www.cisa.gov
Open in
urlscan Pro
2600:141b:1c00:258d::447a
Public Scan
Submitted URL: https://us-cert.cisa.gov/ncas/bulletins/sb21-228
Effective URL: https://www.cisa.gov/news-events/bulletins/sb21-228
Submission: On September 30 via api from IN — Scanned from US
Effective URL: https://www.cisa.gov/news-events/bulletins/sb21-228
Submission: On September 30 via api from IN — Scanned from US
Form analysis 2 forms found in the DOM
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form><form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id2">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id51" class="gstl_51 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti51" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id2" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st51" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb51" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>Text Content
Skip to main content
An official website of the United States government
Here’s how you know
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United
States.
Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the
.gov website. Share sensitive information only on official, secure websites.
Free Cyber Services#protect2024Secure Our WorldShields UpReport A Cyber Issue
Search
×
search
Menu
Close
×
search
* Topics
Topics
Cybersecurity Best Practices
Cyber Threats and Advisories
Critical Infrastructure Security and Resilience
Election Security
Emergency Communications
Industrial Control Systems
Information and Communications Technology Supply Chain Security
Partnerships and Collaboration
Physical Security
Risk Management
How can we help?
GovernmentEducational InstitutionsIndustryState, Local, Tribal, and
TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help
LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
* Spotlight
* Resources & Tools
Resources & Tools
All Resources & Tools
Services
Programs
Resources
Training
Groups
* News & Events
News & Events
News
Events
Cybersecurity Alerts & Advisories
Directives
Request a CISA Speaker
Congressional Testimony
CISA Conferences
CISA Live!
* Careers
Careers
Benefits & Perks
HireVue Applicant Reasonable Accommodations Process
Hiring
Resume & Application Tips
Students & Recent Graduates
Veteran and Military Spouses
Work @ CISA
* About
About
Culture
Divisions & Offices
Regions
Leadership
Doing Business with CISA
Site Links
Reporting Employee and Contractor Misconduct
CISA GitHub
CISA Central
2023 Year In Review
Contact Us
Subscribe
Free Cyber Services#protect2024Secure Our WorldShields UpReport A Cyber Issue
Breadcrumb
1. Home
2. News & Events
3. Bulletins
Share:
VULNERABILITY SUMMARY FOR THE WEEK OF AUGUST 9, 2021
Released
Aug 16, 2021
Document ID
SB21-228
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that
have been recorded by the National Institute of Standards and
Technology (NIST) National Vulnerability Database (NVD) in the past week. In
some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS
scores. Please visit NVD for updated vulnerability entries, which include CVSS
scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures(link is
external) (CVE) vulnerability naming standard and are organized according to
severity, determined by the Common Vulnerability Scoring System (CVSS) standard.
The division of high, medium, and low severities correspond to the following
scores:
* High: vulnerabilities with a CVSS base score of 7.0–10.0
* Medium: vulnerabilities with a CVSS base score of 4.0–6.9
* Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts
sponsored by CISA. This information may include identifying information, values,
definitions, and related links. Patch information is provided when available.
Please note that some of the information in the bulletin is compiled from
external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
Medium Vulnerabilities
Low Vulnerabilities
Not Yet Assigned
--------------------------------------------------------------------------------
HIGH VULNERABILITIES
Showing 24 of 24 total entries
Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
alg_ds_project -- alg_ds An issue was discovered in the alg_ds crate through
2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new().
2021-08-08 7.5 CVE-2020-36432
MISC(link is external)
MISC(link is external) care2x -- hospital_information_management_system SQL
Injection Vulnerability in Care2x Open Source Hospital Information Management
2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests
sent to /modules/nursing/nursing-station.php. 2021-08-06 7.5 CVE-2021-36351
MISC(link is external)
MISC(link is external) dell -- openmanage_enterprise Dell OpenManage Enterprise
versions prior to 3.6.1 contain an improper authentication vulnerability. A
remote unauthenticated attacker may potentially exploit this vulnerability to
hijack an elevated session or perform unauthorized actions by sending malformed
data. 2021-08-09 7.5 CVE-2021-21564
CONFIRM(link is external) dell -- openmanage_enterprise Dell OpenManage
Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability
in RACADM and IPMI tools. A remote authenticated malicious user with high
privileges may potentially exploit this vulnerability to execute arbitrary OS
commands. 2021-08-09 9 CVE-2021-21585
CONFIRM(link is external) dlink -- dir-615_firmware A buffer overflow in D-Link
DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request
allows an attacker to crash the webserver and might even gain remote code
execution. 2021-08-06 7.5 CVE-2021-37388
MISC(link is external)
MISC(link is external) dreamsecurity -- magicline4nx.exe A vulnerability in PKI
Security Solution of Dream Security could allow arbitrary command execution.
This vulnerability is due to insufficient validation of the authorization
certificate. An attacker could exploit this vulnerability by sending a crafted
HTTP request an affected program. A successful exploit could allow the attacker
to remotely execute arbitrary code on a target system. 2021-08-06 10
CVE-2021-26606
MISC(link is external) foxitsoftware -- foxit_reader An issue was discovered in
Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during
conversion of a PDF document to a different document format. 2021-08-11 7.5
CVE-2021-38568
MISC(link is external) foxitsoftware -- foxit_reader An issue was discovered in
Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted
data at the end of a string. 2021-08-11 7.5 CVE-2021-38574
MISC(link is external) foxitsoftware -- foxit_reader Foxit Reader before 10.1.4
and PhantomPDF before 10.1.4 have an out-of-bounds write because the
Cross-Reference table is mishandled during Office document conversion.
2021-08-11 7.5 CVE-2021-33793
MISC(link is external) foxitsoftware -- foxit_reader An issue was discovered in
Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files
because a CombineFiles pathname is not validated. 2021-08-11 7.5 CVE-2021-38573
MISC(link is external) foxitsoftware -- foxit_reader An issue was discovered in
Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files
because the extractPages pathname is not validated. 2021-08-11 7.5
CVE-2021-38572
MISC(link is external) gestionaleamica -- amica_prodigy A vulnerability was
found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's
executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a
local unprivileged user to replace it with a malicious file that will be
executed with "LocalSystem" privileges. 2021-08-06 7.2 CVE-2021-35312
MISC(link is external)
MISC(link is external) jeecg -- jeecg_boot An arbitrary file upload
vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows
attackers to execute arbitrary code. 2021-08-06 7.5 CVE-2020-28088
MISC(link is external) jetbrains -- hub In JetBrains Hub before 2021.1.13389,
account takeover was possible during password reset. 2021-08-06 7.5
CVE-2021-36209
MISC(link is external) jetbrains -- teamcity In JetBrains TeamCity before
2020.2.4, there was an insecure deserialization. 2021-08-06 7.5 CVE-2021-37544
MISC(link is external) linux -- linux_kernel In drivers/char/virtio_console.c in
the Linux kernel before 5.13.4, data corruption or loss can be triggered by an
untrusted device that supplies a buf->len value exceeding the buffer size.
2021-08-07 7.2 CVE-2021-38160
MISC(link is external)
MISC(link is external) obsdian -- obsidian Obsidian before 0.12.12 does not
require user confirmation for non-http/https URLs. 2021-08-07 7.5 CVE-2021-38148
MISC(link is external) progress -- moveit_transfer In certain Progress MOVEit
Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit
Transfer web application could allow an unauthenticated remote attacker to gain
access to the database. Depending on the database engine being used (MySQL,
Microsoft SQL Server, or Azure SQL), an attacker may be able to infer
information about the structure and contents of the database, or execute SQL
statements that alter or delete database elements, via crafted strings sent to
unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8
(11.0.8), 2019.1.7 (11.1.7), 2019.2.4 (11.2.4), 2020.0.7 (12.0.7), 2020.1.6
(12.1.6), and 2021.0.4 (13.0.4). 2021-08-07 7.5 CVE-2021-38159
CONFIRM(link is external)
MISC(link is external) prolink -- prc2402m_firmware In ProLink PRC2402M V1.0.18
and older, the set_sys_cmd function in the adm.cgi binary, accessible with a
page parameter value of sysCMD contains a trivial command injection where the
value of the command parameter is passed directly to system. 2021-08-06 7.5
CVE-2021-36706
MISC(link is external) prolink -- prc2402m_firmware In ProLink PRC2402M V1.0.18
and older, the set_TR069 function in the adm.cgi binary, accessible with a page
parameter value of TR069 contains a trivial command injection where the value of
the TR069_local_port parameter is passed directly to system. 2021-08-06 7.5
CVE-2021-36705
MISC(link is external) prolink -- prc2402m_firmware In ProLink PRC2402M V1.0.18
and older, the set_ledonoff function in the adm.cgi binary, accessible with a
page parameter value of ledonoff contains a trivial command injection where the
value of the led_cmd parameter is passed directly to do_system. 2021-08-06 7.5
CVE-2021-36707
MISC(link is external) rconfig -- rconfig rConfig 3.9.5 allows command injection
by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since
the path parameter is passed directly to the exec function without being
escaped. 2021-08-09 7.5 CVE-2020-23151
MISC(link is external) roxy-wi -- roxy-wi Roxy-WI through 5.2.2.0 allows SQL
Injection via check_login. An unauthenticated attacker can extract a valid uuid
to bypass authentication. 2021-08-07 7.5 CVE-2021-38167
MISC(link is external) sys-info_project -- sys-info An issue was discovered in
the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger
a double free. 2021-08-08 7.5 CVE-2020-36434
MISC(link is external)
MISC(link is external)
Back to top
MEDIUM VULNERABILITIES
Showing 63 of 63 total entries
Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
comrak_project -- comrak An issue was discovered in the comrak crate before
0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML
entities. 2021-08-08 4.3 CVE-2021-38186
MISC(link is external)
MISC(link is external) corero -- securewatch_managed_services Corero SecureWatch
Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via
the snap_file parameter in the /it-IT/splunkd/__raw/services/get_snapshot HTTP
API endpoint. A ‘low privileged’ attacker can read any file on the target host.
2021-08-06 4 CVE-2021-38136
MISC(link is external)
MISC(link is external) corero -- securewatch_managed_services Corero SecureWatch
Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor
user’s privileges, allowing a user to perform actions not belonging to his role.
2021-08-06 5.5 CVE-2021-38137
MISC(link is external)
MISC(link is external) ctparental_project -- ctparental CTparental before
4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin
panel. In bl_categires_help.php, the 'categories' variable is assigned with the
content of the query string param 'cat' without sanitization or encoding,
enabling an attacker to inject malicious code into the output webpage.
2021-08-10 4.3 CVE-2021-37365
MISC(link is external)
MISC(link is external) ctparental_project -- ctparental CTparental before
4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental
admin panel. By combining CSRF with XSS, an attacker can trick the administrator
into clicking a link that cancels the filtering for all standard users.
2021-08-10 6.8 CVE-2021-37366
MISC(link is external)
MISC(link is external) ctparental_project -- ctparental CTparental before
4.45.07 is affected by a code execution vulnerability in the CTparental admin
panel. Because The file "bl_categories_help.php" is vulnerable to directory
traversal, an attacker can create a file that contains scripts and run arbitrary
commands. 2021-08-10 4.6 CVE-2021-37367
MISC(link is external)
MISC(link is external) dell -- openmanage_enterprise Dell OpenManage Enterprise
version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an
information disclosure vulnerability. An authenticated low privileged attacker
may potentially exploit this vulnerability leading to disclosure of the OIDC
server credentials. 2021-08-09 4 CVE-2021-21584
CONFIRM(link is external) dell -- openmanage_enterprise Dell OpenManage
Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular
versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability.
A malicious attacker with access to the immediate subnet may potentially exploit
this vulnerability leading to information disclosure and a possible elevation of
privileges. 2021-08-09 5.8 CVE-2021-21596
CONFIRM(link is external) fig2dev_project -- fig2dev A stack-based buffer
overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows
attackers to cause a denial of service (DOS) via converting a xfig file into ptk
format. 2021-08-10 4.3 CVE-2020-21675
MISC(link is external) fortinet -- fortianalyzer An improper access control
vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and
below, 6.2.8 and below, 6.0.11and below, 5.6.11and below may allow a remote and
authenticated attacker with restricted user profile to retrieve the list of
administrative users of other ADOMs and their related configuration. 2021-08-06
4 CVE-2021-32587
CONFIRM(link is external) foxitsoftware -- foxit_reader An issue was discovered
in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete
arbitrary files (during uninstallation) via a symlink. 2021-08-11 6.4
CVE-2021-38570
MISC(link is external) foxitsoftware -- foxit_reader An issue was discovered in
Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka
CNVD-C-2021-68000 and CNVD-C-2021-68502. 2021-08-11 4.4 CVE-2021-38571
MISC(link is external) foxitsoftware -- foxit_reader An issue was discovered in
Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via
recursive function calls during the handling of XFA forms or link objects.
2021-08-11 5 CVE-2021-38569
MISC(link is external) foxitsoftware -- foxit_reader Foxit Reader before 10.1.4
and PhantomPDF before 10.1.4 allow information disclosure or an application
crash after mishandling the Tab key during XFA form interaction. 2021-08-11 6.4
CVE-2021-33794
MISC(link is external) ignitedcms_project -- ignitedcms Cross Site Request
Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive
information and gain privilege via the component "/admin/profile/save_profile".
2021-08-06 6.8 CVE-2020-18694
MISC(link is external) intelliants -- subrion Cross-Site Scripting (XSS)
vulnerability in Subrion 4.2.1 via the title when adding a page. 2021-08-06 4.3
CVE-2020-22330
MISC(link is external) jeecg -- jeecg_boot A SQL injection vulnerability in
/jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to
access sensitive database information. 2021-08-06 5 CVE-2020-28087
MISC(link is external) jetbrains -- hub In JetBrains Hub before 2021.1.13402,
HTML injection in the password reset email was possible. 2021-08-06 4.3
CVE-2021-37541
MISC(link is external) jetbrains -- hub In JetBrains Hub before 2021.1.13262, a
potentially insufficient CSP for the Widget deployment feature was used.
2021-08-06 6.4 CVE-2021-37540
MISC(link is external) jetbrains -- rubymine In JetBrains RubyMine before
2021.1.1, code execution without user confirmation was possible for untrusted
projects. 2021-08-06 6.5 CVE-2021-37543
MISC(link is external) jetbrains -- teamcity In JetBrains TeamCity before
2021.1, passwords in cleartext sometimes could be stored in VCS. 2021-08-06 5
CVE-2021-37548
MISC(link is external) jetbrains -- teamcity In JetBrains TeamCity before
2021.1, an insecure key generation mechanism for encrypted properties was used.
2021-08-06 5 CVE-2021-37546
MISC(link is external) jetbrains -- teamcity In JetBrains TeamCity before
2020.2.3, XSS was possible. 2021-08-06 4.3 CVE-2021-37542
MISC(link is external) jetbrains -- teamcity In JetBrains TeamCity before
2020.2.4, insufficient checks during file uploading were made. 2021-08-06 5
CVE-2021-37547
MISC(link is external) jetbrains -- teamcity In JetBrains TeamCity before
2021.1.1, insufficient authentication checks for agent requests were made.
2021-08-06 5 CVE-2021-37545
MISC(link is external) jetbrains -- youtrack In JetBrains YouTrack before
2021.3.21051, a user could see boards without having corresponding permissions.
2021-08-06 4 CVE-2021-37554
MISC(link is external) jetbrains -- youtrack In JetBrains YouTrack before
2021.2.16363, an insecure PRNG was used. 2021-08-06 5 CVE-2021-37553
MISC(link is external) jetbrains -- youtrack In JetBrains YouTrack before
2021.2.16363, system user passwords were hashed with SHA-256. 2021-08-06 5
CVE-2021-37551
MISC(link is external) jetbrains -- youtrack In JetBrains YouTrack before
2021.2.16363, time-unsafe comparisons were used. 2021-08-06 5 CVE-2021-37550
MISC(link is external) jetbrains -- youtrack In JetBrains YouTrack before
2021.1.11111, sandboxing in workflows was insufficient. 2021-08-06 6.4
CVE-2021-37549
MISC(link is external) leostream -- connection_broker ** UNSUPPORTED WHEN
ASSIGNED ** LeoStream Connection Broker 9.x before 9.0.34.3 allows
Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This
vulnerability only affects products that are no longer supported by the
maintainer. 2021-08-06 4.3 CVE-2021-38157
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) linux -- linux_kernel fs/nfsd/trace.h in the Linux kernel
before 5.13.4 might allow remote attackers to cause a denial of service
(out-of-bounds read in strlen) by sending NFS traffic when the trace event
framework is being used for nfsd. 2021-08-08 5 CVE-2021-38202
MISC(link is external)
MISC(link is external) linux -- linux_kernel In kernel/bpf/hashtab.c in the
Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds
write when many elements are placed in a single bucket. NOTE: exploitation might
be impractical without the CAP_SYS_ADMIN capability. 2021-08-07 4.6
CVE-2021-38166
MISC(link is external)
MISC(link is external) linux -- linux_kernel fs/nfs/nfs4client.c in the Linux
kernel before 5.13.4 has incorrect connection-setup ordering, which allows
operators of remote NFSv4 servers to cause a denial of service (hanging of
mounts) by arranging for those servers to be unreachable during trunking
detection. 2021-08-08 5 CVE-2021-38199
MISC(link is external)
MISC(link is external) linux -- linux_kernel net/sunrpc/xdr.c in the Linux
kernel before 5.13.4 allows remote attackers to cause a denial of service
(xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2
READ_PLUS operations. 2021-08-08 5 CVE-2021-38201
MISC(link is external)
MISC(link is external) linux -- linux_kernel
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13
allows remote attackers to cause a denial of service (buffer overflow and
lockup) by sending heavy network traffic for about ten minutes. 2021-08-08 5
CVE-2021-38207
MISC(link is external)
MISC(link is external) lynx_project -- lynx Lynx through 2.8.9 mishandles the
userinfo subcomponent of a URI, which allows remote attackers to discover
cleartext credentials because they may appear in SNI data. 2021-08-07 5
CVE-2021-38165
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MLIST(link is external)
MLIST(link is external)
MLIST(link is external)
MLIST(link is external)
DEBIAN(link is external) naviwebs -- navigate_cms SQL Injection vulnerability in
Naviwebs Navigate CMS 2.9 via the quicksearch parameter in
\lib\packages\comments\comments.php. 2021-08-06 6.5 CVE-2021-36455
MISC(link is external)
MISC(link is external) netapp -- cloud_manager NetApp Cloud Manager versions
prior to 3.9.9 log sensitive information when an Active Directory connection
fails. The logged information is available only to authenticated users.
Customers with auto-upgrade enabled should already be on a fixed version while
customers using on-prem connectors with auto-upgrade disabled are advised to
upgrade to a fixed version. 2021-08-06 4 CVE-2021-26999
MISC(link is external) netapp -- cloud_manager NetApp Cloud Manager versions
prior to 3.9.9 log sensitive information that is available only to authenticated
users. Customers with auto-upgrade enabled should already be on a fixed version
while customers using on-prem connectors with auto-upgrade disabled are advised
to upgrade to a fixed version. 2021-08-06 4 CVE-2021-26998
MISC(link is external) popojicms -- popojicms A stored cross site scripting
(XSS) vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows
attackers to execute arbitrary web scripts or HTML via a crafted payload in the
E-Mail field. 2021-08-06 4.3 CVE-2020-21357
MISC(link is external) popojicms -- popojicms An information disclosure
vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure
of the host when 'name = "file" is deleted during file uploads. 2021-08-06 5
CVE-2020-21356
MISC(link is external) project -- convec An issue was discovered in the convec
crate through 2020-11-24 for Rust. There are unconditional implementations of
Send and Sync for ConVec<T>. 2021-08-08 6.8 CVE-2020-36445
MISC(link is external)
MISC(link is external) prolink -- prc2402m_firmware In ProLink PRC2402M V1.0.18
and older, the set_sys_init function in the login.cgi binary allows an attacker
to reset the password to the administrative interface of the router. 2021-08-06
5 CVE-2021-36708
MISC(link is external) qt -- qt An issue has been fixed in Qt versions 5.14.1
and 5.12.7 where QLibrary attempts to load plugins relative to the working
directory, allowing attackers to execute arbitrary code via crafted files.
2021-08-09 6.8 CVE-2020-24741
MISC(link is external) qt -- qt An issue has been fixed in Qt versions 5.14.0
where QPluginLoader attempts to load plugins relative to the working directory,
allowing attackers to execute arbitrary code via crafted files. 2021-08-09 6.8
CVE-2020-24742
MISC(link is external) rconfig -- rconfig The userLogin parameter in
ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a
LDAP injection and obtain sensitive information via a crafted POST request.
2021-08-09 5 CVE-2020-23148
MISC(link is external) rconfig -- rconfig The dbName parameter in
ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform
a SQL injection and access sensitive database information. 2021-08-09 5
CVE-2020-23149
MISC(link is external) rconfig -- rconfig A SQL injection vulnerability in
config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database
information via a crafted GET request to
install/lib/ajaxHandlers/ajaxDbInstall.php. 2021-08-09 5 CVE-2020-23150
MISC(link is external) roxy-wi -- roxy-wi Roxy-WI through 5.2.2.0 allows command
injection via /app/funct.py and /api/api_funct.py. 2021-08-07 6.5 CVE-2021-38169
MISC(link is external) roxy-wi -- roxy-wi Roxy-WI through 5.2.2.0 allows
authenticated SQL injection via select_servers. 2021-08-07 6.5 CVE-2021-38168
MISC(link is external) ruspiro-singleton_project -- ruspiro-singleton An issue
was discovered in the ruspiro-singleton crate before 0.4.1 for Rust. In
Singleton, Send and Sync do not have bounds checks. 2021-08-08 6.8
CVE-2020-36435
MISC(link is external)
MISC(link is external) sap -- businessobjects_edge The File Repository Server
(FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to
write to arbitrary files via a full pathname, aka SAP Note 2018681. 2021-08-09 5
CVE-2015-2074
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) sap -- businessobjects_edge The File RepositoRy Server
(FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to
read arbitrary files via a full pathname, aka SAP Note 2018682. 2021-08-09 5
CVE-2015-2073
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) sap -- j2ee_engine ** UNSUPPORTED WHEN ASSIGNED ** A
cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP
allows remote attackers to inject arbitrary web script via the wsdlLib parameter
to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that
are no longer supported by the maintainer. 2021-08-09 4.3 CVE-2018-17861
BUGTRAQ(link is external)
FULLDISC(link is external)
MISC(link is external) sap -- j2ee_engine ** UNSUPPORTED WHEN ASSIGNED ** A
cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows
remote attackers to inject arbitrary web script via the sys_jdbc parameter to
/TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no
longer supported by the maintainer. 2021-08-09 4.3 CVE-2018-17862
BUGTRAQ(link is external)
MISC(link is external)
FULLDISC(link is external) sap -- j2ee_engine ** UNSUPPORTED WHEN ASSIGNED ** A
cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote
attackers to inject arbitrary web script via the wsdlPath parameter to
/ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are
no longer supported by the maintainer. 2021-08-09 4.3 CVE-2018-17865
MISC(link is external) sapphireims -- sapphireims In SapphireIMS 4097_1, it is
possible to guess the registered/active usernames of the software from the
errors it gives out for each type of user on the Login form. For "Incorrect
User" - it gives an error "The application failed to identify the user. Please
contact administrator for help." For "Correct User and Incorrect Password" - it
gives an error "Authentication failed. Please login again." 2021-08-11 5
CVE-2017-16629
MISC(link is external)
MISC(link is external) signal-simple_project -- signal-simple An issue was
discovered in the signal-simple crate through 2020-11-15 for Rust. There are
unconditional implementations of Send and Sync for SyncChannel<T>. 2021-08-08
6.8 CVE-2020-36446
MISC(link is external)
MISC(link is external) southsoft -- graduate_management_information_system
Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other
users' private information such as photos through CSRF. For example: any
student's photo information can be accessed through
/gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]. Among them, the code in [1]
is a random string generated according to the user's login related information.
It can protect the user's identity, but it can not effectively prevent
unauthorized access. The code in [2] is the student number of any student. The
attacker can carry out CSRF attack on the system by modifying [2] without
modifying [1]. 2021-08-06 6.8 CVE-2021-37381
MISC(link is external)
MISC(link is external) trendnet -- tew-755ap_firmware Null Pointer Dereference
vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03,
TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote
malicious user cause a denial of service by sending the POST request to
apply_cgi via the lang action without a language key. 2021-08-10 5
CVE-2021-28845
MISC(link is external) wagecms_project -- wage-cms A cross site request forgery
(CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users.
2021-08-06 4.3 CVE-2020-21358
MISC(link is external) yunucms -- yunucms Cross Site Scripting (XSS)
vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php.
2021-08-12 4.3 CVE-2020-18445
MISC(link is external)
MISC(link is external)
Back to top
LOW VULNERABILITIES
Showing 24 of 24 total entries
Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info chikitsa --
patient_management_system index.php/admin/add_user in Chikitsa Patient
Management System 2.0.0 allows XSS. 2021-08-06 3.5 CVE-2021-38149
MISC(link is external)
MISC(link is external) chikitsa -- patient_management_system
index.php/appointment/insert_patient_add_appointment in Chikitsa Patient
Management System 2.0.0 allows XSS. 2021-08-06 3.5 CVE-2021-38152
MISC(link is external)
MISC(link is external) chikitsa -- patient_management_system
index.php/appointment/todos in Chikitsa Patient Management System 2.0.0 allows
XSS. 2021-08-06 3.5 CVE-2021-38151
MISC(link is external)
MISC(link is external) damicms -- damicms Cross Site Scripting (XSS)
vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd
function in LabelAction.class.php. 2021-08-12 3.5 CVE-2020-18451
MISC(link is external) eyoucms -- eyoucms A stored cross site scripting (XSS)
vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated
attackers to execute arbitrary web scripts or HTML. 2021-08-10 3.5
CVE-2020-21929
MISC(link is external) eyoucms -- eyoucms A stored cross site scripting (XSS)
vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated
attackers to execute arbitrary web scripts or HTML. 2021-08-10 3.5
CVE-2020-21930
MISC(link is external) fortinet -- fortianalyzer Multiple improper
neutralization of input during web page generation (CWE-79) in FortiManager and
FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface,
may allow a remote authenticated attacker to perform a Stored Cross Site
Scripting attack (XSS) by injecting malicious payload in GET parameters.
2021-08-06 3.5 CVE-2021-32597
CONFIRM(link is external) get-simple -- getsimplecms A stored cross site
scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a
allows attackers to execute arbitrary web scripts or HTML via crafted payload in
the Edit Snippets module. 2021-08-06 3.5 CVE-2020-21353
MISC(link is external) huawei -- harmonyos A component of the HarmonyOS has a
permission bypass vulnerability. Local attackers may exploit this vulnerability
to cause the device to hang due to the page error OsVmPageFaultHandler.
2021-08-06 2.1 CVE-2021-22295
MISC(link is external) jetbrains -- youtrack In JetBrains YouTrack before
2021.2.17925, stored XSS was possible. 2021-08-06 3.5 CVE-2021-37552
MISC(link is external) linux -- linux_kernel btrfs in the Linux kernel before
5.13.4 allows attackers to cause a denial of service (deadlock) via processes
that trigger allocation of new system chunks during times when there is a
shortage of free space in the system space_info. 2021-08-08 2.1 CVE-2021-38203
MISC(link is external)
MISC(link is external) linux -- linux_kernel arch/x86/kvm/mmu/paging_tmpl.h in
the Linux kernel before 5.12.11 incorrectly computes the access permissions of a
shadow page, leading to a missing guest protection page fault. 2021-08-08 2.1
CVE-2021-38198
MISC(link is external)
MISC(link is external) linux -- linux_kernel
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows
observation of changes in any net namespace because these changes are leaked
into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX,
NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls. 2021-08-08 2.1
CVE-2021-38209
MISC(link is external)
MISC(link is external) linux -- linux_kernel The mac80211 subsystem in the Linux
kernel before 5.12.13, when a device supporting only 5 GHz is used, allows
attackers to cause a denial of service (NULL pointer dereference in the radiotap
parser) by injecting a frame with 802.11a rates. 2021-08-08 2.1 CVE-2021-38206
MISC(link is external)
MISC(link is external) linux -- linux_kernel drivers/usb/host/max3421-hcd.c in
the Linux kernel before 5.13.6 allows physically proximate attackers to cause a
denial of service (use-after-free and panic) by removing a MAX-3421 USB device
in certain situations. 2021-08-08 2.1 CVE-2021-38204
MISC(link is external)
MISC(link is external) linux -- linux_kernel
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3
makes it easier for attackers to defeat an ASLR protection mechanism because it
prints a kernel pointer (i.e., the real IOMEM pointer). 2021-08-08 2.1
CVE-2021-38205
MISC(link is external)
MISC(link is external) linux -- linux_kernel net/nfc/llcp_sock.c in the Linux
kernel before 5.12.10 allows local unprivileged users to cause a denial of
service (NULL pointer dereference and BUG) by making a getsockname call after a
certain type of failure of a bind call. 2021-08-08 2.1 CVE-2021-38208
MISC(link is external)
MISC(link is external) linux -- linux_kernel arch/powerpc/perf/core-book3s.c in
the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no
specific PMU driver support registered, allows local users to cause a denial of
service (perf_instruction_pointer NULL pointer dereference and OOPS) via a "perf
record" command. 2021-08-08 2.1 CVE-2021-38200
MISC(link is external)
MISC(link is external) maccms -- maccms A cross site scripting (XSS)
vulnerability in the background search function of Maccms10 allows attackers to
execute arbitrary web scripts or HTML via the 'wd' parameter. 2021-08-11 3.5
CVE-2020-21362
MISC(link is external) mineweb_project -- minewebcms Cross Site Scripting (XSS)
in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by
injecting malicious code into the 'Title' field of the component '/admin/news'.
2021-08-06 3.5 CVE-2020-18693
MISC(link is external) naviwebs -- navigate_cms Cross Site Scripting (XSS)
vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to
1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4)
comments\comments.php, 5) coupons\coupons.php, 6) feeds\feeds.php, 7)
functions\functions.php, 8) items\items.php, 9) menus\menus.php, 10)
orders\orders.php, 11) payment_methods\payment_methods.php, 12)
products\products.php, 13) profiles\profiles.php, 14)
shipping_methods\shipping_methods.php, 15) templates\templates.php, 16)
users\users.php, 17) webdictionary\webdictionary.php, 18) websites\websites.php,
and 19) webusers\webusers.php because the initial_url function is built in these
files. 2021-08-06 3.5 CVE-2021-36454
MISC(link is external)
MISC(link is external) ukcms -- ukcms Cross Site Scripting (XSS) vulnerability
exists in UKCMS v1.1.10 via data in the index function in Single.php 2021-08-12
3.5 CVE-2020-18449
MISC(link is external) ukcms_project -- ukcms A stored cross site scripting
(XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows
attackers to execute arbitrary web scripts or HTML via a crafted payload in the
Comments section. 2021-08-12 3.5 CVE-2020-20977
MISC(link is external) yunucms -- yunucms Cross Site Scripting (XSS)
vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the
insertContent function in ContentModel.php. 2021-08-12 3.5 CVE-2020-18446
MISC(link is external)
Back to top
SEVERITY NOT YET ASSIGNED
Showing 530 of 530 total entries
Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info 23andme --
yamale
23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code
via a crafted schema file. The schema parser uses eval as part of its
processing, and tries to protect from malicious expressions by limiting the
builtins that are passed to the eval. When processing the schema, each line is
run through Python's eval function to make the validator available. A
well-constructed string within the schema rules can execute system commands;
thus, by exploiting the vulnerability, an attacker can run arbitrary code on the
image that invokes Yamale. 2021-08-09 not yet calculated CVE-2021-38305
MISC(link is external)
MISC(link is external) 2n_access_unit -- multiple_devices
On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web
relay for a man-in-the-middle attack. 2021-08-13 not yet calculated
CVE-2021-31399
MISC(link is external)
MISC(link is external) 711cms -- 711cms Cross Site Request Forgery (CSRF)
vulnerability exists in 711cms v1.0.7 that can add an admin account via
admin.php?c=Admin&m=content. 2021-08-12 not yet calculated CVE-2020-18460
MISC(link is external) acronis -- cyber_protect15
Reflected cross-site scripting (XSS) was possible on the login page in Acronis
Cyber Protect 15 prior to build 27009. 2021-08-12 not yet calculated
CVE-2021-38087
MISC(link is external) acronis -- cyber_protect15
Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local
privilege escalation via binary hijacking. 2021-08-12 not yet calculated
CVE-2021-38088
MISC(link is external) acronis -- cyber_protect15
Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent
for Windows prior to build 26226 allowed local privilege escalation via DLL
hijacking. 2021-08-12 not yet calculated CVE-2021-38086
MISC(link is external) advantech -- scada
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting
(XSS), which could allow an attacker to send malicious JavaScript code. This
could result in hijacking of cookie/session tokens, redirection to a malicious
webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA
versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). 2021-08-10
not yet calculated CVE-2021-22676
MISC advantech -- scada
The affected product is vulnerable to a relative path traversal condition,
which may allow an attacker access to unauthorized files and directories on the
WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA
versions prior to 9.0.1). 2021-08-10 not yet calculated CVE-2021-22674
MISC agora -- flat_server
The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in
netless Agora Flat Server before 2021-07-30 mishandles file ownership.
2021-08-13 not yet calculated CVE-2021-38621
MISC(link is external) aikcms -- aikcms
File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the
background file management office does not verify the uploaded file. 2021-08-12
not yet calculated CVE-2020-18462
MISC(link is external) aikcms -- aikcms
Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in
video_list.php, which can let a malicious user delete a video message.
2021-08-12 not yet calculated CVE-2020-18463
MISC(link is external) aikcms -- aikcms
Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in
video_list.php, which can let a malicious user delete movie information.
2021-08-12 not yet calculated CVE-2020-18464
MISC(link is external) aimanager -- aimanager
AIMANAGER before B115 on MONITORAPP Application Insight Web Application
Firewall (AIWAF) devices with Manager 2.1.0 has Improper Authentication. An
attacker can gain administrative access by modifying the response to an
authentication check request. 2021-08-12 not yet calculated CVE-2021-36921
MISC(link is external)
MISC(link is external)
CONFIRM(link is external) aimanager -- aimanger
AIMANAGER before B115 on MONITORAPP Application Insight Web Application
Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because
of missing input validation on one of the parameters of an HTTP request.
2021-08-12 not yet calculated CVE-2021-36982
MISC(link is external)
MISC(link is external)
CONFIRM(link is external) alpine -- alpine
In Alpine through 2.24, untagged responses from an IMAP server are accepted
before STARTTLS. 2021-08-10 not yet calculated CVE-2021-38370
MISC(link is external)
MISC(link is external) altova -- mobiletogether_server
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an
InfoSetChanges/Changes attack against /workflowmanagement, or reading
mobiletogetherserver.cfg and then reading the certificate and private key.
2021-08-10 not yet calculated CVE-2021-37425
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) altova -- mobiletogether_server
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity
expansion, a different vulnerability than CVE-2021-37425. 2021-08-10 not yet
calculated CVE-2021-38490
MISC(link is external) amazon -- aws
Amazon AWS CloudFront TLSv1.2_2019 allows
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
which some entities consider to be weak ciphers. 2021-08-12 not yet calculated
CVE-2020-36363
MISC(link is external)
MISC(link is external) asyncapi -- asyncapi
@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream
(SCSt) microservice. In versions prior to 0.7.0 arbitrary code injection was
possible when an attacker controls the AsyncAPI document. An example is provided
in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and all users are
advised to update. 2021-08-11 not yet calculated CVE-2021-37694
CONFIRM(link is external) at&t_labs -- xmill A stack-based buffer overflow
vulnerability exists in the command-line-parsing HandleFileArg functionality of
AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern
is under control of the user who passes it in from the command line. filepattern
is passed directly to strcpy copying the path provided by the user into a static
sized buffer without any length checks resulting in a stack-buffer overflow. An
attacker can provide malicious input to trigger these vulnerabilities.
2021-08-13 not yet calculated CVE-2021-21812
MISC(link is external) at&t_labs -- xmill
A heap-based buffer overflow vulnerability exists in the XML Decompression
EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A
specially crafted XMI file can lead to remote code execution. An attacker can
provide a malicious file to trigger this vulnerability. 2021-08-13 not yet
calculated CVE-2021-21829
MISC(link is external) at&t_labs -- xmill
Within the function HandleFileArg the argument filepattern is under control of
the user who passes it in from the command line. filepattern is passed directly
to strlen to determine the ending location of the char* passed in by the user,
no checks are done to see if the passed in char* is longer than the staticly
sized buffer data is memcpy‘d into, but after the memcpy a null byte is written
to what is assumed to be the end of the buffer to terminate the char*, but
without length checks, this null write occurs at an arbitrary offset from the
buffer. An attacker can provide malicious input to trigger this vulnerability.
2021-08-13 not yet calculated CVE-2021-21814
MISC(link is external) at&t_labs -- xmill
Within the function HandleFileArg the argument filepattern is under control of
the user who passes it in from the command line. filepattern is passed directly
to memcpy copying the path provided by the user into a staticly sized buffer
without any length checks resulting in a stack-buffer overflow. 2021-08-13 not
yet calculated CVE-2021-21813
MISC(link is external) at&t_labs -- xmill
A heap-based buffer overflow vulnerability exists in the XML Decompression
LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI
file can lead to remote code execution. An attacker can provide a malicious file
to trigger this vulnerability. 2021-08-13 not yet calculated CVE-2021-21830
MISC(link is external) at&t_labs -- xmill
A stack-based buffer overflow vulnerability exists in the command-line-parsing
HandleFileArg functionality of AT&T Labs' Xmill 0.7. Within the function
HandleFileArg the argument filepattern is under control of the user who passes
it in from the command line. filepattern is passed directly to strcpy copying
the path provided by the user into a staticly sized buffer without any length
checks resulting in a stack-buffer overflow. An attacker can provide malicious
input to trigger this vulnerability. 2021-08-13 not yet calculated
CVE-2021-21815
MISC(link is external) azure -- cyclecloud
Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is unique
from CVE-2021-36943. 2021-08-12 not yet calculated CVE-2021-33762
N/A(link is external) belledonne -- belle-sip
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products,
can crash via an invalid From header in a SIP message. 2021-08-12 not yet
calculated CVE-2021-33056
MISC(link is external)
CONFIRM(link is external) bento4 -- bento4
An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in
AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service
(program crash), as demonstrated by mp42aac. 2021-08-13 not yet calculated
CVE-2020-21066
MISC(link is external) bento4 -- bento4
A buffer-overflow vulnerability in the AP4_RtpAtom::AP4_RtpAtom function in
Ap4RtpAtom.cpp of Bento4 1.5.1.0 allows attackers to cause a denial of service.
2021-08-13 not yet calculated CVE-2020-21064
MISC(link is external) bootloader -- bootloader
Bootloader contains a vulnerability in the NV3P server where any user with
physical access through USB can trigger an incorrect bounds check, which may
lead to buffer overflow, resulting in limited information disclosure, limited
data integrity, and information disclosure across all components. 2021-08-11 not
yet calculated CVE-2021-1111
MISC(link is external) brocade -- fabric_os
The command “ipfilter” in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a,
v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user
input. Authenticated attackers can abuse this vulnerability to exploit
stack-based buffer overflows, allowing execution of arbitrary code as the root
user account. 2021-08-12 not yet calculated CVE-2021-27790
MISC(link is external) brocade -- fabric_os
The command “ipfilter” in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a,
v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user
input. Authenticated attackers can abuse this vulnerability to exploit
stack-based buffer overflows, allowing execution of arbitrary code as the root
user account. 2021-08-12 not yet calculated CVE-2021-27792
MISC(link is external) brocade -- fabric_os
The function that is used to parse the Authentication header in Brocade Fabric
OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to
properly process a malformed authentication header from the client, resulting in
reading memory addresses outside the intended range. An unauthenticated attacker
could discover a request, which could bypass the authentication process.
2021-08-12 not yet calculated CVE-2021-27791
MISC(link is external) brocade -- fabric_os
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS
versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade
Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user
with a valid account to be unable to log into the switch. 2021-08-12 not yet
calculated CVE-2021-27793
MISC(link is external) brocade -- fabric_os
A vulnerability in the authentication mechanism of Brocade Fabric OS versions
before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to
Login with empty password, and invalid password through telnet, ssh and REST.
2021-08-12 not yet calculated CVE-2021-27794
MISC(link is external) btrbk -- btrbk
Btrbk before 0.31.2 allows command execution because of the mishandling of
remote hosts filtering SSH commands using ssh_filter_btrbk.sh in
authorized_keys. 2021-08-07 not yet calculated CVE-2021-38173
MISC(link is external)
CONFIRM(link is external) bycms -- bycms
Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via
admin.php/systems/index/module_id/70/group_id/1.html. 2021-08-12 not yet
calculated CVE-2020-18454
MISC(link is external) bycms -- bycms
Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that
can add an admin account via admin.php/ucenter/add.html. 2021-08-12 not yet
calculated CVE-2020-18457
MISC(link is external) bycms -- bycms
Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title
parameter in the edit function in Document.php. 2021-08-12 not yet calculated
CVE-2020-18455
MISC(link is external) canon -- tr150
The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege
escalation issue. During the add printer process, a local attacker can overwrite
CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a
SYSTEM process resulting in escalation of privileges. This occurs because the
driver drops a world-writable DLL into a CanonBJ %PROGRAMDATA% location that
gets loaded by printisolationhost (a system process). 2021-08-11 not yet
calculated CVE-2021-38085
MISC(link is external)
MISC(link is external) chamilo -- lms
A user without privileges in Chamilo LMS 1.11.14 can send an invitation
message to another user, e.g., the administrator, through
main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute
arbitrary code on the administration side via a stored XSS vulnerability via
social network the send invitation feature. 2021-08-10 not yet calculated
CVE-2021-37391
MISC(link is external) chamilo -- lms
A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in
main/social/search.php=q URI (social network search feature). 2021-08-10 not yet
calculated CVE-2021-37390
MISC(link is external)
MISC(link is external) chamilo -- lms
Chamilo 1.11.14 allows stored XSS via main/install/index.php and
main/install/ajax.php through the port parameter. 2021-08-10 not yet calculated
CVE-2021-37389
MISC(link is external)
MISC(link is external) ckeditor -- ckeditor
ckeditor is an open source WYSIWYG HTML editor with rich content support. A
vulnerability has been discovered in the clipboard Widget plugin if used
alongside the undo feature. The vulnerability allows a user to abuse undo
functionality using malformed widget HTML, which could result in executing
JavaScript code. It affects all users using the CKEditor 4 plugins listed above
at version >= 4.13.0. The problem has been recognized and patched. The fix will
be available in version 4.16.2. 2021-08-12 not yet calculated CVE-2021-32808
CONFIRM(link is external)
MISC(link is external) ckeditor -- ckeditor
ckeditor is an open source WYSIWYG HTML editor with rich content support. A
potential vulnerability has been discovered in CKEditor 4
[Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The
vulnerability allowed to abuse paste functionality using malformed HTML, which
could result in injecting arbitrary HTML into the editor. It affects all users
using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has
been recognized and patched. The fix will be available in version 4.16.2.
2021-08-12 not yet calculated CVE-2021-32809
CONFIRM(link is external) ckeditor -- ckeditor
ckeditor is an open source WYSIWYG HTML editor with rich content support. A
potential vulnerability has been discovered in CKEditor 4 [Fake
Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability
allowed to inject malformed Fake Objects HTML, which could result in executing
JavaScript code. It affects all users using the CKEditor 4 plugins listed above
at version < 4.16.2. The problem has been recognized and patched. The fix will
be available in version 4.16.2. 2021-08-13 not yet calculated CVE-2021-37695
MISC(link is external)
CONFIRM(link is external) contao -- contao Contao is an open source CMS that
allows you to create websites and scalable web applications. In affected
versions it is possible to load PHP files by entering insert tags in the Contao
back end. Installations are only affected if they have untrusted back end users
who have the rights to modify fields that are shown in the front end. Update to
Contao 4.4.56, 4.9.18 or 4.11.7 to resolve. If you cannot update then disable
the login for untrusted back end users. 2021-08-11 not yet calculated
CVE-2021-37626
MISC(link is external)
CONFIRM(link is external) contao -- contao
Contao is an open source CMS that allows creation of websites and scalable web
applications. In affected versions it is possible to gain privileged rights in
the Contao back end. Installations are only affected if they have untrusted back
end users who have access to the form generator. All users are advised to update
to Contao 4.4.56, 4.9.18 or 4.11.7. As a workaround users may disable the form
generator or disable the login for untrusted back end users. 2021-08-11 not yet
calculated CVE-2021-37627
CONFIRM(link is external)
MISC(link is external) contao -- contao
Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed
in 4.4.56, 4.9.18, 4.11.7. 2021-08-12 not yet calculated CVE-2021-35955
MISC(link is external)
MISC(link is external) contiki -- contiki In Contiki 3.0, a buffer overflow in
the Telnet service allows remote attackers to cause a denial of service because
the ls command is mishandled when a directory has many files with long names.
2021-08-10 not yet calculated CVE-2021-38386
MISC(link is external) contiki -- contiki
In Contiki 3.0, a Telnet server that silently quits (before disconnection with
clients) leads to connected clients entering an infinite loop and waiting
forever, which may cause excessive CPU consumption. 2021-08-10 not yet
calculated CVE-2021-38387
MISC(link is external) contiki -- contiki
In Contiki 3.0, potential nonterminating acknowledgment loops exist in the
Telnet service. When the negotiated options are already disabled, servers still
respond to DONT and WONT requests with WONT or DONT commands, which may lead to
infinite acknowledgment loops, denial of service, and excessive CPU consumption.
2021-08-09 not yet calculated CVE-2021-38311
MISC(link is external) cpanel -- cpanel In cPanel before 98.0.1,
/scripts/cpan_config performs unsafe operations on files (SEC-589). 2021-08-11
not yet calculated CVE-2021-38586
MISC(link is external) cpanel -- cpanel In cPanel before 96.0.13,
scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).
2021-08-11 not yet calculated CVE-2021-38587
MISC(link is external) cpanel -- cpanel
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization
attacks (SEC-585). 2021-08-11 not yet calculated CVE-2021-38585
MISC(link is external) cpanel -- cpanel
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks
(SEC-585). 2021-08-11 not yet calculated CVE-2021-38584
MISC(link is external) cpanel -- cpanel
In cPanel before 96.0.8, weak permissions on web stats can lead to information
disclosure (SEC-584). 2021-08-11 not yet calculated CVE-2021-38590
MISC(link is external) cpanel -- cpanel
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity
of downloads (SEC-587). 2021-08-11 not yet calculated CVE-2021-38588
MISC(link is external) cpanel -- cpanel
In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict
the overwriting of files (SEC-588). 2021-08-11 not yet calculated CVE-2021-38589
MISC(link is external) creative -- pebble_devices
CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover
speech signals from an LED on the device, via a telescope and an electro-optical
sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is
connected directly to the power line, as a result, the intensity of a device's
power indicator LED is correlative to the power consumption. The sound played by
the speakers affects their power consumption and as a result is also correlative
to the light intensity of the LEDs. By analyzing measurements obtained from an
electro-optical sensor directed at the power indicator LEDs of the speakers, we
can recover the sound played by them. 2021-08-11 not yet calculated
CVE-2021-38546
MISC(link is external) d-link -- dir-825
** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability in
D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial
of service. The vulnerability could be triggered by sending an HTTP request with
URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a
first argument, which finally leads to the segmentation fault. NOTE: The DIR-825
and all hardware revisions is considered End of Life and as such this issue will
not be patched. 2021-08-10 not yet calculated CVE-2021-29296
MISC(link is external)
MISC(link is external) d-link -- dsl-274or
** UNSUPPORTED WHEN ASSIGNED ** Null Pointer Dereference vulnerability exists
in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a
denial of service via the send_hnap_unauthorized function. It could be triggered
by sending crafted POST request to /HNAP1/. NOTE: The DSL-2740R and all hardware
revisions are considered End of Life and as such this issue will not be patched.
2021-08-10 not yet calculated CVE-2021-29294
MISC(link is external)
MISC(link is external) d-link -- dsp-w215
** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability exists
in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial
of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request
without URL in the start line directly to the device. NOTE: The DSP-W215 and all
hardware revisions is considered End of Life and as such this issue will not be
patched. 2021-08-10 not yet calculated CVE-2021-29295
MISC(link is external)
MISC(link is external) d-link -- multiple_devices Null Pointer Dereference
vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028,
DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690
3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in
the upload_certificate function of sbin/httpd binary. When the binary handle the
specific HTTP GET request, the strrchr in the upload_certificate function would
take NULL as first argument, and incur the NULL pointer dereference
vulnerability. 2021-08-10 not yet calculated CVE-2021-28839
MISC(link is external)
MISC(link is external)
MISC(link is external) d-link -- multiple_devices Null pointer dereference
vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360
2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115
BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the
sbin/httpd binary. The crash happens at the `atoi' operation when a specific
network package are sent to the httpd binary. 2021-08-10 not yet calculated
CVE-2021-28838
MISC(link is external)
MISC(link is external)
MISC(link is external) d-link -- multiple_devices
Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031,
DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660
1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and
DAP-3662 1.01.RC022 in the upload_config function of sbin/httpd binary. When the
binary handle the specific HTTP GET request, the content in upload_file variable
is NULL in the upload_config function then the strncasecmp would take NULL as
first argument, and incur the NULL pointer dereference vulnerability. 2021-08-10
not yet calculated CVE-2021-28840
MISC(link is external)
MISC(link is external)
MISC(link is external) damicms -- damicms
Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that
can add an admin account via admin.php?s=/Admin/doadd. 2021-08-12 not yet
calculated CVE-2020-18458
MISC(link is external) dell -- command Dell Command Update, Dell Update, and
Alienware Update versions prior to 4.3 contains a Improper Certificate
Verification vulnerability. A local authenticated malicious user could exploit
this vulnerability by modifying local configuration files in order to execute
arbitrary code on the system. 2021-08-09 not yet calculated CVE-2021-36277
CONFIRM(link is external) dell -- dbutilldrv2
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient
access control vulnerability which may lead to escalation of privileges, denial
of service, or information disclosure. Local authenticated user access is
required. 2021-08-09 not yet calculated CVE-2021-36276
CONFIRM(link is external) dell -- emc_data_protection_search
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior,
contain an Information Exposure in Log File Vulnerability in CIS. A local low
privileged attacker could potentially exploit this vulnerability, leading to the
disclosure of certain user credentials. The attacker may be able to use the
exposed credentials to access the vulnerable application with the privileges of
the compromised account. 2021-08-10 not yet calculated CVE-2021-21601
CONFIRM(link is external) dell -- emc_networker
Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource
consumption flaw in its API service. An authorized API user could potentially
exploit this vulnerability via the web and desktop user interfaces, leading to
denial of service in the manageability path. 2021-08-10 not yet calculated
CVE-2021-21600
CONFIRM(link is external) dell -- powerscale_onefs
Dell PowerScale OneFS 9.1.0.x contains an improper privilege management
vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or
ISI_PRIV_LOGIN_CONSOLE to elevate privilege. 2021-08-10 not yet calculated
CVE-2021-21567
CONFIRM(link is external) dell -- wyse_thinos
Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure
Vulnerability. An authenticated malicious user with physical access to the
system could exploit this vulnerability to read sensitive information written to
the log files. 2021-08-10 not yet calculated CVE-2021-21597
CONFIRM(link is external) dell -- wyse_thinos
Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive
Information Disclosure Vulnerability. An authenticated attacker with physical
access to the system could exploit this vulnerability to read sensitive
Smartcard data in log files. 2021-08-10 not yet calculated CVE-2021-21598
CONFIRM(link is external) discourse -- discourse
Discourse is an open-source platform for community discussion. In Discourse
before versions 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as
the last read post number and the notification level is exposed. 2021-08-13 not
yet calculated CVE-2021-37703
CONFIRM(link is external)
MISC(link is external) discourse -- discourse
Discourse is an open source discussion platform. In versions prior to 2.7.8
rendering of d-popover tooltips can be susceptible to XSS attacks. This
vulnerability only affects sites which have modified or disabled Discourse's
default Content Security Policy. This issue is patched in the latest `stable`
2.7.8 version of Discourse. As a workaround users may ensure that the Content
Security Policy is enabled, and has not been modified in a way which would make
it more vulnerable to XSS attacks. 2021-08-09 not yet calculated CVE-2021-37633
MISC(link is external)
CONFIRM(link is external) discourse -- discourse
Discourse is an open-source platform for community discussion. In Discourse
before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to
an existing account on a Discourse site an email token is generated as part of
the email verification process. Deleting the additional email address does not
invalidate an unused token which can then be used in other contexts, including
reseting a password. 2021-08-13 not yet calculated CVE-2021-37693
CONFIRM(link is external)
MISC(link is external) docker -- desktop
Docker Desktop before 3.6.0 suffers from incorrect access control. If a
low-privileged account is able to access the server running the Windows
containers, it can lead to a full container compromise in both process isolation
and Hyper-V isolation modes. This security issue leads an attacker with low
privilege to read, write and possibly even execute code inside the containers.
2021-08-12 not yet calculated CVE-2021-37841
MISC(link is external) domainmod -- domainmod
A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13
allows attackers to arbitrarily delete logs. 2021-08-12 not yet calculated
CVE-2020-20989
MISC(link is external) domainmod -- domainmod
A cross site scripting (XSS) vulnerability in the /segments/edit.php component
of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via
the Segment Name parameter. 2021-08-12 not yet calculated CVE-2020-20990
MISC(link is external) domainmod -- domainmod
A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php
component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or
HTML via a crafted payload in the "or Expiring Between" parameter. 2021-08-12
not yet calculated CVE-2020-20988
MISC(link is external) dut -- computer_control_engineering An information
disclosure vulnerability exists within Dut Computer Control Engineering Co.'s
PLC MAC1100. 2021-08-13 not yet calculated CVE-2020-18754
MISC(link is external) dut -- computer_control_engineering An issue in Dut
Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause
persistent denial of service (DOS) via a crafted packet. 2021-08-13 not yet
calculated CVE-2020-18757
MISC(link is external) dut -- computer_control_engineering
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows
attackers to gain access to the system and escalate privileges via a crafted
packet. 2021-08-13 not yet calculated CVE-2020-18753
MISC(link is external) dut -- computer_control_engineering
An arbitrary memory access vulnerability in the EPA protocol of Dut Computer
Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of
any variable area. 2021-08-13 not yet calculated CVE-2020-18756
MISC(link is external) dut -- computer_control_engineering
An information disclosure vulnerability exists in the EPA protocol of Dut
Computer Control Engineering Co.'s PLC MAC1100. 2021-08-13 not yet calculated
CVE-2020-18759
MISC(link is external) dut -- computer_control_engineering
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows
attackers to execute arbitrary code. 2021-08-13 not yet calculated
CVE-2020-18758
MISC(link is external) easycorp -- zentao_pms
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file
upload vulnerability. An attacker can upload arbitrary webshell to the server by
using the downloadZipPackage() function. 2021-08-12 not yet calculated
CVE-2020-28165
MISC(link is external) encode.pm -- encode.pm
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain
privileges via a Trojan horse Encode::ConfigLocal library (in the current
working directory) that preempts dynamic module loading. Exploitation requires
an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through
3.11). This issue occurs because the || operator evaluates @INC in a scalar
context, and thus @INC has only an integer value. 2021-08-11 not yet calculated
CVE-2021-36770
MISC(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external) exim -- exim
The STARTTLS feature in Exim through 4.94.2 allows response injection
(buffering) during MTA SMTP sending. 2021-08-10 not yet calculated
CVE-2021-38371
MISC(link is external)
MISC(link is external)
MISC(link is external) exiv2 -- exiv2
Exiv2 is a command-line utility and C++ library for reading, writing,
deleting, and modifying the metadata of image files. An infinite loop was found
in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2
is used to print the metadata of a crafted image file. An attacker could
potentially exploit the vulnerability to cause a denial of service, if they can
trick the victim into running Exiv2 on a crafted image file. Note that this bug
is only triggered when printing the image ICC profile, which is a less
frequently used Exiv2 operation that requires an extra command line option (`-p
C`). The bug is fixed in version v0.27.5. 2021-08-09 not yet calculated
CVE-2021-37621
MISC(link is external)
CONFIRM(link is external) exiv2 -- exiv2
Exiv2 is a command-line utility and C++ library for reading, writing,
deleting, and modifying the metadata of image files. A null pointer dereference
was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is
triggered when Exiv2 is used to print the metadata of a crafted image file. An
attacker could potentially exploit the vulnerability to cause a denial of
service, if they can trick the victim into running Exiv2 on a crafted image
file. Note that this bug is only triggered when printing the interpreted
(translated) data, which is a less frequently used Exiv2 operation that requires
an extra command line option (`-p t` or `-P t`). The bug is fixed in version
v0.27.5. 2021-08-09 not yet calculated CVE-2021-37615
MISC(link is external)
CONFIRM(link is external) exiv2 -- exiv2
Exiv2 is a command-line utility and C++ library for reading, writing,
deleting, and modifying the metadata of image files. An out-of-bounds read was
found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered
when Exiv2 is used to read the metadata of a crafted image file. An attacker
could potentially exploit the vulnerability to cause a denial of service, if
they can trick the victim into running Exiv2 on a crafted image file. The bug is
fixed in version v0.27.5. 2021-08-09 not yet calculated CVE-2021-37620
MISC(link is external)
CONFIRM(link is external) exiv2 -- exiv2
Exiv2 is a command-line utility and C++ library for reading, writing,
deleting, and modifying the metadata of image files. An out-of-bounds read was
found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered
when Exiv2 is used to write metadata into a crafted image file. An attacker
could potentially exploit the vulnerability to cause a denial of service by
crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted
image file. Note that this bug is only triggered when writing the metadata,
which is a less frequently used Exiv2 operation than reading the metadata. For
example, to trigger the bug in the Exiv2 command-line application, you need to
add an extra command-line argument such as insert. The bug is fixed in version
v0.27.5. 2021-08-09 not yet calculated CVE-2021-37619
MISC(link is external)
CONFIRM(link is external) exiv2 -- exiv2
Exiv2 is a command-line utility and C++ library for reading, writing,
deleting, and modifying the metadata of image files. An out-of-bounds read was
found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered
when Exiv2 is used to print the metadata of a crafted image file. An attacker
could potentially exploit the vulnerability to cause a denial of service, if
they can trick the victim into running Exiv2 on a crafted image file. Note that
this bug is only triggered when printing the image ICC profile, which is a less
frequently used Exiv2 operation that requires an extra command line option (`-p
C`). The bug is fixed in version v0.27.5. 2021-08-09 not yet calculated
CVE-2021-37618
CONFIRM(link is external)
MISC(link is external) exiv2 -- exiv2
Exiv2 is a command-line utility and C++ library for reading, writing,
deleting, and modifying the metadata of image files. A null pointer dereference
was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is
triggered when Exiv2 is used to print the metadata of a crafted image file. An
attacker could potentially exploit the vulnerability to cause a denial of
service, if they can trick the victim into running Exiv2 on a crafted image
file. Note that this bug is only triggered when printing the interpreted
(translated) data, which is a less frequently used Exiv2 operation that requires
an extra command line option (`-p t` or `-P t`). The bug is fixed in version
v0.27.5. 2021-08-09 not yet calculated CVE-2021-37616
MISC(link is external)
CONFIRM(link is external) exiv2 -- exiv2
Exiv2 is a command-line utility and C++ library for reading, writing,
deleting, and modifying the metadata of image files. The assertion failure is
triggered when Exiv2 is used to modify the metadata of a crafted image file. An
attacker could potentially exploit the vulnerability to cause a denial of
service, if they can trick the victim into running Exiv2 on a crafted image
file. Note that this bug is only triggered when modifying the metadata, which is
a less frequently used Exiv2 operation than reading the metadata. For example,
to trigger the bug in the Exiv2 command-line application, you need to add an
extra command-line argument such as `fi`. ### Patches The bug is fixed in
version v0.27.5. ### References Regression test and bug fix: #1739 ### For more
information Please see our [security
policy](https://github.com/Exiv2/exiv2/security/policy) for information about
Exiv2 security. 2021-08-09 not yet calculated CVE-2021-32815
CONFIRM(link is external)
MISC(link is external) exiv2 -- exiv2
Exiv2 is a command-line utility and C++ library for reading, writing,
deleting, and modifying the metadata of image files. An infinite loop is
triggered when Exiv2 is used to read the metadata of a crafted image file. An
attacker could potentially exploit the vulnerability to cause a denial of
service, if they can trick the victim into running Exiv2 on a crafted image
file. The bug is fixed in version v0.27.5. 2021-08-09 not yet calculated
CVE-2021-34334
MISC(link is external)
CONFIRM(link is external) exiv2 -- exiv2
Exiv2 is a command-line utility and C++ library for reading, writing,
deleting, and modifying the metadata of image files. A floating point exception
(FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and
earlier. The FPE is triggered when Exiv2 is used to print the metadata of a
crafted image file. An attacker could potentially exploit the vulnerability to
cause a denial of service, if they can trick the victim into running Exiv2 on a
crafted image file. Note that this bug is only triggered when printing the
interpreted (translated) data, which is a less frequently used Exiv2 operation
that requires an extra command line option (`-p t` or `-P t`). The bug is fixed
in version v0.27.5. 2021-08-09 not yet calculated CVE-2021-34335
CONFIRM(link is external)
MISC(link is external) exiv2 -- exiv2
Exiv2 is a command-line utility and C++ library for reading, writing,
deleting, and modifying the metadata of image files. An infinite loop was found
in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2
is used to modify the metadata of a crafted image file. An attacker could
potentially exploit the vulnerability to cause a denial of service, if they can
trick the victim into running Exiv2 on a crafted image file. Note that this bug
is only triggered when deleting the IPTC data, which is a less frequently used
Exiv2 operation that requires an extra command line option (`-d I rm`). The bug
is fixed in version v0.27.5. 2021-08-09 not yet calculated CVE-2021-37623
CONFIRM(link is external)
MISC(link is external) exiv2 -- exiv2
Exiv2 is a command-line utility and C++ library for reading, writing,
deleting, and modifying the metadata of image files. An infinite loop was found
in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2
is used to modify the metadata of a crafted image file. An attacker could
potentially exploit the vulnerability to cause a denial of service, if they can
trick the victim into running Exiv2 on a crafted image file. Note that this bug
is only triggered when deleting the IPTC data, which is a less frequently used
Exiv2 operation that requires an extra command line option (`-d I rm`). The bug
is fixed in version v0.27.5. 2021-08-09 not yet calculated CVE-2021-37622
CONFIRM(link is external)
MISC(link is external) express-cart -- express-cart
The express-cart package through 1.1.10 for Node.js allows CSRF. 2021-08-12
not yet calculated CVE-2020-22403
MISC(link is external) express_engine -- express_engine
In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php
relies on the untrusted input value of input->get('file') instead of the fixed
file names of icon.png and icon.svg. 2021-08-12 not yet calculated
CVE-2021-33199
MISC(link is external)
MISC(link is external) f-secure -- f-secure
A address bar spoofing vulnerability was discovered in Safe Browser for iOS.
Showing the legitimate URL in the address bar while loading the content from
other domain. This makes the user believe that the content is served by a legit
domain. A remote attacker can leverage this to perform address bar spoofing
attack. 2021-08-11 not yet calculated CVE-2021-33595
MISC(link is external)
MISC(link is external)
MISC(link is external) fatek -- automation_fvdesigner
FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a
stack-based buffer overflow, which may allow an attacker to execute arbitrary
code. 2021-08-11 not yet calculated CVE-2021-32947
MISC fatek -- automation_fvdesigner
An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and
prior may be exploited while the application is processing project files,
allowing an attacker to craft a special project file that may permit arbitrary
code execution. 2021-08-11 not yet calculated CVE-2021-32931
MISC fatek -- automation_fvdesigner
FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an
out-of-bounds write while processing project files, allowing an attacker to
craft a project file that may permit arbitrary code execution. 2021-08-11 not
yet calculated CVE-2021-32939
MISC ffmpeg -- ffmpeg
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers
from a an assertion failure at src/libavutil/mathematics.c. 2021-08-12 not yet
calculated CVE-2021-38291
MISC(link is external) ffmpeg -- ffmpeg
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg
4.2 allows attackers to execute arbitrary code. 2021-08-10 not yet calculated
CVE-2020-21688
MISC(link is external) ffmpeg -- ffmpeg
A heap-use-after-free in the mpeg_mux_write_packet function in
libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS)
via a crafted avi file. 2021-08-10 not yet calculated CVE-2020-21697
MISC(link is external) fig2dev -- fig2dev A global buffer overflow in the
set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a
denial of service (DOS) via converting a xfig file into ge format. 2021-08-10
not yet calculated CVE-2020-21682
MISC(link is external) fig2dev -- fig2dev
A stack-based buffer overflow in the genpstrx_text() component in
genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service
(DOS) via converting a xfig file into pstricks format. 2021-08-10 not yet
calculated CVE-2020-21676
MISC(link is external) fig2dev -- fig2dev
A global buffer overflow in the genmp_writefontmacro_latex component in
genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS)
via converting a xfig file into mp format. 2021-08-10 not yet calculated
CVE-2020-21678
MISC(link is external) fig2dev -- fig2dev
A stack-based buffer overflow in the put_arrow() component in genpict2e.c of
fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via
converting a xfig file into pict2e format. 2021-08-10 not yet calculated
CVE-2020-21680
MISC(link is external) fig2dev -- fig2dev
A global buffer overflow in the set_color component in genge.c of fig2dev
3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig
file into ge format. 2021-08-10 not yet calculated CVE-2020-21681
MISC(link is external) fig2dev -- fig2dev
A global buffer overflow in the shade_or_tint_name_after_declare_color in
genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service
(DOS) via converting a xfig file into pstricks format. 2021-08-10 not yet
calculated CVE-2020-21683
MISC(link is external) flygo -- flygo The check-in record page of Flygo contains
Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated
as a general user, remote attackers can manipulate the employee ID and date in
specific parameters to access particular employee’s check-in record. 2021-08-09
not yet calculated CVE-2021-37213
MISC(link is external) flygo -- flygo The bulletin function of Flygo contains
Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated
as a general user, remote attackers can manipulate the bulletin ID in specific
Url parameters and access and modify bulletin particular content. 2021-08-09 not
yet calculated CVE-2021-37212
MISC(link is external) flygo -- flygo The employee management page of Flygo
contains an Insecure Direct Object Reference (IDOR) vulnerability. After being
authenticated as a general user, remote attacker can manipulate the user data
and then over-write another employee’s user data by specifying that employee’s
ID in the API parameter. 2021-08-09 not yet calculated CVE-2021-37215
MISC(link is external) flygo -- flygo
The employee management page of Flygo contains Insecure Direct Object
Reference (IDOR) vulnerability. After being authenticated as a general user,
remote attackers can manipulate the employee ID in specific parameters to
arbitrary access employee's data, modify it, and then obtain administrator
privilege and execute arbitrary command. 2021-08-09 not yet calculated
CVE-2021-37214
MISC(link is external) flygo -- flygo
The bulletin function of Flygo does not filter special characters while a new
announcement is added. Remoter attackers can use the vulnerability with general
user’s credential to inject JavaScript and execute stored XSS attacks.
2021-08-09 not yet calculated CVE-2021-37211
MISC(link is external) foxit -- pdf_editor
An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader
before 11.0.1 on macOS. It mishandles missing dictionary entries, leading to a
NULL pointer dereference, aka CNVD-C-2021-95204. 2021-08-11 not yet calculated
CVE-2021-38567
MISC(link is external) foxit -- pdf_editor
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor
before 11.0.1. It allows an out-of-bounds read via util.scand. 2021-08-11 not
yet calculated CVE-2021-38564
MISC(link is external) foxit -- pdf_editor
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor
before 11.0.1. It mishandles situations in which an array size (derived from a
/Size entry) is smaller than the maximum indirect object number, and thus there
is an attempted incorrect array access (leading to a NULL pointer dereference,
or out-of-bounds read or write). 2021-08-11 not yet calculated CVE-2021-38563
MISC(link is external) foxit -- pdf_editor
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor
before 11.0.1. It allows writing to arbitrary files via submitForm. 2021-08-11
not yet calculated CVE-2021-38565
MISC(link is external) foxit -- pdf_editor
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor
before 11.0.1. It allows stack consumption during recursive processing of
embedded XML nodes. 2021-08-11 not yet calculated CVE-2021-38566
MISC(link is external) fuel -- cms
A host header attack vulnerability exists in FUEL CMS 1.5.0 through
fuel/modules/fuel/config/fuel_constants.php and
fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle
attack such as phishing. 2021-08-09 not yet calculated CVE-2021-38290
MISC(link is external)
MISC(link is external) genpict2e -- genpict2e
A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b
allows attackers to cause a denial of service (DOS) via converting a xfig file
into pict2e format. 2021-08-10 not yet calculated CVE-2020-21684
MISC(link is external) getsimple -- getsimple
A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact
v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP
settings of the contact forms for the webpages of the CMS after an authenticated
admin visits a malicious third-party site. 2021-08-10 not yet calculated
CVE-2021-29400
MISC(link is external) getsimplecms -- getsimplecms
GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where
Function TSL does not filter check settings.php Website URL: "siteURL"
parameter. 2021-08-10 not yet calculated CVE-2021-36601
MISC(link is external) github -- github
@github/paste-markdown is an npm package for pasting markdown objects. A self
Cross-Site Scripting vulnerability exists in the @github/paste-markdown before
version 0.3.4. If the clipboard data contains the string `<table>`, a **div** is
dynamically created, and the clipboard content is copied into its **innerHTML**
property without any sanitization, resulting in improper execution of JavaScript
in the browser of the victim (the user who pasted the code). Users directed to
copy text from a malicious website and paste it into pages that utilize this
library are affected. This is fixed in version 0.3.4. Refer the to the
referenced GitHub Advisory for more details including an example exploit.
2021-08-12 not yet calculated CVE-2021-37700
MISC(link is external)
MISC(link is external)
CONFIRM(link is external)
MISC(link is external) gnu -- cpio
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted
pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers
an out-of-bounds heap write. NOTE: it is unclear whether there are common cases
where the pattern file, associated with the -E option, is untrusted data.
2021-08-08 not yet calculated CVE-2021-38185
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) go -- go
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead
to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
2021-08-08 not yet calculated CVE-2021-36221
MISC(link is external)
MISC(link is external)
MISC(link is external) go -- go
Go before 1.17 does not properly consider extraneous zero characters at the
beginning of an IP address octet, which (in some situations) allows attackers to
bypass access control that is based on IP addresses, because of unexpected octal
interpretation. This affects net.ParseIP and net.ParseCIDR. 2021-08-07 not yet
calculated CVE-2021-29923
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) go-unarr -- go-unarr
unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory
Traversal via ../ in a pathname within a TAR archive. 2021-08-08 not yet
calculated CVE-2021-38197
MISC(link is external) google -- android
An issue was discovered on LG mobile devices with Android OS P and Q software
for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by
leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005
(August 2021). 2021-08-12 not yet calculated CVE-2021-38591
MISC(link is external) google -- android
An address bar spoofing vulnerability was discovered in Safe Browser for
Android. When user clicks on a specially crafted a malicious URL, it appears
like a legitimate one on the address bar, while the content comes from other
domain and presented in a window, covering the original content. A remote
attacker can leverage this to perform address bar spoofing attack. 2021-08-11
not yet calculated CVE-2021-33594
MISC(link is external)
MISC(link is external)
MISC(link is external) google -- android
Task Hijacking is a vulnerability that affects the applications running on
Android devices due to a misconfiguration in their AndroidManifest.xml with
their Task Control features. This allows an unauthorized attacker or malware to
takeover legitimate apps and to steal user's sensitive information. 2021-08-10
not yet calculated CVE-2021-33699
MISC(link is external)
MISC(link is external) gpac -- gpac
The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a
denial of service (NULL pointer dereference) via a crafted file in the MP4Box
command. 2021-08-11 not yet calculated CVE-2021-32437
MISC(link is external)
MISC(link is external) gpac -- gpac
The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a
denial of service (NULL pointer dereference) via a crafted file in the MP4Box
command. 2021-08-11 not yet calculated CVE-2021-32438
MISC(link is external)
MISC(link is external) gurock -- testrail
A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an
unauthenticated, remote attacker to affect the integrity of a device via a
clickjacking attack. The vulnerability is due to insufficient input validation
of iFrame data in HTTP requests that are sent to an affected device. An attacker
could exploit this vulnerability by sending crafted HTTP packets with malicious
iFrame data. A successful exploit could allow the attacker to perform a
clickjacking attack where the user is tricked into clicking a malicious link.
2021-08-09 not yet calculated CVE-2021-37788
MISC(link is external) gxlcms -- gxlcms
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists
via the $filename parameter. 2021-08-12 not yet calculated CVE-2020-20975
MISC(link is external) hashicorp -- vault_and_vault_enterprise
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an
underlying database file associated with the Integrated Storage feature with
excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise
1.8.0. 2021-08-13 not yet calculated CVE-2021-38553
MISC(link is external) hashicorp -- vault_and_vault_enterprises
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed
user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0
and pending 1.7.4 / 1.6.6 releases. 2021-08-13 not yet calculated CVE-2021-38554
MISC(link is external) hcl -- commerce_management_center
" Security vulnerability in HCL Commerce Management Center allowing XML
external entity (XXE) injection" 2021-08-13 not yet calculated CVE-2021-27741
MISC(link is external) helpsystems -- cobalt_strike
A Denial-of-Service (DoS) vulnerability was discovered in Team Server in
HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the
C2 server thread and block beacons' communication with it. 2021-08-09 not yet
calculated CVE-2021-36798
MISC(link is external)
MISC(link is external) huawei -- hg8045q
There is a command injection vulnerability in the HG8045Q product. When the
command-line interface is enabled, which is disabled by default, attackers with
administrator privilege could execute part of commands. 2021-08-13 not yet
calculated CVE-2021-37028
MISC(link is external) huawei -- smartphones
A component of the Huawei smartphone has a Double Free vulnerability. Local
attackers may exploit this vulnerability to cause Root Elevation of Privileges.
2021-08-10 not yet calculated CVE-2021-22386
MISC(link is external)
MISC(link is external) huawei -- smartphones
A component of the Huawei smartphone has a External Control of System or
Configuration Setting vulnerability. Local attackers may exploit this
vulnerability to cause Kernel Code Execution. 2021-08-10 not yet calculated
CVE-2021-22385
MISC(link is external)
MISC(link is external) ibm -- content_navigator
IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of
service due to improper input validation. IBM X-Force ID: 200968. 2021-08-09 not
yet calculated CVE-2021-29714
CONFIRM(link is external)
XF(link is external) ibm -- maximo_asset_management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV
Injection. A remote attacker could execute arbitrary commands on the system,
caused by improper validation of csv file contents. IBM X-Force ID: 198243.
2021-08-12 not yet calculated CVE-2021-20509
XF(link is external)
CONFIRM(link is external) ibm -- planning_analytics_local
IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain
sensitive information when a stack trace is returned in the browser. X-Force ID:
198846. 2021-08-10 not yet calculated CVE-2021-29739
CONFIRM(link is external)
XF(link is external) ibm -- qradar_siem
IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or
multi-tenancy could be vulnerable to information disclosure between tenants by
routing SIEM data to the incorrect domain. IBM X-Force ID: 206979. 2021-08-13
not yet calculated CVE-2021-29880
CONFIRM(link is external)
XF(link is external) ibm -- security_guardium
IBM Security Guardium 11.2 uses an inadequate account lockout setting that
could allow a remote attacker to brute force account credentials. IBM X-Force
ID: 196314. 2021-08-11 not yet calculated CVE-2021-20427
XF(link is external)
CONFIRM(link is external) ibm -- security_guardium
IBM Security Guardium 11.2 could disclose sensitive information due to
reliance on untrusted inputs that could aid in further attacks against the
system. IBM X-Force ID: 196281. 2021-08-11 not yet calculated CVE-2021-20420
XF(link is external)
CONFIRM(link is external) ibm -- security_guardium
IBM Security Guardium 11.2 does not require that users should have strong
passwords by default, which makes it easier for attackers to compromise user
accounts. IBM X-Force ID: 196279. 2021-08-11 not yet calculated CVE-2021-20418
CONFIRM(link is external)
XF(link is external) ibm -- tivoli_workload_scheduler
IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based
buffer overflow, caused by improper bounds checking. A local attacker could
overflow a buffer and gain lower level privileges. IBM X-Force ID: 194599.
2021-08-09 not yet calculated CVE-2021-20349
CONFIRM(link is external)
XF(link is external) infrabox -- infrabox
Due to improper input validation in InfraBox, logs can be modified by an
authenticated user. 2021-08-10 not yet calculated CVE-2021-33706
MISC(link is external) intel -- ethernet_adapters_800_series_controller
Uncontrolled resource consumption in firmware for Intel(R) Ethernet Adapters
800 Series Controllers and associated adapters before version 1.5.3.0 may allow
privileged user to potentially enable denial of service via local access.
2021-08-11 not yet calculated CVE-2021-0008
MISC(link is external) intel -- ethernet_adapters_800_series_controllers
Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 Series
Controllers and associated adapters before version 1.5.3.0 may allow an
unauthenticated user to potentially enable denial of service via adjacent
access. 2021-08-11 not yet calculated CVE-2021-0009
MISC(link is external) intel -- ethernet_adapters_800_series_controllers
Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series
Controllers and associated adapters before version 1.5.3.0 may allow a
privileged user to potentially enable denial of service via local access.
2021-08-11 not yet calculated CVE-2021-0005
MISC(link is external) intel -- ethernet_adapters_800_series_controllers
Improper conditions check in some Intel(R) Ethernet Controllers 800 series
Linux drivers before version 1.4.11 may allow an authenticated user to
potentially enable information disclosure or denial of service via local access.
2021-08-11 not yet calculated CVE-2021-0002
MISC(link is external) intel -- ethernet_adapters_800_series_controllers
Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series
Controllers and associated adapters before version 1.5.1.0 may allow a
privileged attacker to potentially enable denial of service via local access.
2021-08-11 not yet calculated CVE-2021-0007
MISC(link is external) intel -- ethernet_adapters_800_series_controllers
Improper conditions check in some Intel(R) Ethernet Controllers 800 series
Linux drivers before version 1.4.11 may allow an authenticated user to
potentially enable information disclosure via local access. 2021-08-11 not yet
calculated CVE-2021-0003
MISC(link is external) intel -- ethernet_adapters_800_series_controllers
Improper conditions check in firmware for Intel(R) Ethernet Adapters 800
Series Controllers and associated adapters before version 1.5.4.0 may allow a
privileged user to potentially enable denial of service via local access.
2021-08-11 not yet calculated CVE-2021-0006
MISC(link is external) intel -- ethernet_adapters_800_series_controllers
Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800
Series Controllers and associated adapters before version 1.5.3.0 may allow a
privileged user to potentially enable denial of service via local access.
2021-08-11 not yet calculated CVE-2021-0004
MISC(link is external) intel -- ethernet_controllers_x722_and_800_series
Improper input validation in the Intel(R) Ethernet Controllers X722 and 800
series Linux RMDA driver before version 1.3.19 may allow an authenticated user
to potentially enable escalation of privilege via local access. 2021-08-11 not
yet calculated CVE-2021-0084
MISC(link is external) intel -- graphics_drivers
Use after free in some Intel(R) Graphics Driver before version 27.20.100.8336,
15.45.33.5164, and 15.40.47.5166 may allow an authenticated user to potentially
enable denial of service via local access. 2021-08-11 not yet calculated
CVE-2021-0012
MISC(link is external) intel -- graphics_drivers
Improper input validation in some Intel(R) Graphics Drivers before version
27.20.100.8935 may allow an authenticated user to potentially enable escalation
of privilege via local access. 2021-08-11 not yet calculated CVE-2021-0062
MISC(link is external) intel -- graphics_drivers
Improper initialization in some Intel(R) Graphics Driver before version
27.20.100.9030 may allow an authenticated user to potentially enable escalation
of privilege via local access. 2021-08-11 not yet calculated CVE-2021-0061
MISC(link is external) intel -- nuc9_extreme_laptop_kits
Improper access control in kernel mode driver for some Intel(R) NUC 9 Extreme
Laptop Kits before version 2.2.0.20 may allow an authenticated user to
potentially enable escalation of privilege via local access. 2021-08-11 not yet
calculated CVE-2021-0196
MISC(link is external) intel -- nuc_pro_chassis_element_acermedia_capture_card
Uncontrolled search path in some Intel(R) NUC Pro Chassis Element AverMedia
Capture Card drivers before version 3.0.64.143 may allow an authenticated user
to potentially enable escalation of privilege via local access. 2021-08-11 not
yet calculated CVE-2021-0160
MISC(link is external) intel -- optane_pmem
Improper input validation in some Intel(R) Optane(TM) PMem versions before
versions 1.2.0.5446 or 2.2.0.1547 may allow a privileged user to potentially
enable denial of service via local access. 2021-08-11 not yet calculated
CVE-2021-0083
MISC(link is external) j2eefast -- j2eefast
J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1)
compId parameter to fast/sys/user/list, (2) deptId parameter to
fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list,
related to the use of ${} to join SQL statements. 2021-08-12 not yet calculated
CVE-2021-28890
MISC(link is external) jbl -- go_2_devices
JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech
signals from an LED on the device, via a telescope and an electro-optical
sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is
connected directly to the power line, as a result, the intensity of a device's
power indicator LED is correlative to the power consumption. The sound played by
the speakers affects their power consumption and as a result is also correlative
to the light intensity of the LEDs. By analyzing measurements obtained from an
electro-optical sensor directed at the power indicator LEDs of the speakers, we
can recover the sound played by them. 2021-08-11 not yet calculated
CVE-2021-38548
MISC(link is external) jt2go -- jt2go
A vulnerability has been identified in JT2Go (All versions < V13.2.0.1),
Teamcenter Visualization (All versions < V13.2.0.1). When parsing specially
crafted CGM Files, a NULL pointer deference condition could cause the
application to crash. The application must be restarted to restore the service.
An attacker could leverage this vulnerability to cause a Denial-of-Service
condition in the application. 2021-08-10 not yet calculated CVE-2021-33717
MISC(link is external) jt2go -- jt2go
A vulnerability has been identified in JT2Go (All versions < V13.2.0.2),
Teamcenter Visualization (All versions < V13.2.0.2). The plmxmlAdapterSE70.dll
library in affected applications lacks proper validation of user-supplied data
when parsing PAR files. This could result in an out of bounds read past the end
of an allocated buffer. An attacker could leverage this vulnerability to leak
information in the context of the current process. (ZDI-CAN-13405) 2021-08-10
not yet calculated CVE-2021-33738
MISC(link is external) jupyter -- jupyterlab
JupyterLab is a user interface for Project Jupyter which will eventually
replace the classic Jupyter Notebook. In affected versions untrusted notebook
can execute code on load. In particular JupyterLab doesn’t sanitize the action
attribute of html `<form>`. Using this it is possible to trigger the form
validation outside of the form itself. This is a remote code execution, but
requires user action to open a notebook. 2021-08-09 not yet calculated
CVE-2021-32797
MISC(link is external)
CONFIRM(link is external) jupyter -- notebook
The Jupyter notebook is a web-based notebook environment for interactive
computing. In affected versions untrusted notebook can execute code on load.
Jupyter Notebook uses a deprecated version of Google Caja to sanitize user
inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a
malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to
execute arbitrary code on the victim computer using Jupyter APIs. 2021-08-09 not
yet calculated CVE-2021-32798
CONFIRM(link is external)
MISC(link is external) kde -- kmail
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored
(and cleartext messages are sent) unless "Server requires authentication" is
checked. 2021-08-10 not yet calculated CVE-2021-38373
MISC(link is external)
MISC(link is external) kde -- trojita
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because
untagged responses from an IMAP server are accepted before STARTTLS. 2021-08-10
not yet calculated CVE-2021-38372
MISC(link is external)
MISC(link is external) kitecms -- kitecms
A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to
overwrite arbitrary files via ../ in the path parameter to
index.php/admin/Template/fileedit, with PHP code in the html parameter.
2021-08-12 not yet calculated CVE-2021-31731
MISC(link is external) kuba -- kuba
A vulnerability in all versions of Kuba allows attackers to overwrite
arbitrary files in arbitrary directories with crafted Zip files due to improper
validation of file paths in .zip archives. 2021-08-10 not yet calculated
CVE-2020-23172
MISC(link is external) kyma -- kyma
Due to insufficient input validation in Kyma, authenticated users can pass a
Header of their choice and escalate privileges. 2021-08-10 not yet calculated
CVE-2021-33708
MISC(link is external) leafkit -- leafkit
Leafkit is a templating language with Swift-inspired syntax. Versions prior to
1.3.0 are susceptible to Cross-site Scripting (XSS) attacks. This affects anyone
passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would
not escape any strings passed to tags as variables. If an attacker managed to
find a variable that was rendered with their unsanitised data, they could inject
scripts into a generated Leaf page, which could enable XSS attacks if other
mitigations such as a Content Security Policy were not enabled. This has been
patched in 1.3.0. As a workaround sanitize any untrusted input before passing it
to Leaf and enable a CSP to block inline script and CSS data. 2021-08-09 not yet
calculated CVE-2021-37634
MISC(link is external)
CONFIRM(link is external) librt -- gnu_c_library
In librt in the GNU C Library (aka glibc) through 2.34,
sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data,
leading to a NULL pointer dereference. NOTE: this vulnerability was introduced
as a side effect of the CVE-2021-33574 fix. 2021-08-12 not yet calculated
CVE-2021-38604
MISC(link is external)
MISC(link is external)
MISC(link is external) libsixel -- libsixel
A heap-based buffer overflow in the sixel_encoder_output_without_macro
function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of
service (DOS) via converting a crafted PNG file into Sixel format. 2021-08-10
not yet calculated CVE-2020-21677
MISC(link is external) libspf2 -- libspf2
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain
SPF macros can lead to Denial of service and potentially code execution via
malicious crafted SPF explanation messages. 2021-08-12 not yet calculated
CVE-2021-20314
MISC(link is external) linaro -- op-tee
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is
possible to call update and final cryptographic functions directly, causing a
crash that could leak sensitive information. 2021-08-11 not yet calculated
CVE-2019-25052
MISC(link is external)
MISC(link is external) linux -- linux_kernel NVIDIA Linux kernel distributions
contain a vulnerability in nvmap, where a null pointer dereference may lead to
complete denial of service. 2021-08-11 not yet calculated CVE-2021-1112
MISC(link is external) linux -- linux_kernel A flaw was found in the Linux
kernel netfilter implementation in versions prior to 5.5-rc7. A user with root
(CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter
netflow commands. 2021-08-13 not yet calculated CVE-2021-3635
MISC(link is external) linux -- linux_kernel NVIDIA Linux kernel distributions
contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access
controls may lead to code execution, complete denial of service, and seriously
compromised integrity of all system components. 2021-08-11 not yet calculated
CVE-2021-1107
MISC(link is external) linux -- linux_kernel NVIDIA Linux kernel distributions
on Jetson Xavier contain a vulnerability in camera firmware where a user can
change input data after validation, which may lead to complete denial of service
and serious data corruption of all kernel components. 2021-08-11 not yet
calculated CVE-2021-1110
MISC(link is external) linux -- linux_kernel NVIDIA Linux kernel distributions
contain a vulnerability in the kernel crypto node, where use after free may lead
to complete denial of service. 2021-08-11 not yet calculated CVE-2021-1114
MISC(link is external) linux -- linux_kernel
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI
subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way
triggers race condition of the call hci_unregister_dev() together with one of
the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(),
hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this
flaw to crash the system or escalate their privileges on the system. This flaw
affects the Linux kernel versions prior to 5.13-rc5. 2021-08-13 not yet
calculated CVE-2021-3573
MISC(link is external)
MISC(link is external)
MISC(link is external) linux -- linux_kernel
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where
writes may be allowed to read-only buffers, which may result in escalation of
privileges, complete denial of service, unconstrained information disclosure,
and serious data tampering of all processes on the system. 2021-08-11 not yet
calculated CVE-2021-1106
MISC(link is external) linux -- linux_kernel
NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture
(VI/ISP), where integer underflow due to lack of input validation may lead to
complete denial of service, partial integrity, and serious confidentiality loss
for all processes in the system. 2021-08-11 not yet calculated CVE-2021-1108
MISC(link is external) live555 -- live555 Live555 through 1.08 mishandles huge
requests for the same MP3 stream, leading to recursion and s stack-based buffer
over-read. An attacker can leverage this to launch a DoS attack. 2021-08-10 not
yet calculated CVE-2021-38380
MISC(link is external)
MISC(link is external) live555 -- live555
Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two
successive RTSP SETUP commands for the same track causes a Use-After-Free and
daemon crash. 2021-08-10 not yet calculated CVE-2021-38381
MISC(link is external)
MISC(link is external) live555 -- live555
Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending
two successive RTSP SETUP commands for the same track causes a Use-After-Free
and daemon crash. 2021-08-10 not yet calculated CVE-2021-38382
MISC(link is external)
MISC(link is external) ljcms -- ljcms
An arbitrary file upload vulnerability in the move_uploaded_file() function of
LJCMS v4.3 allows attackers to execute arbitrary code. 2021-08-12 not yet
calculated CVE-2020-20979
MISC(link is external) logitech -- z120_and_s120_speakers
Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to
recover speech signals from an LED on the device, via a telescope and an
electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the
speakers is connected directly to the power line, as a result, the intensity of
a device's power indicator LED is correlative to the power consumption. The
sound played by the speakers affects their power consumption and as a result is
also correlative to the light intensity of the LEDs. By analyzing measurements
obtained from an electro-optical sensor directed at the power indicator LEDs of
the speakers, we can recover the sound played by them. 2021-08-11 not yet
calculated CVE-2021-38547
MISC(link is external) maccms10 -- maccms10
An arbitrary file upload vulnerability in the Template Upload function of
Maccms10 allows attackers bypass the suffix whitelist verification to execute
arbitrary code via adding a character to the end of the uploaded file's name.
2021-08-11 not yet calculated CVE-2020-21359
MISC(link is external) maccms10 -- maccms10
An arbitrary file deletion vulnerability exists within Maccms10. 2021-08-11
not yet calculated CVE-2020-21363
MISC(link is external) manageengine -- adselfservice_plus
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService
Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user.
The j_username parameter seems to be vulnerable and a reverse shell could be
obtained if a privileged user exports "User Attempts Audit Report" as CSV file.
2021-08-09 not yet calculated CVE-2021-33256
MISC(link is external) mediawiki -- mediawiki
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.
MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key
will fit in a MySQL blob. 2021-08-12 not yet calculated CVE-2021-31556
MISC(link is external)
MISC(link is external) merge-change -- merge-change
All versions of package merge-change are vulnerable to Prototype Pollution via
the utils.set function. 2021-08-11 not yet calculated CVE-2021-23421
MISC(link is external)
MISC(link is external) metinfo -- metinfo
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo
7.0 allows attackers to access sensitive database information. 2021-08-12 not
yet calculated CVE-2020-20981
MISC(link is external) microsoft -- azure Azure Sphere Information Disclosure
Vulnerability 2021-08-12 not yet calculated CVE-2021-26428
N/A(link is external) microsoft -- azure Azure CycleCloud Elevation of Privilege
Vulnerability This CVE ID is unique from CVE-2021-33762. 2021-08-12 not yet
calculated CVE-2021-36943
N/A(link is external) microsoft -- azure
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability
2021-08-12 not yet calculated CVE-2021-36949
N/A(link is external) microsoft -- azure
Azure Sphere Elevation of Privilege Vulnerability 2021-08-12 not yet
calculated CVE-2021-26429
N/A(link is external) microsoft -- azure
Azure Sphere Denial of Service Vulnerability 2021-08-12 not yet calculated
CVE-2021-26430
N/A(link is external) microsoft -- dynamics_365
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
2021-08-12 not yet calculated CVE-2021-36950
N/A(link is external) microsoft -- dynamics_365
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
2021-08-12 not yet calculated CVE-2021-36946
N/A(link is external) microsoft -- dynamics_365
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
2021-08-12 not yet calculated CVE-2021-34524
N/A(link is external) microsoft -- office
Microsoft Office Remote Code Execution Vulnerability 2021-08-12 not yet
calculated CVE-2021-34478
N/A(link is external) microsoft -- sharepoint
Microsoft SharePoint Server Spoofing Vulnerability 2021-08-12 not yet
calculated CVE-2021-36940
N/A(link is external) microsoft -- visual_studio
ASP.NET Core and Visual Studio Information Disclosure Vulnerability 2021-08-12
not yet calculated CVE-2021-34532
N/A(link is external) microsoft -- visual_studio
.NET Core and Visual Studio Denial of Service Vulnerability 2021-08-12 not yet
calculated CVE-2021-26423
N/A(link is external) microsoft -- visual_studio
.NET Core and Visual Studio Information Disclosure Vulnerability 2021-08-12
not yet calculated CVE-2021-34485
N/A(link is external) microsoft -- windows Windows Services for NFS ONCRPC XDR
Driver Information Disclosure Vulnerability This CVE ID is unique from
CVE-2021-26433, CVE-2021-36932, CVE-2021-36933. 2021-08-12 not yet calculated
CVE-2021-36926
N/A(link is external) microsoft -- windows Windows MSHTML Platform Remote Code
Execution Vulnerability 2021-08-12 not yet calculated CVE-2021-34534
N/A(link is external) microsoft -- windows Windows Update Medic Service
Elevation of Privilege Vulnerability 2021-08-12 not yet calculated
CVE-2021-36948
N/A(link is external) microsoft -- windows Windows 10 Update Assistant Elevation
of Privilege Vulnerability 2021-08-12 not yet calculated CVE-2021-36945
N/A(link is external) microsoft -- windows Windows Media MPEG-4 Video Decoder
Remote Code Execution Vulnerability 2021-08-12 not yet calculated CVE-2021-36937
N/A(link is external) microsoft -- windows
Windows Digital TV Tuner device registration application Elevation of
Privilege Vulnerability 2021-08-12 not yet calculated CVE-2021-36927
N/A(link is external) microsoft -- windows
Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is
unique from CVE-2021-36947, CVE-2021-36958. 2021-08-12 not yet calculated
CVE-2021-36936
N/A(link is external) microsoft -- windows
Scripting Engine Memory Corruption Vulnerability 2021-08-12 not yet calculated
CVE-2021-34480
N/A(link is external) microsoft -- windows
Windows Services for NFS ONCRPC XDR Driver Information Disclosure
Vulnerability This CVE ID is unique from CVE-2021-26433, CVE-2021-36926,
CVE-2021-36933. 2021-08-12 not yet calculated CVE-2021-36932
N/A(link is external) microsoft -- windows
Windows Services for NFS ONCRPC XDR Driver Information Disclosure
Vulnerability This CVE ID is unique from CVE-2021-26433, CVE-2021-36926,
CVE-2021-36932. 2021-08-12 not yet calculated CVE-2021-36933
N/A(link is external) microsoft -- windows
Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is
unique from CVE-2021-36936, CVE-2021-36947. 2021-08-12 not yet calculated
CVE-2021-36958
N/A(link is external) microsoft -- windows
Windows Cryptographic Primitives Library Information Disclosure Vulnerability
2021-08-12 not yet calculated CVE-2021-36938
N/A(link is external) microsoft -- windows
Windows TCP/IP Remote Code Execution Vulnerability 2021-08-12 not yet
calculated CVE-2021-26424
N/A(link is external) microsoft -- windows
Windows LSA Spoofing Vulnerability 2021-08-12 not yet calculated
CVE-2021-36942
N/A(link is external) microsoft -- windows
Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is
unique from CVE-2021-36936, CVE-2021-36958. 2021-08-12 not yet calculated
CVE-2021-36947
N/A(link is external) microsoft -- windows
Microsoft Windows Defender Elevation of Privilege Vulnerability 2021-08-12 not
yet calculated CVE-2021-34471
N/A(link is external) microsoft -- windows
Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is
unique from CVE-2021-34486, CVE-2021-34487. 2021-08-12 not yet calculated
CVE-2021-26425
N/A(link is external) microsoft -- windows
Windows Graphics Component Font Parsing Remote Code Execution Vulnerability
2021-08-12 not yet calculated CVE-2021-34533
N/A(link is external) microsoft -- windows
Windows Graphics Component Remote Code Execution Vulnerability 2021-08-12 not
yet calculated CVE-2021-34530
N/A(link is external) microsoft -- windows
Windows User Profile Service Elevation of Privilege Vulnerability 2021-08-12
not yet calculated CVE-2021-34484
N/A(link is external) microsoft -- windows
Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is
unique from CVE-2021-26425, CVE-2021-34487. 2021-08-12 not yet calculated
CVE-2021-34486
N/A(link is external) microsoft -- windows
Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is
unique from CVE-2021-26425, CVE-2021-34486. 2021-08-12 not yet calculated
CVE-2021-34487
N/A(link is external) microsoft -- windows
Windows User Account Profile Picture Elevation of Privilege Vulnerability
2021-08-12 not yet calculated CVE-2021-26426
N/A(link is external) microsoft -- windows
Windows Print Spooler Elevation of Privilege Vulnerability 2021-08-12 not yet
calculated CVE-2021-34483
N/A(link is external) microsoft -- windows
Storage Spaces Controller Elevation of Privilege Vulnerability 2021-08-12 not
yet calculated CVE-2021-34536
N/A(link is external) microsoft -- windows
Remote Desktop Client Remote Code Execution Vulnerability 2021-08-12 not yet
calculated CVE-2021-34535
N/A(link is external) microsoft -- windows
Windows Bluetooth Driver Elevation of Privilege Vulnerability 2021-08-12 not
yet calculated CVE-2021-34537
N/A(link is external) microsoft -- windows
Windows Services for NFS ONCRPC XDR Driver Information Disclosure
Vulnerability This CVE ID is unique from CVE-2021-36926, CVE-2021-36932,
CVE-2021-36933. 2021-08-12 not yet calculated CVE-2021-26433
N/A(link is external) microsoft -- windows
Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
2021-08-12 not yet calculated CVE-2021-26432
N/A(link is external) microsoft -- windows
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
2021-08-12 not yet calculated CVE-2021-26431
N/A(link is external) microsoft -- word
Microsoft Word Remote Code Execution Vulnerability 2021-08-12 not yet
calculated CVE-2021-36941
N/A(link is external) miracase -- mhub500
MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use
cases in which the device supplies power to audio-output equipment, allow remote
attackers to recover speech signals from an LED on the device, via a telescope
and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB
splitter supplies power to some speakers. The power indicator LED of the USB
splitter is connected directly to the power line, as a result, the intensity of
the USB splitter's power indicator LED is correlative to its power consumption.
The sound played by the connected speakers affects the USB splitter's power
consumption and as a result is also correlative to the light intensity of the
LED. By analyzing measurements obtained from an electro-optical sensor directed
at the power indicator LED of the USB splitter, we can recover the sound played
by the connected speakers. 2021-08-11 not yet calculated CVE-2021-38549
MISC(link is external) mitel -- interaction_recording_multitenancy
The PowerPlay Web component of Mitel Interaction Recording Multitenancy
systems before 6.7 could allow a user (with Administrator rights) to replay a
previously recorded conversation of another tenant due to insufficient
validation. 2021-08-13 not yet calculated CVE-2021-37586
MISC(link is external)
MISC(link is external) mitel -- micollab_client_service
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow
an attacker to get source code information (disclosing sensitive application
data) due to insufficient output sanitization. A successful exploit could allow
an attacker to view source code methods. 2021-08-13 not yet calculated
CVE-2021-32072
MISC(link is external)
MISC(link is external) mitel -- micollab_client_service
The MiCollab Client service in Mitel MiCollab before 9.3 could allow an
unauthenticated user to gain system access due to improper access control. A
successful exploit could allow an attacker to view and modify application data,
and cause a denial of service for users. 2021-08-13 not yet calculated
CVE-2021-32071
MISC(link is external)
MISC(link is external) mitel -- micollab_client_service
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow
an attacker to perform a clickjacking attack due to an insecure header response.
A successful exploit could allow an attacker to modify the browser header and
redirect users. 2021-08-13 not yet calculated CVE-2021-32070
MISC(link is external)
MISC(link is external) mitel -- micollab_client_service
The AWV component of Mitel MiCollab before 9.3 could allow an attacker to
perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful
exploit could allow an attacker to view and modify data. 2021-08-13 not yet
calculated CVE-2021-32069
MISC(link is external)
MISC(link is external) mitel -- micollab_client_service
The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3
could allow an attacker to perform a Man-In-the-Middle attack by sending
multiple session renegotiation requests, due to insufficient TLS session
controls. A successful exploit could allow an attacker to modify application
data and state. 2021-08-13 not yet calculated CVE-2021-32068
MISC(link is external)
MISC(link is external) mitel -- micollab_client_service
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow
an attacker to view sensitive system information through an HTTP response due to
insufficient output sanitization. 2021-08-13 not yet calculated CVE-2021-32067
MISC(link is external)
MISC(link is external) mitel -- micollab_web_client
The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow
an attacker to access (view and modify) user data by executing arbitrary code
due to insufficient input validation, aka Cross-Site Scripting (XSS). 2021-08-13
not yet calculated CVE-2021-27401
MISC(link is external)
CONFIRM(link is external) mitel -- micontact_center_business
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0
through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated
attacker to access (view and modify) user data without authorization due to
improper handling of tokens. 2021-08-13 not yet calculated CVE-2021-3352
MISC(link is external)
MISC(link is external) mp4box -- mp4box Buffer overflow in the stbl_AppendSize
function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service
or execute arbitrary code via a crafted file. 2021-08-11 not yet calculated
CVE-2021-32439
MISC(link is external)
MISC(link is external) mp4box -- mp4box
The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a
denial of service (NULL pointer dereference) via a crafted file in the MP4Box
command. 2021-08-11 not yet calculated CVE-2021-32440
MISC(link is external)
MISC(link is external) nagios -- xi_docker_wizard
Nagios XI before version 5.8.5 is vulnerable to insecure permissions and
allows unauthenticated users to access guarded pages through a crafted HTTP
request to the server. 2021-08-13 not yet calculated CVE-2021-37351
MISC(link is external) nagios -- xi_docker_wizard
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation
because xi-sys.cfg is being imported from the var directory for some scripts
with elevated permissions. 2021-08-13 not yet calculated CVE-2021-37345
MISC(link is external)
MISC(link is external) nagios -- xi_docker_wizard
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to
improper sanitation in table_population.php. 2021-08-13 not yet calculated
CVE-2021-37353
MISC(link is external) nagios -- xi_docker_wizard
A path traversal vulnerability exists in Nagios XI below version 5.8.5
AutoDiscovery component and could lead to post authenticated RCE under security
context of the user running Nagios. 2021-08-13 not yet calculated CVE-2021-37343
MISC(link is external) nagios -- xi_docker_wizard
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation
because getprofile.sh does not validate the directory name it receives as an
argument. 2021-08-13 not yet calculated CVE-2021-37347
MISC(link is external) nagios -- xi_docker_wizard
Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in
Bulk Modifications Tool due to improper input sanitisation. 2021-08-13 not yet
calculated CVE-2021-37350
MISC(link is external) nagios -- xi_docker_wizard
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that
could lead to spoofing. To exploit the vulnerability, an attacker could send a
link that has a specially crafted URL and convince the user to click the link.
2021-08-13 not yet calculated CVE-2021-37352
MISC(link is external) nagios -- xi_docker_wizard
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation
because cleaner.php does not sanitise input read from the database. 2021-08-13
not yet calculated CVE-2021-37349
MISC(link is external) nagios -- xi_docker_wizard
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through
improper limitation of a pathname in index.php. 2021-08-13 not yet calculated
CVE-2021-37348
MISC(link is external) nagios -- xi_switch_wizard
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code
execution through improper neutralisation of special elements used in an OS
Command (OS Command injection). 2021-08-13 not yet calculated CVE-2021-37344
MISC(link is external) nagios -- xi_watchguard_wizard
Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code
execution through Improper neutralisation of special elements used in an OS
Command (OS Command injection). 2021-08-13 not yet calculated CVE-2021-37346
MISC(link is external) netgear -- multiple_devices Certain NETGEAR devices are
affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before
1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66,
R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2
before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before
1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76,
AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62.
2021-08-11 not yet calculated CVE-2021-38537
MISC(link is external) netgear -- multiple_devices Certain NETGEAR devices are
affected by command injection by an unauthenticated attacker. This affects RBK40
before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before
2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16,
RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.
2021-08-11 not yet calculated CVE-2021-38530
MISC(link is external) netgear -- multiple_devices Certain NETGEAR devices are
affected by denial of service. This affects R6400v2 before 1.0.4.98, R6700v3
before 1.0.4.98, R7900 before 1.0.3.18, and R8000 before 1.0.4.46. 2021-08-11
not yet calculated CVE-2021-38515
MISC(link is external) netgear -- multiple_devices Certain NETGEAR devices are
affected by command injection by an unauthenticated attacker. This affects D7800
before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before
1.0.4.26. 2021-08-11 not yet calculated CVE-2021-38529
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by command injection by an authenticated
user. This affects R6400 before 1.0.1.52, R6400v2 before 1.0.4.84, R6700v3
before 1.0.4.84, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, and R7000P
before 1.3.2.124. 2021-08-11 not yet calculated CVE-2021-38520
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by a buffer overflow by an
unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before
1.0.3.94, and RAX40 before 1.0.3.94. 2021-08-11 not yet calculated
CVE-2021-38526
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by command injection by an
unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2 before
1.0.1.98, EX6150v2 before 1.0.1.98, EX6250 before 1.0.0.132, EX6400 before
1.0.2.158, EX6400v2 before 1.0.0.132, EX6410 before 1.0.0.132, EX6420 before
1.0.0.132, EX7300 before 1.0.2.158, EX7300v2 before 1.0.0.132, EX7320 before
1.0.0.132, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, R7800 before
1.0.2.78, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44,
RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40
before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before
2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6,
RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850
before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.6.2.4, RBS50Y before
2.6.1.40, RBW30 before 2.6.2.2, and XR500 before 2.3.2.114. 2021-08-11 not yet
calculated CVE-2021-38527
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by command injection by an authenticated
user. This affects R6400 before 1.0.1.50, R7900P before 1.4.1.50, R8000P before
1.4.1.50, RAX75 before 1.0.1.62, and RAX80 before 1.0.1.62. 2021-08-11 not yet
calculated CVE-2021-38521
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by lack of access control at the function
level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before
1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40,
DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50
before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before
2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28,
R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220
before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before
1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62,
R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2
before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before
1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48,
R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400
before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before
1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28,
R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000
before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before
3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before
3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before
2.3.2.32, and XR500 before 2.3.2.32. 2021-08-11 not yet calculated
CVE-2021-38516
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by command injection by an
unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before
1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64, WNDR3400v3 before
1.0.1.38, and XR300 before 1.0.3.56. 2021-08-11 not yet calculated
CVE-2021-38528
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by command injection by an authenticated
user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before
1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before
3.2.17.12. 2021-08-11 not yet calculated CVE-2021-38518
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by out-of-bounds reads and writes. This
affects R6400 before 1.0.1.70, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120,
and XR300 before 1.0.3.50. 2021-08-11 not yet calculated CVE-2021-38517
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by command injection by an authenticated
user. This affects R6250 before 1.0.4.36, R6300v2 before 1.0.4.36, R6400 before
1.0.1.50, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700 before
1.0.2.8, R6900 before 1.0.2.8, R7000 before 1.0.9.88, R6900P before 1.3.2.132,
R7100LG before 1.0.0.52, R7900 before 1.0.3.10, R8000 before 1.0.4.46, R7900P
before 1.4.1.50, R8000P before 1.4.1.50, and RAX80 before 1.0.1.40. 2021-08-11
not yet calculated CVE-2021-38519
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by a stack-based buffer overflow by an
authenticated user. This affects MK62 before 1.0.6.110, MR60 before 1.0.6.110,
MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200
before 1.0.3.106, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before
1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before
3.2.16.6, and RBS750 before 3.2.16.6. 2021-08-11 not yet calculated
CVE-2021-38524
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by authentication bypass. This affects
RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40
before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before
1.0.6.110, MS60 before 1.0.6.110, RBK752 before 3.2.10.10, RBR750 before
3.2.10.10, and RBS750 before 3.2.10.10. 2021-08-11 not yet calculated
CVE-2021-38513
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by CSRF. This affects EX3700 before
1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before
1.0.0.44. 2021-08-11 not yet calculated CVE-2021-32122
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by a stack-based buffer overflow by an
authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76,
D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000
before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before
1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42,
R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2
before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before
1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36,
R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900
before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40. 2021-08-11
not yet calculated CVE-2021-38525
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by authentication bypass. This affects
D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before 1.0.0.63, D6200
before 1.1.00.34, D6220 before 1.0.0.48, D6400 before 1.0.0.86, D7000 before
1.0.1.70, D7000v2 before 1.0.0.52, D7800 before 1.0.1.56, D8500 before 1.0.3.44,
DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.108, DGND2200Bv4 before
1.0.0.108, EX2700 before 1.0.1.48, EX3700 before 1.0.0.76, EX3800 before
1.0.0.76, EX6000 before 1.0.0.38, EX6100 before 1.0.2.24, EX6100v2 before
1.0.1.76, EX6120 before 1.0.0.42, EX6130 before 1.0.0.28, EX6150v1 before
1.0.0.42, EX6150v2 before 1.0.1.76, EX6200 before 1.0.3.88, EX6200v2 before
1.0.1.72, EX6400 before 1.0.2.136, EX7000 before 1.0.0.66, EX7300 before
1.0.2.136, EX8000 before 1.0.1.180, RBK50 before 2.1.4.10, RBR50 before
2.1.4.10, RBS50 before 2.1.4.10, RBK40 before 2.1.4.10, RBR40 before 2.1.4.10,
RBS40 before 2.1.4.10, RBW30 before 2.2.1.204, PR2000 before 1.0.0.28, R6020
before 1.0.0.38, R6080 before 1.0.0.38, R6050 before 1.0.1.18, JR6150 before
1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.86, R6250 before 1.0.4.34,
R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R6700
before 1.0.1.48, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before
1.2.0.36, R6900 before 1.0.1.48, R7000 before 1.0.9.34, R6900P before 1.3.1.64,
R7000P before 1.3.1.64, R7100LG before 1.0.0.48, R7300DST before 1.0.0.70,
R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R7900 before 1.0.3.8, R8000
before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8300 before
1.0.2.128, R8500 before 1.0.2.128, R9000 before 1.0.3.10, RBS40V before
2.2.0.58, RBK50V before 2.2.0.58, WN2000RPTv3 before 1.0.1.32, WN2500RPv2 before
1.0.1.54, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNDR3400v3
before 1.0.1.22, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104,
WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR2000v5 (R2000) before
1.0.0.66, WNR2020 before 1.1.0.62, WNR2050 before 1.1.0.62, WNR3500Lv2 before
1.2.0.62, and XR500 before 2.3.2.22. 2021-08-11 not yet calculated
CVE-2021-38514
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by privilege escalation. This affects
D8500 before 1.0.3.44, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3
before 1.0.2.66, R6900 before 1.0.2.4, R6900P before 1.3.2.126, R7000 before
1.0.9.42, R7000P before 1.3.2.126, R7100LG before 1.0.0.50, R7300DST before
1.0.0.70, R7900 before 1.0.3.10, R8300 before 1.0.2.130, and R8500 before
1.0.2.130. 2021-08-11 not yet calculated CVE-2021-38539
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before
1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, R9000 before 1.0.4.26,
RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20
before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before
2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30,
and XR500 before 2.3.2.56. 2021-08-11 not yet calculated CVE-2021-38538
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by incorrect configuration of security
settings. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020
before 1.0.0.42, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6260 before
1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before
1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, and AC2400 before
1.2.0.76. 2021-08-11 not yet calculated CVE-2021-38531
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by stored XSS. This affects D3600 before
1.0.0.76, D6000 before 1.0.0.76, D6100 before 1.0.0.60, D6200 before 1.1.00.36,
D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2
before 1.0.0.53, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before
1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, JR6150 before
1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18,
R6080 before 1.0.0.42, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250
before 1.0.4.34, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6400 before
1.0.1.46, R6400v2 before 1.0.2.62, R6700 before 1.0.2.6, R6700v2 before
1.2.0.36, R6700v3 before 1.0.2.62, R6800 before 1.2.0.36, R6900 before 1.0.2.4,
R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.60, R7000P
before 1.3.1.64, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7450 before
1.2.0.36, R7900 before 1.0.3.8, R7900P before 1.4.1.50, R8000 before 1.0.4.28,
R8000P before 1.4.1.50, R8300 before 1.0.2.130, R8500 before 1.0.2.130,
WNDR3400v3 before 1.0.1.24, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62,
XR450 before 2.3.2.40, and XR500 before 2.3.2.40. 2021-08-11 not yet calculated
CVE-2021-38534
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before
1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48,
R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800
before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before
1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76,
AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35
before 1.0.3.62, and RAX40 before 1.0.3.62. 2021-08-11 not yet calculated
CVE-2021-38535
MISC(link is external) netgear -- multiple_devices
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before
1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48,
R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800
before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before
1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76,
AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35
before 1.0.3.62, and RAX40 before 1.0.3.62. 2021-08-11 not yet calculated
CVE-2021-38536
MISC(link is external) netgear -- r6400_devices
NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based buffer
overflow by an authenticated user. 2021-08-11 not yet calculated CVE-2021-38522
MISC(link is external) netgear -- r6400_devices
NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based buffer
overflow by an authenticated user. 2021-08-11 not yet calculated CVE-2021-38523
MISC(link is external) netgear -- rax40
NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. 2021-08-11
not yet calculated CVE-2021-38533
MISC(link is external) netgear -- wac104_devices
NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration
of security settings. 2021-08-11 not yet calculated CVE-2021-38532
MISC(link is external) netskope -- client
Netskope Client through 77 allows low-privileged users to elevate their
privileges to NT AUTHORITY\SYSTEM. 2021-08-12 not yet calculated CVE-2020-24576
MISC(link is external)
MISC(link is external) netweaver -- enterprise_portal
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11,
7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An
attacker can craft malicious data and print it to the report. In a successful
attack, a victim opens the report, and the malicious script gets executed in the
victim's browser, resulting in a Stored Cross-Site Scripting (XSS)
vulnerability. 2021-08-10 not yet calculated CVE-2021-33702
MISC(link is external)
MISC(link is external) netweaver -- enterprise_portal
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31,
7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a
malicious link and send it to a victim. A successful attack results in Reflected
Cross-Site Scripting (XSS) vulnerability. 2021-08-10 not yet calculated
CVE-2021-33703
MISC(link is external)
MISC(link is external) newsone -- cms
An arbitrary file upload in the <input type="file" name="user_image">
component of NewsOne CMS v1.1.0 allows attackers to webshell and execute
arbitrary commands. 2021-08-11 not yet calculated CVE-2020-21976
MISC(link is external) next.js -- next.js
Next.js is an open source website development framework to be used with the
React library. In affected versions specially encoded paths could be used when
pages/_error.js was statically generated allowing an open redirect to occur to
an external site. In general, this redirect does not directly harm users
although can allow for phishing attacks by redirecting to an attacker's domain
from a trusted domain. We recommend everyone to upgrade regardless of whether
you can reproduce the issue or not. The issue has been patched in release
11.1.0. 2021-08-12 not yet calculated CVE-2021-37699
MISC(link is external)
CONFIRM(link is external) nim-lang -- nim-lang
A vulnerability in all versions of Nim-lang allows unauthenticated attackers
to write files to arbitrary directories via a crafted zip file with dot-slash
characters included in the name of the crafted file. 2021-08-10 not yet
calculated CVE-2020-23171
MISC(link is external) nuance -- winscribe_diction
The exporter/Login.aspx login form in the Exporter in Nuance Winscribe
Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote,
unauthenticated attacker to read the database (and execute code in some
situations) via the txtPassword parameter. 2021-08-12 not yet calculated
CVE-2021-37599
MISC(link is external)
MISC(link is external) nuvoton -- trusted_platform_module
An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x
7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private
key via a side-channel attack against ECDSA, because of an Observable Timing
Discrepancy. 2021-08-10 not yet calculated CVE-2020-25082
MISC(link is external) nvidia -- camera NVIDIA camera firmware contains a
multistep, timing-related vulnerability where an unauthorized modification by
camera resources may result in loss of data integrity or denial of service
across several streams. 2021-08-11 not yet calculated CVE-2021-1109
MISC(link is external) nvidia -- camera
NVIDIA camera firmware contains a vulnerability where an unauthorized
modification by camera resources may result in complete denial of service and
loss of partial data integrity for all clients. 2021-08-11 not yet calculated
CVE-2021-1113
MISC(link is external) nvidia -- dcgm
NVIDIA DCGM contains a vulnerability in the DIAG module where any user can
inject shared libraries into the DCGM server, which is usually running as root,
which may lead to privilege escalation, total loss of confidentiality and
integrity, and complete denial of service 2021-08-13 not yet calculated
CVE-2021-34398
MISC(link is external) on24 -- screenshare
The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS
allows remote file access via its built-in HTTP server. This allows
unauthenticated remote users to retrieve files accessible to the logged-on macOS
user. When a remote user sends a crafted HTTP request to the server, it triggers
a code path that will download a configuration file from a specified remote
machine over HTTP. There is an XXE flaw in processing of this configuration file
that allows reading local (to macOS) files and uploading them to remote
machines. 2021-08-13 not yet calculated CVE-2021-34823
MISC(link is external)
MISC(link is external) onefuzz -- onefuzz
OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting
with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an
authenticated user from any Azure Active Directory tenant to make authorized API
calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment
must be both version 2.12.0 or greater and deployed with the non-default
--multi_tenant_domain option. This can result in read/write access to private
data such as software vulnerability and crash information, security testing
tools and proprietary code and symbols. Via authorized API calls, this also
enables tampering with existing data and unauthorized code execution on Azure
compute resources. This issue is resolved starting in release 2.31.0, via the
addition of application-level check of the bearer token's `issuer` against an
administrator-configured allowlist. As a workaround users can restrict access to
the tenant of a deployed OneFuzz instance < 2.31.0 by redeploying in the default
configuration, which omits the `--multi_tenant_domain` option. 2021-08-13 not
yet calculated CVE-2021-37705
MISC(link is external)
MISC(link is external)
MISC(link is external)
CONFIRM(link is external)
MISC(link is external) open-graph -- open-graph
This affects the package open-graph before 0.2.6. The function parse could be
tricked into adding or modifying properties of Object.prototype using a
__proto__ or constructor payload. 2021-08-08 not yet calculated CVE-2021-23419
MISC(link is external)
MISC(link is external) open_ticket_request_system -- help_desk
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS)
Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow
remote authenticated users to execute arbitrary SQL commands via unspecified
vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm,
Kernel/System/CustomerCompany.pm,
Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm,
Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and
Kernel/System/TicketSearch.pm. 2021-08-09 not yet calculated CVE-2013-4717
MISC(link is external) open_ticket_request_system -- open_ticket_request_system
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS)
ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows
remote authenticated users to inject arbitrary web script or HTML via an ITSM
ConfigItem search. 2021-08-09 not yet calculated CVE-2013-4718
MISC(link is external) openbaraza -- hcm
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an
unauthenticated remote attacker can conduct a stored cross-site scripting (XSS)
attack against an administrative user from hr/subscription.jsp and
hr/application.jsp and and hr/index.jsp (with view=). 2021-08-13 not yet
calculated CVE-2021-38619
MISC(link is external)
MISC(link is external)
MISC(link is external) openbaraza -- openbaraza
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input,
which allows reflected cross-site scripting (XSS) on multiple pages:
hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and
data=). 2021-08-13 not yet calculated CVE-2021-38583
MISC(link is external)
MISC(link is external)
MISC(link is external) openstack -- keystone
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x
before 18.0.1, and 19.x before 19.0.1 allows information disclosure during
account locking (related to PCI DSS features). By guessing the name of an
account and failing to authenticate multiple times, any unauthenticated actor
could both confirm the account exists and obtain that account's corresponding
UUID, which might be leveraged for other unrelated attacks. All deployments
enabling security_compliance.lockout_failure_attempts are affected. 2021-08-06
not yet calculated CVE-2021-38155
MISC(link is external)
CONFIRM(link is external)
MLIST(link is external) owntone -- owntone
OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind()
in misc.c. 2021-08-10 not yet calculated CVE-2021-38383
MISC(link is external) palo_alto_networks -- pan-os An improper authentication
vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML
authenticated attacker to impersonate any other user in the GlobalProtect Portal
and GlobalProtect Gateway when they are configured to use SAML authentication.
This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0
versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS
9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 10.1 versions are
not impacted. 2021-08-11 not yet calculated CVE-2021-3046
CONFIRM(link is external) palo_alto_networks -- pan-os
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web
interface enables an authenticated administrator to execute arbitrary OS
commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10
through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10; PAN-OS
10.0 version 10.0.7 and earlier PAN-OS 10.0 versions; PAN-OS 10.1 version 10.1.0
through PAN-OS 10.1.1. Prisma Access firewalls and firewalls running PAN-OS 8.1
versions are not impacted by this issue. 2021-08-11 not yet calculated
CVE-2021-3050
CONFIRM(link is external) palo_alto_networks -- pan-os
An OS command argument injection vulnerability in the Palo Alto Networks
PAN-OS web interface enables an authenticated administrator to read any
arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions
earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14;
PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions
are not impacted. 2021-08-11 not yet calculated CVE-2021-3045
CONFIRM(link is external) palo_alto_networks -- pan-os
A cryptographically weak pseudo-random number generator (PRNG) is used during
authentication to the Palo Alto Networks PAN-OS web interface. This enables an
authenticated attacker, with the capability to observe their own authentication
secrets over a long duration on the PAN-OS appliance, to impersonate another
authenticated web interface administrator's session. This issue impacts: PAN-OS
8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS
9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions
earlier than PAN-OS 10.0.4. PAN-OS 10.1 versions are not impacted. 2021-08-11
not yet calculated CVE-2021-3047
CONFIRM(link is external) palo_alto_networks -- pan-os
Certain invalid URL entries contained in an External Dynamic List (EDL) cause
the Device Server daemon (devsrvr) to stop responding. This condition causes
subsequent commits on the firewall to fail and prevents administrators from
performing commits and configuration changes even though the firewall remains
otherwise functional. If the firewall then restarts, it results in a
denial-of-service (DoS) condition and the firewall stops processing traffic.
This issue impacts: PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1
versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS
10.0.5. PAN-OS 8.1 and PAN-OS 10.1 versions are not impacted. 2021-08-11 not yet
calculated CVE-2021-3048
CONFIRM(link is external) parsers -- parsers
Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers
to execute arbitrary code or cause a denial of service (memory corruption and
application crash) via specially crafted packets. 2021-08-12 not yet calculated
CVE-2021-37222
MISC(link is external)
MISC(link is external) pbootcms -- pbootcms
Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the
title parameter in the mod function in SingleController.php. 2021-08-12 not yet
calculated CVE-2020-18456
MISC(link is external) pear -- admin_think
Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that
allows attackers to execute arbitrary code remotely. A .php file can be uploaded
via admin.php/index/upload because app/common/service/UploadService.php
mishandles fileExt. 2021-08-12 not yet calculated CVE-2021-29377
MISC(link is external) phpfastcache -- phpfastcache
PhpFastCache is a high-performance backend cache system (packagist package
phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the
`phpinfo()` can be exposed if the `/vendor` is not protected from public access.
This is a rare situation today since the vendor directory is often located
outside the web directory or protected via server rule (.htaccess, etc). Only
the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older
versions such as v5, v4 are not longer supported and will **NOT** be patched. As
a workaround, protect the `/vendor` directory from public access. 2021-08-12 not
yet calculated CVE-2021-37704
CONFIRM(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) pluxml -- pluxml
PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
2021-08-12 not yet calculated CVE-2021-38602
MISC(link is external)
MISC(link is external) pluxml -- pluxml
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information
field. 2021-08-12 not yet calculated CVE-2021-38603
MISC(link is external)
MISC(link is external)
MISC(link is external) polipo -- polipo
** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is used,
allows a heap-based buffer overflow during parsing of a Range header. NOTE: This
vulnerability only affects products that are no longer supported by the
maintainer. 2021-08-12 not yet calculated CVE-2021-38614
MISC(link is external) postgresql -- postgresql
The set_user extension module before 2.0.1 for PostgreSQL allows a potential
privilege escalation using RESET SESSION AUTHORIZATION after set_user().
2021-08-10 not yet calculated CVE-2021-38140
CONFIRM(link is external)
MISC(link is external) qnap -- f_viocard
** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 have
hardcoded entries in authorized_keys files. NOTE: 1. All active models are not
affected. The last affected model was EOL since 2010. 2. The legacy
authorization mechanism is no longer adopted in all active models. 2021-08-09
not yet calculated CVE-2013-6276
MISC(link is external)
MISC(link is external) qt -- qt
Qt 5.0.0 through 6.1.2 has an out-of-bounds write in
QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and
QPaintEngineEx::stroke). 2021-08-12 not yet calculated CVE-2021-38593
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) quectel -- eg25-g_devices
Quectel EG25-G devices through 202006130814 allow executing arbitrary code
remotely by using an AT command to place shell metacharacters in
quectel_handle_fumo_cfg input in atfwd_daemon. 2021-08-12 not yet calculated
CVE-2021-31698
MISC(link is external) raspberry -- pi_3_b_and_4_b_devices
Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use
cases in which the device supplies power to audio-output equipment, allow remote
attackers to recover speech signals from an LED on the device, via a telescope
and an electro-optical sensor, aka a "Glowworm" attack. We assume that the
Raspberry Pi supplies power to some speakers. The power indicator LED of the
Raspberry Pi is connected directly to the power line, as a result, the intensity
of a device's power indicator LED is correlative to the power consumption. The
sound played by the speakers affects the Raspberry Pi's power consumption and as
a result is also correlative to the light intensity of the LED. By analyzing
measurements obtained from an electro-optical sensor directed at the power
indicator LED of the Raspberry Pi, we can recover the sound played by the
speakers. 2021-08-11 not yet calculated CVE-2021-38545
MISC(link is external) rengine -- rengine
reNgine through 0.5 relies on a predictable directory name. 2021-08-12 not yet
calculated CVE-2021-38606
MISC(link is external) risc-v -- instruction_set_manual
The RISC-V Instruction Set Manual contains a documented ambiguity for the
Machine Trap Vector Base Address (MTVEC) register that may lead to a
vulnerability due to the initial state of the register not being defined,
potentially leading to information disclosure, data tampering and denial of
service. 2021-08-13 not yet calculated CVE-2021-1104
CONFIRM(link is external) rocket -- chat_server
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2,
<3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a
NoSQL injection, potentially leading to RCE. 2021-08-09 not yet calculated
CVE-2021-22910
MISC(link is external) runprocess -- runprocess
This affects the package codeception/codeception from 4.0.0 and before 4.1.22,
before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary
commands on a system that is deserializing user input without validation.
2021-08-11 not yet calculated CVE-2021-23420
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) rust -- rust An issue was discovered in the libsecp256k1
crate before 0.5.0 for Rust. It can verify an invalid signature because it
allows the R or S parameter to be larger than the curve order, aka an overflow.
2021-08-08 not yet calculated CVE-2021-38195
MISC(link is external)
MISC(link is external) rust -- rust An issue was discovered in the model crate
through 2020-11-10 for Rust. The Shared data structure has an implementation of
the Send and Sync traits without regard for the inner type. 2021-08-08 not yet
calculated CVE-2020-36460
MISC(link is external)
MISC(link is external) rust -- rust An issue was discovered in the noise_search
crate through 2020-12-10 for Rust. There are unconditional implementations of
Send and Sync for MvccRwLock. 2021-08-08 not yet calculated CVE-2020-36461
MISC(link is external)
MISC(link is external) rust -- rust An issue was discovered in the array-tools
crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of
uninitialized memory. 2021-08-08 not yet calculated CVE-2020-36452
MISC(link is external)
MISC(link is external) rust -- rust An issue was discovered in the syncpool
crate before 0.1.6 for Rust. There is an unconditional implementation of Send
for Bucket2. 2021-08-08 not yet calculated CVE-2020-36462
MISC(link is external)
MISC(link is external) rust -- rust An issue was discovered in the parc crate
through 2020-11-14 for Rust. LockWeak<T> has an unconditional implementation of
Send without trait bounds on T. 2021-08-08 not yet calculated CVE-2020-36454
MISC(link is external)
MISC(link is external) rust -- rust An issue was discovered in the multiqueue
crate through 2020-12-25 for Rust. There are unconditional implementations of
Send for InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and
FutInnerRecv<RW, T>. 2021-08-08 not yet calculated CVE-2020-36463
MISC(link is external)
MISC(link is external) rust -- rust An issue was discovered in the lever crate
before 0.1.1 for Rust. AtomicBox<T> implements the Send and Sync traits for all
types T. 2021-08-08 not yet calculated CVE-2020-36457
MISC(link is external)
MISC(link is external) rust -- rust An issue was discovered in the chunky crate
through 2020-08-25 for Rust. The Chunk API does not honor an alignment
requirement. 2021-08-08 not yet calculated CVE-2020-36433
MISC(link is external)
MISC(link is external) rust -- rust An issue was discovered in the conqueue
crate before 0.4.0 for Rust. There are unconditional implementations of Send and
Sync for QueueSender<T>. 2021-08-08 not yet calculated CVE-2020-36437
MISC(link is external)
MISC(link is external) rust -- rust An issue was discovered in the
libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed
to AsyncRead::poll_read(), which is a user-provided trait function. 2021-08-08
not yet calculated CVE-2020-36443
MISC(link is external)
MISC(link is external) rust -- rust An issue was discovered in the libsbc crate
before 0.1.5 for Rust. For Decoder<R>, it implements Send for any R: Read.
2021-08-08 not yet calculated CVE-2020-36440
MISC(link is external)
MISC(link is external) rust -- rust An issue was discovered in the appendix
crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send
and Sync are implemented unconditionally. 2021-08-08 not yet calculated
CVE-2020-36469
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the abox crate before 0.4.1 for Rust. It implements
Send and Sync for AtomicBox<T> with no requirement for T: Send and T: Sync.
2021-08-08 not yet calculated CVE-2020-36441
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the lexer crate through 2020-11-10 for Rust. For
ReaderResult<T, E>, there is an implementation of Sync with a trait bound of T:
Send, E: Send. 2021-08-08 not yet calculated CVE-2020-36458
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the async-coap crate through 2020-12-08 for Rust.
Send and Sync are implemented for ArcGuard<RC, T> without trait bounds on RC.
2021-08-08 not yet calculated CVE-2020-36444
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In
CopyCell<T>, the Send trait lacks bounds on the contained type. 2021-08-08 not
yet calculated CVE-2020-36456
MISC(link is external)
MISC(link is external) rust -- rust
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider
extraneous zero characters at the beginning of an IP address string, which (in
some situations) allows attackers to bypass access control that is based on IP
addresses, because of unexpected octal interpretation. 2021-08-07 not yet
calculated CVE-2021-29922
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the unicycle crate before 0.7.1 for Rust.
PinSlab<T> and Unordered<T, S> do not have bounds on their Send and Sync traits.
2021-08-08 not yet calculated CVE-2020-36436
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the tiny_future crate before 0.4.0 for Rust.
Future<T> does not have bounds on its Send and Sync traits. 2021-08-08 not yet
calculated CVE-2020-36438
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the cache crate through 2020-11-24 for Rust. There
are unconditional implementations of Send and Sync for Cache<K>. 2021-08-08 not
yet calculated CVE-2020-36448
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the beef crate before 0.5.0 for Rust. beef::Cow has
no Sync bound on its Send trait. 2021-08-08 not yet calculated CVE-2020-36442
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the ticketed_lock crate before 0.3.0 for Rust.
There are unconditional implementations of Send for ReadTicket<T> and
WriteTicket<T>. 2021-08-08 not yet calculated CVE-2020-36439
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the kekbit crate before 0.3.4 for Rust. For
ShmWriter<H>, Send is implemented without requiring H: Send. 2021-08-08 not yet
calculated CVE-2020-36449
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the bunch crate through 2020-11-12 for Rust. There
are unconditional implementations of Send and Sync for Bunch<T>. 2021-08-08 not
yet calculated CVE-2020-36450
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the rcu_cell crate through 2020-11-14 for Rust.
There are unconditional implementations of Send and Sync for RcuCell<T>.
2021-08-08 not yet calculated CVE-2020-36451
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the scottqueue crate through 2020-11-15 for Rust.
There are unconditional implementations of Send and Sync for Queue<T>.
2021-08-08 not yet calculated CVE-2020-36453
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the slock crate through 2020-11-17 for Rust.
Slock<T> unconditionally implements Send and Sync. 2021-08-08 not yet calculated
CVE-2020-36455
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the dces crate through 2020-12-09 for Rust. The
World type is marked as Send but lacks bounds on its EntityStore and
ComponentStore. 2021-08-08 not yet calculated CVE-2020-36459
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the v9 crate through 2020-12-18 for Rust. There is
an unconditional implementation of Sync for SyncRef<T>. 2021-08-08 not yet
calculated CVE-2020-36447
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the max7301 crate before 0.2.0 for Rust. The
ImmediateIO and TransactionalIO types implement Sync for all Expander<EI> types
that they contain. 2021-08-08 not yet calculated CVE-2020-36472
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a
JoinHandle::abort, a Task may be dropped in the wrong thread. 2021-08-08 not yet
calculated CVE-2021-38191
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust.
HTTP/1 request smuggling (aka HRS) can occur, potentially leading to credential
disclosure. 2021-08-10 not yet calculated CVE-2021-38512
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the heapless crate before 0.6.1 for Rust. The
IntoIter Clone implementation clones an entire underlying Vec without
considering whether it has already been partially consumed. 2021-08-08 not yet
calculated CVE-2020-36464
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the generic-array crate before 0.13.3 for Rust. It
violates soundness by using the arr! macro to extend lifetimes. 2021-08-08 not
yet calculated CVE-2020-36465
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr
implements Send and Sync for all types. 2021-08-08 not yet calculated
CVE-2020-36466
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get
returns more than one mutable reference to the same object. 2021-08-08 not yet
calculated CVE-2020-36467
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the cgc crate through 2020-12-10 for Rust.
Ptr::write performs non-atomic write operations on an underlying pointer.
2021-08-08 not yet calculated CVE-2020-36468
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the prost-types crate before 0.8.0 for Rust. An
overflow can occur during conversion from Timestamp to SystemTime. 2021-08-08
not yet calculated CVE-2021-38192
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the generator crate before 0.7.0 for Rust. It does
not ensure that a function (for yielding values) has Send bounds. 2021-08-08 not
yet calculated CVE-2020-36471
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It
allows out-of-bounds memory access because it does not ensure that the number of
elements is equal to the product of the row count and column count. 2021-08-08
not yet calculated CVE-2021-38190
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks
are present in a TAR archive, extraction can create arbitrary directories via ..
traversal. 2021-08-10 not yet calculated CVE-2021-38511
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the disrustor crate through 2020-12-17 for Rust.
RingBuffer doe not properly limit the number of mutable references. 2021-08-08
not yet calculated CVE-2020-36470
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the anymap crate through 0.12.1 for Rust. It
violates soundness via conversion of a *u8 to a *u64. 2021-08-08 not yet
calculated CVE-2021-38187
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the better-macro crate through 2021-07-22 for Rust.
It intentionally demonstrates that remote attackers can execute arbitrary code
via proc-macros, and otherwise has no legitimate purpose. 2021-08-08 not yet
calculated CVE-2021-38196
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In
Decoder::new(), slice.get_unchecked(slice.length()) is used unsafely. 2021-08-08
not yet calculated CVE-2021-38188
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It
does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a
prover can produce a proof that is unsound but is nonetheless verified.
2021-08-08 not yet calculated CVE-2021-38194
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can
occur because the parsing differences for HTML, SVG, and MathML are mishandled,
a similar issue to CVE-2020-26870. 2021-08-08 not yet calculated CVE-2021-38193
MISC(link is external)
MISC(link is external) rust -- rust
An issue was discovered in the lettre crate before 0.9.6 for Rust. In an
e-mail message body, an attacker can place a . character after two <CR><LF>
sequences and then inject arbitrary SMTP commands. 2021-08-08 not yet calculated
CVE-2021-38189
MISC(link is external)
MISC(link is external) sap -- businessobjects_edge
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the
SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM
privileges via vectors involving CORBA calls, aka SAP Note 2039905. 2021-08-09
not yet calculated CVE-2014-9320
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) sap -- mobile_platform
SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the
keystream and other sensitive information via the DataVault, aka SAP Security
Note 2094830. 2021-08-09 not yet calculated CVE-2015-7731
MISC(link is external)
MISC(link is external) sap -- netweaver_knowledge_management
SAP NetWeaver Knowledge Management allows remote attackers to redirect users
to arbitrary websites and conduct phishing attacks via a URL stored in a
component. This could enable the attacker to compromise the user's
confidentiality and integrity. 2021-08-10 not yet calculated CVE-2021-33707
MISC(link is external)
MISC(link is external) sapphireims -- sapphireims
In SapphireIMS 5.0, there is no CSRF token present in the entire application.
This can lead to CSRF vulnerabilities in critical application forms like account
resent. 2021-08-11 not yet calculated CVE-2020-25562
MISC(link is external)
MISC(link is external) sapphireims -- sapphireims
In SapphireIMS 5.0, it is possible to take over an account by sending a
request to the Save_Password form as shown in POC. Notice that we do not require
a JSESSIONID in this request and can reset any user’s password by changing the
username to that user and password to base64(desired password). 2021-08-11 not
yet calculated CVE-2020-25566
MISC(link is external)
MISC(link is external) sapphireims -- sapphireims
In SapphireIMS 5.0, it is possible to create local administrator on any client
with credentials of a non-privileged user by directly accessing
RemoteMgmtTaskSave (Automation Tasks) feature. 2021-08-11 not yet calculated
CVE-2020-25564
MISC(link is external)
MISC(link is external) sapphireims -- sapphireims
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients
(username: sapphire, password: ims) and gain access to the portal. Once the
access is available, the attacker can inject malicious OS commands on “ping”,
“traceroute” and “snmp” functions and execute code on the server. 2021-08-11 not
yet calculated CVE-2020-25565
MISC(link is external)
MISC(link is external) sapphireims -- sapphireims
In SapphireIMS 4097_1, the password in the database is stored in Base64
format. 2021-08-11 not yet calculated CVE-2017-16632
MISC(link is external)
MISC(link is external) sapphireims -- sapphireims
SapphireIMS 5 utilized default sapphire:ims credentials to connect the client
to server. This credential is saved in ServerConf.config file in the client.
2021-08-11 not yet calculated CVE-2020-25561
MISC(link is external)
MISC(link is external) sapphireims -- sapphireims
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients
(username: sapphire, password: ims) and gain access to the portal. Once the
access is available, the attacker can inject malicious OS commands on “ping”,
“traceroute” and “snmp” functions and execute code on the server. We also
observed the same is true if the JSESSIONID is completely removed. 2021-08-11
not yet calculated CVE-2020-25560
MISC(link is external)
MISC(link is external) sapphireims -- sapphireims
In SapphireIMS 4097_1, a guest user is able to change the password of an
administrative user by utilizing an Insecure Direct Object Reference (IDOR) in
the "Account Password Reset" functionality. 2021-08-11 not yet calculated
CVE-2017-16631
MISC(link is external)
MISC(link is external) sapphireims -- sapphireims
In SapphireIMS 4097_1, a guest user can create a local administrator account
on any system that has SapphireIMS installed, because of an Insecure Direct
Object Reference (IDOR) in the local user creation function. 2021-08-11 not yet
calculated CVE-2017-16630
MISC(link is external)
MISC(link is external) sapphireims -- sapphireims
In SapphireIMS 5.0, it is possible to create local administrator on any client
without requiring any credentials by directly accessing RemoteMgmtTaskSave
(Automation Tasks) feature and not having a JSESSIONID. 2021-08-11 not yet
calculated CVE-2020-25563
MISC(link is external)
MISC(link is external) sas -- admin_portal
The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an
unauthenticated attacker to access (view and modify) user data by injecting
arbitrary directory paths due to improper URL validation, aka Directory
Traversal. 2021-08-13 not yet calculated CVE-2021-27402
MISC(link is external)
CONFIRM(link is external) scada -- scada
The affected product is vulnerable to a stack-based buffer overflow, which may
allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA
(WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to
9.0.1). 2021-08-10 not yet calculated CVE-2021-32943
MISC servicecomb -- servicecenter_directory
Improper configuration will cause ServiceComb ServiceCenter Directory
Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0. 2021-08-10
not yet calculated CVE-2021-21501
MISC(link is external)
MLIST(link is external) severless -- offline
Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a
trailing / character, which might cause a developer to implement incorrect
access control, because the actual behavior within the Amazon AWS environment is
a 200 HTTP status code (i.e., possibly greater than expected permissions).
2021-08-10 not yet calculated CVE-2021-38384
MISC(link is external) siemens -- automation_ license_manager
A vulnerability has been identified in Automation License Manager 5 (All
versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2).
Sending specially crafted packets to port 4410/tcp of an affected system could
lead to extensive memory being consumed and as such could cause a
denial-of-service preventing legitimate users from using the system. 2021-08-10
not yet calculated CVE-2021-25659
MISC(link is external) simatic -- multiple_devices
A vulnerability has been identified in SIMATIC Drive Controller family (All
versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl.
SIPLUS variants) (All versions), SIMATIC S7 PLCSIM Advanced (All versions > V2 <
V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC
S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions
> V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5), TIM
1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect
authorization check in the affected component, an attacker could extract
information about access protected PLC program variables over port 102/tcp from
an affected device when reading multiple attributes at once. 2021-08-10 not yet
calculated CVE-2020-28397
MISC(link is external) simatic -- s7-1200
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl.
SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against
configured passwords when provisioned using TIA Portal V13. This could allow an
attacker using TIA Portal V17 or later versions to bypass authentication and
download arbitrary programs to the PLC. The vulnerability does not occur when
TIA Portal V13 SP1 or any later version was used to provision the device.
2021-08-10 not yet calculated CVE-2021-37172
MISC(link is external) sinec -- nms
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2).
The affected application incorrectly neutralizes special elements when creating
batch operations which could lead to command injection. An authenticated remote
attacker with administrative privileges could exploit this vulnerability to
execute arbitrary code on the system with system privileges. 2021-08-10 not yet
calculated CVE-2021-33721
MISC(link is external) sitecore -- sitecore
Sitecore through 10.1, when Update Center is enabled, allows remote
authenticated users to upload arbitrary files and achieve remote code execution
by visiting an uploaded .aspx file at an admin/Packages URL. 2021-08-12 not yet
calculated CVE-2021-38366
MISC(link is external) solid_edge -- se2021
A vulnerability has been identified in Solid Edge SE2021 (All Versions <
SE2021MP7). The PSKERNEL.dll library in affected application lacks proper
validation while parsing user-supplied OBJ files that could lead to a
use-after-free condition. An attacker could leverage this vulnerability to
execute code in the context of the current process. (ZDI-CAN-13777) 2021-08-10
not yet calculated CVE-2021-37179
MISC(link is external) solid_edge -- se2021
A vulnerability has been identified in Solid Edge SE2021 (All Versions <
SE2021MP7). An XML external entity injection vulnerability in the underlying XML
parser could cause the affected application to disclose arbitrary files to
remote attackers by loading a specially crafted xml file. 2021-08-10 not yet
calculated CVE-2021-37178
MISC(link is external) solid_edge -- se2021
A vulnerability has been identified in Solid Edge SE2021 (All Versions <
SE2021MP7). The PSKERNEL.dll library lacks proper validation while parsing
user-supplied OBJ files that could cause an out of bounds access to an
uninitialized pointer. An attacker could leverage this vulnerability to execute
code in the context of the current process. (ZDI-CAN-13775) 2021-08-10 not yet
calculated CVE-2021-37180
MISC(link is external) sonatype -- nexus_repository_manager
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before
3.33.0. An authenticated attacker with the ability to add HTML files to a
repository could redirect users to Nexus Repository Manager’s pages with code
modifications. 2021-08-10 not yet calculated CVE-2021-37152
MISC(link is external)
MISC(link is external) sonicwall -- analytics
SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol
(JDWP) interface security misconfiguration vulnerability which potentially leads
to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518
and earlier. 2021-08-10 not yet calculated CVE-2021-20032
CONFIRM(link is external) sony -- srs-xb33_and_srs-xb43_devices
Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers
to recover speech signals from an LED on the device, via a telescope and an
electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the
speakers is connected directly to the power line, as a result, the intensity of
a device's power indicator LED is correlative to the power consumption. The
sound played by the speakers affects their power consumption and as a result is
also correlative to the light intensity of the LEDs. By analyzing measurements
obtained from an electro-optical sensor directed at the power indicator LEDs of
the speakers, we can recover the sound played by them. 2021-08-11 not yet
calculated CVE-2021-38544
MISC(link is external) sunhillo -- sureline
Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection
via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi. 2021-08-13
not yet calculated CVE-2021-36380
MISC(link is external)
MISC(link is external) tensorflow -- tensorflow TensorFlow is an end-to-end open
source platform for machine learning. In affected versions providing a negative
element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes
the runtime to abort the process due to reallocating a `std::vector` to have a
negative number of elements. The
[implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/list_kernels.cc#L312)
calls `std::vector.resize()` with the new size controlled by input given by the
user, without checking that this input is valid. We have patched the issue in
GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2. The fix will be included
in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range. 2021-08-12 not yet calculated CVE-2021-37644
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow TensorFlow is an end-to-end open
source platform for machine learning. In affected versions an attacker can read
from outside of bounds of heap allocated data by sending specially crafted
illegal arguments to `tf.raw_ops.UpperBound`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104)
does not validate the rank of `sorted_input` argument. A similar issue occurs in
`tf.raw_ops.LowerBound`. We have patched the issue in GitHub commit
42459e4273c2e47a3232cc16c4f4fff3b3a35c38. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37670
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow TensorFlow is an end-to-end
open source platform for machine learning. The code for
`tf.raw_ops.UncompressElement` can be made to trigger a null pointer
dereference. The
[implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/compression_ops.cc#L50-L53)
obtains a pointer to a `CompressedElement` from a `Variant` tensor and then
proceeds to dereference it for decompressing. There is no check that the
`Variant` tensor contained a `CompressedElement`, so the pointer is actually
`nullptr`. We have patched the issue in GitHub commit
7bdf50bb4f5c54a4997c379092888546c97c3ebd. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37649
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow TensorFlow is an end-to-end
open source platform for machine learning. In affected versions the
implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into
accessing data outside of bounds of heap allocated buffers. The
[implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/fractional_avg_pool_op.cc#L205)
does not validate that the input tensor is non-empty. Thus, code constructs an
empty `EigenDoubleMatrixMap` and then accesses this buffer with indices that are
outside of the empty area. We have patched the issue in GitHub commit
0f931751fb20f565c4e94aa6df58d54a003cdb30. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37651
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow TensorFlow is an end-to-end open
source platform for machine learning. In affected versions the shape inference
code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial
of service via a segfault if an attacker provides invalid arguments. The shape
inference
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L2999-L3014)
uses `axis` to select between two different values for `minmax_rank` which is
then used to retrieve tensor dimensions. However, code assumes that `axis` can
be either `-1` or a value greater than `-1`, with no validation for the other
values. We have patched the issue in GitHub commit
da857cfa0fde8f79ad0afdbc94e88b5d4bbec764. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37677
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow TensorFlow is an end-to-end open
source platform for machine learning. When a user does not supply arguments that
determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset`
implementation can be made to dereference a null pointer. The
[implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L240-L251)
has some argument validation but fails to consider the case when either
`indices` or `values` are provided for an empty sparse tensor when the other is
not. If `indices` is empty, then [code that performs
validation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L260-L261)
(i.e., checking that the indices are monotonically increasing) results in a null
pointer dereference. If `indices` as provided by the user is empty, then
`indices` in the C++ code above is backed by an empty `std::vector`, hence
calling `indices->dim_size(0)` results in null pointer dereferencing (same as
calling `std::vector::at()` on an empty vector). We have patched the issue in
GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7. The fix will be included
in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range. 2021-08-12 not yet calculated CVE-2021-37647
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow TensorFlow is an end-to-end open
source platform for machine learning. In affected versions due to incomplete
validation in MKL implementation of requantization, an attacker can trigger
undefined behavior via binding a reference to a null pointer or can access data
outside the bounds of heap allocated arrays. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc)
does not validate the dimensions of the `input` tensor. A similar issue occurs
in `MklRequantizePerChannelOp`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc)
does not perform full validation for all the input arguments. We have patched
the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the
Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9. The fix will be included
in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range. 2021-08-12 not yet calculated CVE-2021-37665
MISC(link is external)
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow TensorFlow is an end-to-end open
source platform for machine learning. In affected versions an attacker can cause
undefined behavior via binding a reference to null pointer in
`tf.raw_ops.RaggedTensorToVariant`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_to_variant_op.cc#L129)
has an incomplete validation of the splits values, missing the case when the
argument would be empty. We have patched the issue in GitHub commit
be7a4de6adfbd303ce08be4332554dff70362612. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37666
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow TensorFlow is an end-to-end
open source platform for machine learning. In affected versions the strided
slice implementation in TFLite has a logic bug which can allow an attacker to
trigger an infinite loop. This arises from newly introduced support for
[ellipsis in axis
definition](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/strided_slice.cc#L103-L122).
An attacker can craft a model such that `ellipsis_end_idx` is smaller than `i`
(e.g., always negative). In this case, the inner loop does not increase `i` and
the `continue` statement causes execution to skip over the preincrement at the
end of the outer loop. We have patched the issue in GitHub commit
dfa22b348b70bb89d6d6ec0ff53973bacb4f4695. TensorFlow 2.6.0 is the only affected
version. 2021-08-12 not yet calculated CVE-2021-37686
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow TensorFlow is an end-to-end open
source platform for machine learning. In affected versions TFLite's [`GatherNd`
implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124)
does not support negative indices but there are no checks for this situation.
Hence, an attacker can read arbitrary data from the heap by carefully crafting a
model with negative values in `indices`. Similar issue exists in [`Gather`
implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather.cc).
We have patched the issue in GitHub commits
bb6a0383ed553c286f87ca88c207f6774d5c4a8f and
eb921122119a6b6e470ee98b89e65d721663179d. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37687
MISC(link is external)
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow TensorFlow is an end-to-end
open source platform for machine learning. In affected versions the
implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an
integer overflow issue caused by converting a signed integer value to an
unsigned one and then allocating memory based on this value. The
[implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L126)
uses the `axis` value as the size argument to `absl::InlinedVector` constructor.
But, the constructor uses an unsigned type for the argument, so the implicit
conversion transforms the negative value to a large integer. We have patched the
issue in GitHub commit 96f364a1ca3009f98980021c4b32be5fdcca33a1. The fix will be
included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow
2.5.1, and TensorFlow 2.4.3, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37645
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow TensorFlow is an end-to-end open
source platform for machine learning. In affected versions an attacker can cause
undefined behavior via binding a reference to null pointer in
`tf.raw_ops.UnicodeEncode`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unicode_ops.cc#L533-L539)
reads the first dimension of the `input_splits` tensor before validating that
this tensor is not empty. We have patched the issue in GitHub commit
2e0ee46f1a47675152d3d865797a18358881d7a6. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37667
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. If a
user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`,
then the code triggers a null pointer dereference (if input is empty) or
produces invalid behavior, ignoring all values after the first. The
[implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L89)
reads the first value from a tensor buffer without first checking that the
tensor has values to read from. We have patched the issue in GitHub commit
482da92095c4d48f8784b1f00dda4f81c28d2988. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37643
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. Sending
invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor`
API results in a null pointer dereference and undefined behavior. The
[implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L328)
accesses the first element of a user supplied list of values without validating
that the provided list is not empty. We have patched the issue in GitHub commit
301ae88b331d37a2a16159b65b255f4f9eb39314. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37638
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions under certain conditions, Go code can trigger a segfault in
string deallocation. For string tensors, `C.TF_TString_Dealloc` is called during
garbage collection within a finalizer function. However, tensor structure isn't
checked until encoding to avoid a performance penalty. The current method for
dealloc assumes that encoding succeeded, but segfaults when a string tensor is
garbage collected whose encoding failed (e.g., due to mismatched dimensions). To
fix this, the call to set the finalizer function is deferred until `NewTensor`
returns and, if encoding failed for a string tensor, deallocs are determined
based on bytes written. We have patched the issue in GitHub commit
8721ba96e5760c229217b594f6d2ba332beedf22. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, which is the
other affected version. 2021-08-12 not yet calculated CVE-2021-37692
MISC(link is external)
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can craft a TFLite model that would trigger a
division by zero error in LSH
[implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/lsh_projection.cc#L118).
We have patched the issue in GitHub commit
0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be included in TensorFlow
2.6.0. We will also cherrypick thiscommit on TensorFlow 2.5.1, TensorFlow 2.4.3,
and TensorFlow 2.3.4, as these are also affected and still in supported range.
2021-08-12 not yet calculated CVE-2021-37691
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions the implementation of sparse reduction operations in
TensorFlow can trigger accesses outside of bounds of heap allocated data. The
[implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_reduce_op.cc#L217-L228)
fails to validate that each reduction group does not overflow and that each
corresponding index does not point to outside the bounds of the input tensor. We
have patched the issue in GitHub commit
87158f43f05f2720a374f3e6d22a7aaa3a33f750. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37635
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is
vulnerable to a division by 0 error. The
[implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc#L56)
uses a common class for all binary operations but fails to treat the division by
0 case separately. We have patched the issue in GitHub commit
d9204be9f49520cdaaeb2541d1dc5187b23f31d9. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37636
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions when running shape functions, some functions (such as
`MutableHashTableShape`) produce extra output information in the form of a
`ShapeAndType` struct. The shapes embedded in this struct are owned by an
inference context that is cleaned up almost immediately; if the upstream code
attempts to access this shape information, it can trigger a segfault.
`ShapeRefiner` is mitigating this for normal output shapes by cloning them (and
thus putting the newly created shape under ownership of an inference context
that will not die), but we were not doing the same for shapes and types. This
commit fixes that by doing similar logic on output shapes and types. We have
patched the issue in GitHub commit ee119d4a498979525046fba1c3dd3f13a039fbb1. The
fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on
TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. 2021-08-13 not yet calculated
CVE-2021-37690
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can craft a TFLite model that would trigger a null
pointer dereference, which would result in a crash and denial of service. This
is caused by the MLIR optimization of `L2NormalizeReduceAxis` operator. The
[implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/compiler/mlir/lite/transforms/optimize.cc#L67-L70)
unconditionally dereferences a pointer to an iterator to a vector without
checking that the vector has elements. We have patched the issue in GitHub
commit d6b57f461b39fd1aa8c1b870f1b974aac3554955. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range. 2021-08-12 not yet calculated CVE-2021-37689
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can cause undefined behavior via binding a
reference to null pointer in `tf.raw_ops.SparseFillEmptyRows`. The shape
inference
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/sparse_ops.cc#L608-L634)
does not validate that the input arguments are not empty tensors. We have
patched the issue in GitHub commit 578e634b4f1c1c684d4b4294f9e5281b2133b3ed. The
fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on
TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. 2021-08-12 not yet calculated
CVE-2021-37676
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can craft a TFLite model that would trigger a null
pointer dereference, which would result in a crash and denial of service. The
[implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/internal/optimized/optimized_ops.h#L268-L285)
unconditionally dereferences a pointer. We have patched the issue in GitHub
commit 15691e456c7dc9bd6be203b09765b063bf4a380c. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range. 2021-08-12 not yet calculated CVE-2021-37688
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions TensorFlow and Keras can be tricked to perform arbitrary code
execution when deserializing a Keras model from YAML format. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/python/keras/saving/model_config.py#L66-L104)
uses `yaml.unsafe_load` which can perform arbitrary code execution on the input.
Given that YAML format support requires a significant amount of work, we have
removed it for now. We have patched the issue in GitHub commit
23d6383eb6c14084a8fc3bdf164043b974818012. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37678
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions the implementations of pooling in TFLite are vulnerable to
division by 0 errors as there are no checks for divisors not being 0. We have
patched the issue in GitHub commit
[dfa22b348b70bb89d6d6ec0ff53973bacb4f4695](https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695).
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this
commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are
also affected and still in supported range. 2021-08-12 not yet calculated
CVE-2021-37684
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions the implementation of `tf.raw_ops.SparseReshape` can be made
to trigger an integral division by 0 exception. The
[implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L176-L181)
calls the reshaping functor whenever there is at least an index in the input but
does not check that shape of the input or the target shape have both a non-zero
number of elements. The [reshape
functor](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78)
blindly divides by the dimensions of the target shape. Hence, if this is not
checked, code will result in a division by 0. We have patched the issue in
GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41. The fix will be included
in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1 as
this is the other affected version. 2021-08-12 not yet calculated CVE-2021-37640
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine
a valid ragged tensor code can trigger a read from outside of bounds of heap
allocated buffers. The
[implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/ragged_gather_op.cc#L70)
directly reads the first dimension of a tensor shape before checking that said
tensor has rank of at least 1 (i.e., it is not a scalar). Furthermore, the
implementation does not check that the list given by `params_nested_splits` is
not an empty list of tensors. We have patched the issue in GitHub commit
a2b743f6017d7b97af1fe49087ae15f0ac634373. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37641
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions the implementation of division in TFLite is [vulnerable to a
division by 0
error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/div.cc).
There is no check that the divisor tensor does not contain zero elements. We
have patched the issue in GitHub commit
1e206baedf8bef0334cca3eb92bab134ef525a28. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37683
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions the code for `tf.raw_ops.SaveV2` does not properly validate
the inputs and an attacker can trigger a null pointer dereference. The
[implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/save_restore_v2_ops.cc)
uses `ValidateInputs` to check that the input arguments are valid. This
validation would have caught the illegal state represented by the reproducer
above. However, the validation uses `OP_REQUIRES` which translates to setting
the `Status` object of the current `OpKernelContext` to an error status,
followed by an empty `return` statement which just terminates the execution of
the function it is present in. However, this does not mean that the kernel
execution is finalized: instead, execution continues from the next line in
`Compute` that follows the call to `ValidateInputs`. This is equivalent to
lacking the validation. We have patched the issue in GitHub commit
9728c60e136912a12d99ca56e106b7cce7af5986. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37648
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. When
restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow
can be tricked into dereferencing a null pointer. Alternatively, attackers can
read memory outside the bounds of heap allocated data by providing some tensor
names but not enough for a successful restoration. The
[implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc#L158-L159)
retrieves the tensor list corresponding to the `tensor_name` user controlled
input and immediately retrieves the tensor at the restoration index (controlled
via `preferred_shard` argument). This occurs without validating that the
provided list has enough values. If the list is empty this results in
dereferencing a null pointer (undefined behavior). If, however, the list has
some elements, if the restoration index is outside the bounds this results in
heap OOB read. We have patched the issue in GitHub commit
9e82dce6e6bd1f36a57e08fa85af213e2b2f2622. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37639
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions it is possible to nest a `tf.map_fn` within another
`tf.map_fn` call. However, if the input tensor is a `RaggedTensor` and there is
no function signature provided, code assumes the output is a fully specified
tensor and fills output buffer with uninitialized contents from the heap. The
`t` and `z` outputs should be identical, however this is not the case. The last
row of `t` contains data from the heap which can be used to leak other memory
information. The bug lies in the conversion from a `Variant` tensor to a
`RaggedTensor`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_from_variant_op.cc#L177-L190)
does not check that all inner shapes match and this results in the additional
dimensions. The same implementation can result in data loss, if input tensor is
tweaked. We have patched the issue in GitHub commit
4e2565483d0ffcadc719bd44893fb7f609bb5f12. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37679
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions the implementation of fully connected layers in TFLite is
[vulnerable to a division by zero
error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/fully_connected.cc#L226).
We have patched the issue in GitHub commit
718721986aa137691ee23f03638867151f74935f. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37680
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions the implementation of SVDF in TFLite is [vulnerable to a null
pointer
error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/svdf.cc#L300-L313).
The [`GetVariableInput`
function](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/kernel_util.cc#L115-L119)
can return a null pointer but `GetTensorData` assumes that the argument is
always a valid tensor. Furthermore, because `GetVariableInput` calls
[`GetMutableInput`](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/kernel_util.cc#L82-L90)
which might return `nullptr`, the `tensor->is_variable` expression can also
trigger a null pointer exception. We have patched the issue in GitHub commit
5b048e87e4e55990dae6b547add4dae59f4e1c76. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37681
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions all TFLite operations that use quantization can be made to use
unitialized values. [For
example](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.cc#L198-L200).
The issue stems from the fact that `quantization.params` is only valid if
`quantization.type` is different that `kTfLiteNoQuantization`. However, these
checks are missing in large parts of the code. We have patched the issue in
GitHub commits 537bc7c723439b9194a358f64d871dd326c18887,
4a91f2069f7145aab6ba2d8cfe41be8a110c18a5 and
8933b8a21280696ab119b63263babdb54c298538. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37682
MISC(link is external)
MISC(link is external)
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions TFLite's
[`expand_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50)
contains a vulnerability which allows reading one element outside of bounds of
heap allocated data. If `axis` is a large negative value (e.g., `-100000`), then
after the first `if` it would still be negative. The check following the `if`
statement will pass and the `for` loop would read one element before the start
of `input_dims.data` (when `i = 0`). We have patched the issue in GitHub commit
d94ffe08a65400f898241c0374e9edc6fa8ed257. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37685
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. It is
possible to trigger a null pointer dereference in TensorFlow by passing an
invalid input to `tf.raw_ops.CompressElement`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/data/compression_utils.cc#L34)
was accessing the size of a buffer obtained from the return of a separate
function call before validating that said buffer is valid. We have patched the
issue in GitHub commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5. The fix will be
included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow
2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and
still in supported range. 2021-08-12 not yet calculated CVE-2021-37637
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is
vulnerable to a division by 0 error. The
[implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/resource_variable_ops.cc#L865)
uses a common class for all binary operations but fails to treat the division by
0 case separately. We have patched the issue in GitHub commit
4aacb30888638da75023e6601149415b39763d76. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37642
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can generate undefined behavior via a reference
binding to nullptr in `BoostedTreesCalculateBestGainsPerFeature` and similar
attack can occur in `BoostedTreesCalculateBestFeatureSplitV2`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc)
does not validate the input values. We have patched the issue in GitHub commit
9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad and in commit
429f009d2b2c09028647dd4bb7b3f6f414bbaad7. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37662
MISC(link is external)
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can cause a denial of service in
`boosted_trees_create_quantile_stream_resource` by using negative arguments. The
[implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantile_ops.cc#L96)
does not validate that `num_streams` only contains non-negative numbers. In
turn, [this results in using this value to allocate
memory](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantiles/quantile_stream_resource.h#L31-L40).
However, `reserve` receives an unsigned integer so there is an implicit
conversion from a negative value to a large positive unsigned. This results in a
crash from the standard library. We have patched the issue in GitHub commit
8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37661
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can cause denial of service in applications
serving models using `tf.raw_ops.UnravelIndex` by triggering a division by 0.
The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36)
does not check that the tensor subsumed by `dims` is not empty. Hence, if one
element of `dims` is 0, the implementation does a division by 0. We have patched
the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233. The fix
will be included in TensorFlow 2.6.0. We will also cherrypick this commit on
TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. 2021-08-12 not yet calculated
CVE-2021-37668
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can cause denial of service in applications
serving models using `tf.raw_ops.NonMaxSuppressionV5` by triggering a division
by 0. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/image/non_max_suppression_op.cc#L170-L271)
uses a user controlled argument to resize a `std::vector`. However, as
`std::vector::resize` takes the size argument as a `size_t` and `output_size` is
an `int`, there is an implicit conversion to unsigned. If the attacker supplies
a negative value, this conversion results in a crash. A similar issue occurs in
`CombinedNonMaxSuppression`. We have patched the issue in GitHub commit
3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d and commit
[b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range. 2021-08-12 not yet calculated CVE-2021-37669
CONFIRM(link is external)
MISC(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can cause undefined behavior via binding a
reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*`
operations. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L222-L248)
has a check in place to ensure that `indices` is in ascending order, but does
not check that `indices` is not empty. We have patched the issue in GitHub
commit 532f5c5a547126c634fefd43bbad1dc6417678ac. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range. 2021-08-12 not yet calculated CVE-2021-37671
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can read from outside of bounds of heap allocated
data by sending specially crafted illegal arguments to
`tf.raw_ops.SdcaOptimizerV2`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/sdca_internal.cc#L320-L353)
does not check that the length of `example_labels` is the same as the number of
examples. We have patched the issue in GitHub commit
a4e138660270e7599793fa438cd7b2fc2ce215a6. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37672
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions most implementations of convolution operators in TensorFlow
are affected by a division by 0 vulnerability where an attacker can trigger a
denial of service via a crash. The shape inference
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/framework/common_shape_fns.cc#L577)
is missing several validations before doing divisions and modulo operations. We
have patched the issue in GitHub commit
8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37675
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can trigger a denial of service via a `CHECK`-fail
in `tf.raw_ops.MapStage`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L513)
does not check that the `key` input is a valid non-empty tensor. We have patched
the issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d. The fix
will be included in TensorFlow 2.6.0. We will also cherrypick this commit on
TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. 2021-08-12 not yet calculated
CVE-2021-37673
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an
attacker can trigger undefined behavior via binding a reference to a null
pointer or can access data outside the bounds of heap allocated arrays. The
[implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59)
has some validation but does not check that `min_range` and `max_range` both
have the same non-zero number of elements. If `axis` is provided (i.e., not
`-1`), then validation should check that it is a value in range for the rank of
`input` tensor and then the lengths of `min_range` and `max_range` inputs match
the `axis` dimension of the `input` tensor. We have patched the issue in GitHub
commit 6da6620efad397c85493b8f8667b821403516708. The fix will be included in
TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range. 2021-08-12 not yet calculated CVE-2021-37663
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can read from outside of bounds of heap allocated
data by sending specially crafted illegal arguments to
`BoostedTreesSparseCalculateBestFeatureSplit`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc)
needs to validate that each value in `stats_summary_indices` is in range. We
have patched the issue in GitHub commit
e84c975313e8e8e38bb2ea118196369c45c51378. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37664
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can trigger a denial of service via a segmentation
fault in `tf.raw_ops.MaxPoolGrad` caused by missing validation. The
[implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc)
misses some validation for the `orig_input` and `orig_output` tensors. The fixes
for CVE-2021-29579 were incomplete. We have patched the issue in GitHub commit
136b51f10903e044308cf77117c0ed9871350475. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37674
MISC(link is external)
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions the implementation of `tf.raw_ops.StringNGrams` is vulnerable
to an integer overflow issue caused by converting a signed integer value to an
unsigned one and then allocating memory based on this value. The
[implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/string_ngrams_op.cc#L184)
calls `reserve` on a `tstring` with a value that sometimes can be negative if
user supplies negative `ngram_widths`. The `reserve` method calls
`TF_TString_Reserve` which has an `unsigned long` argument for the size of the
buffer. Hence, the implicit conversion transforms the negative value to a large
integer. We have patched the issue in GitHub commit
c283e542a3f422420cfdb332414543b62fc4e4a5. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37646
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can cause a floating point exception by calling
inplace operations with crafted arguments that would result in a division by 0.
The
[implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283)
has a logic error: it should skip processing if `x` and `v` are empty but the
code uses `||` instead of `&&`. We have patched the issue in GitHub commit
e86605c0a336c088b638da02135ea6f9f6753618. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37660
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can cause undefined behavior via binding a
reference to null pointer in all binary cwise operations that don't require
broadcasting (e.g., gradients of binary cwise operations). The
[implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_ops_common.h#L264)
assumes that the two inputs have exactly the same number of elements but does
not check that. Hence, when the eigen functor executes it triggers heap OOB
reads and undefined behavior due to binding to nullptr. We have patched the
issue in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec. The fix will be
included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow
2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and
still in supported range. 2021-08-12 not yet calculated CVE-2021-37659
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can cause undefined behavior via binding a
reference to null pointer in all operations of type
`tf.raw_ops.MatrixSetDiagV*`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc)
has incomplete validation that the value of `k` is a valid tensor. We have check
that this value is either a scalar or a vector, but there is no check for the
number of elements. If this is an empty tensor, then code that accesses the
first element of the tensor is wrong. We have patched the issue in GitHub commit
ff8894044dfae5568ecbf2ed514c1a37dc394f1b. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37658
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can cause undefined behavior via binding a
reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`.
The
[implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc)
has incomplete validation that the value of `k` is a valid tensor. We have check
that this value is either a scalar or a vector, but there is no check for the
number of elements. If this is an empty tensor, then code that accesses the
first element of the tensor is wrong. We have patched the issue in GitHub commit
f2a673bd34f0d64b8e40a551ac78989d16daad09. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37657
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can cause undefined behavior via binding a
reference to null pointer in `tf.raw_ops.RaggedTensorToSparse`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc#L30)
has an incomplete validation of the splits values: it does not check that they
are in increasing order. We have patched the issue in GitHub commit
1071f554dbd09f7e101324d366eec5f4fe5a3ece. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37656
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can trigger a read from outside of bounds of heap
allocated data by sending invalid arguments to
`tf.raw_ops.ResourceScatterUpdate`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923)
has an incomplete validation of the relationship between the shapes of `indices`
and `updates`: instead of checking that the shape of `indices` is a prefix of
the shape of `updates` (so that broadcasting can happen), code only checks that
the number of elements in these two tensors are in a divisibility relationship.
We have patched the issue in GitHub commit
01cff3f986259d661103412a20745928c727326f. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37655
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can trigger a crash via a `CHECK`-fail in debug
builds of TensorFlow using `tf.raw_ops.ResourceGather` or a read from outside
the bounds of heap allocated data in the same API in a release build. The
[implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L660-L668)
does not check that the `batch_dims` value that the user supplies is less than
the rank of the input tensor. Since the implementation uses several for loops
over the dimensions of `tensor`, this results in reading data from outside the
bounds of heap allocated buffer backing the tensor. We have patched the issue in
GitHub commit bc9c546ce7015c57c2f15c168b3d9201de679a1d. The fix will be included
in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1,
TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in
supported range. 2021-08-12 not yet calculated CVE-2021-37654
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions an attacker can trigger a crash via a floating point exception
in `tf.raw_ops.ResourceGather`. The
[implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L725-L731)
computes the value of a value, `batch_size`, and then divides by it without
checking that this value is not 0. We have patched the issue in GitHub commit
ac117ee8a8ea57b73d34665cdf00ef3303bc0b11. The fix will be included in TensorFlow
2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow
2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported
range. 2021-08-12 not yet calculated CVE-2021-37653
CONFIRM(link is external)
MISC(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble`
can result in a use after free error if an attacker supplies specially crafted
arguments. The
[implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55)
uses a reference counted resource and decrements the refcount if the
initialization fails, as it should. However, when the code was written, the
resource was represented as a naked pointer but later refactoring has changed it
to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent
`free`-ing of the resource occurs, but this fails to take into account that the
refcount has already reached 0, thus the resource has been already freed. During
this double-free process, members of the resource object are accessed for
cleanup but they are invalid as the entire resource has been freed. We have
patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab. The
fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on
TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. 2021-08-12 not yet calculated
CVE-2021-37652
MISC(link is external)
CONFIRM(link is external) tensorflow -- tensorflow
TensorFlow is an end-to-end open source platform for machine learning. In
affected versions the implementation for
`tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord`
can trigger heap buffer overflow and segmentation fault. The
[implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_record_op.cc#L93-L102)
assumes that all records in the dataset are of string type. However, there is no
check for that, and the example given above uses numeric types. We have patched
the issue in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876. The fix
will be included in TensorFlow 2.6.0. We will also cherrypick this commit on
TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also
affected and still in supported range. 2021-08-12 not yet calculated
CVE-2021-37650
MISC(link is external)
CONFIRM(link is external) tinyobjloader -- tinyobjloader
An improper array index validation vulnerability exists in the LoadObj
functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit
79d4421. A specially crafted file could lead to code execution. An attacker can
provide a malicious file to trigger this vulnerability. 2021-08-11 not yet
calculated CVE-2020-28589
MISC(link is external) tmerc-cogs -- tmerc-cogs
tmerc-cogs are a collection of open source plugins for the Red Discord bot. A
vulnerability has been found in the code that allows any user to access
sensitive information by crafting a specific membership event message. Issue is
patched in commit d63c49b4cfc30c795336e4fff08cba3795e0fcc0. As a workaround
users may unload the Welcome cog. 2021-08-11 not yet calculated CVE-2021-37697
CONFIRM(link is external)
MISC(link is external) tmerc-cogs -- tmerc-cogs
tmerc-cogs are a collection of open source plugins for the Red Discord bot. A
vulnerability has been found in the code that allows any user to access
sensitive information by crafting a specific MassDM message. Issue is patched in
commit 92325be650a6c17940cc52611797533ed95dbbe1. All users are advised to update
to the current commit. As a workaround users may unload the MassDM cog or
globally disable the `[p]massdm` command. 2021-08-11 not yet calculated
CVE-2021-37696
CONFIRM(link is external)
MISC(link is external) tp-link -- ue330_usb_splitter_devices
TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use
cases in which the device supplies power to audio-output equipment, allow remote
attackers to recover speech signals from an LED on the device, via a telescope
and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB
splitter supplies power to some speakers. The power indicator LED of the USB
splitter is connected directly to the power line, as a result, the intensity of
the USB splitter's power indicator LED is correlative to its power consumption.
The sound played by the connected speakers affects the USB splitter's power
consumption and as a result is also correlative to the light intensity of the
LED. By analyzing measurements obtained from an electro-optical sensor directed
at the power indicator LED of the USB splitter, we can recover the sound played
by the connected speakers. 2021-08-11 not yet calculated CVE-2021-38543
MISC(link is external) trendnet -- tew-755ap
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03,
TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending
the POST request to apply_cgi via a do_graph_auth action without a session_id
key. 2021-08-10 not yet calculated CVE-2021-28844
MISC(link is external) trendnet -- tew-755ap
A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03,
TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which
could let a remote malicious user cause a denial of service due to a logic bug
at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n"
format. The two variables seem to be put in the wrong order. The vulnerability
could be triggered by sending the POST request to apply_cgi with a long and
unknown key in the request body. 2021-08-10 not yet calculated CVE-2021-28846
MISC(link is external) trendnet -- tew-755ap
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03,
TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending
the POST request to apply_cgi with an unknown action name. 2021-08-10 not yet
calculated CVE-2021-28843
MISC(link is external) trendnet -- tew-755ap
Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03,
TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which
could let a remote malicious user cause a denial of service by sending a POST
request to apply_cgi via an action ping_test without a ping_ipaddr key.
2021-08-10 not yet calculated CVE-2021-28841
MISC(link is external) trendnet -- tew-755ap
Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03,
TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which
could let a remote malicious user cause a denial os service by sending the POST
request to apply_cgi via action do_graph_auth without login_name key. 2021-08-10
not yet calculated CVE-2021-28842
MISC(link is external) trendnet -- tv-ip110wn
Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64
V1.2.2.65 V1.2.2.68 via the profile parameter. in a GET request in view.cgi.
2021-08-10 not yet calculated CVE-2021-31655
MISC(link is external)
MISC(link is external)
MISC(link is external) ttiny -- java_web_server_and_servlet_container
A reflected cross-site scripting (XSS) vulnerability in the web server TTiny
Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to
inject malicious code on the server's "404 Page not Found" error page 2021-08-09
not yet calculated CVE-2021-37573
MISC(link is external) typo3 -- typo3 The dated_news (aka Dated News) extension
through 5.1.1 for TYPO3 allows XSS. 2021-08-13 not yet calculated CVE-2021-36790
MISC(link is external)
MISC(link is external) typo3 -- typo3 The femanager extension before 5.5.1 and
6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document. 2021-08-13 not
yet calculated CVE-2021-36787
MISC(link is external)
CONFIRM(link is external) typo3 -- typo3 The dated_news (aka Dated News)
extension through 5.1.1 for TYPO3 allows Information Disclosure of application
registration data. 2021-08-13 not yet calculated CVE-2021-36791
MISC(link is external)
CONFIRM(link is external) typo3 -- typo3 TYPO3 is an open source PHP based web
content management system released under the GNU GPL. In affected versions
failing to properly parse, sanitize and encode malicious rich-text content, the
content rendering process in the website frontend is vulnerable to cross-site
scripting. Corresponding rendering instructions via TypoScript functionality
HTMLparser does not consider all potentially malicious HTML tag & attribute
combinations per default. In default scenarios, a valid backend user account is
needed to exploit this vulnerability. In case custom plugins used in the website
frontend accept and reflect rich-text content submitted by users, no
authentication is required. Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS,
9.5.29, 10.4.19, 11.3.2 that fix the problem described. 2021-08-10 not yet
calculated CVE-2021-32768
MISC(link is external)
CONFIRM(link is external) typo3 -- typo3
The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS.
2021-08-13 not yet calculated CVE-2021-36788
MISC(link is external)
CONFIRM(link is external) typo3 -- typo3
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3
allows XSS. 2021-08-13 not yet calculated CVE-2021-36785
MISC(link is external)
CONFIRM(link is external) typo3 -- typo3
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3
allows Sensitive Data Exposure of API credentials and private keys. 2021-08-13
not yet calculated CVE-2021-36786
MISC(link is external)
CONFIRM(link is external) typo3 -- typo3
The deferred_image_processing (aka Deferred image processing) extension before
1.0.2 for TYPO3 allows Denial of Service via the FAL API because of
/var/transient disk consumption. 2021-08-13 not yet calculated CVE-2021-38623
MISC(link is external) typo3 -- typo3
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL
Injection. 2021-08-13 not yet calculated CVE-2021-36789
MISC(link is external)
MISC(link is external) typo3 -- typo3
The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when
CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a
session identifier is unsafely present in HTML output. 2021-08-13 not yet
calculated CVE-2021-36793
CONFIRM(link is external)
MISC(link is external) typo3 -- typo3
The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection.
2021-08-13 not yet calculated CVE-2021-38302
MISC(link is external)
CONFIRM(link is external) typo3 -- typo3
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has
incorrect Access Control for confirming various applications. 2021-08-13 not yet
calculated CVE-2021-36792
MISC(link is external)
MISC(link is external) uaa -- server
UAA server versions prior to 75.4.0 are vulnerable to an open redirect
vulnerability. A malicious user can exploit the open redirect vulnerability by
social engineering leading to take over of victims’ accounts in certain cases
along with redirection of UAA users to a malicious sites. 2021-08-11 not yet
calculated CVE-2021-22098
MISC(link is external) ubuntu -- dolibarr
In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly
restricts access to a resource from an unauthorized actor. A low privileged
attacker can modify the Private Note which only an administrator has rights to
do, the affected field is at “/adherents/note.php?id=1” endpoint. 2021-08-09 not
yet calculated CVE-2021-25954
MISC(link is external)
MISC(link is external) ucweb -- ucweb
UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus
man-in-the-middle attackers can discover visited URLs. 2021-08-14 not yet
calculated CVE-2020-36473
MISC(link is external) virtual_robots.txt -- virtual_robots.txt
Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt
field. 2021-08-12 not yet calculated CVE-2021-28121
MISC(link is external) wal-g -- wal-g
WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary
releases published as GitHub Releases) is used, silently ignores the libsodium
encryption key and uploads cleartext backups. This is arguably a Principle of
Least Surprise violation because "the user likely wanted to encrypt all file
activity." 2021-08-12 not yet calculated CVE-2021-38599
MISC(link is external)
MISC(link is external) wasm3 -- wasm3
Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from
EvaluateExpression and m3_LoadModule). 2021-08-12 not yet calculated
CVE-2021-38592
MISC(link is external)
MISC(link is external) winner -- winner
Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote
attackers to recover speech signals from the power-indicator LED via a telescope
and an electro-optical sensor, aka a "Glowworm" attack. 2021-08-10 not yet
calculated CVE-2021-38365
MISC(link is external)
MISC(link is external) wolfssl -- wolfssl
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations
of irrelevant response data that contains the NoCheck extension. 2021-08-12 not
yet calculated CVE-2021-38597
MISC(link is external)
MISC(link is external) wordpress -- wordpress The WP Fusion Lite WordPress
plugin is vulnerable to Reflected Cross-Site Scripting via the startdate
parameter found in the ~/includes/admin/logging/class-log-table-list.php file
which allows attackers to inject arbitrary web scripts, in versions up to and
including 3.37.18. 2021-08-09 not yet calculated CVE-2021-34660
MISC(link is external)
MISC(link is external) wordpress -- wordpress
The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization
before passing variables to an SQL request, making it vulnerable to SQL
Injection attacks. Users with a role of contributor or higher can exploit this
vulnerability. 2021-08-09 not yet calculated CVE-2021-24520
MISC(link is external)
MISC(link is external) wordpress -- wordpress
The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id
parameter in its td_ajax_block AJAX action, leading to an unauthenticated
Reflected Cross-site Scripting (XSS) vulnerability. 2021-08-09 not yet
calculated CVE-2021-24304
MISC(link is external) wordpress -- wordpress
The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site
Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file
which allows attackers to inject arbitrary web scripts, in versions up to and
including 3.5.4. 2021-08-11 not yet calculated CVE-2021-34640
MISC(link is external)
MISC(link is external) wordpress -- wordpress
The Page View Count WordPress plugin before 2.4.9 does not escape the postid
parameter of pvc_stats shortcode, allowing users with a role as low as
Contributor to perform Stored XSS attacks. A post made by a contributor would
still have to be approved by an admin to have the XSS triggered in the frontend,
however, higher privilege users, such as editor could exploit this without the
need of approval, and even when the blog disallows the unfiltered_html
capability. 2021-08-09 not yet calculated CVE-2021-24509
MISC(link is external) wordpress -- wordpress
The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request
Forgery via the `show_logs_section` function found in the
~/includes/admin/logging/class-log-handler.php file which allows attackers to
drop all logs for the plugin, in versions up to and including 3.37.18.
2021-08-09 not yet calculated CVE-2021-34661
MISC(link is external)
MISC(link is external) wordpress -- wordpress
The User Registration, User Profile, Login & Membership – ProfilePress
(Formerly WP User Avatar) WordPress plugin before 3.1.11's widget for tabbed
login/register was not properly escaped and could be used in an XSS attack which
could lead to wp-admin access. Further, the plugin in several places assigned
$_POST as $_GET which meant that in some cases this could be replicated with
just $_GET parameters and no need for $_POST values. 2021-08-09 not yet
calculated CVE-2021-24522
MISC(link is external) wordpress -- wordpress
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or
escape some of the POST parameters from the astra_pagination_infinite and
astra_shop_pagination_infinite AJAX action (available to both unauthenticated
and authenticated user) before using them in SQL statement, leading to an SQL
Injection issues 2021-08-09 not yet calculated CVE-2021-24507
MISC(link is external)
MISC(link is external) wordpress -- wordpress
The Forms WordPress plugin before 1.12.3 did not sanitise its input fields,
leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an
Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the Forms
"Add new" field. 2021-08-09 not yet calculated CVE-2021-24505
MISC(link is external) wordpress -- wordpress
The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the
Map Title before outputting them in the page, leading to a Stored Cross-Site
Scripting issue by high privilege users, even when the unfiltered_html
capability is disallowed 2021-08-09 not yet calculated CVE-2021-24502
MISC(link is external)
MISC(link is external) wordpress -- wordpress
The Workreap WordPress theme before 2.2.2 had several AJAX actions missing
authorization checks to verify that a user was authorized to perform critical
operations such as modifying or deleting objects. This allowed a logged in user
to modify or delete objects belonging to other users on the site. 2021-08-09 not
yet calculated CVE-2021-24501
MISC(link is external)
MISC(link is external) wordpress -- wordpress
Several AJAX actions available in the Workreap WordPress theme before 2.2.2
lacked CSRF protections, as well as allowing insecure direct object references
that were not validated. This allows an attacker to trick a logged in user to
submit a POST request to the vulnerable site, potentially modifying or deleting
arbitrary objects on the target site. 2021-08-09 not yet calculated
CVE-2021-24500
MISC(link is external)
MISC(link is external) wordpress -- wordpress
The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1
does not properly sanitize input values from the browser when building an SQL
statement. Users with the administrator role or permission to manage this plugin
could perform an SQL Injection attack. 2021-08-09 not yet calculated
CVE-2021-24521
MISC(link is external)
MISC(link is external) wordpress -- wordpress
The Workreap WordPress theme before 2.2.2 AJAX actions
workreap_award_temp_file_uploader and workreap_temp_file_uploader did not
perform nonce checks, or validate that the request is from a valid user in any
other way. The endpoints allowed for uploading arbitrary files to the
uploads/workreap-temp directory. Uploaded files were neither sanitized nor
validated, allowing an unauthenticated visitor to upload executable code such as
php scripts. 2021-08-09 not yet calculated CVE-2021-24499
MISC(link is external)
MISC(link is external) wordpress -- wordpress
The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize,
validate or escape the 'id' parameter before outputting back in the page,
leading to a reflected Cross-Site Scripting issue. 2021-08-09 not yet calculated
CVE-2021-24495
MISC(link is external)
MISC(link is external) wordpress -- wordpress
The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce
when saving its settings, which allows attackers to make a logged in admin
update the settings via a Cross-Site Request Forgery attack. This could lead to
Cross-Site Scripting issues by either changing the URL of the JavaScript library
being used, or using malicious attributions which will be executed in all page
with an embed map from the plugin 2021-08-09 not yet calculated CVE-2021-24467
MISC(link is external) yii2 -- yii2
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
2021-08-10 not yet calculated CVE-2021-3689
CONFIRM(link is external)
MISC(link is external) yii2 -- yii2
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
2021-08-10 not yet calculated CVE-2021-3692
MISC(link is external)
CONFIRM(link is external) zte -- zxhn_h2640
There is an information leak vulnerability in the digital media player (DMS)
of ZTE's residential gateway product. The attacker could insert the USB disk
with the symbolic link into the residential gateway, and access unauthorized
directory information through the symbolic link, causing information leak.
2021-08-09 not yet calculated CVE-2021-21740
MISC(link is external)
Back to top
PLEASE SHARE YOUR THOUGHTS
We recently updated our anonymous product survey; we’d welcome your feedback.
Return to top
* Topics
* Spotlight
* Resources & Tools
* News & Events
* Careers
* About
Cybersecurity & Infrastructure Security Agency
* Facebook
* Twitter
* LinkedIn
* YouTube
* Instagram
* RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
* About CISA
* Budget and Performance
* DHS.gov
* Equal Opportunity & Accessibility
* FOIA Requests
* No FEAR Act
* Office of Inspector General
* Privacy Policy
* Subscribe
* The White House
* USA.gov
* Website Feedback