jell.ie CVEs

Read at: 2021-10-19T20:11:47+01:00

CVE-2021-33988

Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form.

Source: National Vulnerability Database | 19 Oct 2021 | 6:15 pm IST

CVE-2021-38911

IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.

Source: National Vulnerability Database | 19 Oct 2021 | 5:15 pm IST

CVE-2021-29912

IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.

Source: National Vulnerability Database | 19 Oct 2021 | 5:15 pm IST

CVE-2020-12141

An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to snmp_ber_decode_string_len_buffer in os/net/app-layer/snmp/snmp-ber.c.

Source: National Vulnerability Database | 19 Oct 2021 | 5:15 pm IST

CVE-2021-3746

A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.

Source: National Vulnerability Database | 19 Oct 2021 | 4:15 pm IST

CVE-2021-39329

The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

Source: National Vulnerability Database | 19 Oct 2021 | 4:15 pm IST

CVE-2021-39343

The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

Source: National Vulnerability Database | 19 Oct 2021 | 4:15 pm IST

CVE-2021-27001

Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.

Source: National Vulnerability Database | 19 Oct 2021 | 4:15 pm IST

CVE-2021-39355

The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

Source: National Vulnerability Database | 19 Oct 2021 | 4:15 pm IST

CVE-2011-1075

FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in. In particular, it uses the MD5File() function, which takes a pathname as an argument, and is called with euid 0. A race condition in this process may lead to an arbitrary MD5 comparison regardless of the read permissions.

Source: National Vulnerability Database | 19 Oct 2021 | 4:15 pm IST

CVE-2021-37137

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.

Source: National Vulnerability Database | 19 Oct 2021 | 4:15 pm IST

CVE-2021-37136

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack

Source: National Vulnerability Database | 19 Oct 2021 | 4:15 pm IST

CVE-2021-36832

WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input.

Source: National Vulnerability Database | 19 Oct 2021 | 4:15 pm IST

CVE-2021-26589

A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers.

Source: National Vulnerability Database | 19 Oct 2021 | 4:15 pm IST

CVE-2021-30848

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30849

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30846

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30850

An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30838

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to execute arbitrary code with system privileges on devices with an Apple Neural Engine.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30845

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6. A local user may be able to read kernel memory.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30842

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30843

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30841

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30837

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An application may be able to execute arbitrary code with kernel privileges.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30835

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30832

A memory corruption issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30847

This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30844

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30826

A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30820

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8. A remote attacker may be able to cause arbitrary code execution.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30825

This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to cause unexpected application termination or arbitrary code execution.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30810

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30819

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15 and iPadOS 15. Processing a maliciously crafted USD file may disclose memory contents.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30358

Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30815

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to view contacts from the lock screen.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30829

A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30807

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30828

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2020-29622

A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-005 Catalina. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30827

A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30811

This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2011-1497

A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-30830

A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges.

Source: National Vulnerability Database | 19 Oct 2021 | 3:15 pm IST

CVE-2021-3879

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-38484

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution.

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-3872

vim is vulnerable to Heap-based Buffer Overflow

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-3869

corenlp is vulnerable to Improper Restriction of XML External Entity Reference

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-38480

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as making configuration changes, changing administrator credentials, and running system commands on the router.

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-38482

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of users connected to the system.

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-38468

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system.

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-3889

libmobi is vulnerable to Use of Out-of-range Pointer Offset

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-38472

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform changes.

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-38478

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device.

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-3858

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-38476

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts.

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-38486

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected.

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-3863

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-3888

libmobi is vulnerable to Use of Out-of-range Pointer Offset

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-38470

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device.

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-3851

firefly-iii is vulnerable to URL Redirection to Untrusted Site

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-3846

firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-38474

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. This could allow an attacker to gain valid credentials for the product interface.

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-38464

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session.

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-38466

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected cross-site scripting attack, which could allow an attacker to run code on behalf of the client browser.

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-38462

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf.

Source: National Vulnerability Database | 19 Oct 2021 | 2:15 pm IST

CVE-2021-42261

Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server.

Source: National Vulnerability Database | 19 Oct 2021 | 1:15 pm IST

CVE-2021-36512

An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value.

Source: National Vulnerability Database | 19 Oct 2021 | 1:15 pm IST

CVE-2021-25968

In “OpenCMS�, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field.

Source: National Vulnerability Database | 19 Oct 2021 | 10:15 am IST

CVE-2021-20836

Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files.

Source: National Vulnerability Database | 19 Oct 2021 | 4:15 am IST

CVE-2021-41155

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.

Source: National Vulnerability Database | 18 Oct 2021 | 11:15 pm IST

CVE-2021-41154

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.

Source: National Vulnerability Database | 18 Oct 2021 | 11:15 pm IST

CVE-2021-41152

OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on the target system. The attack could be used to read any file accessible in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account or the enabled guest user feature together with the usage of the folder component in a course. The attack does not allow writing of arbitrary files, it allows only reading of files and also only ready of files that the attacker knows the exact path which is very unlikely at least for OpenOlat data files. The problem is fixed in version 15.5.8 and 16.0.1 It is advised to upgrade to version 16.0.x. There are no known workarounds to fix this problem, an upgrade is necessary.

Source: National Vulnerability Database | 18 Oct 2021 | 10:15 pm IST

CVE-2021-42650

Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.

Source: National Vulnerability Database | 18 Oct 2021 | 10:15 pm IST

CVE-2021-41153

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a **high** severity security advisory if you use `evm` crate for Ethereum mainnet. In this case, you should update your library dependency immediately to on or after `0.31.0`. This is a **low** severity security advisory if you use `evm` crate in Frontier or in a standalone blockchain, because there's no security exploit possible with this advisory. It is **not** recommended to update to on or after `0.31.0` until all the normal chain upgrade preparations have been done. If you use Frontier or other `pallet-evm` based Substrate blockchain, please ensure to update your `spec_version` before updating this. For other blockchains, please make sure to follow a hard-fork process before you update this.

Source: National Vulnerability Database | 18 Oct 2021 | 10:15 pm IST

CVE-2021-41156

anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craft an html form with malicious JavaScript, use social engineering to convince logged on users to execute a POST from such form, and have the attacker-supplied JavaScript to be executed in user's browser. This has been patched in version 1.19.30.5600. Upgrade is recommended. If it is not practical, introduce ttValidDbDateFormatDate function as in the latest version and add a call to it within the access checks block.

Source: National Vulnerability Database | 18 Oct 2021 | 10:15 pm IST

CVE-2021-41151

Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a `github:publish:pull-request` action and a particular source path. When the template is executed the sensitive files would be included in the published pull request. This vulnerability is mitigated by the fact that an attacker would need access to create and register templates in the Backstage catalog, and that the attack is very visible given that the exfiltration happens via a pull request. The vulnerability is patched in the `0.15.9` release of `@backstage/plugin-scaffolder-backend`.

Source: National Vulnerability Database | 18 Oct 2021 | 10:15 pm IST

CVE-2021-42055

ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.

Source: National Vulnerability Database | 18 Oct 2021 | 6:15 pm IST

CVE-2021-36513

An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value.

Source: National Vulnerability Database | 18 Oct 2021 | 6:15 pm IST

CVE-2021-23449

This affects the package vm2 before 3.9.4. Prototype Pollution attack vector can lead to sandbox escape and execution of arbitrary code on the host machine.

Source: National Vulnerability Database | 18 Oct 2021 | 6:15 pm IST

CVE-2021-29878

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 206581.

Source: National Vulnerability Database | 18 Oct 2021 | 6:15 pm IST

CVE-2021-32609

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.

Source: National Vulnerability Database | 18 Oct 2021 | 4:15 pm IST

CVE-2021-42575

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

Source: National Vulnerability Database | 18 Oct 2021 | 4:15 pm IST

CVE-2021-41971

Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.

Source: National Vulnerability Database | 18 Oct 2021 | 4:15 pm IST

CVE-2021-42576

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

Source: National Vulnerability Database | 18 Oct 2021 | 4:15 pm IST

CVE-2021-24752

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4's configurations.

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

CVE-2021-41991

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

CVE-2021-41990

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

CVE-2021-24754

The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

CVE-2021-24760

The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

CVE-2021-3755

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

CVE-2021-42098

An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell.

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

CVE-2021-24642

The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE (via a file upload) as well as XSS

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

CVE-2021-24516

The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfiltered_html is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue.

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

CVE-2021-24595

The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack.

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

CVE-2021-24612

The Sociable WordPress plugin through 4.3.4.1 does not sanitise or escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

CVE-2021-24617

The GamePress WordPress plugin through 1.1.0 does not escape the op_edit POST parameter before outputting it back in multiple Game Option pages, leading to Reflected Cross-Site Scripting issues

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

CVE-2021-24615

The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks.

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

CVE-2021-24622

The Customer Service Software & Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

CVE-2021-24735

The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack.

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

CVE-2021-24736

The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library � Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues.

Source: National Vulnerability Database | 18 Oct 2021 | 3:15 pm IST

count: 100