CVE-2021-20484 IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197666. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20484
CVE-2021-29800 IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-29800
CVE-2021-36873 Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-36873
CVE-2021-38870 IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208343. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-38870
CVE-2021-40100 An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-40100
CVE-2021-40310 OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-40310
CVE-2021-3830 btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3830
CVE-2021-3799 grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3799
CVE-2021-24634 The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings), which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24634
CVE-2021-24643 The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24643
CVE-2021-24659 The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24659
CVE-2021-24660 The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24660
CVE-2021-24670 The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24670
CVE-2021-24671 The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the time_zone attribute of the mxmtzc_time_zone_clocks shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24671
CVE-2021-36841 Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-36841
CVE-2020-20695 A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-20695
CVE-2020-20696 A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-20696
CVE-2021-37271 Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-37271
CVE-2021-29834 IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204832. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-29834
CVE-2020-20129 LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-20129
CVE-2020-20131 LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-20131
CVE-2020-20781 A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-20781
CVE-2021-35198 NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-35198
CVE-2021-35199 NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-35199
CVE-2021-35204 NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-35204
CVE-2021-35205 NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-35205
CVE-2020-20799 JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-20799
CVE-2021-34354 A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-34354
CVE-2021-34355 A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-34355
CVE-2021-34356 A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-34356
CVE-2021-38675 A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-38675
CVE-2021-41092 Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-41092
CVE-2018-20217 A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2018-20217
CVE-2021-28116 Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-28116
CVE-2021-28169 For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-28169
CVE-2020-24141 Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute command on services 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-24141
CVE-2021-20498 IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requets that could be used in further attacks against the system. IBM X-Force ID: 197972. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20498
CVE-2020-21936 An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to access the components GetStationSettings, GetWebsiteFilterSettings and GetNetworkSettings without authentication. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-21936
CVE-2021-26085 Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-26085
CVE-2021-26086 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-26086
CVE-2016-20012 OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2016-20012
CVE-2021-41394 Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41394
CVE-2019-16651 An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and DNS rebinding to leak the WAN IP address of a user (if they are using certain VPN implementations, this would decloak them). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-16651
CVE-2021-39339 The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39339
CVE-2021-41381 Payara Micro Community 5.2021.6 and below allows Directory Traversal. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41381
CVE-2020-24327 Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-24327
CVE-2021-31923 Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-31923
CVE-2021-40349 e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack that results in information disclosure via the "GET /.." substring. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-40349
CVE-2021-3818 grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3818
CVE-2021-39342 The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39342
CVE-2021-32672 Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32672
CVE-2021-41118 The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings['functionalRichness'] = 0;` or disable DynamicPageList3 to mitigate. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41118
CVE-2021-41123 Survey Solutions is a survey management and data collection system. In affected versions the Headquarters application publishes /metrics endpoint available to any user. None of the survey answers are ever exposed, only the aggregate counters, including count of interviews, or count of assignments. Starting from version 21.09.1 the endpoint is turned off by default. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41123
CVE-2021-20496 IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-20496
CVE-2021-20511 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-20511
CVE-2021-0660 In ccu, there is a possible out of bounds read due to incorrect error handling. This could lead to information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827145; Issue ID: ALPS05827145. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-0660
CVE-2021-21569 Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-21569
CVE-2021-21570 Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-21570
CVE-2021-20524 IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20524
CVE-2021-25737 A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25737
CVE-2021-24530 The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24530
CVE-2021-24596 The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24596
CVE-2021-24600 The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24600
CVE-2021-24604 The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24604
CVE-2021-24609 The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24609
CVE-2021-24613 The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24613
CVE-2021-39404 MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39404
CVE-2020-19949 A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-19949
CVE-2020-19950 A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-19950
CVE-2021-24569 The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfiltered_html capability is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24569
CVE-2021-24610 The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24610
CVE-2021-36875 Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Vulnerable parameters: &filter[id], &filter[user], &filter[expired_date], &filter[created_date], &filter[updated_date]. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36875
CVE-2021-35200 NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35200
CVE-2021-41114 TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in TYPO3-CORE-SA-2014-001 (CVE-2014-3941). A regression, introduced during TYPO3 v11 development, led to this situation. The already existing setting $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] (used as an effective mitigation strategy in previous TYPO3 versions) was not evaluated anymore, and reintroduced the vulnerability. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41114
CVE-2018-5729 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2018-5729
CVE-2021-20500 IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20500
CVE-2021-20510 IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20510
CVE-2021-20434 IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20434
CVE-2021-20317 A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20317
CVE-2021-21522 Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-21522
CVE-2021-36284 Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-36284
CVE-2021-36285 Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-36285
CVE-2019-3820 It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-3820
CVE-2021-24583 The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be performed via CSRF against a logged in with such capability 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24583
CVE-2021-34648 The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-34648
CVE-2020-4941 IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-4941
CVE-2021-20485 IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20485
CVE-2021-20563 IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 199234. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20563
CVE-2021-22868 A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This vulnerability was reported via the GitHub Bug Bounty program. This is the result of an incomplete fix for CVE-2021-22867. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22868
CVE-2021-36878 Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-36878
CVE-2021-24633 The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24633
CVE-2021-24661 The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24661
CVE-2021-39835 Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a use-after-free vulnerability in the processing of a malformed PDF file that could result in disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39835
CVE-2021-39857 Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to check for existence of local files. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39857
CVE-2021-35202 NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-35202
CVE-2021-39347 The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases with their payment accounts. This affects versions 3.0.0 - 3.3.9. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39347
CVE-2021-41122 Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41122
CVE-2021-41094 Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, however it will fail silently if no device passcode is set. The user has no indication that encryption at rest is not active since the feature is hidden to them. This issue has been resolved in version 3.70 4.2 https://nvd.nist.gov/vuln/detail/CVE-2021-41094
CVE-2020-8561 A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs. 4.1 https://nvd.nist.gov/vuln/detail/CVE-2020-8561
CVE-2018-5730 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. 3.8 https://nvd.nist.gov/vuln/detail/CVE-2018-5730
CVE-2021-34428 For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. 3.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34428
CVE-2021-20534 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814 3.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20534
CVE-2021-41533 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565). 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41533
CVE-2021-41534 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703). 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41534
CVE-2021-41538 A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770). 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41538
CVE-2021-39833 Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39833
CVE-2021-39834 Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39834
CVE-2021-39844 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39844
CVE-2021-39858 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39858
CVE-2021-39860 Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to disclose sensitive user memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39860
CVE-2021-39861 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39861
CVE-2021-39862 Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39862
CVE-2021-39865 Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39865
CVE-2021-40697 Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-40697
CVE-2021-21089 Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21089
CVE-2021-25740 A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. 3.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25740
CVE-2021-39856 Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. 3.1 https://nvd.nist.gov/vuln/detail/CVE-2021-39856
CVE-2021-41089 Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. 2.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41089
CVE-2021-28163 In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. 2.7 https://nvd.nist.gov/vuln/detail/CVE-2021-28163
CVE-2021-20499 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973 2.7 https://nvd.nist.gov/vuln/detail/CVE-2021-20499
CVE-2021-20523 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660 2.7 https://nvd.nist.gov/vuln/detail/CVE-2021-20523
CVE-2021-20377 IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569. 2.7 https://nvd.nist.gov/vuln/detail/CVE-2021-20377
CVE-2006-4472 Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task. https://nvd.nist.gov/vuln/detail/CVE-2006-4472
CVE-2006-4471 The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2006-4471
CVE-2006-4470 Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion. https://nvd.nist.gov/vuln/detail/CVE-2006-4470
CVE-2006-4469 Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws." https://nvd.nist.gov/vuln/detail/CVE-2006-4469
CVE-2006-4468 Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module. https://nvd.nist.gov/vuln/detail/CVE-2006-4468
CVE-2007-4190 CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information. https://nvd.nist.gov/vuln/detail/CVE-2007-4190
CVE-2007-4189 Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information. https://nvd.nist.gov/vuln/detail/CVE-2007-4189
CVE-2007-4188 Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors. https://nvd.nist.gov/vuln/detail/CVE-2007-4188
CVE-2007-5577 Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item. https://nvd.nist.gov/vuln/detail/CVE-2007-5577
CVE-2008-4796 The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. https://nvd.nist.gov/vuln/detail/CVE-2008-4796
CVE-2013-1164 Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets, aka Bug ID CSCtz97563. https://nvd.nist.gov/vuln/detail/CVE-2013-1164
CVE-2013-1165 Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293. https://nvd.nist.gov/vuln/detail/CVE-2013-1165
CVE-2013-1166 Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609. https://nvd.nist.gov/vuln/detail/CVE-2013-1166
CVE-2013-1167 Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558. https://nvd.nist.gov/vuln/detail/CVE-2013-1167
CVE-2013-2779 Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 MVPN (aka MVPNv6) packets, aka Bug ID CSCub34945, a different vulnerability than CVE-2013-1164. https://nvd.nist.gov/vuln/detail/CVE-2013-2779
CVE-2013-5543 Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470. https://nvd.nist.gov/vuln/detail/CVE-2013-5543
CVE-2013-5545 The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936. https://nvd.nist.gov/vuln/detail/CVE-2013-5545
CVE-2013-5546 The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509. https://nvd.nist.gov/vuln/detail/CVE-2013-5546
CVE-2013-5547 Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269. https://nvd.nist.gov/vuln/detail/CVE-2013-5547
CVE-2012-1366 Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544. https://nvd.nist.gov/vuln/detail/CVE-2012-1366
CVE-2012-5017 Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268. https://nvd.nist.gov/vuln/detail/CVE-2012-5017
CVE-2012-5723 Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948. https://nvd.nist.gov/vuln/detail/CVE-2012-5723
CVE-2014-2183 The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. https://nvd.nist.gov/vuln/detail/CVE-2014-2183
CVE-2014-3284 Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. https://nvd.nist.gov/vuln/detail/CVE-2014-3284
CVE-2014-3704 The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. https://nvd.nist.gov/vuln/detail/CVE-2014-3704
CVE-2021-22945 When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. https://nvd.nist.gov/vuln/detail/CVE-2021-22945
CVE-2021-33907 The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context. https://nvd.nist.gov/vuln/detail/CVE-2021-33907
CVE-2021-34408 The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege escalation if a link was created between the user writable directory used and a non-user writable directory. https://nvd.nist.gov/vuln/detail/CVE-2021-34408
CVE-2021-34409 User-writable pre and post-install scripts unpacked during the Zoom Client for Meetings for MacOS installation before version 5.2.0 allow for privilege escalation to root. https://nvd.nist.gov/vuln/detail/CVE-2021-34409
CVE-2021-34410 A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root. https://nvd.nist.gov/vuln/detail/CVE-2021-34410
CVE-2021-34411 During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation. https://nvd.nist.gov/vuln/detail/CVE-2021-34411
CVE-2021-34412 During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation. https://nvd.nist.gov/vuln/detail/CVE-2021-34412
CVE-2021-34413 All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the malicious application to execute in a privileged context. https://nvd.nist.gov/vuln/detail/CVE-2021-34413
CVE-2021-34414 The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room Connector before version 4.4.6620.20201110, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network proxy configuration, which could lead to remote command injection on the on-premise image by a web portal administrator. https://nvd.nist.gov/vuln/detail/CVE-2021-34414
CVE-2021-34415 The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash. https://nvd.nist.gov/vuln/detail/CVE-2021-34415
CVE-2021-34416 The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators. https://nvd.nist.gov/vuln/detail/CVE-2021-34416
CVE-2021-41318 In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser. https://nvd.nist.gov/vuln/detail/CVE-2021-41318
CVE-2020-20120 ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods. https://nvd.nist.gov/vuln/detail/CVE-2020-20120
CVE-2020-20122 Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. https://nvd.nist.gov/vuln/detail/CVE-2020-20122
CVE-2020-20124 Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \\attachment\\admin\\index.php. https://nvd.nist.gov/vuln/detail/CVE-2020-20124
CVE-2020-20125 EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_web\\espcms_load.php. https://nvd.nist.gov/vuln/detail/CVE-2020-20125
CVE-2021-33923 Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database). https://nvd.nist.gov/vuln/detail/CVE-2021-33923
CVE-2021-33924 Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2021-33924
CVE-2021-40651 OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file. https://nvd.nist.gov/vuln/detail/CVE-2021-40651
CVE-2021-25959 In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance. https://nvd.nist.gov/vuln/detail/CVE-2021-25959
CVE-2021-25960 In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the data as a CSV file and opens it, the payload gets executed. This was not fixed properly as part of CVE-2020-15301, allowing the attacker to bypass the security measure. https://nvd.nist.gov/vuln/detail/CVE-2021-25960
CVE-2021-25961 In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id. https://nvd.nist.gov/vuln/detail/CVE-2021-25961
CVE-2021-25962 “Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed. https://nvd.nist.gov/vuln/detail/CVE-2021-25962
CVE-2021-39836 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetIcon action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. https://nvd.nist.gov/vuln/detail/CVE-2021-39836
CVE-2021-39846 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader. https://nvd.nist.gov/vuln/detail/CVE-2021-39846
CVE-2021-39855 Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page. https://nvd.nist.gov/vuln/detail/CVE-2021-39855
CVE-2021-23446 The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function. https://nvd.nist.gov/vuln/detail/CVE-2021-23446
CVE-2021-41573 Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and before the link expires. If the system has been upgraded to version 4.4.5 or 4.5.0 a malicious user with the link could browse and download all files of the authenticated user that created the link . https://nvd.nist.gov/vuln/detail/CVE-2021-41573
CVE-2021-41732 An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that will invalidate any ZEEK HTTP based security analysis. https://nvd.nist.gov/vuln/detail/CVE-2021-41732
CVE-2020-12030 There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. https://nvd.nist.gov/vuln/detail/CVE-2020-12030
CVE-2021-22947 When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server. https://nvd.nist.gov/vuln/detail/CVE-2021-22947
CVE-2021-3653 A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7. https://nvd.nist.gov/vuln/detail/CVE-2021-3653
CVE-2021-41795 The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web page could read a subset of 1Password vault items that would normally be fillable by the user on that web page. These items are usernames and passwords for vault items associated with its domain, usernames and passwords without a domain association, credit cards, and contact items. (1Password must be unlocked for these items to be accessible, but no further user interaction is required.) https://nvd.nist.gov/vuln/detail/CVE-2021-41795
CVE-2021-41034 The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che. https://nvd.nist.gov/vuln/detail/CVE-2021-41034
CVE-2021-41821 Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager. https://nvd.nist.gov/vuln/detail/CVE-2021-41821
CVE-2021-41824 Craft CMS before 3.7.14 allows CSV injection. https://nvd.nist.gov/vuln/detail/CVE-2021-41824
CVE-2021-41826 PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect. https://nvd.nist.gov/vuln/detail/CVE-2021-41826
CVE-2020-18684 Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. https://nvd.nist.gov/vuln/detail/CVE-2020-18684
CVE-2021-25963 In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped. https://nvd.nist.gov/vuln/detail/CVE-2021-25963
CVE-2021-41616 Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used ObjectInputStream.readObject without validating that the input data was safe to deserialize. Please note that DdlUtils is no longer being actively developed. To address the insecurity of the BinaryObjectHelper class, the following changes to DdlUtils have been made: (1) BinaryObjectsHelper.java has been deleted from the DdlUtils source repository and the DdlUtils feature of propagating data of SQL binary types is therefore no longer present in DdlUtils; (2) The ddlutils-1.0 release has been removed from the Apache Release Distribution Infrastructure; (3) The DdlUtils web site has been updated to indicate that DdlUtils is now available only as source code, not as a packaged release. https://nvd.nist.gov/vuln/detail/CVE-2021-41616
CVE-2021-41294 ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Using the specific GET parameter, unauthenticated attackers can remotely delete arbitrary files on the affected device and cause denial of service scenario. https://nvd.nist.gov/vuln/detail/CVE-2021-41294
CVE-2021-41729 BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on the server through /user/ppsave.php. https://nvd.nist.gov/vuln/detail/CVE-2021-41729
CVE-2021-24016 An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host. https://nvd.nist.gov/vuln/detail/CVE-2021-24016
CVE-2021-24017 An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler. https://nvd.nist.gov/vuln/detail/CVE-2021-24017
CVE-2021-41288 Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. https://nvd.nist.gov/vuln/detail/CVE-2021-41288
CVE-2021-41323 Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter. https://nvd.nist.gov/vuln/detail/CVE-2021-41323
CVE-2021-41325 Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.) https://nvd.nist.gov/vuln/detail/CVE-2021-41325
CVE-2021-33583 REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file. https://nvd.nist.gov/vuln/detail/CVE-2021-33583
CVE-2020-20746 A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg. https://nvd.nist.gov/vuln/detail/CVE-2020-20746
CVE-2021-41324 Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete). https://nvd.nist.gov/vuln/detail/CVE-2021-41324
CVE-2021-33626 In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the PnpSmm, SmmResourceCheckDxe, and BeepStatusCode drivers are 05.08.23, 05.16.23, 05.26.23, 05.35.23, 05.43.23, and 05.51.23 (for Kernel 5.0 through 5.5). https://nvd.nist.gov/vuln/detail/CVE-2021-33626
CVE-2021-3709 Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; https://nvd.nist.gov/vuln/detail/CVE-2021-3709
CVE-2021-3710 An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; https://nvd.nist.gov/vuln/detail/CVE-2021-3710
CVE-2021-23893 Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer. https://nvd.nist.gov/vuln/detail/CVE-2021-23893
CVE-2021-41456 There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2021-41456
CVE-2021-41457 There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2021-41457
CVE-2021-41459 There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2021-41459
CVE-2021-35297 Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SEH) records and redirect execution to attacker-controlled code. https://nvd.nist.gov/vuln/detail/CVE-2021-35297
CVE-2021-40960 Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow. https://nvd.nist.gov/vuln/detail/CVE-2021-40960
CVE-2021-41648 An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input. https://nvd.nist.gov/vuln/detail/CVE-2021-41648
CVE-2021-41649 An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input. https://nvd.nist.gov/vuln/detail/CVE-2021-41649
CVE-2021-29108 There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker to impersonate another account. https://nvd.nist.gov/vuln/detail/CVE-2021-29108
CVE-2021-29109 A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. https://nvd.nist.gov/vuln/detail/CVE-2021-29109
CVE-2021-29110 Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. https://nvd.nist.gov/vuln/detail/CVE-2021-29110
CVE-2021-3825 On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials. https://nvd.nist.gov/vuln/detail/CVE-2021-3825
CVE-2021-41647 An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user. https://nvd.nist.gov/vuln/detail/CVE-2021-41647
CVE-2021-38097 Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. https://nvd.nist.gov/vuln/detail/CVE-2021-38097
CVE-2020-21012 Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. https://nvd.nist.gov/vuln/detail/CVE-2020-21012
CVE-2020-21013 emlog v6.0.0 contains a SQL injection via /admin/comment.php. https://nvd.nist.gov/vuln/detail/CVE-2020-21013
CVE-2020-21014 emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php. https://nvd.nist.gov/vuln/detail/CVE-2020-21014
CVE-2021-38096 Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. https://nvd.nist.gov/vuln/detail/CVE-2021-38096
CVE-2021-38099 CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. This is different from CVE-2021-38101. https://nvd.nist.gov/vuln/detail/CVE-2021-38099
CVE-2021-38103 IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. https://nvd.nist.gov/vuln/detail/CVE-2021-38103
CVE-2021-38104 IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. https://nvd.nist.gov/vuln/detail/CVE-2021-38104
CVE-2021-41845 A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. https://nvd.nist.gov/vuln/detail/CVE-2021-41845
CVE-2020-21228 JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. https://nvd.nist.gov/vuln/detail/CVE-2020-21228
CVE-2021-36298 Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity. https://nvd.nist.gov/vuln/detail/CVE-2021-36298
CVE-2021-36309 Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\\Radius credentials stored to read sensitive information and use it in further attacks. https://nvd.nist.gov/vuln/detail/CVE-2021-36309
CVE-2021-38098 Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. https://nvd.nist.gov/vuln/detail/CVE-2021-38098
CVE-2021-38100 Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. https://nvd.nist.gov/vuln/detail/CVE-2021-38100
CVE-2021-38101 CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. This is different from CVE-2021-38099. https://nvd.nist.gov/vuln/detail/CVE-2021-38101
CVE-2021-38102 IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is different from CVE-2021-38105. https://nvd.nist.gov/vuln/detail/CVE-2021-38102
CVE-2021-38105 IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is different from CVE-2021-38102. https://nvd.nist.gov/vuln/detail/CVE-2021-38105
CVE-2021-38106 UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. https://nvd.nist.gov/vuln/detail/CVE-2021-38106
CVE-2021-38110 Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file. https://nvd.nist.gov/vuln/detail/CVE-2021-38110
CVE-2021-41847 An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credentials. Also, an authorized user of one zone can send API requests to unlock electronic locks associated with zones they are unauthorized to have access to. They can also create new user logins for zones they were not authorized to access, including the root zone of the software. https://nvd.nist.gov/vuln/detail/CVE-2021-41847
CVE-2021-38107 CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file. https://nvd.nist.gov/vuln/detail/CVE-2021-38107
CVE-2021-38108 Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file. https://nvd.nist.gov/vuln/detail/CVE-2021-38108
CVE-2021-38109 Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file. https://nvd.nist.gov/vuln/detail/CVE-2021-38109
CVE-2021-41862 AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL). https://nvd.nist.gov/vuln/detail/CVE-2021-41862
CVE-2021-41864 prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. https://nvd.nist.gov/vuln/detail/CVE-2021-41864
CVE-2021-41861 The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory. https://nvd.nist.gov/vuln/detail/CVE-2021-41861
CVE-2021-21704 In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption. https://nvd.nist.gov/vuln/detail/CVE-2021-21704
CVE-2021-21705 In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision. https://nvd.nist.gov/vuln/detail/CVE-2021-21705
CVE-2021-21706 In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions. https://nvd.nist.gov/vuln/detail/CVE-2021-21706
CVE-2021-40323 Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. https://nvd.nist.gov/vuln/detail/CVE-2021-40323
CVE-2021-40324 Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. https://nvd.nist.gov/vuln/detail/CVE-2021-40324
CVE-2021-40325 Cobbler before 3.3.0 allows authorization bypass for modification of settings. https://nvd.nist.gov/vuln/detail/CVE-2021-40325
CVE-2021-41285 Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call (mapping physical memory into a virtual address space). Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITY\\SYSTEM. https://nvd.nist.gov/vuln/detail/CVE-2021-41285
CVE-2021-41322 Poly VVX 400/410 through 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process. https://nvd.nist.gov/vuln/detail/CVE-2021-41322
CVE-2021-41869 SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. https://nvd.nist.gov/vuln/detail/CVE-2021-41869
CVE-2021-22557 SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173 https://nvd.nist.gov/vuln/detail/CVE-2021-22557
CVE-2021-24465 The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned values to be manipulated in a way that could lead to data disclosure and arbitrary objects to be deserialized. https://nvd.nist.gov/vuln/detail/CVE-2021-24465
CVE-2021-24654 The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed https://nvd.nist.gov/vuln/detail/CVE-2021-24654
CVE-2021-24673 The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. https://nvd.nist.gov/vuln/detail/CVE-2021-24673
CVE-2021-24676 The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue https://nvd.nist.gov/vuln/detail/CVE-2021-24676
CVE-2021-24678 The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks https://nvd.nist.gov/vuln/detail/CVE-2021-24678
CVE-2021-24679 The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue https://nvd.nist.gov/vuln/detail/CVE-2021-24679
CVE-2021-24687 The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. https://nvd.nist.gov/vuln/detail/CVE-2021-24687
CVE-2021-41878 A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console. https://nvd.nist.gov/vuln/detail/CVE-2021-41878
CVE-2021-41511 The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication. https://nvd.nist.gov/vuln/detail/CVE-2021-41511
CVE-2021-37330 Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar, an XSS will trigger. https://nvd.nist.gov/vuln/detail/CVE-2021-37330
CVE-2021-37331 Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL. https://nvd.nist.gov/vuln/detail/CVE-2021-37331
CVE-2021-37333 Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser. https://nvd.nist.gov/vuln/detail/CVE-2021-37333
CVE-2021-37777 Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure. https://nvd.nist.gov/vuln/detail/CVE-2021-37777
CVE-2021-38822 A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands. https://nvd.nist.gov/vuln/detail/CVE-2021-38822
CVE-2021-38823 The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser. https://nvd.nist.gov/vuln/detail/CVE-2021-38823
CVE-2021-39486 A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser. https://nvd.nist.gov/vuln/detail/CVE-2021-39486
CVE-2021-41867 An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature. https://nvd.nist.gov/vuln/detail/CVE-2021-41867
CVE-2021-41868 OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. https://nvd.nist.gov/vuln/detail/CVE-2021-41868
CVE-2021-25964 In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered. https://nvd.nist.gov/vuln/detail/CVE-2021-25964
CVE-2020-28119 Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window. https://nvd.nist.gov/vuln/detail/CVE-2020-28119
CVE-2021-22259 A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API. https://nvd.nist.gov/vuln/detail/CVE-2021-22259
CVE-2021-35296 An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path. https://nvd.nist.gov/vuln/detail/CVE-2021-35296
CVE-2021-36850 Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state. https://nvd.nist.gov/vuln/detail/CVE-2021-36850
CVE-2021-39868 In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export. https://nvd.nist.gov/vuln/detail/CVE-2021-39868
CVE-2021-39871 In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call. https://nvd.nist.gov/vuln/detail/CVE-2021-39871
CVE-2021-39873 In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response. https://nvd.nist.gov/vuln/detail/CVE-2021-39873
CVE-2021-39874 In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands. https://nvd.nist.gov/vuln/detail/CVE-2021-39874
CVE-2021-39877 A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file. https://nvd.nist.gov/vuln/detail/CVE-2021-39877
CVE-2021-39879 Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication https://nvd.nist.gov/vuln/detail/CVE-2021-39879
CVE-2021-39883 Improper authorization checks in GitLab EE > 13.11 allows subgroup members to see epics from all parent subgroups. https://nvd.nist.gov/vuln/detail/CVE-2021-39883
CVE-2021-39885 A Stored XSS in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names https://nvd.nist.gov/vuln/detail/CVE-2021-39885
CVE-2021-39896 In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues. https://nvd.nist.gov/vuln/detail/CVE-2021-39896
CVE-2021-39899 In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations. https://nvd.nist.gov/vuln/detail/CVE-2021-39899
CVE-2021-39900 Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs. https://nvd.nist.gov/vuln/detail/CVE-2021-39900
CVE-2021-40683 In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution. https://nvd.nist.gov/vuln/detail/CVE-2021-40683
CVE-2021-41103 containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. https://nvd.nist.gov/vuln/detail/CVE-2021-41103
CVE-2021-41530 Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured. https://nvd.nist.gov/vuln/detail/CVE-2021-41530
CVE-2021-41591 ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. https://nvd.nist.gov/vuln/detail/CVE-2021-41591
CVE-2021-41592 Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. https://nvd.nist.gov/vuln/detail/CVE-2021-41592
CVE-2021-41593 Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure. https://nvd.nist.gov/vuln/detail/CVE-2021-41593
CVE-2021-41595 SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality. https://nvd.nist.gov/vuln/detail/CVE-2021-41595
CVE-2021-41596 SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality. https://nvd.nist.gov/vuln/detail/CVE-2021-41596
CVE-2021-23855 The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables. https://nvd.nist.gov/vuln/detail/CVE-2021-23855
CVE-2021-23856 The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. https://nvd.nist.gov/vuln/detail/CVE-2021-23856
CVE-2021-23857 Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system. https://nvd.nist.gov/vuln/detail/CVE-2021-23857
CVE-2021-23858 Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource. https://nvd.nist.gov/vuln/detail/CVE-2021-23858
CVE-2021-32628 Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. https://nvd.nist.gov/vuln/detail/CVE-2021-32628
CVE-2021-38392 A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world. https://nvd.nist.gov/vuln/detail/CVE-2021-38392
CVE-2021-38394 An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted. https://nvd.nist.gov/vuln/detail/CVE-2021-38394
CVE-2021-38396 The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB. https://nvd.nist.gov/vuln/detail/CVE-2021-38396
CVE-2021-38398 The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities. https://nvd.nist.gov/vuln/detail/CVE-2021-38398
CVE-2021-38400 An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password. https://nvd.nist.gov/vuln/detail/CVE-2021-38400
CVE-2021-38618 In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement. https://nvd.nist.gov/vuln/detail/CVE-2021-38618
CVE-2021-41578 mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This would typically lead to code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-41578
CVE-2021-41579 LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution. https://nvd.nist.gov/vuln/detail/CVE-2021-41579
CVE-2021-41651 A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php. https://nvd.nist.gov/vuln/detail/CVE-2021-41651
CVE-2020-21386 A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. https://nvd.nist.gov/vuln/detail/CVE-2020-21386
CVE-2020-21387 A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. https://nvd.nist.gov/vuln/detail/CVE-2020-21387
CVE-2021-39433 A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. https://nvd.nist.gov/vuln/detail/CVE-2021-39433
CVE-2020-21431 HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. https://nvd.nist.gov/vuln/detail/CVE-2020-21431
CVE-2020-21434 Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field. https://nvd.nist.gov/vuln/detail/CVE-2020-21434
CVE-2020-21493 An issue in the component route\\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames. https://nvd.nist.gov/vuln/detail/CVE-2020-21493
CVE-2020-21494 A cross-site scripting (XSS) vulnerability in the component install\\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0. https://nvd.nist.gov/vuln/detail/CVE-2020-21494
CVE-2020-21495 A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter. https://nvd.nist.gov/vuln/detail/CVE-2020-21495
CVE-2020-21496 A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter. https://nvd.nist.gov/vuln/detail/CVE-2020-21496
CVE-2021-42006 An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file. https://nvd.nist.gov/vuln/detail/CVE-2021-42006
CVE-2021-42008 The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. https://nvd.nist.gov/vuln/detail/CVE-2021-42008
CVE-2021-41524 While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. https://nvd.nist.gov/vuln/detail/CVE-2021-41524
CVE-2021-41773 A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. https://nvd.nist.gov/vuln/detail/CVE-2021-41773
CVE-2021-35503 Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. https://nvd.nist.gov/vuln/detail/CVE-2021-35503
CVE-2021-35504 Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. https://nvd.nist.gov/vuln/detail/CVE-2021-35504
CVE-2021-35505 Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. https://nvd.nist.gov/vuln/detail/CVE-2021-35505
CVE-2021-37223 Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files. https://nvd.nist.gov/vuln/detail/CVE-2021-37223
CVE-2021-39887 A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf. https://nvd.nist.gov/vuln/detail/CVE-2021-39887
CVE-2021-35506 Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action. https://nvd.nist.gov/vuln/detail/CVE-2021-35506
CVE-2021-39866 A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens. https://nvd.nist.gov/vuln/detail/CVE-2021-39866
CVE-2021-39867 In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks. https://nvd.nist.gov/vuln/detail/CVE-2021-39867
CVE-2021-39869 In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project. https://nvd.nist.gov/vuln/detail/CVE-2021-39869
CVE-2021-39872 In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration. https://nvd.nist.gov/vuln/detail/CVE-2021-39872
CVE-2021-39875 In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint. https://nvd.nist.gov/vuln/detail/CVE-2021-39875
CVE-2021-39878 A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code. https://nvd.nist.gov/vuln/detail/CVE-2021-39878
CVE-2021-39882 In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user. https://nvd.nist.gov/vuln/detail/CVE-2021-39882
CVE-2021-39884 In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project. https://nvd.nist.gov/vuln/detail/CVE-2021-39884
CVE-2021-39888 In all versions of GitLab EE since version 13.10, a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates. https://nvd.nist.gov/vuln/detail/CVE-2021-39888
CVE-2021-39893 A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. https://nvd.nist.gov/vuln/detail/CVE-2021-39893
CVE-2021-39894 In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks. https://nvd.nist.gov/vuln/detail/CVE-2021-39894
CVE-2021-22257 An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user enumeration on such instances. https://nvd.nist.gov/vuln/detail/CVE-2021-22257
CVE-2021-22258 The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses https://nvd.nist.gov/vuln/detail/CVE-2021-22258
CVE-2021-22261 A stored Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.7 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses https://nvd.nist.gov/vuln/detail/CVE-2021-22261
CVE-2021-22262 Missing access control in GitLab version 13.10 and above with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page https://nvd.nist.gov/vuln/detail/CVE-2021-22262
CVE-2021-22264 An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. Under specialized conditions, an invited group member may continue to have access to a project even after the invited group, which the member was part of, is deleted. https://nvd.nist.gov/vuln/detail/CVE-2021-22264
CVE-2021-39870 In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call. https://nvd.nist.gov/vuln/detail/CVE-2021-39870
CVE-2021-39881 In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description. https://nvd.nist.gov/vuln/detail/CVE-2021-39881
CVE-2021-39886 Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references. https://nvd.nist.gov/vuln/detail/CVE-2021-39886
CVE-2021-39889 In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch. https://nvd.nist.gov/vuln/detail/CVE-2021-39889
CVE-2021-39891 In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensitive info disclosure. https://nvd.nist.gov/vuln/detail/CVE-2021-39891
CVE-2021-39880 A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware. https://nvd.nist.gov/vuln/detail/CVE-2021-39880
CVE-2021-35491 A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. https://nvd.nist.gov/vuln/detail/CVE-2021-35491
CVE-2021-35492 Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. (Manual intervention is required to free filesystem resources and return the application to an operational state.) https://nvd.nist.gov/vuln/detail/CVE-2021-35492
CVE-2021-41286 Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a debugger to the process or create a patch that manipulates the behavior of the login function. When the function always returns the success value (corresponding to a correct password), an attacker can login with any desired account, such as the administrative account of the application. https://nvd.nist.gov/vuln/detail/CVE-2021-41286
CVE-2021-35497 The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0. https://nvd.nist.gov/vuln/detail/CVE-2021-35497
CVE-2021-3319 DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364 https://nvd.nist.gov/vuln/detail/CVE-2021-3319
CVE-2021-3436 BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63 https://nvd.nist.gov/vuln/detail/CVE-2021-3436
CVE-2021-3510 Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 https://nvd.nist.gov/vuln/detail/CVE-2021-3510
CVE-2021-3581 Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5 https://nvd.nist.gov/vuln/detail/CVE-2021-3581
CVE-2021-3625 Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363 https://nvd.nist.gov/vuln/detail/CVE-2021-3625
CVE-2021-41124 Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth) (i.e. the `http_user` and `http_pass` spider attributes) for Splash authentication will have any non-Splash request expose your credentials to the request target. This includes `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`. Upgrade to scrapy-splash 0.8.0 and use the new `SPLASH_USER` and `SPLASH_PASS` settings instead to set your Splash authentication credentials safely. If you cannot upgrade, set your Splash request credentials on a per-request basis, [using the `splash_headers` request parameter](https://github.com/scrapy-plugins/scrapy-splash/tree/0.8.x#http-basic-auth), instead of defining them globally using the [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth). Alternatively, make sure all your requests go through Splash. That includes disabling the [robots.txt middleware](https://docs.scrapy.org/en/latest/topics/downloader-middleware.html#topics-dlmw-robots). https://nvd.nist.gov/vuln/detail/CVE-2021-41124
CVE-2020-21503 waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free. https://nvd.nist.gov/vuln/detail/CVE-2020-21503
CVE-2020-21504 waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?&m=Public&a=login. https://nvd.nist.gov/vuln/detail/CVE-2020-21504
CVE-2020-21505 waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave. https://nvd.nist.gov/vuln/detail/CVE-2020-21505
CVE-2020-21506 waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add. https://nvd.nist.gov/vuln/detail/CVE-2020-21506
CVE-2021-31986 User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. https://nvd.nist.gov/vuln/detail/CVE-2021-31986
CVE-2021-31987 A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients. https://nvd.nist.gov/vuln/detail/CVE-2021-31987
CVE-2021-31988 A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email. https://nvd.nist.gov/vuln/detail/CVE-2021-31988
CVE-2021-33849 A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4. https://nvd.nist.gov/vuln/detail/CVE-2021-33849