Free Cyber Threat Intelligence Feed - Hackerpom Threat Feed

----Vulners.com High Sev. Last 3 Days----

----NVD Last 3 Days----

CVE#: CVE-2021-42258 Published Date: 2021-10-22 CVSS: NO CVSS Description: BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.

CVE#: CVE-2020-36502 Published Date: 2021-10-22 CVSS: NO CVSS Description: Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself.

CVE#: CVE-2020-36501 Published Date: 2021-10-22 CVSS: NO CVSS Description: Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.

CVE#: CVE-2020-36499 Published Date: 2021-10-22 CVSS: NO CVSS Description: TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the content parameter of the Rubric Block (Add) module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value.

CVE#: CVE-2020-36498 Published Date: 2021-10-22 CVSS: NO CVSS Description: Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field.

CVE#: CVE-2020-36497 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.

CVE#: CVE-2020-36496 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.

CVE#: CVE-2020-36495 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.

CVE#: CVE-2020-36494 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.

CVE#: CVE-2020-36493 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

CVE#: CVE-2020-36492 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

CVE#: CVE-2020-36491 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

CVE#: CVE-2020-36490 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

CVE#: CVE-2020-36489 Published Date: 2021-10-22 CVSS: NO CVSS Description: Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information.

CVE#: CVE-2020-36488 Published Date: 2021-10-22 CVSS: NO CVSS Description: An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands.

CVE#: CVE-2020-36486 Published Date: 2021-10-22 CVSS: NO CVSS Description: Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.

CVE#: CVE-2020-36485 Published Date: 2021-10-22 CVSS: NO CVSS Description: Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.

CVE#: CVE-2020-28969 Published Date: 2021-10-22 CVSS: NO CVSS Description: Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.

CVE#: CVE-2020-28968 Published Date: 2021-10-22 CVSS: NO CVSS Description: Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.

CVE#: CVE-2020-28967 Published Date: 2021-10-22 CVSS: NO CVSS Description: FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function. This vulnerability allows attackers to elevate local process privileges via overwriting the registers.

CVE#: CVE-2020-28964 Published Date: 2021-10-22 CVSS: NO CVSS Description: Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerability allows attackers to escalate local process privileges via unspecified vectors.

CVE#: CVE-2020-28963 Published Date: 2021-10-22 CVSS: NO CVSS Description: Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to contain a buffer overflow via the decompress function.

CVE#: CVE-2020-28961 Published Date: 2021-10-22 CVSS: NO CVSS Description: Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter.

CVE#: CVE-2020-28960 Published Date: 2021-10-22 CVSS: NO CVSS Description: Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters.

CVE#: CVE-2020-28957 Published Date: 2021-10-22 CVSS: NO CVSS Description: Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.

CVE#: CVE-2020-28956 Published Date: 2021-10-22 CVSS: NO CVSS Description: Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.

CVE#: CVE-2020-28955 Published Date: 2021-10-22 CVSS: NO CVSS Description: SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields.

CVE#: CVE-2020-23061 Published Date: 2021-10-22 CVSS: NO CVSS Description: Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command.

CVE#: CVE-2020-23060 Published Date: 2021-10-22 CVSS: NO CVSS Description: Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file.

CVE#: CVE-2020-23058 Published Date: 2021-10-22 CVSS: NO CVSS Description: An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data.

CVE#: CVE-2020-23055 Published Date: 2021-10-22 CVSS: NO CVSS Description: ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the /authen/start/ module via the userid and password parameters.

CVE#: CVE-2020-23054 Published Date: 2021-10-22 CVSS: NO CVSS Description: A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field.

CVE#: CVE-2020-23052 Published Date: 2021-10-22 CVSS: NO CVSS Description: Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters.

CVE#: CVE-2020-23051 Published Date: 2021-10-22 CVSS: NO CVSS Description: Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields.

CVE#: CVE-2020-23050 Published Date: 2021-10-22 CVSS: NO CVSS Description: TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code.

CVE#: CVE-2020-23049 Published Date: 2021-10-22 CVSS: NO CVSS Description: Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.

CVE#: CVE-2020-23048 Published Date: 2021-10-22 CVSS: NO CVSS Description: SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters.

CVE#: CVE-2020-23047 Published Date: 2021-10-22 CVSS: NO CVSS Description: Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module.

CVE#: CVE-2020-23046 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.

CVE#: CVE-2020-23045 Published Date: 2021-10-22 CVSS: NO CVSS Description: Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules.

CVE#: CVE-2020-23044 Published Date: 2021-10-22 CVSS: NO CVSS Description: DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

CVE#: CVE-2020-23043 Published Date: 2021-10-22 CVSS: NO CVSS Description: Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file.

CVE#: CVE-2020-23042 Published Date: 2021-10-22 CVSS: NO CVSS Description: Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.

CVE#: CVE-2020-23041 Published Date: 2021-10-22 CVSS: NO CVSS Description: Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.

CVE#: CVE-2020-23040 Published Date: 2021-10-22 CVSS: NO CVSS Description: Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands.

CVE#: CVE-2020-23039 Published Date: 2021-10-22 CVSS: NO CVSS Description: Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name.

CVE#: CVE-2020-23038 Published Date: 2021-10-22 CVSS: NO CVSS Description: Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables.

CVE#: CVE-2020-23037 Published Date: 2021-10-22 CVSS: NO CVSS Description: Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

CVE#: CVE-2020-23036 Published Date: 2021-10-22 CVSS: NO CVSS Description: MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up requests containing the user password via a man in the middle attack.

CVE#: CVE-2021-42840 Published Date: 2021-10-22 CVSS: NO CVSS Description: SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.

CVE#: CVE-2021-42556 Published Date: 2021-10-22 CVSS: NO CVSS Description: Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.

CVE#: CVE-2021-41171 Published Date: 2021-10-22 CVSS: 3.6 Description: eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing brute force login protection, as recommended by Owasp with Device Cookies. This mechanism will not impact users and will effectively thwart any brute-force attempts at guessing passwords. The only correct way to address this is to upgrade to version 4.1.0. Adding rate limitation upstream of the eLabFTW service is of course a valid option, with or without upgrading.

CVE#: CVE-2021-29835 Published Date: 2021-10-22 CVSS: NO CVSS Description: IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204833.

CVE#: CVE-2021-42836 Published Date: 2021-10-22 CVSS: NO CVSS Description: GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.

CVE#: CVE-2021-42542 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.

CVE#: CVE-2021-42540 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.

CVE#: CVE-2021-42539 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.

CVE#: CVE-2021-42538 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.

CVE#: CVE-2021-42536 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.

CVE#: CVE-2021-42534 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms.

CVE#: CVE-2021-42169 Published Date: 2021-10-22 CVSS: NO CVSS Description: The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.

CVE#: CVE-2021-38485 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.

CVE#: CVE-2021-30359 Published Date: 2021-10-22 CVSS: NO CVSS Description: The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges.

CVE#: CVE-2021-0870 Published Date: 2021-10-22 CVSS: NO CVSS Description: In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-192472262

CVE#: CVE-2021-0708 Published Date: 2021-10-22 CVSS: NO CVSS Description: In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-183262161

CVE#: CVE-2021-0706 Published Date: 2021-10-22 CVSS: NO CVSS Description: In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-193444889

CVE#: CVE-2021-0705 Published Date: 2021-10-22 CVSS: NO CVSS Description: In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-185388103

CVE#: CVE-2021-0703 Published Date: 2021-10-22 CVSS: NO CVSS Description: In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329

CVE#: CVE-2021-0702 Published Date: 2021-10-22 CVSS: NO CVSS Description: In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-193932765

CVE#: CVE-2021-0652 Published Date: 2021-10-22 CVSS: NO CVSS Description: In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185178568

CVE#: CVE-2021-0651 Published Date: 2021-10-22 CVSS: NO CVSS Description: In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-67013844

CVE#: CVE-2021-0643 Published Date: 2021-10-22 CVSS: NO CVSS Description: In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-183612370

CVE#: CVE-2021-0483 Published Date: 2021-10-22 CVSS: NO CVSS Description: In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-153358911

CVE#: CVE-2021-41747 Published Date: 2021-10-22 CVSS: NO CVSS Description: Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive information such as user cookies.

CVE#: CVE-2021-41745 Published Date: 2021-10-22 CVSS: NO CVSS Description: ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.

CVE#: CVE-2021-41744 Published Date: 2021-10-22 CVSS: NO CVSS Description: All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle Management) is a strategic management method. It applies a series of enterprise application systems to support the entire process from conceptual design to the end of product life, and the collaborative creation, distribution, application and management of product information across organizations. Yonyou PLM uses jboss by default, and you can access the management control background without authorization An attacker can use this vulnerability to gain server permissions.

CVE#: CVE-2021-38481 Published Date: 2021-10-22 CVSS: NO CVSS Description: The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string.

CVE#: CVE-2021-38479 Published Date: 2021-10-22 CVSS: NO CVSS Description: Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. An attacker can manipulate API functions by writing arbitrary data into the resolved address of a raw pointer.

CVE#: CVE-2021-38477 Published Date: 2021-10-22 CVSS: NO CVSS Description: There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files.

CVE#: CVE-2021-38475 Published Date: 2021-10-22 CVSS: NO CVSS Description: The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions.

CVE#: CVE-2021-38473 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow.

CVE#: CVE-2021-38471 Published Date: 2021-10-22 CVSS: NO CVSS Description: There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files.

CVE#: CVE-2021-38469 Published Date: 2021-10-22 CVSS: NO CVSS Description: Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the affected product’s binaries, thus hijacking the loaded DLL.

CVE#: CVE-2021-38467 Published Date: 2021-10-22 CVSS: NO CVSS Description: A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control what memory regions will be freed and cause use-after-free condition.

CVE#: CVE-2021-38465 Published Date: 2021-10-22 CVSS: NO CVSS Description: The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable.

CVE#: CVE-2021-38463 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions.

CVE#: CVE-2021-38461 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries.

CVE#: CVE-2021-38459 Published Date: 2021-10-22 CVSS: NO CVSS Description: The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database.

CVE#: CVE-2021-38457 Published Date: 2021-10-22 CVSS: NO CVSS Description: The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication.

CVE#: CVE-2021-38455 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the value.

CVE#: CVE-2021-38453 Published Date: 2021-10-22 CVSS: NO CVSS Description: Some API functions allow interaction with the registry, which includes reading values as well as data modification.

CVE#: CVE-2021-38451 Published Date: 2021-10-22 CVSS: NO CVSS Description: The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data.

CVE#: CVE-2021-38449 Published Date: 2021-10-22 CVSS: NO CVSS Description: Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker could rewrite the memory in any location of the affected product.

CVE#: CVE-2021-36357 Published Date: 2021-10-22 CVSS: NO CVSS Description: An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion function.

CVE#: CVE-2021-35230 Published Date: 2021-10-22 CVSS: NO CVSS Description: As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.

CVE#: CVE-2021-31682 Published Date: 2021-10-22 CVSS: NO CVSS Description: The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization.

CVE#: CVE-2021-31835 Published Date: 2021-10-22 CVSS: NO CVSS Description: Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.

CVE#: CVE-2021-31834 Published Date: 2021-10-22 CVSS: NO CVSS Description: Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

CVE#: CVE-2021-34362 Published Date: 2021-10-22 CVSS: NO CVSS Description: A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later