Free Cyber Threat Intelligence Feed - Hackerpom Threat Feed

----Vulners.com High Sev. Last 3 Days----

----NVD Last 3 Days----

CVE#: CVE-2021-32794 Published Date: 2021-07-26 CVSS: NO CVSS Description: ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code `POST /Api/ASF` ASF API endpoint responsible for updating global ASF config incorrectly removed `IPCPassword` from the resulting config when the caller did not specify it explicitly. Due to the above, it was possible for the user to accidentally remove `IPCPassword` security measure from his IPC interface when updating global ASF config, which exists as part of global config update functionality in ASF-ui. Removal of `IPCPassword` possesses a security risk, as unauthorized users may in result access the IPC interface after such modification. The issue is patched in ASF V5.1.2.4 and future versions. We recommend to manually verify that `IPCPassword` is specified after update, and if not, set it accordingly. In default settings, ASF is configured to allow IPC access from `localhost` only and should not affect majority of users.

CVE#: CVE-2021-37478 Published Date: 2021-07-26 CVSS: NO CVSS Description: In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database.

CVE#: CVE-2021-37477 Published Date: 2021-07-26 CVSS: NO CVSS Description: In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database.

CVE#: CVE-2021-37476 Published Date: 2021-07-26 CVSS: NO CVSS Description: In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database.

CVE#: CVE-2021-37475 Published Date: 2021-07-26 CVSS: NO CVSS Description: In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database.

CVE#: CVE-2021-37473 Published Date: 2021-07-26 CVSS: NO CVSS Description: In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database.

CVE#: CVE-2021-37394 Published Date: 2021-07-26 CVSS: NO CVSS Description: In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.

CVE#: CVE-2021-37393 Published Date: 2021-07-26 CVSS: NO CVSS Description: In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the XSS.

CVE#: CVE-2021-37392 Published Date: 2021-07-26 CVSS: NO CVSS Description: In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the articles published by the injected user will trigger the XSS.

CVE#: CVE-2021-36563 Published Date: 2021-07-26 CVSS: NO CVSS Description: The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts), the XSS payload will be triggered when the user accesses some specific sections of the application. In the same sense a very dangerous potential way would be when an attacker who has the monitor role (not administrator) manages to get a stored XSS to steal the secretAutomation (for the use of the API in administrator mode) and thus be able to create another administrator user who has high privileges on the CheckMK monitoring web console. Another way is that persistent XSS allows an attacker to modify the displayed content or change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session.

CVE#: CVE-2021-32792 Published Date: 2021-07-26 CVSS: NO CVSS Description: mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.

CVE#: CVE-2021-32791 Published Date: 2021-07-26 CVSS: NO CVSS Description: mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.

CVE#: CVE-2021-32790 Published Date: 2021-07-26 CVSS: NO CVSS Description: Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to the WooCommerce site can exploit vulnerable endpoints of `/wp-json/wc/v3/webhooks`, `/wp-json/wc/v2/webhooks` and other webhook listing API. Read-only SQL queries can be executed using this exploit, while data will not be returned, by carefully crafting `search` parameter information can be disclosed using timing and related attacks. Version 3.3.6 is the earliest version of Woocommerce with a patch for this vulnerability. There are no known workarounds other than upgrading.

CVE#: CVE-2021-31292 Published Date: 2021-07-26 CVSS: NO CVSS Description: An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.

CVE#: CVE-2021-31291 Published Date: 2021-07-26 CVSS: NO CVSS Description: A heap-based buffer overflow vulnerability in jp2image.cpp of Exiv2 0.27.3 allows attackers to cause a denial of service (DOS) via crafted metadata.

CVE#: CVE-2021-25804 Published Date: 2021-07-26 CVSS: NO CVSS Description: A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.

CVE#: CVE-2021-25803 Published Date: 2021-07-26 CVSS: NO CVSS Description: A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.

CVE#: CVE-2021-25802 Published Date: 2021-07-26 CVSS: NO CVSS Description: A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.

CVE#: CVE-2021-25801 Published Date: 2021-07-26 CVSS: NO CVSS Description: A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.

CVE#: CVE-2021-32789 Published Date: 2021-07-26 CVSS: NO CVSS Description: woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.

CVE#: CVE-2021-32631 Published Date: 2021-07-26 CVSS: NO CVSS Description: Common is a package of common modules that can be accessed by NIMBLE services. Common before commit number 3b96cb0293d3443b870351945f41d7d55cb34b53 did not properly verify the signature of JSON Web Tokens. This allows someone to forge a valid JWT. Being able to forge JWTs may lead to authentication bypasses. Commit number 3b96cb0293d3443b870351945f41d7d55cb34b53 contains a patch for the issue. As a workaround, one may use the parseClaimsJws method to correctly verify the signature of a JWT.

CVE#: CVE-2021-33629 Published Date: 2021-07-26 CVSS: NO CVSS Description: isula-build before 0.9.5-8 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data.

CVE#: CVE-2021-37534 Published Date: 2021-07-26 CVSS: NO CVSS Description: app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster.

CVE#: CVE-2021-26824 Published Date: 2021-07-26 CVSS: NO CVSS Description: DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to improper authentication by a replay attack, allowing local attackers to bypass user authentication and access all features and data on the USB.

CVE#: CVE-2021-3664 Published Date: 2021-07-26 CVSS: NO CVSS Description: url-parse is vulnerable to URL Redirection to Untrusted Site

CVE#: CVE-2021-35030 Published Date: 2021-07-26 CVSS: NO CVSS Description: A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.

CVE#: CVE-2021-29784 Published Date: 2021-07-26 CVSS: NO CVSS Description: IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168.

CVE#: CVE-2021-29770 Published Date: 2021-07-26 CVSS: NO CVSS Description: IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771.

CVE#: CVE-2021-29769 Published Date: 2021-07-26 CVSS: NO CVSS Description: IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 202769.

CVE#: CVE-2021-29767 Published Date: 2021-07-26 CVSS: NO CVSS Description: IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681.

CVE#: CVE-2021-29766 Published Date: 2021-07-26 CVSS: NO CVSS Description: IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680.

CVE#: CVE-2021-22144 Published Date: 2021-07-26 CVSS: NO CVSS Description: In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.

CVE#: CVE-2021-20560 Published Date: 2021-07-26 CVSS: NO CVSS Description: IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229.

CVE#: CVE-2021-20431 Published Date: 2021-07-26 CVSS: NO CVSS Description: IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. IBM X-Force ID: 196342.

CVE#: CVE-2021-20430 Published Date: 2021-07-26 CVSS: NO CVSS Description: IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341.

CVE#: CVE-2021-20337 Published Date: 2021-07-26 CVSS: NO CVSS Description: IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448.

CVE#: CVE-2020-4623 Published Date: 2021-07-26 CVSS: NO CVSS Description: IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 184984.

CVE#: CVE-2020-12681 Published Date: 2021-07-26 CVSS: NO CVSS Description: Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied.

CVE#: CVE-2021-33900 Published Date: 2021-07-26 CVSS: NO CVSS Description: While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue affects Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions.

CVE#: CVE-2021-36092 Published Date: 2021-07-26 CVSS: NO CVSS Description: It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.

CVE#: CVE-2021-36091 Published Date: 2021-07-26 CVSS: NO CVSS Description: Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.

CVE#: CVE-2021-21443 Published Date: 2021-07-26 CVSS: NO CVSS Description: Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.

CVE#: CVE-2021-21442 Published Date: 2021-07-26 CVSS: NO CVSS Description: In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19.

CVE#: CVE-2021-21440 Published Date: 2021-07-26 CVSS: NO CVSS Description: Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.

CVE#: CVE-2021-37449 Published Date: 2021-07-25 CVSS: NO CVSS Description: Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).

CVE#: CVE-2021-37448 Published Date: 2021-07-25 CVSS: NO CVSS Description: Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).

CVE#: CVE-2021-37447 Published Date: 2021-07-25 CVSS: NO CVSS Description: In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.

CVE#: CVE-2021-37446 Published Date: 2021-07-25 CVSS: NO CVSS Description: In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading.

CVE#: CVE-2021-37445 Published Date: 2021-07-25 CVSS: NO CVSS Description: In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.

CVE#: CVE-2021-37444 Published Date: 2021-07-25 CVSS: NO CVSS Description: NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function.

CVE#: CVE-2021-37443 Published Date: 2021-07-25 CVSS: NO CVSS Description: NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.

CVE#: CVE-2021-37442 Published Date: 2021-07-25 CVSS: NO CVSS Description: NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.

CVE#: CVE-2021-37441 Published Date: 2021-07-25 CVSS: NO CVSS Description: NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.

CVE#: CVE-2021-37440 Published Date: 2021-07-25 CVSS: NO CVSS Description: NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.

CVE#: CVE-2021-37439 Published Date: 2021-07-25 CVSS: NO CVSS Description: NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability.

CVE#: CVE-2021-37470 Published Date: 2021-07-25 CVSS: NO CVSS Description: In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.

CVE#: CVE-2021-37469 Published Date: 2021-07-25 CVSS: NO CVSS Description: In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem.

CVE#: CVE-2021-37468 Published Date: 2021-07-25 CVSS: NO CVSS Description: NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.

CVE#: CVE-2021-37467 Published Date: 2021-07-25 CVSS: NO CVSS Description: In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected).

CVE#: CVE-2021-37466 Published Date: 2021-07-25 CVSS: NO CVSS Description: In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected).

CVE#: CVE-2021-37465 Published Date: 2021-07-25 CVSS: NO CVSS Description: In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected).

CVE#: CVE-2021-37464 Published Date: 2021-07-25 CVSS: NO CVSS Description: In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored).

CVE#: CVE-2021-37463 Published Date: 2021-07-25 CVSS: NO CVSS Description: In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored).

CVE#: CVE-2021-37462 Published Date: 2021-07-25 CVSS: NO CVSS Description: Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected).

CVE#: CVE-2021-37461 Published Date: 2021-07-25 CVSS: NO CVSS Description: Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected).

CVE#: CVE-2021-37460 Published Date: 2021-07-25 CVSS: NO CVSS Description: Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).

CVE#: CVE-2021-37459 Published Date: 2021-07-25 CVSS: NO CVSS Description: Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).

CVE#: CVE-2021-37458 Published Date: 2021-07-25 CVSS: NO CVSS Description: Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).

CVE#: CVE-2021-37457 Published Date: 2021-07-25 CVSS: NO CVSS Description: Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).

CVE#: CVE-2021-37456 Published Date: 2021-07-25 CVSS: NO CVSS Description: Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).

CVE#: CVE-2021-37455 Published Date: 2021-07-25 CVSS: NO CVSS Description: Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).

CVE#: CVE-2021-37454 Published Date: 2021-07-25 CVSS: NO CVSS Description: Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).

CVE#: CVE-2021-37453 Published Date: 2021-07-25 CVSS: NO CVSS Description: Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).

CVE#: CVE-2021-37452 Published Date: 2021-07-25 CVSS: NO CVSS Description: NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.

CVE#: CVE-2021-37451 Published Date: 2021-07-25 CVSS: NO CVSS Description: Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).

CVE#: CVE-2021-37450 Published Date: 2021-07-25 CVSS: NO CVSS Description: Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).

CVE#: CVE-2021-37438 Published Date: 2021-07-25 CVSS: NO CVSS Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE#: CVE-2021-3663 Published Date: 2021-07-25 CVSS: NO CVSS Description: firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts

CVE#: CVE-2021-23413 Published Date: 2021-07-25 CVSS: NO CVSS Description: This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.

CVE#: CVE-2021-37436 Published Date: 2021-07-24 CVSS: NO CVSS Description: Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations.

CVE#: CVE-2021-32783 Published Date: 2021-07-23 CVSS: NO CVSS Description: Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy remotely (a denial of service), or to expose the existence of any Secret that Envoy is using for its configuration, including most notably TLS Keypairs. However, it *cannot* be used to get the *content* of those secrets. Since this attack allows access to the administration interface, a variety of administration options are available, such as shutting down the Envoy or draining traffic. In general, the Envoy admin interface cannot easily be used for making changes to the cluster, in-flight requests, or backend services, but it could be used to shut down or drain Envoy, change traffic routing, or to retrieve secret metadata, as mentioned above. The issue will be addressed in Contour v1.18.0 and a cherry-picked patch release, v1.17.1, has been released to cover users who cannot upgrade at this time. For more details refer to the linked GitHub Security Advisory.

CVE#: CVE-2021-32686 Published Date: 2021-07-23 CVSS: NO CVSS Description: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1.

CVE#: CVE-2021-3169 Published Date: 2021-07-23 CVSS: NO CVSS Description: An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.

CVE#: CVE-2021-25809 Published Date: 2021-07-23 CVSS: NO CVSS Description: UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.

CVE#: CVE-2021-25808 Published Date: 2021-07-23 CVSS: NO CVSS Description: A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.

CVE#: CVE-2020-20741 Published Date: 2021-07-23 CVSS: NO CVSS Description: Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect.

CVE#: CVE-2021-25791 Published Date: 2021-07-23 CVSS: NO CVSS Description: Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.

CVE#: CVE-2021-25790 Published Date: 2021-07-23 CVSS: NO CVSS Description: Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number.

CVE#: CVE-2021-23412 Published Date: 2021-07-23 CVSS: NO CVSS Description: All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.

CVE#: CVE-2021-3159 Published Date: 2021-07-23 CVSS: NO CVSS Description: A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file.

CVE#: CVE-2021-25208 Published Date: 2021-07-23 CVSS: NO CVSS Description: Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.

CVE#: CVE-2021-25206 Published Date: 2021-07-23 CVSS: NO CVSS Description: Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php.

CVE#: CVE-2021-25204 Published Date: 2021-07-23 CVSS: NO CVSS Description: Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php.

CVE#: CVE-2021-25203 Published Date: 2021-07-23 CVSS: NO CVSS Description: Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.

CVE#: CVE-2021-25201 Published Date: 2021-07-23 CVSS: NO CVSS Description: SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.

CVE#: CVE-2021-25207 Published Date: 2021-07-23 CVSS: NO CVSS Description: Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php.

CVE#: CVE-2019-9983 Published Date: 2021-07-23 CVSS: NO CVSS Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

CVE#: CVE-2021-20333 Published Date: 2021-07-23 CVSS: NO CVSS Description: Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21; MongoDB Server v4.2 versions prior to 4.2.10;

CVE#: CVE-2021-26799 Published Date: 2021-07-23 CVSS: NO CVSS Description: Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML.

CVE#: CVE-2020-14032 Published Date: 2021-07-23 CVSS: NO CVSS Description: ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM.

CVE#: CVE-2021-24036 Published Date: 2021-07-23 CVSS: NO CVSS Description: Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1.