|
- [
- {
- "CVE_ID": "CVE-2021-29457",
- "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/1529",
- "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/1529",
- "Repo_new": "exiv2/exiv2",
- "Issue_Created_At": "2021-04-08T03:01:08Z",
- "description": "heap buffer overflow write in APITAG VERSION exi NUMBERTAG URLTAG REPRODUCE Compile exi NUMBERTAG with asan: CODETAG Dowload testcases: URLTAG FILETAG exi NUMBERTAG in APITAG ERRORTAG Credit: Zhen Zhou of NSFOCUS Security Team",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-31255",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1733",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1733",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-08T04:06:31Z",
- "description": "FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-31257",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1734",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1734",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-08T04:07:59Z",
- "description": "null dereference in APITAG APITAG Hi, There is a null dereference issue with gpac APITAG can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-31259",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1735",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1735",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-08T07:10:40Z",
- "description": "null dereference in APITAG APITAG Hi, There is a null dereference issue with gpac APITAG can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-31260",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1736",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1736",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-08T07:11:57Z",
- "description": "null dereference in APITAG APITAG Hi, There is a null dereference issue with gpac APITAG can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-29458",
- "Issue_Url_old": "https://github.com/Exiv2/exiv2/issues/1530",
- "Issue_Url_new": "https://github.com/exiv2/exiv2/issues/1530",
- "Repo_new": "exiv2/exiv2",
- "Issue_Created_At": "2021-04-08T07:27:55Z",
- "description": "heap buffer overflow Read in APITAG VERSION exi NUMBERTAG URLTAG REPRODUCE Compile exi NUMBERTAG with asan: CODETAG Dowload testcases: URLTAG FILETAG Run command: APITAG ERRORTAG Credit: Zhen Zhou of NSFOCUS Security Team",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-3628",
- "Issue_Url_old": "https://github.com/openkm/document-management-system/issues/278",
- "Issue_Url_new": "https://github.com/openkm/document-management-system/issues/278",
- "Repo_new": "openkm/document-management-system",
- "Issue_Created_At": "2021-04-08T07:59:31Z",
- "description": "Cross Site Scrtipting issue.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-31261",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1737",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1737",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-09T00:56:24Z",
- "description": "FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-31262",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1738",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1738",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-09T00:57:41Z",
- "description": "null dereference in APITAG Hi, There is a null dereference issue with gpac APITAG can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-29486",
- "Issue_Url_old": "https://github.com/DrPaulBrewer/cumulative-distribution-function/issues/7",
- "Issue_Url_new": "https://github.com/drpaulbrewer/cumulative-distribution-function/issues/7",
- "Repo_new": "drpaulbrewer/cumulative-distribution-function",
- "Issue_Created_At": "2021-04-09T13:36:47Z",
- "description": "cdf never yields result for certain inpu. Hi, thanks you for providing this package. Given a specific data set we found that the function is stuck in a while loop. This can be reproduced reliably through the following example: ERRORTAG I hope you find this useful.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2020-26160",
- "Issue_Url_old": "https://github.com/dgrijalva/jwt-go/issues/462",
- "Issue_Url_new": "https://github.com/dgrijalva/jwt-go/issues/462",
- "Repo_new": "dgrijalva/jwt-go",
- "Issue_Created_At": "2021-04-09T18:34:18Z",
- "description": "Migrating Maintenance. See NUMBERTAG I haven't had time to maintain this project for quite a while. I originally made it just for myself, but it appears to have become quite popular. It seems like the best course of action would be to clone this into its own org and then set this repo up to mirror that one until users can fully migrate over. That's probably also a good opportunity to correctly implement go mod support. Does anybody want to take over as maintainer? It looks like APITAG already exists as a github org. Name ideas?",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-3496",
- "Issue_Url_old": "https://github.com/Matthias-Wandel/jhead/issues/33",
- "Issue_Url_new": "https://github.com/matthias-wandel/jhead/issues/33",
- "Repo_new": "matthias-wandel/jhead",
- "Issue_Created_At": "2021-04-13T03:00:34Z",
- "description": "FILETAG Verification steps\uff1a APITAG the source code of jhead Edit file makefile CODETAG APITAG the jhead APITAG NUMBERTAG run jhead APITAG asan info ERRORTAG Tanks",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-30637",
- "Issue_Url_old": "https://github.com/danpros/htmly/issues/456",
- "Issue_Url_new": "https://github.com/danpros/htmly/issues/456",
- "Repo_new": "danpros/htmly",
- "Issue_Created_At": "2021-04-13T03:26:18Z",
- "description": "The code has stored XSS vulnerabilities. The XSS filtering of blog title, Tagline, and Description in FILETAG is not rigorous, resulting in the generation of stored XSS FILETAG FILETAG Front display FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-4156",
- "Issue_Url_old": "https://github.com/libsndfile/libsndfile/issues/731",
- "Issue_Url_new": "https://github.com/libsndfile/libsndfile/issues/731",
- "Repo_new": "libsndfile/libsndfile",
- "Issue_Created_At": "2021-04-13T15:59:19Z",
- "description": "Heap buffer overflow in APITAG in flac_buffer_copy. Hi, I found a vulnerability in current master NUMBERTAG bd NUMBERTAG b URLTAG . There is a heap buffer overflow in APITAG in flac_buffer_copy. The vulnerability can lead to heap based buffer overflow via a crafted sound file, and potentially control heap data by forge buffer content to perform heap exploitation. To reproduce on NUMBERTAG Ubuntu NUMBERTAG with clang NUMBERTAG CODETAG APITAG FILETAG ASAN report: ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.1,
- "impactScore": 4.2,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-36371",
- "Issue_Url_old": "https://github.com/emissary-ingress/emissary/issues/3340",
- "Issue_Url_new": "https://github.com/emissary-ingress/emissary/issues/3340",
- "Repo_new": "emissary-ingress/emissary",
- "Issue_Created_At": "2021-04-13T21:29:23Z",
- "description": "Bypass mTLS by mixing SNI and Host headers. Describe the bug If Ambassador is deployed with multiple hosts/tlscontexts with some using mTLS ( APITAG ) and some not, it is possible to bypass the mTLS requirements for the backends that have it configured by sending an SNI for a APITAG that does not. I believe this stems from the fact that Ambassador matches APITAG based on SNI, but Mappings based on Host header. If APITAG does not require mTLS but APITAG does, it looks like its possible to talk directly to APITAG without a valid client certificate by doing something like: APITAG In some configurations it is also possible to do the same by just talking directly to the Ambassador APITAG IP address (not sending SNI at all). This works if the \"default\" APITAG does not require mTLS (I'm not exactly clear what APITAG Ambassador will fall back on if no SNI is given) To Reproduce I've put together a working minimal example with NUMBERTAG services and the YAML configurations: URLTAG ERRORTAG Expected behavior Ambassador should not apply a Host mapping if the SNI does not match. If this is expected behavior and you can't securely mix mTLS and non mTLS upstreams this should definitely be called out in the docs for those who need to rely on mTLS authentication. Versions (please complete the following information): Ambassador NUMBERTAG Kubernetes environment: EKS and APITAG Version NUMBERTAG and NUMBERTAG Additional context It is possible my configuration is bad/wrong, so if I have missed something in the docs please let me know",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
- "severity": "LOW",
- "baseScore": 3.7,
- "impactScore": 1.4,
- "exploitabilityScore": 2.2
- },
- {
- "CVE_ID": "CVE-2021-31712",
- "Issue_Url_old": "https://github.com/jpuri/react-draft-wysiwyg/issues/1102",
- "Issue_Url_new": "https://github.com/jpuri/react-draft-wysiwyg/issues/1102",
- "Repo_new": "jpuri/react-draft-wysiwyg",
- "Issue_Created_At": "2021-04-14T08:10:28Z",
- "description": "XSS via Link Target. The APITAG library is not filtering the APITAG prefix. XSS can be triggered when someone clicks the link on the draft. This vulnerability can be exploited in a scenario where the draft is shared among different users (such as in a blog/content dashboard). Steps to reproduce NUMBERTAG On URLTAG insert a link NUMBERTAG Set APITAG as Link Target NUMBERTAG Hover the link and click the icon to open the link NUMBERTAG You can see the APITAG is executed under the context of APITAG . Expectation If the link starts with APITAG , don't open it. You can try another rich text editor such as URLTAG for reference. The XSS itself is triggered because of this line URLTAG ( APITAG ). The url should be validated before it reaches that line.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-31327",
- "Issue_Url_old": "https://github.com/remoteclinic/RemoteClinic/issues/14",
- "Issue_Url_new": "https://github.com/remoteclinic/remoteclinic/issues/14",
- "Repo_new": "remoteclinic/remoteclinic",
- "Issue_Created_At": "2021-04-14T10:01:09Z",
- "description": "Stored XSS vulnerability in /medicines. Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: URLTAG Step to Reproduce NUMBERTAG Login in Application as Doctor NUMBERTAG When you scroll down the main dashboard page, there is medicines options, Click APITAG Medicine\". FILETAG NUMBERTAG Here is a APITAG Name\" Field which is vulnerable to XSS. Inject XSS Payload: FILETAG FILETAG NUMBERTAG You can see there is client side validation on Medicine Name with maxlength is NUMBERTAG but not validate on server side. FILETAG NUMBERTAG Change maxlength to NUMBERTAG FILETAG NUMBERTAG Now Click on Register. FILETAG NUMBERTAG SS Executed on FILETAG FILETAG NUMBERTAG Now go to /medicines, Click on Show All. FILETAG NUMBERTAG SS Executed on /medicines. FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-43701",
- "Issue_Url_old": "https://github.com/cskaza/cszcms/issues/31",
- "Issue_Url_new": "https://github.com/cskaza/cszcms/issues/31",
- "Repo_new": "cskaza/cszcms",
- "Issue_Created_At": "2021-04-14T11:09:30Z",
- "description": "Bug Report: Blind SQL Injection Vulnerability. Description: I found Blind SQL Injection vulnerability in your CMS APITAG \"export\" page. It refers to an injection attack where an attacker can execute malicious SQL statements that control a web application's database server. CMS Version NUMBERTAG Affected URL: URLTAG Steps to Reproduce NUMBERTAG At first login your panel NUMBERTAG then go to APITAG Menu > CSV Export / Import NUMBERTAG then select any Table Name and Select Fields. so your request data will be GET PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Waterfo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Referer: URLTAG Cookie: APITAG APITAG PATHTAG mw back to live edit=true; show sidebar layouts NUMBERTAG APITAG APITAG APITAG Connection: close Upgrade Insecure Requests NUMBERTAG APITAG FILETAG FILETAG Proof of Concept: You can see the Proof of Concept. which I've attached a video to confirm the vulnerability. FILETAG Impact: An attacker could extract information from database. Let me know if any further info is required. Thanks & Regards Rahad Chowdhury Cyber Security Specialist APITAG Limited URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-31329",
- "Issue_Url_old": "https://github.com/remoteclinic/RemoteClinic/issues/16",
- "Issue_Url_new": "https://github.com/remoteclinic/remoteclinic/issues/16",
- "Repo_new": "remoteclinic/remoteclinic",
- "Issue_Created_At": "2021-04-14T12:58:52Z",
- "description": "Stored XSS vulnerability in FILETAG . Stored XSS vulnerability in Version NUMBERTAG which allows remote attacker to inject arbitrary script or html. This being stored, will impact all users who have permissions to view the vulnerable page. Vulnerable Endpoint: FILETAG Step to Reproduce NUMBERTAG Login in Application as Doctor NUMBERTAG Create New Staff Member. FILETAG NUMBERTAG Register as a Doctor. FILETAG NUMBERTAG Here is two fields APITAG and APITAG Address\" which is vulnerable to XSS, inject with XSS Payload: FILETAG FILETAG NUMBERTAG Now Click on Register. FILETAG NUMBERTAG Profile Created. FILETAG NUMBERTAG Now Signout. FILETAG NUMBERTAG Login with that Staff Member which you registered as a Doctor. FILETAG NUMBERTAG Now go to My Profile. FILETAG NUMBERTAG SS Executed. FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-28170",
- "Issue_Url_old": "https://github.com/eclipse-ee4j/el-ri/issues/155",
- "Issue_Url_new": "https://github.com/jakartaee/expression-language/issues/155",
- "Repo_new": "jakartaee/expression-language",
- "Issue_Created_At": "2021-04-14T18:51:51Z",
- "description": "GHSL NUMBERTAG Bypass input sanitization of EL expressions . Github posted this publicly about NUMBERTAG weeks ago URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-31402",
- "Issue_Url_old": "https://github.com/flutterchina/dio/issues/1130",
- "Issue_Url_new": "https://github.com/cfug/dio/issues/1130",
- "Repo_new": "cfug/dio",
- "Issue_Created_At": "2021-04-15T08:40:27Z",
- "description": "CRLF in APITAG sec issue. New Issue Checklist x] I have searched for a similar issue in the [project URLTAG and found none Issue Info ENV: Any Examples generated on: ERRORTAG Issue Description and Steps Please consider given snippet: CODETAG Generated call looks like CODETAG Which presents a security issue. Classic CRLF injection. Vector attack: If the attacker controls the HTTP method(verb), he can change a call and steal all cookies, session whatever is in a call. Assuming flow like USER > FOO > BAR , where flow between FOO and BAR is internal, mentioned data may leak. Let's assume I'm replacing example.com with my hackery uservice.org and the victim(service) is working in a company behind the proxy. This means I can easily redirect calls with headers/cookies(tokens) and blah blah blah. By doing more advanced CRLF I can remove the requirement for proxy at all. Expected behavior: if HTTP method(verb) is invalid, raise error.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-31684",
- "Issue_Url_old": "https://github.com/netplex/json-smart-v1/issues/10",
- "Issue_Url_new": "https://github.com/netplex/json-smart-v1/issues/10",
- "Repo_new": "netplex/json-smart-v1",
- "Issue_Created_At": "2021-04-16T03:02:06Z",
- "description": "ERRORTAG in parser. The parser fails to throw the ERRORTAG when the parser read the APITAG , the following example input could cause the ERRORTAG APITAG In detail, when the parser tries to find closed single quotation mark using APITAG function, the iteration variable is not sets corretly in line NUMBERTAG URLTAG It shouldn't be the pos to be checked less than len . Instead, the i should be checked. The correct way in line NUMBERTAG is: APITAG Any input with unclosed single quotation mark could trigger this. Like the input of APITAG , cause the ERRORTAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-31684",
- "Issue_Url_old": "https://github.com/netplex/json-smart-v2/issues/67",
- "Issue_Url_new": "https://github.com/netplex/json-smart-v2/issues/67",
- "Repo_new": "netplex/json-smart-v2",
- "Issue_Created_At": "2021-04-16T03:21:57Z",
- "description": "ERRORTAG in parser. Same as URLTAG The code base is at URLTAG It shouldn't be the pos to be checked less than len . Instead, the i should be checked. The correct way in line NUMBERTAG is: APITAG Any input with unclosed single quotation mark could trigger this. Like the input of APITAG , cause the ERRORTAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-3508",
- "Issue_Url_old": "https://github.com/enferex/pdfresurrect/issues/17",
- "Issue_Url_new": "https://github.com/enferex/pdfresurrect/issues/17",
- "Repo_new": "enferex/pdfresurrect",
- "Issue_Created_At": "2021-04-16T08:58:58Z",
- "description": "Infinite loop in function get_xref_linear_skipped in pdf.c. version NUMBERTAG b commit af NUMBERTAG OS: ubuntu NUMBERTAG CODETAG If found 'trailer' ,then look backwards for 'xref'. But if there isn't character 'x' , the function APITAG will go into an infinite loop. poc(zipped ): FILETAG To reproduct: ./pdfresurrect [poc]",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-43802",
- "Issue_Url_old": "https://github.com/ether/etherpad-lite/issues/5010",
- "Issue_Url_new": "https://github.com/ether/etherpad-lite/issues/5010",
- "Repo_new": "ether/etherpad-lite",
- "Issue_Created_At": "2021-04-17T10:06:14Z",
- "description": "Sessionstorage is constantly growing. The session storage seems to be constantly growing When running etherpad we see a constantly growing number of session storage values in the database. Is there a way to clean them up? We already looked into the script, which didn't help. FILETAG . So it seems that this sessions are no group sessions. A standard session storage entry looks like: CODETAG Server (please complete the following information): Etherpad version NUMBERTAG OS: Debian Buster FILETAG version (node version): APITAG npm version (npm version NUMBERTAG Additional context All session storage keys values from mariadb: CODETAG None session storage keys values from mariadb: CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-31676",
- "Issue_Url_old": "https://github.com/lazyphp/PESCMS-TEAM/issues/7",
- "Issue_Url_new": "https://github.com/lazyphp/pescms-team/issues/7",
- "Repo_new": "lazyphp/pescms-team",
- "Issue_Created_At": "2021-04-19T09:20:03Z",
- "description": "There are some vulnerabilities in cms.. Cross Site Request Forgery(CSRF NUMBERTAG modify admin's password ,mail,phone and head image. Technical Description: file : APITAG The function of this file is to Modify personal information,but it don't Verify whether the operation is legal. Through it attackers can modify admin's password ,mail,phone and head image. Proof of APITAG CODETAG FILETAG APITAG the password of admin has been modify. FILETAG Cross Site Request Forgery(CSRF NUMBERTAG Delete the administrator and other member's account number Technical Description: file: APITAG Throught it can delete Any member and administrator just by modify the 'id' that in Url. Delete the Account number of administrator just need to modify the id as NUMBERTAG FILETAG Proof of APITAG CODETAG Visit this page of poc: FILETAG FILETAG We refresh the list of user ,that find that the user that called light is deleted. FILETAG Cross Site Request Forgery(CSRF NUMBERTAG Delete import information Technical Description: file: CODETAG Through CSRF to Delete important data is exist in these files. ALL the delete operations are not verify in front page. Like this: FILETAG Proof of APITAG CODETAG FILETAG refresh: FILETAG And other operations of delete are exist on this cms. Just give the positions,don't prove. FILETAG FILETAG Reflected XSS in PATHTAG In the method of extract, the CSRF also exist , but this is to prove the Rdflected XSS,not CSRF. In line NUMBERTAG the data from $_GET('begin') and $_GET('end') is transfer to variables, and output in pages. FILETAG Proof of APITAG CODETAG FILETAG In this page APITAG XSS can be combined with CSRF,this will cause bigger destruction",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2015-5521",
- "Issue_Url_old": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/408",
- "Issue_Url_new": "https://github.com/blackcatdevelopment/blackcatcms/issues/408",
- "Repo_new": "blackcatdevelopment/blackcatcms",
- "Issue_Created_At": "2021-04-19T19:03:53Z",
- "description": "XSS Vulnerability on Modify Group Page. Summary An authenticated malicious user can take advantage of a XSS vulnerability in the APITAG Group\" feature in Admin Steps to Reproduce: Login into the Admin panel Go to PATHTAG Add group with name '\"> APITAG APITAG ' Save group. Impact Cookie Stealing A malicious user can steal cookies and use them to gain access to the application. Arbitrary requests An attacker can use XSS to send requests that appear to be from the victim to the web server. Malware download XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the site, the user may be more likely to trust the request and actually install the malware. Defacement attacker can deface the website using javascript code.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.8,
- "impactScore": 2.7,
- "exploitabilityScore": 1.7
- },
- {
- "CVE_ID": "CVE-2021-32074",
- "Issue_Url_old": "https://github.com/hashicorp/vault-action/issues/205",
- "Issue_Url_new": "https://github.com/hashicorp/vault-action/issues/205",
- "Repo_new": "hashicorp/vault-action",
- "Issue_Created_At": "2021-04-20T17:51:47Z",
- "description": "Exposes secrets in plaintext. When using NUMBERTAG actions output secrets in plaintext, here's an example pipeline output APITAG pipeline itself CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-31745",
- "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/99",
- "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/99",
- "Repo_new": "pluck-cms/pluck",
- "Issue_Created_At": "2021-04-21T03:45:08Z",
- "description": "Pluck NUMBERTAG Session Fixation Vulnerability. Issue Summary A session fixation vulnerability exists within Pluck's administrative login system which can be abused to retain a valid login session even after an administrator has changed their password. Detailed Description It is possible to arbitrarily set the session ID of Pluck's \"PHPSESSID\" cookie. This cookie is used for maintaining administrative login sessions. This can be used in a session fixation attack, for example, to sustain unauthorized access to the CMS after already gaining it through a primary vulnerability. Furthermore, Pluck does not expire sessions in a timely manner nor are sessions bound in any other way. This also allows an easier brute force attack, as it is possible to brute force session IDs without rate limits imposed by the normal login process. APITAG Reproduction Steps NUMBERTAG From Google Chrome, open the developer tools menu, navigate to: Application > Storage > Cookies > APITAG NUMBERTAG Change the value of the \"PHPSESSID\" cookkie to an arbitrary value, such as \"wolf NUMBERTAG Login to the pluck administrative panel, by visiting FILETAG and login to the panel NUMBERTAG On a new browser, repeat steps NUMBERTAG and NUMBERTAG On step NUMBERTAG you will be given access without being prompted for administrative credentials. Impact After any primary exploit has occurred, the session fixation attack can be used in order to sustained unauthorized access. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation attempts such as resetting their password.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-31746",
- "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/100",
- "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/100",
- "Repo_new": "pluck-cms/pluck",
- "Issue_Created_At": "2021-04-21T04:09:29Z",
- "description": "Pluck NUMBERTAG Zip Slip Vulnerability. Issue Summary Pluck's module and theme installers are vulnerable to directory traversal (via zip slip). Detailed Description It is possible to upload a malicious zip file in order to traverse directories outside of the intended environment, potentially allowing arbitrary code execution which will run with the permissions of the user assigned to the webserver. Reproduction Steps NUMBERTAG Using the evilarc tool URLTAG , create a zip archive containing a PHP file with a depth of NUMBERTAG APITAG NUMBERTAG isit APITAG and upload the malicious APITAG you created NUMBERTAG isit APITAG and you now have a PHP shell. Impact This vulnerability makes remote code execution under the privileges of the user running the webserver application possible.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-31731",
- "Issue_Url_old": "https://github.com/Kitesky/KiteCMS/issues/9",
- "Issue_Url_new": "https://github.com/kitesky/kitecms/issues/9",
- "Repo_new": "kitesky/kitecms",
- "Issue_Created_At": "2021-04-21T07:11:29Z",
- "description": "Code execution vulnerability causes RCE NUMBERTAG log into the background of the site url: PATHTAG NUMBERTAG Add vulnerability URL url: PATHTAG Convert to a POST request FILETAG let contract FILETAG NUMBERTAG Access FILETAG generated in the root directory url: APITAG FILETAG Code audit The vulnerability file is located at: PATHTAG > APITAG FILETAG $path and $html We controlled,$rootpath Path splicing And the PATH variable can be passed through .. / directory The variable HTML is written to our PHP code The HTML is decoded, but it has no effect on the PHP code So we can find an existing file to overwrite the writing. POST payload is: PATHTAG APITAG Finally, the command is executed at index.PHP",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 5.2,
- "exploitabilityScore": 1.2
- },
- {
- "CVE_ID": "CVE-2021-31747",
- "Issue_Url_old": "https://github.com/pluck-cms/pluck/issues/101",
- "Issue_Url_new": "https://github.com/pluck-cms/pluck/issues/101",
- "Repo_new": "pluck-cms/pluck",
- "Issue_Created_At": "2021-04-21T17:59:48Z",
- "description": "Missing SSL Certificate Validation in FILETAG . Issue Summary Pluck's update system deliberately skips SSL certificate validation. Detailed Description Within FILETAG is the following code: APITAG This ensures peer SSL certificates are never valdiated. Impact In theory, this vulnerability can make the Pluck's update system susceptible to Man in the middle attacks.",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.8,
- "impactScore": 2.5,
- "exploitabilityScore": 2.2
- },
- {
- "CVE_ID": "CVE-2021-32132",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1753",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1753",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-22T08:05:19Z",
- "description": "null dereference issue in APITAG abst_box_size. Hi, There is a null dereference issue in gpac APITAG abst_box_size,this can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-31737",
- "Issue_Url_old": "https://github.com/emlog/emlog/issues/82",
- "Issue_Url_new": "https://github.com/emlog/emlog/issues/82",
- "Repo_new": "emlog/emlog",
- "Issue_Created_At": "2021-04-22T09:19:20Z",
- "description": "Remote code execution vulnerability due to upload of database backup file in emlog NUMBERTAG emlog NUMBERTAG The vulnerable file is in \uff1a FILETAG FILETAG Whether version NUMBERTAG or version NUMBERTAG users can back up SQL database in the background FILETAG FILETAG At the same time, users can upload after modifying the database backup file, at this time, we can construct malicious SQL statements in the data to achieve the purpose of writing the shell file FILETAG FILETAG We access the generated specified malicious files to execute the code FILETAG Tested for this bug in both versions",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-28860",
- "Issue_Url_old": "https://github.com/adaltas/node-mixme/issues/1",
- "Issue_Url_new": "https://github.com/adaltas/node-mixme/issues/1",
- "Repo_new": "adaltas/node-mixme",
- "Issue_Created_At": "2021-04-22T09:23:50Z",
- "description": "Prototype Pollution in Mixme. Hi there, In FILETAG mixme NUMBERTAG an attacker can add or alter properties of an object via '__proto__' through the APITAG and APITAG functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service APITAG POC code: merge({}, APITAG {\"polluted\": APITAG polluted!!!\"}}')) NPM should be notified accordingly. You can contact me regarding the mitigation. Have a great weekend.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.1,
- "impactScore": 5.2,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-31525",
- "Issue_Url_old": "https://github.com/golang/go/issues/45710",
- "Issue_Url_new": "https://github.com/golang/go/issues/45710",
- "Repo_new": "golang/go",
- "Issue_Created_At": "2021-04-22T19:53:59Z",
- "description": "http: APITAG can stack overflow. APITAG can stack overflow due to recursion when given a request with a very large header NUMBERTAG MB depending on the architecture). A APITAG which overrides the default max header of NUMBERTAG MB by setting APITAG to a much larger value could also be vulnerable in the same way. According to the new security policy NUMBERTAG this will be fixed as a PUBLIC track issue. Credit to Guido Vranken URLTAG who reported the crash as part of the Ethereum NUMBERTAG bounty program URLTAG . /cc APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.9,
- "impactScore": 3.6,
- "exploitabilityScore": 2.2
- },
- {
- "CVE_ID": "CVE-2021-32134",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1756",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1756",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-23T00:50:46Z",
- "description": "null dereference in APITAG gf_odf_desc_copy. Hi, There is a null dereference issue in gpac APITAG gf_odf_desc_copy,this can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-32135",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1757",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1757",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-23T00:51:46Z",
- "description": "null dereference in APITAG trak_box_size. Hi, There is a null dereference issue in gpac APITAG trak_box_size,this can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-31783",
- "Issue_Url_old": "https://github.com/Piwigo/LocalFilesEditor/issues/2",
- "Issue_Url_new": "https://github.com/piwigo/localfileseditor/issues/2",
- "Repo_new": "piwigo/localfileseditor",
- "Issue_Created_At": "2021-04-23T13:18:54Z",
- "description": "template files display may be used to display external files. Privately reported by Harry Goodman from NCC The APITAG can be used to display unexpected file on the hosting server. We need to make serious checks before any other action.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-31926",
- "Issue_Url_old": "https://github.com/CubeCoders/AMP/issues/443",
- "Issue_Url_new": "https://github.com/cubecoders/amp/issues/443",
- "Repo_new": "cubecoders/amp",
- "Issue_Created_At": "2021-04-24T12:42:45Z",
- "description": "Can add custom ports without permission. Bug Report System Information Operating System NUMBERTAG amd NUMBERTAG SMP Debian NUMBERTAG APITAG AMP version and build date NUMBERTAG built PATHTAG NUMBERTAG Which AMP release stream you're using Mainline I confirm: FILETAG NUMBERTAG Created a Test user with the following permissions (the user is not member of any group) FILETAG NUMBERTAG Login with a super admin and check the instance ports FILETAG NUMBERTAG Login with the Test user, click on the Minecraft Instance and then APITAG ports\" FILETAG NUMBERTAG Click on the \"+\" in the dialog and then APITAG NUMBERTAG Check again the ports with the super admin FILETAG NUMBERTAG A new port has been added On the step NUMBERTAG if I do APITAG changes\" it will give me this error FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-3502",
- "Issue_Url_old": "https://github.com/lathiat/avahi/issues/338",
- "Issue_Url_new": "https://github.com/lathiat/avahi/issues/338",
- "Repo_new": "lathiat/avahi",
- "Issue_Created_At": "2021-04-26T17:05:33Z",
- "description": "eachable assertion in APITAG when trying to resolve badly formatted hostnames ( CVETAG ). Hi An issue was reported in Debian as CVETAG which got CVETAG assigned. Quoting the report: CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2020-8562",
- "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/101493",
- "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/101493",
- "Repo_new": "kubernetes/kubernetes",
- "Issue_Created_At": "2021-04-26T19:18:04Z",
- "description": "PLACEHOLDER ISSUE. /area security /kind bug /committee product security /lifecycle frozen",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
- "severity": "LOW",
- "baseScore": 3.1,
- "impactScore": 1.4,
- "exploitabilityScore": 1.6
- },
- {
- "CVE_ID": "CVE-2021-31671",
- "Issue_Url_old": "https://github.com/ankane/pgsync/issues/121",
- "Issue_Url_new": "https://github.com/ankane/pgsync/issues/121",
- "Repo_new": "ankane/pgsync",
- "Issue_Created_At": "2021-04-26T22:09:39Z",
- "description": "Connection security vulnerability with schema sync. CVE Identifier: CVETAG Versions Affected NUMBERTAG and below Fixed Versions NUMBERTAG Impact pgsync drops connection parameters when syncing the schema with the APITAG and APITAG options. Some of these parameters may affect security. For instance, if sslmode is dropped, the connection may not use SSL. The first connection parameter is not affected. Here's an example where sslmode is dropped ( APITAG is not affected): APITAG This applies to both the to and from connections. All users running an affected release should upgrade immediately. Credits Thanks to Dmitriy Gunchenko for reporting this.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-32434",
- "Issue_Url_old": "https://github.com/leesavide/abcm2ps/issues/83",
- "Issue_Url_new": "https://github.com/lewdlime/abcm2ps/issues/83",
- "Repo_new": "lewdlime/abcm2ps",
- "Issue_Created_At": "2021-04-27T02:14:17Z",
- "description": "Out of bounds read in APITAG in calculate_beam. In function APITAG in draw.c . There is out of bounds read in array min_tb at line NUMBERTAG and NUMBERTAG the flaw will cause crash. ERRORTAG The (unsigned) s >nflags can be checked whether between NUMBERTAG and NUMBERTAG I am not sure what the APITAG means so i didn't try to fix it. gdb info: ERRORTAG reproduce: APITAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-32435",
- "Issue_Url_old": "https://github.com/leesavide/abcm2ps/issues/84",
- "Issue_Url_new": "https://github.com/lewdlime/abcm2ps/issues/84",
- "Repo_new": "lewdlime/abcm2ps",
- "Issue_Created_At": "2021-04-27T03:41:52Z",
- "description": "stack buffer overflow in function APITAG in parse.c. Stack buffer over found in parse.c in function APITAG The root cause maybe is in function APITAG the array accs and pits size is NUMBERTAG If APITAG bigger than NUMBERTAG then the array accs and pits will access out of index and corrupt the stack, if the value of APITAG is more bigger, then the stack frame will be corrupted. CODETAG gdb APITAG gef\u27a4 disassemble set_k_acc Dump of assembler code for function set_k_acc NUMBERTAG f NUMBERTAG c APITAG : endbr NUMBERTAG f NUMBERTAG APITAG : push rbp NUMBERTAG f NUMBERTAG APITAG : mov rbp,rsp NUMBERTAG f NUMBERTAG APITAG : sub rsp NUMBERTAG f NUMBERTAG APITAG : mov QWORD PTR [rbp NUMBERTAG rdi NUMBERTAG f NUMBERTAG APITAG mov rax, QWORD PTR [rbp NUMBERTAG f NUMBERTAG APITAG xor rax, QWORD PTR fs NUMBERTAG f NUMBERTAG e APITAG je NUMBERTAG f NUMBERTAG APITAG NUMBERTAG f NUMBERTAG APITAG call NUMBERTAG ba NUMBERTAG APITAG NUMBERTAG f NUMBERTAG APITAG leave \u2500 APITAG NUMBERTAG for (i NUMBERTAG i APITAG u. APITAG = accs[i NUMBERTAG s >u. APITAG = pits[i NUMBERTAG s >u. APITAG = nacc NUMBERTAG gef\u27a4 x/gx $rbp NUMBERTAG fffffffe NUMBERTAG gef\u27a4 p $fs NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-32436",
- "Issue_Url_old": "https://github.com/leesavide/abcm2ps/issues/85",
- "Issue_Url_new": "https://github.com/lewdlime/abcm2ps/issues/85",
- "Repo_new": "lewdlime/abcm2ps",
- "Issue_Created_At": "2021-04-27T07:57:56Z",
- "description": "out of bounds read in function APITAG in subs.c. Out of bounds read found in function APITAG in subs.c. The flow allows attackers to cause denial of service. Here didn't check whether APITAG is valid . gdb info: ERRORTAG reproduce : (poc zipped ) ERRORTAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-33473",
- "Issue_Url_old": "https://github.com/markevans/dragonfly/issues/513",
- "Issue_Url_new": "https://github.com/markevans/dragonfly/issues/513",
- "Repo_new": "markevans/dragonfly",
- "Issue_Created_At": "2021-04-28T23:40:59Z",
- "description": "Security Issue Report. Hello, we have discovered a security issue within this project. Do you have a preferred security contact that we could reach out to discuss this issue? Thank you very much!",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
- "severity": "CRITICAL",
- "baseScore": 9.1,
- "impactScore": 5.2,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-31919",
- "Issue_Url_old": "https://github.com/djkoloski/rkyv/issues/113",
- "Issue_Url_new": "https://github.com/rkyv/rkyv/issues/113",
- "Repo_new": "rkyv/rkyv",
- "Issue_Created_At": "2021-04-29T02:34:47Z",
- "description": "Archives may contain uninitialized memory. During serialization, struct padding bytes and unused enum bytes may not be initialized. These bytes may be written to disk or sent over unsecured channels. This issue has been fixed as of NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-32263",
- "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/13",
- "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/13",
- "Repo_new": "brackeen/ok-file-formats",
- "Issue_Created_At": "2021-04-29T11:33:39Z",
- "description": "heap buffer overflow in APITAG at APITAG Description A heap buffer overflow was discovered in ok_file_formats. The issue is being triggered in function APITAG at APITAG Version dev version, git clone FILETAG Environment Ubuntu NUMBERTAG bit Reproduce test program ERRORTAG Compile test program with Address Sanitizer: APITAG Asan Report ERRORTAG APITAG FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-32243",
- "Issue_Url_old": "https://github.com/FOGProject/fogproject/issues/422",
- "Issue_Url_new": "https://github.com/fogproject/fogproject/issues/422",
- "Repo_new": "fogproject/fogproject",
- "Issue_Created_At": "2021-04-29T11:39:10Z",
- "description": "APITAG NUMBERTAG File Upload RCE APITAG NUMBERTAG Create an empty NUMBERTAG Mb file. dd PATHTAG of=myshell bs NUMBERTAG count NUMBERTAG Add your PHP code to the end of the file created in the step NUMBERTAG echo ' APITAG ' >> myshell NUMBERTAG Put the file \"myshell\" accessible through HTTP. $ cp myshell PATHTAG NUMBERTAG Encode the URL to get \"myshell\" file to base NUMBERTAG APITAG Attacker IP). $ echo \" URLTAG \" | base NUMBERTAG APITAG NUMBERTAG isit URLTAG Example: URLTAG NUMBERTAG Appears a textbox, change the Kernel Name APITAG to FILETAG and click on Install NUMBERTAG isit URLTAG execute system whoami command",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-38190",
- "Issue_Url_old": "https://github.com/dimforge/nalgebra/issues/883",
- "Issue_Url_new": "https://github.com/dimforge/nalgebra/issues/883",
- "Repo_new": "dimforge/nalgebra",
- "Issue_Created_At": "2021-04-29T15:00:09Z",
- "description": "Deserialize is not sound for APITAG (and possibly others). APITAG currently looks like this: CODETAG APITAG carries an implicit invariant in that APITAG , and I believe there is some unsafe code that relies on this invariant. However, since Deserialize is derived, it does not know about this invariant. Therefore it is possible to break this invariant in safe code by deserializing invalid data. This is a potential security issue, since a malicious attacker might potentially use this to read/write to invalid memory locations. In order to fix this, we should write a custom Deserialize implementation that validates the input. There may also be other soundness issues caused by invariants not being upheld by derived Deserialize implementations throughout the library.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-3575",
- "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1347",
- "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1347",
- "Repo_new": "uclouvain/openjpeg",
- "Issue_Created_At": "2021-04-30T00:10:00Z",
- "description": "Heap buffer overflow in APITAG in sycc NUMBERTAG to_rgb. Hi, I found a vulnerability in current master NUMBERTAG bda NUMBERTAG URLTAG , and I also reproduced it on latest released version FILETAG . Crash Summary A heap buffer overflow in APITAG in sycc NUMBERTAG to_rgb, it can lead to heap based buffer overflow via a crafted APITAG file when decompress it. Crash Analysis There is improper check of APITAG . URLTAG APITAG FILETAG To reproduce NUMBERTAG Ubuntu NUMBERTAG with clang NUMBERTAG CODETAG ASAN report: ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-32136",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1765",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1765",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-30T00:42:12Z",
- "description": "FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-32137",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1766",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1766",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-30T00:43:52Z",
- "description": "FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-32138",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1767",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1767",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-30T00:45:19Z",
- "description": "null dereference in APITAG APITAG Hi, There is a null dereference issue in gpac APITAG APITAG can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-32139",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1768",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1768",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-30T00:46:26Z",
- "description": "null dereference in gpac APITAG gf_isom_vp_config_get. Hi, There is a null dereference issue in gpac APITAG gf_isom_vp_config_get,this can reproduce on the lattest commit. Steps To Reproduce build: APITAG run as: APITAG shows the following log: ERRORTAG Reporter NUMBERTAG n1p3r NUMBERTAG from Topsec Alpha Lab FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-32438",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1769",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1769",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-30T08:03:06Z",
- "description": "Null pointer dereference in gpac APITAG gf_media_export_filters. A null pointer dereference issue was found in APITAG to reproduce, compile gpac as follows: APITAG run poc file : APITAG Detailed ASAN result is as below: ERRORTAG Credit : APITAG of Venustech FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-32437",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1770",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1770",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-30T08:10:59Z",
- "description": "Null pointer dereference in function gf_hinter_finalize APITAG A null pointer dereference issue was found in APITAG to reproduce, compile gpac as follows: APITAG run poc file : APITAG Detailed ASAN result is as below: ERRORTAG Credit : APITAG of Venustech FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-32245",
- "Issue_Url_old": "https://github.com/pagekit/pagekit/issues/963",
- "Issue_Url_new": "https://github.com/pagekit/pagekit/issues/963",
- "Repo_new": "pagekit/pagekit",
- "Issue_Created_At": "2021-04-30T08:11:10Z",
- "description": "A stored XSS has been found in APITAG CMS affecting versions NUMBERTAG Problem A user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to PATHTAG that will point to FILETAG When a user comes along to click that link, it will trigger a XSS attack. exp.svg APITAG APITAG APITAG APITAG APITAG alert(/xss/); APITAG APITAG Technical Details Pagekit version NUMBERTAG Webserver: APITAG Database: APITAG PHP Version NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-32440",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1772",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1772",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-30T08:25:12Z",
- "description": "SEGV in gpac APITAG function APITAG A SEGV issue was found in APITAG to reproduce, compile gpac as follows: APITAG run poc file : APITAG Detailed ASAN result is as below: ERRORTAG Credit : APITAG of Venustech FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-32439",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1774",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1774",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-04-30T08:40:50Z",
- "description": "Out of bounds Write in APITAG A OOB Write issue was found in APITAG to reproduce, compile gpac as follows: APITAG run poc file : APITAG Detailed ASAN result is as below: ERRORTAG Credit : APITAG of Venustech FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-38115",
- "Issue_Url_old": "https://github.com/libgd/libgd/issues/697",
- "Issue_Url_new": "https://github.com/libgd/libgd/issues/697",
- "Repo_new": "libgd/libgd",
- "Issue_Created_At": "2021-04-30T18:12:52Z",
- "description": "Read out of bound in TGA files. hello, this issue URLTAG is showing a read out of bound for a corrupted TGA FILETAG which is patched by adding some checks for APITAG . although the patch prevents occurring this vulnerability I saw that this function ( APITAG ) is used in APITAG too which there is no check for its return value again. I changed the header of the file which was used for the previous CVETAG . In fact, I changed the first byte to ff which is assigned to APITAG . FILETAG APITAG when I run the test with this input file ASAN shows this: ERRORTAG Is it showing another vulnerability?",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-25743",
- "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/101695",
- "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/101695",
- "Repo_new": "kubernetes/kubernetes",
- "Issue_Created_At": "2021-05-02T12:06:24Z",
- "description": "ANSI escape characters in Event JSON objects are not being filtered. It is a security issue, but after contacting security APITAG Tim and the team confirmed that they are comfortable posting it publicly. What happened: Kubernetes doesn't sanitize the 'message' field in the Event JSON objects. Notice that this is relevant only to JSON objects, not YAML objects. By creating new event, we can insert ANSI escape characters inside the \"message\" field, like: APITAG This an example of such JSON request: CODETAG The codes: APITAG > Clean the screen and history APITAG > Clean the entire screen and delete all lines saved in the scrollback buffer APITAG > Moves the cursor position to row NUMBERTAG column NUMBERTAG beginning). APITAG > Set the colors APITAG > Move the cursor forward NUMBERTAG steps APITAG > Set the text colors to white The result is that the text was spoofed, and we could spoof the events, create hidden events, or hide other events. What you expected to happen: The ANSI escape characters will be filtered so they couldn't affect the terminal (i.e. using embeded ANSI colors won't do anything to the terminal). Or maybe some message that says that you can't use ANSI escape characters. How to reproduce it (as minimally and precisely as possible NUMBERTAG Run this code: CODETAG It will create a new event NUMBERTAG Run kubectl get events , you will see that the screen was clear, you will get a \"spoof\" message, and all the rest events or columns were gone. Anything else we need to know?: It might look like a low severity issue, but there are other variety of things we can do, from APITAG by using colors to hide all the events, changing the title of the terminal window, and spoof the data. It can affect other systems that are using Kubernetes events, such as monitoring applications. It doesn't have to be only the Kubernetes events. There might be other vulnerable objects that we didn't find or other systems that create new objects that count on this mechanism. ANSI escape characters were used to abuse terminals emulators and even cause code execution if the terminal is vulnerable (like CVETAG ). Environment: Kubernetes version (use kubectl version ): CODETAG Cloud provider or hardware configuration: OS (e.g: APITAG ): ERRORTAG Kernel (e.g. ERRORTAG ): APITAG Install tools: minikube APITAG Network plugin and version (if this is a network related bug): Others: we also reproduced it in Kubernetes (not minikube) version NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
- "severity": "LOW",
- "baseScore": 3.0,
- "impactScore": 1.4,
- "exploitabilityScore": 1.3
- },
- {
- "CVE_ID": "CVE-2021-3163",
- "Issue_Url_old": "https://github.com/quilljs/quill/issues/3359",
- "Issue_Url_new": "https://github.com/quilljs/quill/issues/3359",
- "Repo_new": "quilljs/quill",
- "Issue_Created_At": "2021-05-04T07:56:06Z",
- "description": "Is quill dead?. No updates. Version NUMBERTAG still on development mode. No commits. Is it dead?",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2019-25043",
- "Issue_Url_old": "https://github.com/SpiderLabs/ModSecurity/issues/2566",
- "Issue_Url_new": "https://github.com/spiderlabs/modsecurity/issues/2566",
- "Repo_new": "spiderlabs/modsecurity",
- "Issue_Created_At": "2021-05-06T03:01:20Z",
- "description": "Certain HTTP request cause APITAG to throw \"string out of index\" error. Describe the bug The connection will be closed due to a \"string index out of range\" error under certain request. Logs and dumps CODETAG To Reproduce APITAG Server: APITAG NUMBERTAG on Ngin NUMBERTAG official base image",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-32053",
- "Issue_Url_old": "https://github.com/hapifhir/hapi-fhir/issues/2641",
- "Issue_Url_new": "https://github.com/hapifhir/hapi-fhir/issues/2641",
- "Repo_new": "hapifhir/hapi-fhir",
- "Issue_Created_At": "2021-05-06T14:26:38Z",
- "description": "Potential Denial of Service in JPA Server via history operation. A weakness in our handling of FHIR history URLTAG operations has been reported. Specifically, on a server with a very large number of resources, if the history operation is executed by many clients (e.g NUMBERTAG concurrently, the server becomes unresponsive and ultimately consumes a large amount of disk and becomes unstable. Our investigation has revealed that the root cause is a APITAG query that executes at the start of all APITAG operations. Essentially, anytime a APITAG is executed, the server executes NUMBERTAG SQL statements (statements here are approximate NUMBERTAG A APITAG is performed to supply a value for ERRORTAG NUMBERTAG A APITAG is performed to supply the contents The second query is executed against an index and is very fast. The first query by its nature requires a full index scan and is slow. Executing it NUMBERTAG concurrent times quickly overwhelms the database and leads to timeouts, exceptions, and eventually instability. The proposed fix is as follows: A new APITAG setting is added. This setting introduces a \"history count mode\" with NUMBERTAG options: Cached. This is the new default: A loading cache will be used for history counts, meaning that counts are stored in RAM for up to one minute, and the loading cache blocks all but one client thread per JVM from actually performing the count. This effectively throttles access to the database. Not cached. This is the status quo and does exhibit the weakness described here, but may be appropriate in scenarios where users are trusted and accuracy is always required. No count. This setting avoids the count query entirely, saving time and avoiding this weakness at the expense of not including any total in the response. A huge thanks to Zachary Minneker at Security Innovation who discovered and submitted a responsible disclosure of this issue. This issue will be resolved for the upcoming NUMBERTAG release. A CVE number is forthcoming.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-23424",
- "Issue_Url_old": "https://github.com/Tjatse/ansi-html/issues/19",
- "Issue_Url_new": "https://github.com/tjatse/ansi-html/issues/19",
- "Repo_new": "tjatse/ansi-html",
- "Issue_Created_At": "2021-05-07T15:06:26Z",
- "description": "Exponential APITAG Posting here as unable to contact maintainer. Doyensec Vulnerability Advisory Regular Expression Denial of Service APITAG in ansi html Affected Product: ansi html NUMBERTAG endor: URLTAG Severity: Low Vulnerability Class: Denial of Service Status: Open Author(s): Ben Caller APITAG SUMMARY The npm package ansi html uses a regular expression which is vulnerable to Regular Expression Denial of Service APITAG If an attacker provides a malicious string, ansi html will get stuck processing the input for an extremely long time. TECHNICAL DESCRIPTION The vulnerable regular expression is NUMBERTAG d+) m URLTAG Due to the APITAG part, this regular expression has catastrophic backtracking when given a long string of digits. The behaviour occurs as long as the digits are not followed immediately by an 'm'. The complexity is exponential: increasing the length of the malicious string by one makes processing take about twice as long. REPRODUCTION STEPS In nodejs, run: APITAG Notice that node hangs at NUMBERTAG CPU. Increasing the number of spaces increases the processing time. On my laptop that would take three minutes to complete, whereas APITAG would take just over one year to complete. REMEDIATION Remove the asterisk from the regular expression on line NUMBERTAG Doyensec APITAG is an independent security research and development company focused on vulnerability discovery and remediation. We work at the intersection of software development and offensive engineering to help companies craft secure code. Copyright NUMBERTAG by Doyensec LLC. All rights reserved. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given. The information in the advisory is believed to be accurate at the time of publishing based on currently available information, and it is provided as is, as a free service to the community by Doyensec LLC. There are no warranties with regard to this information, and Doyensec LLC does not accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-33430",
- "Issue_Url_old": "https://github.com/numpy/numpy/issues/18939",
- "Issue_Url_new": "https://github.com/numpy/numpy/issues/18939",
- "Repo_new": "numpy/numpy",
- "Issue_Created_At": "2021-05-07T18:30:11Z",
- "description": "Potential buffer overflow in APITAG of ctors.c. APITAG Reproducing code example: Snippet : APITAG int nd ,......) { ............... if (descr >subarray) { APITAG ret; npy_intp newdims FILETAG Possible call path NUMBERTAG array_new > APITAG NUMBERTAG APITAG > APITAG NUMBERTAG array_fromfile > APITAG > APITAG APITAG version information: The main branch of APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 3.6,
- "exploitabilityScore": 1.6
- },
- {
- "CVE_ID": "CVE-2021-33362",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1780",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1780",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-05-08T05:09:01Z",
- "description": "FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-33361",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1782",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1782",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-05-08T05:12:31Z",
- "description": "FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-33364",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1783",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1783",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-05-08T05:13:43Z",
- "description": "FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-33365",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1784",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1784",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-05-08T05:14:42Z",
- "description": "FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-33363",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1786",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1786",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-05-08T05:17:05Z",
- "description": "FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-23394",
- "Issue_Url_old": "https://github.com/Studio-42/elFinder/issues/3295",
- "Issue_Url_new": "https://github.com/studio-42/elfinder/issues/3295",
- "Repo_new": "studio-42/elfinder",
- "Issue_Created_At": "2021-05-08T17:34:35Z",
- "description": "Remote Code Execution in APITAG NUMBERTAG create a .phar file using the following URL: FILETAG NUMBERTAG Add PHP code in the APITAG file by following GET request: URLTAG APITAG NUMBERTAG Execute the OS command with the privilege of the webserver: URLTAG Tested on apache and nginx webservers. By default it works in apache webserver and it requires .phar file to be executed as php code in nginx Python3 POC: import APITAG APITAG from pwn import import APITAG APITAG Chand\" APITAG APITAG def APITAG if APITAG APITAG python3 APITAG APITAG \") APITAG APITAG APITAG APITAG APITAG PATHTAG ) APITAG APITAG APITAG Za z NUMBERTAG for h in file_hash: APITAG APITAG PATHTAG APITAG &target=\"+hash_file) while True: cmd=raw_input(\"cmd>\") print(cmd) PATHTAG ()}\" res=wget(url, timeout NUMBERTAG APITAG if __name__==\"__main__\": APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-23574",
- "Issue_Url_old": "https://github.com/js-data/js-data/issues/576",
- "Issue_Url_new": "https://github.com/js-data/js-data/issues/576",
- "Repo_new": "js-data/js-data",
- "Issue_Created_At": "2021-05-08T22:09:49Z",
- "description": "\ud83d\udea8 Potential Improperly Controlled Modification of Object Prototype Attributes APITAG Pollution') ( CVETAG ). \ud83d\udc4b Hello, MENTIONTAG MENTIONTAG MENTIONTAG a potential high severity Improperly Controlled Modification of Object Prototype Attributes APITAG Pollution') ( CVETAG ) vulnerability in your repository has been disclosed to us. Next Steps NUMBERTAG isit URLTAG for more advisory information NUMBERTAG FILETAG to validate or speak to the researcher for more assistance NUMBERTAG Propose a patch or outsource it to our community whoever fixes it gets paid. Confused or need more help? Join us on our Discord URLTAG and a member of our team will be happy to help! \ud83e\udd17 Speak to a member of our team: MENTIONTAG This issue was automatically generated by FILETAG a bug bounty board for securing open source code.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-23574",
- "Issue_Url_old": "https://github.com/js-data/js-data/issues/577",
- "Issue_Url_new": "https://github.com/js-data/js-data/issues/577",
- "Repo_new": "js-data/js-data",
- "Issue_Created_At": "2021-05-09T11:04:37Z",
- "description": "\ud83d\udea8 Potential Improperly Controlled Modification of Object Prototype Attributes APITAG Pollution') ( CVETAG ). \ud83d\udc4b Hello, MENTIONTAG MENTIONTAG MENTIONTAG a potential high severity Improperly Controlled Modification of Object Prototype Attributes APITAG Pollution') ( CVETAG ) vulnerability in your repository has been disclosed to us. Next Steps NUMBERTAG isit URLTAG for more advisory information NUMBERTAG FILETAG to validate or speak to the researcher for more assistance NUMBERTAG Propose a patch or outsource it to our community whoever fixes it gets paid. Confused or need more help? Join us on our Discord URLTAG and a member of our team will be happy to help! \ud83e\udd17 Speak to a member of our team: MENTIONTAG This issue was automatically generated by FILETAG a bug bounty board for securing open source code.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-32546",
- "Issue_Url_old": "https://github.com/gogs/gogs/issues/6555",
- "Issue_Url_new": "https://github.com/gogs/gogs/issues/6555",
- "Repo_new": "gogs/gogs",
- "Issue_Created_At": "2021-05-10T15:04:02Z",
- "description": "Remote Command Execution. Hello, we are security researchers from Unicorn ( URLTAG and we have identified a serious vulnerability that is exploitable from the position of a registered user. The vulnerability allows the Remote Command Execution, leading to full server takeover. The details will be sent to FILETAG as requested. Regards, Marek Malcovsk\u00fd & Petr Pernik\u00e1\u0159",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-34557",
- "Issue_Url_old": "https://github.com/QubesOS/qubes-issues/issues/6595",
- "Issue_Url_new": "https://github.com/qubesos/qubes-issues/issues/6595",
- "Repo_new": "qubesos/qubes-issues",
- "Issue_Created_At": "2021-05-11T00:39:44Z",
- "description": "Xscreensaver dies unexpectedly, cannot lock screen . APITAG Qubes OS version APITAG NUMBERTAG Affected component(s) or functionality APITAG Screensaver, locking with Ctrl Alt L Brief summary APITAG Nothing happens when trying to lock the screen. No logs. Screensaver IS set to autostart already. And it works for some time. But after some time, (not sure about the exact cause), inactivity timer does not lock the screen, nor the screen lock shortcut works. When I open the Xfce Screensaver panel, it complains about the screensaver daemon being not running. Even after starting the daemon, same thing happens after some time. As there is no log at all, I cannot trace the cause. How Reproducible APITAG This started a few days ago, probably after applying a UEFI firmware update. The bug is always present since then, I guess. To Reproduce Steps to reproduce the behavior NUMBERTAG boot the system NUMBERTAG log in. do some work NUMBERTAG the computer won't lock when you expect it to lock its screen Expected behavior APITAG The lock should work. Actual behavior APITAG Lock is disabled Screenshots APITAG Additional context APITAG It might be considered a security issue as well, I did not notice that the screen was not locked but had the impression that it was. Solutions you've tried APITAG starting the xscreensaver using the respective xfce settings panel Relevant documentation URLTAG you've consulted APITAG Found some basic info that suggests to restart the screensaver, to put it into autostart (which already appears in session and startup panel as a ticked item) Related, non duplicate CVETAG issues APITAG (could not find any)",
- "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 4.6,
- "impactScore": 3.6,
- "exploitabilityScore": 0.9
- },
- {
- "CVE_ID": "CVE-2021-32613",
- "Issue_Url_old": "https://github.com/radareorg/radare2/issues/18679",
- "Issue_Url_new": "https://github.com/radareorg/radare2/issues/18679",
- "Repo_new": "radareorg/radare2",
- "Issue_Created_At": "2021-05-11T12:22:26Z",
- "description": "Heap memory bugs on pyc parse. Environment ERRORTAG Description APITAG While I am fuzzing rabin2 with I parameter, I am encountered several heap memory bugs with the same file on different sanitizers. I assume that if nested pyc magic byte NUMBERTAG is occured in file, radare2 tries to parse and does memory operations more than once and heap memory bugs are triggered. While ASAN throws heap use after free error on r_bin_object_set_items, MSAN and vanilla run throws double free error. This will lead seperate bugs both on r_bin_filter_name and r_bin_object_set_items . With ASAN: ERRORTAG With MSAN: ERRORTAG Without sanitizer: ERRORTAG Although, When I will test it with nested NUMBERTAG with no following bytes, It runs normally. ERRORTAG FILETAG It is failing with additional bytes after nested magic byte. FILETAG Test APITAG You can find files mentioned above in this zip file. FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-3163",
- "Issue_Url_old": "https://github.com/quilljs/quill/issues/3364",
- "Issue_Url_new": "https://github.com/quilljs/quill/issues/3364",
- "Repo_new": "quilljs/quill",
- "Issue_Created_At": "2021-05-11T14:34:05Z",
- "description": "Security Issue CVETAG . Hi. I would like to raise a security issue which is described in CVETAG . Is there any fix for that or do someone know an ETA when that security issue will be fixed? Thanks in advance.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-32559",
- "Issue_Url_old": "https://github.com/mhammond/pywin32/issues/1700",
- "Issue_Url_new": "https://github.com/mhammond/pywin32/issues/1700",
- "Repo_new": "mhammond/pywin32",
- "Issue_Created_At": "2021-05-11T20:56:14Z",
- "description": "Integer overflow in APITAG Context When an ACL is resized to add an ACE, it is possible to craft an integer overflow targeting the calculated\u202f APITAG . This results in a smaller than required buffer allocation which causes its\u202f memcpy \u202fof the ACL data to result in a heap overflow. Expected behavior and actual behavior Expected Behavior: Throw an exception indicating that the ACE could not be added because there is not enough room left in the ACL before hitting the size limit. Actual Behavior: The\u202f APITAG \u202fis overflowed and the\u202f memcpy \u202fresults in a heap overflow. Steps to reproduce the problem This was reproduced by adding roughly NUMBERTAG ACEs to an ACL. The exact count of ACEs that need to be added before reproducing the issue will vary based on the length of the SID in the ACE entry and the current size of the ACL being modified. Reproduction Goal: Add an ACE to an ACL such that the new size would be larger than\u202f APITAG . Version of Python and pywin NUMBERTAG Tested on Python NUMBERTAG with pywin NUMBERTAG b NUMBERTAG Appears to effect version b NUMBERTAG through b NUMBERTAG CVE CVETAG APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-34141",
- "Issue_Url_old": "https://github.com/numpy/numpy/issues/18993",
- "Issue_Url_new": "https://github.com/numpy/numpy/issues/18993",
- "Repo_new": "numpy/numpy",
- "Issue_Created_At": "2021-05-12T02:04:35Z",
- "description": "Unsecure string comparison (incomplete comparison) in _convert_from_str of descriptor.c. APITAG Reproducing code example: Snippet : / Check for a deprecated Numeric style typecode / / Uint has deliberately weird uppercasing / char dep_tps FILETAG APITAG version information: the main branch of APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-33347",
- "Issue_Url_old": "https://github.com/JPressProjects/jpress/issues/152",
- "Issue_Url_new": "https://github.com/jpressprojects/jpress/issues/152",
- "Repo_new": "jpressprojects/jpress",
- "Issue_Created_At": "2021-05-12T12:06:12Z",
- "description": "There is a storage XSS vulnerability in the template module. There is a storage XSS vulnerability in the template module. The figure shows the setting interface of template management, which is used to describe the left part of the home page. URL: APITAG FILETAG However, if hackers enter the background by means of weak password and add XSS code, they can easily cause great harm: Hijacking cookies, obtaining sensitive information, phishing and so on.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-33348",
- "Issue_Url_old": "https://github.com/jfinal/jfinal/issues/188",
- "Issue_Url_new": "https://github.com/jfinal/jfinal/issues/188",
- "Repo_new": "jfinal/jfinal",
- "Issue_Created_At": "2021-05-13T02:04:35Z",
- "description": "There are XSS vulnerabilities in some cases. The main reason is that the controller does not filter the parameters during rendering, which leads to malicious input of users and may lead to XSS APITAG FILETAG I wrote a demo: Controller CODETAG FILETAG APITAG If the user's input is output directly, XSS will be caused after the controller's set method is set. If the malicious parameters of controller are taken from the database, XSS vulnerability will be stored Repair The APITAG should be judged before the set method calls APITAG . If it is in string format, the harmful characters should be filtered, such as APITAG CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-41496",
- "Issue_Url_old": "https://github.com/numpy/numpy/issues/19000",
- "Issue_Url_new": "https://github.com/numpy/numpy/issues/19000",
- "Repo_new": "numpy/numpy",
- "Issue_Created_At": "2021-05-13T04:05:51Z",
- "description": "Potential buffer overflow from string operations in function array_from_pyobj of fortranobject.c. APITAG Reproducing code example: Snippet : ERRORTAG Error message: File : PATHTAG Function : array_from_pyobj (line NUMBERTAG Optional call path : External > fortran_setattr > array_from_pyobj Details in FILETAG When we run our analysis tool on APITAG a few Inappropriate string operations are reported at call sites of function strcpy, sprintf, and strcat in array_from_pyobj. There are no boundary checks at these points despite \"mess\" seems large enough to ensure the operations safe except for the point shown above. As a suggestion, it is better to replace these functions with strncpy, strncat, and snprintf. APITAG version information: the main branch of APITAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-33186",
- "Issue_Url_old": "https://github.com/SerenityOS/serenity/issues/7072",
- "Issue_Url_new": "https://github.com/serenityos/serenity/issues/7072",
- "Repo_new": "serenityos/serenity",
- "Issue_Created_At": "2021-05-13T07:24:04Z",
- "description": "Tests: test crypto has stack buffer overflow when AES encrypting NUMBERTAG octets. This test causes a stack buffer overflow in the in array of NUMBERTAG bytes: CODETAG APITAG APITAG Test run details with ASAN backtrace APITAG ERRORTAG APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-33185",
- "Issue_Url_old": "https://github.com/SerenityOS/serenity/issues/7073",
- "Issue_Url_new": "https://github.com/serenityos/serenity/issues/7073",
- "Repo_new": "serenityos/serenity",
- "Issue_Created_At": "2021-05-13T07:29:03Z",
- "description": "Tests: APITAG has heap buffer overflow in set_range test. The set_range test in APITAG overflows the allocated bitmap in APITAG CODETAG APITAG APITAG Test run with ASAN backtrace APITAG ERRORTAG APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-34122",
- "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/36",
- "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/36",
- "Repo_new": "rockcarry/ffjpeg",
- "Issue_Created_At": "2021-05-13T09:08:27Z",
- "description": "null pointer dereference in function APITAG in bitstr.c. Hi, There is null pointer dereference in function APITAG and APITAG in bitstr.c. Didn't check whether the stream is valid . CODETAG version NUMBERTAG ab ERRORTAG e (latest one) env ubuntu NUMBERTAG gcc version NUMBERTAG reproduce: make ./ffjpeg e poc FILETAG debug info CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-32615",
- "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1410",
- "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1410",
- "Repo_new": "piwigo/piwigo",
- "Issue_Created_At": "2021-05-13T10:37:45Z",
- "description": "NUMBERTAG user manager] SQL injection. As reported by Harry Goodman from NCC Group: > The \u2018order NUMBERTAG dir]\u2019 parameter in FILETAG is vulnerable to SQL injection > > I believe this is because of the following pieces of code: CODETAG > I would suggest either using the check_inputs function that your application seems to rely on, or depending on how much functionality is needed, just do a check to ensure the parameter is either ASC or DESC. > > CVETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-3517",
- "Issue_Url_old": "https://github.com/sparklemotion/nokogiri/issues/2233",
- "Issue_Url_new": "https://github.com/sparklemotion/nokogiri/issues/2233",
- "Repo_new": "sparklemotion/nokogiri",
- "Issue_Created_At": "2021-05-13T16:59:41Z",
- "description": "Upgrade packaged libxml2 to NUMBERTAG libxml NUMBERTAG was released today NUMBERTAG Let's plan on upgrading to it for the next release. [ ] update APITAG [ ] remove patches that are no longer needed, ensure remaining patches apply cleanly [ ] get all the tests green, particularly under valgrind",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
- "severity": "HIGH",
- "baseScore": 8.6,
- "impactScore": 4.7,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43676",
- "Issue_Url_old": "https://github.com/matyhtf/framework/issues/206",
- "Issue_Url_new": "https://github.com/matyhtf/framework/issues/206",
- "Repo_new": "matyhtf/framework",
- "Issue_Created_At": "2021-05-13T17:58:26Z",
- "description": "Possible path manipulation vulnerability. Hello, I would like to report for a path manipulation vulnerability. File FILETAG line NUMBERTAG ERRORTAG File FILETAG ERRORTAG File FILETAG ERRORTAG File FILETAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41497",
- "Issue_Url_old": "https://github.com/RaRe-Technologies/bounter/issues/47",
- "Issue_Url_new": "https://github.com/rare-technologies/bounter/issues/47",
- "Repo_new": "rare-technologies/bounter",
- "Issue_Created_At": "2021-05-14T08:12:08Z",
- "description": "Potential buffer overflow in APITAG of hill.c. APITAG APITAG Description Write to \"self >registers FILETAG PATHTAG to Reproduce ERRORTAG Optional call path : increment > APITAG > APITAG > APITAG Expected Results Return after APITAG Actual Results No return Versions the main branch APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41097",
- "Issue_Url_old": "https://github.com/aurelia/path/issues/44",
- "Issue_Url_new": "https://github.com/aurelia/path/issues/44",
- "Repo_new": "aurelia/path",
- "Issue_Created_At": "2021-05-14T09:04:12Z",
- "description": "Prototype Pollution. I'm submitting a bug report APITAG of aurelia path is vulnerable to prototype pollution. POC aurelia blog is using APITAG to parse APITAG so it is vulnerable to prototype pollution NUMBERTAG Open the following URL: URLTAG NUMBERTAG Open Devtools Console, and check the APITAG NUMBERTAG You can notice Object being polluted with the \"asdf\" property.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-32849",
- "Issue_Url_old": "https://github.com/Gerapy/Gerapy/issues/197",
- "Issue_Url_new": "https://github.com/gerapy/gerapy/issues/197",
- "Repo_new": "gerapy/gerapy",
- "Issue_Created_At": "2021-05-14T12:11:59Z",
- "description": "APITAG Security Lab: Security Contact Needed. Hello, The FILETAG has found a potential vulnerability in your project. Please create a Security Advisory URLTAG and invite me in to further disclose and discuss the vulnerability details and potential fix. Alternatively, please add a Security Policy URLTAG containing a security email address to send the details to. If you prefer to contact us by email, please reach out to EMAILTAG with reference to APITAG . Thank you, Agustin Gianni APITAG Security Lab",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43673",
- "Issue_Url_old": "https://github.com/zyx0814/dzzoffice/issues/188",
- "Issue_Url_new": "https://github.com/zyx0814/dzzoffice/issues/188",
- "Repo_new": "zyx0814/dzzoffice",
- "Issue_Created_At": "2021-05-14T19:23:58Z",
- "description": "Possible XSS vulnerability . Hello, I would to report for a possible XSS vulnerability. In file APITAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43693",
- "Issue_Url_old": "https://github.com/serghey-rodin/vesta/issues/2052",
- "Issue_Url_new": "https://github.com/serghey-rodin/vesta/issues/2052",
- "Repo_new": "serghey-rodin/vesta",
- "Issue_Created_At": "2021-05-14T23:15:25Z",
- "description": "Possible file inclusion vulnerability. Hello, I would like to report for possible file inclusion vulnerability. In file PATHTAG APITAG File PATHTAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-32618",
- "Issue_Url_old": "https://github.com/Flask-Middleware/flask-security/issues/486",
- "Issue_Url_new": "https://github.com/flask-middleware/flask-security/issues/486",
- "Repo_new": "flask-middleware/flask-security",
- "Issue_Created_At": "2021-05-17T01:18:29Z",
- "description": "Open Redirect Vulnerability. It has been reported that FS (all versions) have an open redirect vulnerabilty. This is due to a combination of FS not doing complete checking of whether a redirect URL is relative or absolute, and modern browsers willing to 'fill in the blanks' for slightly malformed URLs. Thus a URL of the form: FILETAG will cause many browsers to redirect to github.com after a successful login to your app. However by default, Werkzeug auto corrects Location headers to always be absolute so this vulnerability doesn't exist for many (most?) applications.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-33041",
- "Issue_Url_old": "https://github.com/yoshuawuyts/vmd/issues/137",
- "Issue_Url_new": "https://github.com/yoshuawuyts/vmd/issues/137",
- "Repo_new": "yoshuawuyts/vmd",
- "Issue_Created_At": "2021-05-17T08:58:43Z",
- "description": "Cross Site Scripting vulnerability. Hi, I'd like to report a security vulnerability in lastest release : Description: Cross site scripting (XSS) vulnerability(also execute constructed malicious code) Date: APITAG Version NUMBERTAG APITAG Tested on: Windows NUMBERTAG Mac POC The program does not properly handle the content of the code, causing the program to have a cross site scripting vulnerability, which can also execute constructed malicious code NUMBERTAG creat FILETAG file with the following content: ERRORTAG NUMBERTAG use FILETAG to open the FILETAG ,the poc code is executed NUMBERTAG pop up FILETAG XSS the file content code : ERRORTAG APITAG Execute malicious code the file content code : APITAG use FILETAG open FILETAG file to execute malicious code with xss vulnerability: APITAG when FILETAG open the FILETAG file , the poc code parsed in FILETAG APITAG , so it executed: APITAG Use the Poc APITAG on Mac: FILETAG How to fi NUMBERTAG Use an appropriate escaping/encoding technique depending on where user input is to be used: HTML escape, APITAG escape, CSS escape, URL escape, etc NUMBERTAG MD should sanitize the content in order to avoid XSS.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2020-20907",
- "Issue_Url_old": "https://github.com/cby234/cve_request/issues/2",
- "Issue_Url_new": "https://github.com/cby234/cve_request/issues/2",
- "Repo_new": "cby234/cve_request",
- "Issue_Created_At": "2021-05-17T10:07:19Z",
- "description": "metinfo NUMBERTAG beta remote delete ini file. Vulnerability Name: Metinfo CMS ini file modify vulnerability Product Homepage: FILETAG Software link: URLTAG Version NUMBERTAG beta APITAG vulnerability only occur in Window OS) In PATHTAG APITAG Method FILETAG In this method We can find editor and site parameter makes filename value and use it for delfile method's argument FILETAG Let's take a look at PATHTAG source code FILETAG When we check delfile method we use filename argument for APITAG function and if return value is true unlink filename argument file will be unlink Before we analyze more about this point. Let's take a look at about APITAG function's difference between in Linux and Windows FILETAG FILETAG In Linux (first picture) if there is no real dirctory which name is asdf function do not return true value unliness there is APITAG value. But In Windows APITAG funciotn return true value if there is fake directory which name is asdf (second picture). Because of this point we can delete remote ini file in windows server Attack scenario is below NUMBERTAG give site parameter value for 'admin' or 'web' and give editor parameter for PATHTAG POC : PATHTAG FILETAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.1,
- "impactScore": 5.2,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-25737",
- "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/102106",
- "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/102106",
- "Repo_new": "kubernetes/kubernetes",
- "Issue_Created_At": "2021-05-18T19:14:27Z",
- "description": "CVETAG : Holes in APITAG Validation Enable Host Network Hijack. Issue Details A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link local range, but the same validation was not performed on APITAG IPs. This issue has been rated Low ( PATHTAG URLTAG , and assigned CVETAG . Affected Component kube apiserver Affected Versions NUMBERTAG APITAG APITAG were not enabled by default in NUMBERTAG Fixed Versions This issue is fixed in the following versions NUMBERTAG Mitigation To mitigate this vulnerability without upgrading kube apiserver, you can create a validating admission webhook that prevents APITAG with endpoint addresses in the APITAG and APITAG ranges. If you have an existing admission policy mechanism (like OPA Gatekeeper) you can create a policy that enforces this restriction. Detection To detect whether this vulnerability has been exploited, you can list APITAG and check for endpoint addresses in the APITAG and APITAG ranges. If you find evidence that this vulnerability has been exploited, please contact security APITAG Acknowledgements This vulnerability was reported by John Howard of Google.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.8,
- "impactScore": 2.7,
- "exploitabilityScore": 1.7
- },
- {
- "CVE_ID": "CVE-2021-38188",
- "Issue_Url_old": "https://github.com/icedland/iced/issues/168",
- "Issue_Url_new": "https://github.com/icedland/iced/issues/168",
- "Repo_new": "icedland/iced",
- "Issue_Created_At": "2021-05-19T04:00:03Z",
- "description": "APITAG advisory for versions prior to NUMBERTAG I was running Miri on my project and saw a curious violation: ERRORTAG Per the Rust docs for ERRORTAG URLTAG : APITAG this method with an out of bounds index is undefined behavior even if the resulting reference is not used. Full code context: URLTAG It looks like this code was changed in URLTAG and no longer contains a call to ERRORTAG . I'm mostly submitting this issue as an FYI, but IMO a FILETAG should be published for versions prior to this fix to prevent undefined behavior in Rust applications consuming this library. If you agree I'd be happy to submit the advisory.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41495",
- "Issue_Url_old": "https://github.com/numpy/numpy/issues/19038",
- "Issue_Url_new": "https://github.com/numpy/numpy/issues/19038",
- "Repo_new": "numpy/numpy",
- "Issue_Created_At": "2021-05-19T06:21:52Z",
- "description": "Missing return value validation of the function APITAG APITAG Reproducing code example: The definition of APITAG CODETAG Call site example for APITAG CODETAG Error message: At most call sites for APITAG there are no validations of its return, but an invalid address may be returned. FILETAG APITAG version information: the main branch",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 3.6,
- "exploitabilityScore": 1.6
- },
- {
- "CVE_ID": "CVE-2016-4074",
- "Issue_Url_old": "https://github.com/hashicorp/consul/issues/10263",
- "Issue_Url_new": "https://github.com/hashicorp/consul/issues/10263",
- "Repo_new": "hashicorp/consul",
- "Issue_Created_At": "2021-05-20T06:33:50Z",
- "description": "Vunerability CVETAG on jq. Overview of the Issue Security tool scanned the APITAG NUMBERTAG docker image and found the following CVE: CVETAG Reproduction Steps Steps to reproduce this issue NUMBERTAG Get lastest APITAG NUMBERTAG docker image (we testes both latest and NUMBERTAG Use a security tool to scan for CVEs Environment Kubernetes version: AKS NUMBERTAG consul version NUMBERTAG and NUMBERTAG Security scan result Fixable CVETAG (CVSS NUMBERTAG found in component 'jq' (version NUMBERTAG r0) in container 'consul', resolved by version NUMBERTAG rc1 r0",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-33961",
- "Issue_Url_old": "https://github.com/softvar/enhanced-github/issues/96",
- "Issue_Url_new": "https://github.com/softvar/enhanced-github/issues/96",
- "Repo_new": "softvar/enhanced-github",
- "Issue_Created_At": "2021-05-21T10:31:25Z",
- "description": "Stored XSS Vulnerable. Use a browser that has installed extensions to access a APITAG repository containing malicious xss code in the file name, and you will be attacked by xss vulnerability\u3002 as follows\uff1a URLTAG Vulnerability repair suggestions\uff1a Filter keywords and characters: javascript APITAG APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-44144",
- "Issue_Url_old": "https://github.com/CroatiaControlLtd/asterix/issues/183",
- "Issue_Url_new": "https://github.com/croatiacontrolltd/asterix/issues/183",
- "Repo_new": "croatiacontrolltd/asterix",
- "Issue_Created_At": "2021-05-21T21:15:06Z",
- "description": "\ud83d\udea8 Potential Heap based Buffer Overflow. \ud83d\udc4b Hello, MENTIONTAG MENTIONTAG MENTIONTAG a potential medium severity Heap based Buffer Overflow vulnerability in your repository has been disclosed to us. Next Steps NUMBERTAG isit URLTAG for more advisory information NUMBERTAG FILETAG to validate or speak to the researcher for more assistance NUMBERTAG Propose a patch or outsource it to our community whoever fixes it gets paid. Confused or need more help? Join us on our Discord URLTAG and a member of our team will be happy to help! \ud83e\udd17 Speak to a member of our team: MENTIONTAG This issue was automatically generated by FILETAG a bug bounty board for securing open source code.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.1,
- "impactScore": 5.2,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-34071",
- "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/423",
- "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/423",
- "Repo_new": "justdan96/tsmuxer",
- "Issue_Created_At": "2021-05-22T16:27:04Z",
- "description": "heap buffer overflow in APITAG Hi, please see asan output and poc file below. System info\uff1a Ubuntu NUMBERTAG APITAG version git f6ab2a2 Asan output: APITAG version git f6ab2a2. PATHTAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG f5 at pc NUMBERTAG f NUMBERTAG bp NUMBERTAG ffebdd7b NUMBERTAG sp NUMBERTAG ffebdd7b NUMBERTAG READ of size NUMBERTAG at NUMBERTAG f5 thread T NUMBERTAG f NUMBERTAG in APITAG int) PATHTAG NUMBERTAG e NUMBERTAG in APITAG char , int) PATHTAG NUMBERTAG ceacc in APITAG char , int, APITAG int, int) PATHTAG NUMBERTAG c NUMBERTAG in APITAG APITAG std::char_traits APITAG , std::allocator APITAG > const&, bool) PATHTAG NUMBERTAG df NUMBERTAG e in APITAG const , APITAG , bool) PATHTAG NUMBERTAG efd NUMBERTAG in main PATHTAG NUMBERTAG fb1de NUMBERTAG a NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG ebded in _start ( PATHTAG NUMBERTAG f5 is located NUMBERTAG bytes to the right of NUMBERTAG byte region FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-34067",
- "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/424",
- "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/424",
- "Repo_new": "justdan96/tsmuxer",
- "Issue_Created_At": "2021-05-22T16:27:48Z",
- "description": "heap buffer overflow in APITAG Hi, please see asan output and poc file below. System info\uff1a Ubuntu NUMBERTAG APITAG version git f6ab2a2 APITAG version git f6ab2a2. PATHTAG This HEVC stream doesn't contain fps value. Muxing fps is absent too. Set muxing FPS to default NUMBERTAG alue. HEVC manual defined fps doesn't equal to stream fps. Change HEVC fps from NUMBERTAG to NUMBERTAG APITAG NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG eaf2 at pc NUMBERTAG c bp NUMBERTAG ffc6a2a NUMBERTAG sp NUMBERTAG ffc6a2a NUMBERTAG READ of size NUMBERTAG at NUMBERTAG eaf2 thread T NUMBERTAG b in APITAG PATHTAG NUMBERTAG b in APITAG int, int) PATHTAG NUMBERTAG af in APITAG , unsigned char , unsigned char , int) PATHTAG NUMBERTAG f NUMBERTAG in APITAG , unsigned char , unsigned char , int) PATHTAG NUMBERTAG bfa4 in APITAG char , int) PATHTAG NUMBERTAG d0b NUMBERTAG in APITAG char , int, APITAG int, int) PATHTAG NUMBERTAG c NUMBERTAG in APITAG APITAG std::char_traits APITAG , std::allocator APITAG > const&, bool) PATHTAG NUMBERTAG df NUMBERTAG e in APITAG const , APITAG , bool) PATHTAG NUMBERTAG efd NUMBERTAG in main PATHTAG NUMBERTAG fb NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG ebded in _start ( PATHTAG NUMBERTAG eaf5 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG d in operator APITAG long) ( PATHTAG NUMBERTAG in APITAG char const , unsigned char const ) PATHTAG SUMMARY: APITAG heap buffer overflow PATHTAG in APITAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fd fd fd fd fd fa fa fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa NUMBERTAG fa fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffbd NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fffbda0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-23400",
- "Issue_Url_old": "https://github.com/nodemailer/nodemailer/issues/1289",
- "Issue_Url_new": "https://github.com/nodemailer/nodemailer/issues/1289",
- "Repo_new": "nodemailer/nodemailer",
- "Issue_Created_At": "2021-05-22T22:32:40Z",
- "description": "Header injection vulnerability in address object. Please fill the following questionnaire about your issue NUMBERTAG What kind of issue are you reporting? x] A bug in Nodemailer [ ] A bug in a plugin of Nodemailer (eg. issues with nodemailer sendgrid) [ ] Feature request [ ] Looking for help to resolve some kind of problem with Nodemailer NUMBERTAG Are you listed as a sponsor of Nodemailer project (see Sponsors button above)? [ ] Yes. Sponsors get priority support [x] No. Unless it is a bug in Nodemailer you might find support from public forums like APITAG URLTAG NUMBERTAG State your problem here: I've got a pretty standard APITAG call here in an HTTP handler: CODETAG An address that contains line breaks can add arbitrary SMTP headers. In my mind, the reason for using an address object is to avoid having to deal with escaping odd names and addresses (like would be necessary with APITAG NUMBERTAG name} APITAG NUMBERTAG APITAG ); therefore, it is expected that name and address don't have to be sanitized. Otherwise, it's not just an address object, but an \"address plus maybe arbitrary headers,\" which is not something anyone would _want_ to have. I'm not sure what other fields are vulnerable. This was discovered by APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-33988",
- "Issue_Url_old": "https://github.com/nck0099/osTicket/issues/2",
- "Issue_Url_new": "https://github.com/nck0099/osticket/issues/2",
- "Repo_new": "nck0099/osticket",
- "Issue_Created_At": "2021-05-23T18:49:14Z",
- "description": "Microweber APITAG Reflected XSS. Microweber Reflected XSS Vuln Description: APITAG XSS attacks, also known as non persistent attacks, occur when a malicious script is reflected of a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts._ Impact: High APITAG impact of an exploited XSS vulnerability on a web application varies a lot. It ranges from user's Session Hijacking, and if used in conjunction with a social engineering attack it can also lead to disclosure of sensitive data._ POC: Identified un Authenticated XSS on microweber CMS Version NUMBERTAG APITAG request is modified to insert XSS payload FILETAG NUMBERTAG SS payload inserted in has been executed as shown in the snapshot. FILETAG Request: CODETAG Response: CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-34070",
- "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/426",
- "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/426",
- "Repo_new": "justdan96/tsmuxer",
- "Issue_Created_At": "2021-05-24T13:22:08Z",
- "description": "Out of bounds Read in APITAG of APITAG Greetings, APITAG has an Out of bounds Read issue whenever runs with the APITAG sample. Found by Cem Onat Karagun of Diesec System info\uff1a APITAG To run APITAG after unzip: APITAG FILETAG Chronological Function Call Trace NUMBERTAG APITAG const , APITAG , bool) PATHTAG NUMBERTAG APITAG APITAG std::char_traits APITAG , std::allocator APITAG > const&, bool) PATHTAG NUMBERTAG APITAG char , int, APITAG int, int) PATHTAG NUMBERTAG APITAG char , int) PATHTAG NUMBERTAG APITAG PATHTAG NUMBERTAG APITAG PATHTAG Root Cause of The Issue: Constant integer arrays are defined in APITAG APITAG However, the array index nr is set to NUMBERTAG therefore nr NUMBERTAG is larger than boundary of array ff_vc1_fps_nr. CODETAG A similar \"demo\" issue is also shared in following page: [ URLTAG URLTAG I'm sharing the link above, because ASAN declares this issue as \"global buffer overflow\" but as shared in References and root cause sections this is actually a OOB read issue. Recommendation: Editing size check of \"array index\" within \"if condition\" in line NUMBERTAG might fix this \"particular\" issue. An additional check of index variables (dr and nr) for NUMBERTAG is recommended . APITAG Fix: APITAG References: FILETAG Address Sanitizer Output: ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-34068",
- "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/427",
- "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/427",
- "Repo_new": "justdan96/tsmuxer",
- "Issue_Created_At": "2021-05-24T18:09:22Z",
- "description": "heap buffer overflow in APITAG Hi, please see asan output and poc file below. Found by Cem Onat Karagun of Diesec System info\uff1a APITAG To run APITAG after unzip: APITAG FILETAG Asan output: ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-34069",
- "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/428",
- "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/428",
- "Repo_new": "justdan96/tsmuxer",
- "Issue_Created_At": "2021-05-24T18:10:51Z",
- "description": "Denial of Service in APITAG Hi, please see asan output and poc file below. Found by Cem Onat Karagun of Diesec . System info\uff1a APITAG To run APITAG after unzip: APITAG FILETAG ASAN output: ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-34066",
- "Issue_Url_old": "https://github.com/EdgeGallery/developer-be/issues/1",
- "Issue_Url_new": "https://github.com/edgegallery/developer-be/issues/1",
- "Repo_new": "edgegallery/developer-be",
- "Issue_Created_At": "2021-05-25T08:46:01Z",
- "description": "There is a Deserialization vulnerability that can execute system command.. vulnerability type: Deserialization of Untrusted Data impact: system command execution app version: Edgegallery/developer NUMBERTAG Create a META INF/services file, and create a APITAG file, and write what needs to be loaded The name of the class is pocy, and the files of this class are placed in the same directory as META INF: FILETAG NUMBERTAG File content: FILETAG NUMBERTAG Start an httpserver server: APITAG NUMBERTAG Prepare yaml POC: APITAG NUMBERTAG Install and access the APITAG module, click APITAG and debug\" > APITAG FILETAG NUMBERTAG Upload the constructed yaml file FILETAG Click to upload the created yaml file. FILETAG NUMBERTAG iew the request information of the http server: FILETAG NUMBERTAG Construct the pocy of the creation command: (contain the \"touch /tmp/hackercor0ps\" command) ERRORTAG NUMBERTAG Log in to the host and verify whether the command is executed successfully. FILETAG We can see that the \u201ctouch /tmp/hackercor0ps\u201d command was successfully executed.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-33570",
- "Issue_Url_old": "https://github.com/Paxa/postbird/issues/132",
- "Issue_Url_new": "https://github.com/paxa/postbird/issues/132",
- "Repo_new": "paxa/postbird",
- "Issue_Created_At": "2021-05-25T13:48:21Z",
- "description": "Security Vulnerability FILETAG team has found the XSS vulnerability in the Postbird application version NUMBERTAG The vulnerability was very Critical and exploiting the vulnerability can lead to Data Breach. We were able to inject malicious APITAG into the application, leading us to two other vulnerabilities, Local File Inclusion(LFI) and APITAG Password Stealing. Proof of Concept Code & detailed vulnerability report could be find here: URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-33570",
- "Issue_Url_old": "https://github.com/Paxa/postbird/issues/133",
- "Issue_Url_new": "https://github.com/paxa/postbird/issues/133",
- "Repo_new": "paxa/postbird",
- "Issue_Created_At": "2021-05-25T13:51:01Z",
- "description": "Security Vulnerability FILETAG team has found the LFI vulnerability in the Postbird application version NUMBERTAG The vulnerability was very Critical and exploiting the vulnerability can lead to Data Breach. Using this vulnerability we can steal any file located on Postbird application users computer. Proof of Concept Code & detailed vulnerability report could be find here: URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-33570",
- "Issue_Url_old": "https://github.com/Paxa/postbird/issues/134",
- "Issue_Url_new": "https://github.com/paxa/postbird/issues/134",
- "Repo_new": "paxa/postbird",
- "Issue_Created_At": "2021-05-25T13:53:33Z",
- "description": "Security Vulnerability FILETAG team has found a vulnerability in the Postbird application version NUMBERTAG The vulnerability was very Critical and exploiting the vulnerability can lead to APITAG password breach. Using this vulnerability a hacker can steal all APITAG password saved in your Postbird application. Proof of Concept Code & detailed vulnerability report could be find here: URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-3664",
- "Issue_Url_old": "https://github.com/unshiftio/url-parse/issues/205",
- "Issue_Url_new": "https://github.com/unshiftio/url-parse/issues/205",
- "Repo_new": "unshiftio/url-parse",
- "Issue_Created_At": "2021-05-25T16:12:20Z",
- "description": "URLs with no hostname not parsed properly in NUMBERTAG Hi there, I'm using this library to parse URLs with a custom protocol like so: APITAG The behaviour has changed in NUMBERTAG so that part of the pathname is being treated as the host. I believe this is a bug and goes against the browser implementation of URL , which produces a similar output similar to NUMBERTAG with the hostname unset. I think it's due to the change in regex match here URLTAG . Output in NUMBERTAG CODETAG Output in NUMBERTAG CODETAG Let me know if you need any more details. Thanks!",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40145",
- "Issue_Url_old": "https://github.com/libgd/libgd/issues/700",
- "Issue_Url_new": "https://github.com/libgd/libgd/issues/700",
- "Repo_new": "libgd/libgd",
- "Issue_Created_At": "2021-05-26T08:24:45Z",
- "description": "APITAG memory leak. Hello, I found that APITAG in gd_gd.c and APITAG in gd_webp.c are similar functions for different picture formats. You have changed APITAG because of CVETAG (double free), So It seems that you need to change APITAG too. I run two test files with ASAN, and the result is shown below. The test files are located in the 'tests/webp' folder. Test1: CODETAG ASAN result: ERRORTAG Test2: CODETAG ASAN result: ERRORTAG Is there another CVE here?",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41239",
- "Issue_Url_old": "https://github.com/nextcloud/server/issues/27122",
- "Issue_Url_new": "https://github.com/nextcloud/server/issues/27122",
- "Repo_new": "nextcloud/server",
- "Issue_Created_At": "2021-05-26T16:08:07Z",
- "description": "user_status \"last statuses\" widget leaks account names. There should be an option to globally disable the APITAG statuses\" widget. It leaks account names, which might be the desired behaviour, but might as well be not. On \"semi public\" Nextcloud instances you usually don't want to expose other users to each other, which is also why e.g. APITAG can be disabled. Currently it's only possible to disable user_status altogether. It would be nice if there was the option to keep user_status enabled but disable the APITAG statuses\" widget.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41498",
- "Issue_Url_old": "https://github.com/belangeo/pyo/issues/221",
- "Issue_Url_new": "https://github.com/belangeo/pyo/issues/221",
- "Repo_new": "belangeo/pyo",
- "Issue_Created_At": "2021-05-27T06:00:51Z",
- "description": "Missing a terminator after strncpy in function Server_jack_init, which may cause read overflow. Code snippet CODETAG Description Function : Server_jack_init File : ad_jack.c Call path : boot APITAG > Server_boot > Server_jack_init APITAG : read overflow. Our analysis tool reported a warning at the call site of strncpy. As client_name is not initialized, it may has no terminator after strncpy hence to cases read overflow. Also seen in FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41499",
- "Issue_Url_old": "https://github.com/belangeo/pyo/issues/222",
- "Issue_Url_new": "https://github.com/belangeo/pyo/issues/222",
- "Repo_new": "belangeo/pyo",
- "Issue_Created_At": "2021-05-27T06:14:03Z",
- "description": "Insecure function vsprintf may cause write overflow in function Server_debug. Code snippet ERRORTAG Description Function : Server_debug File : servermodule.c Call path : recstart APITAG > Server_start_rec > Server_start_rec_internal > Server_debug APITAG : Write overflow. Our analysis tool reported a warning at vsprintf in Server_debug. As buffer is a fixed size stack variable, when the debug mode is open, vsprintf may cause write overflow with no boundary check especially when the inputs depended on external modules (e.g., Python). Also seen in FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41500",
- "Issue_Url_old": "https://github.com/cvxopt/cvxopt/issues/193",
- "Issue_Url_new": "https://github.com/cvxopt/cvxopt/issues/193",
- "Repo_new": "cvxopt/cvxopt",
- "Issue_Created_At": "2021-05-27T07:26:26Z",
- "description": "Incomplete comparison with function strncmp. Code snippet CODETAG Description Function : PATHTAG Call path NUMBERTAG solve APITAG > solve > strncmp NUMBERTAG spsolve APITAG > spsolve > strncmp NUMBERTAG APITAG > diag > strncmp NUMBERTAG APITAG > getfactor > strncmp APITAG : Incomplete comparison. Out analysis tool reported four warnings about the incomplete comparison of strings as shown above. When the comparison length is NUMBERTAG the terminator would be ignored. Hence even the strncmp returns NUMBERTAG the reality may not match expectations specifically when variable descr depends on external inputs APITAG For example, descr = \"CHOLMOD APITAG the comparison still return NUMBERTAG Also seen in FILETAG , FILETAG , FILETAG and FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-33590",
- "Issue_Url_old": "https://github.com/labapart/gattlib/issues/219",
- "Issue_Url_new": "https://github.com/labapart/gattlib/issues/219",
- "Repo_new": "labapart/gattlib",
- "Issue_Created_At": "2021-05-27T07:57:08Z",
- "description": "stack_based buffer. Hi Team, Stack based buffer overflow is observed in FILETAG and FILETAG while fuzzing GATTLIB using CLANG with AFL FUZZER Vulnerable code from read_write.c connection = gattlib_connect(NULL, arg NUMBERTAG APITAG if (connection == NULL) { fprintf(stderr, APITAG to connect to the bluetooth APITAG return NUMBERTAG ulnerable code from gattlib.c // Transform string from 'DA NUMBERTAG E NUMBERTAG to 'dev_DA NUMBERTAG E NUMBERTAG strncpy(device_address_str, mac_address, sizeof(device_address_str)); for (int i NUMBERTAG i APITAG mkdir build && cd build cmake .. DCMAKE_CXX_FLAGS=\" fsanitize=address fsanitize=leak g\" DCMAKE_C_FLAGS=\" fsanitize=address fsanitize=leak g\" make PATHTAG APITAG read NUMBERTAG a NUMBERTAG f9b NUMBERTAG fb ASAN output Failed to get adapter PATHTAG Error calling APITAG for APITAG Timeout was reached APITAG NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG ffc NUMBERTAG cd4d NUMBERTAG at pc NUMBERTAG efb9 bp NUMBERTAG ffc NUMBERTAG cd4d NUMBERTAG sp NUMBERTAG ffc NUMBERTAG cd NUMBERTAG READ of size NUMBERTAG at NUMBERTAG ffc NUMBERTAG cd4d NUMBERTAG thread T NUMBERTAG efb8 in strlen ( PATHTAG NUMBERTAG fb3c NUMBERTAG c NUMBERTAG in get_device_path_from_mac PATHTAG NUMBERTAG fb3c NUMBERTAG c NUMBERTAG in gattlib_connect PATHTAG NUMBERTAG c NUMBERTAG b in main PATHTAG NUMBERTAG fb3c NUMBERTAG e0b2 in __libc_start_main PATHTAG NUMBERTAG c NUMBERTAG d in _start ( PATHTAG ) Address NUMBERTAG ffc NUMBERTAG cd4d NUMBERTAG is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG fb3c NUMBERTAG c2bf in gattlib_connect PATHTAG This frame has NUMBERTAG object(s NUMBERTAG device_address_str.i' (line NUMBERTAG APITAG NUMBERTAG b NUMBERTAG f2 f2 f2 f2 f NUMBERTAG f2 f2 f NUMBERTAG c NUMBERTAG f3 f3 f3 f3 f3 f3 f NUMBERTAG d NUMBERTAG e NUMBERTAG f1 f1 f1 f NUMBERTAG f NUMBERTAG f2 f2 f2 f8 f2 f2 f2 f8 f8 f8 f8 f8 f2 f2 f NUMBERTAG a NUMBERTAG f2 f2 f8 f8 f8 f8 f8 f3 f3 f3 f3 f NUMBERTAG Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc NUMBERTAG ABORTING Request team to implement proper patch and validate",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-35323",
- "Issue_Url_old": "https://github.com/bludit/bludit/issues/1327",
- "Issue_Url_new": "https://github.com/bludit/bludit/issues/1327",
- "Repo_new": "bludit/bludit",
- "Issue_Created_At": "2021-05-27T17:35:01Z",
- "description": "cross site script (xss) . Describe your problem I found a cross site scripting attack on the login page URLTAG cross site scripting is a vulnerability that allows an attacker to send malicious code(usually in javascript form) to another user Because a browser cannot know if the script should be trusted or not, it will execute the script in user context allowing the attacker to access any cookies or sessions tokens retained by the browser. Steps to reproduce the problem NUMBERTAG open login page URLTAG NUMBERTAG enter the username place admin\"> APITAG and enter password NUMBERTAG trigger the malicious javascript code Bludit version bludit NUMBERTAG PHP version PHP NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-35344",
- "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/432",
- "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/432",
- "Repo_new": "justdan96/tsmuxer",
- "Issue_Created_At": "2021-05-27T22:03:26Z",
- "description": "heap buffer overflow in APITAG Hi, please see asan output and poc file below. Found by Cem Onat Karagun of Diesec As you can see on backtrace APITAG System info\uff1a APITAG To run APITAG after unzip: FILETAG APITAG Asan output: ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-35346",
- "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/436",
- "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/436",
- "Repo_new": "justdan96/tsmuxer",
- "Issue_Created_At": "2021-05-27T22:06:00Z",
- "description": "heap buffer overflow in APITAG Hi, please see asan output and poc file below. Found by Cem Onat Karagun of Diesec As you can see on backtrace APITAG System info\uff1a APITAG To run APITAG after unzip: FILETAG APITAG Asan output: ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-34128",
- "Issue_Url_old": "https://github.com/bettershop/LaikeTui/issues/8",
- "Issue_Url_new": "https://github.com/bettershop/laiketui/issues/8",
- "Repo_new": "bettershop/laiketui",
- "Issue_Created_At": "2021-05-28T16:10:44Z",
- "description": "Compressed file upload getshell. The cause of the vulnerability: When decompressing, the compressed files were not filtered and judged, which resulted in the possibility of uploading cross directory zip files to getshell. FILETAG Vulnerability Recurrence:: Log in to the background and PATHTAG To upload a compressed file, put the malicious file that can be traversed into a zip, upload and decompress it. FILETAG FILETAG Then access the path of the malicious file: FILETAG poc\uff1a ERRORTAG Upload was successful and executed successfully!",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-32640",
- "Issue_Url_old": "https://github.com/websockets/ws/issues/1895",
- "Issue_Url_new": "https://github.com/websockets/ws/issues/1895",
- "Repo_new": "websockets/ws",
- "Issue_Created_At": "2021-06-01T15:04:05Z",
- "description": "Backport Security Fix to NUMBERTAG APITAG [x] I've searched for any related issues and avoided creating a duplicate issue. Description Any chances the security fix patch URLTAG could be backported to NUMBERTAG to release a NUMBERTAG with the fix? Webpack dev server currently uses NUMBERTAG which has caused a flagged security issue in a lot of repos that can't be fixed until people can upgrade to the not yet stable webpack dev server NUMBERTAG URLTAG APITAG we are using webpack dev server as a dependency of react scrips so it will probably be a long time before react scripts updates to webpack dev server NUMBERTAG Admittedly being a dev server, this is (hopefully) only local, but it would be nice not to have a security alert stuck on our github repository. Reproducible in: version NUMBERTAG FILETAG version(s): OS version(s): Steps to reproduce NUMBERTAG Install webpack dev server Expected result: No security issue Actual result: Flagged security issues",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-34129",
- "Issue_Url_old": "https://github.com/bettershop/LaikeTui/issues/9",
- "Issue_Url_new": "https://github.com/bettershop/laiketui/issues/9",
- "Repo_new": "bettershop/laiketui",
- "Issue_Created_At": "2021-06-01T15:55:50Z",
- "description": "Arbitrary file deletion leads to system reinstallation vulnerabilities. When the system is successfully installed, the system will generate the APITAG file in the /data/ directory. When the user wants to reinstall, it will first determine whether the APITAG file exists. If it exists, the installation cannot be repeated, but we can find one To delete any file, delete the APITAG file, you can directly reinstall the system. The parameters APITAG $oldpic, and $imgurl are all controllable\uff1a FILETAG Vulnerability recurrence: first log in to the background to access the link : URLTAG domain PATHTAG then publish an article. FILETAG Then modify the article: FILETAG Before proceeding with any file deletion, visit the install directory: FILETAG Replace parameters and delete any files: FILETAG FILETAG Visit the install directory again and find that arbitrary file deletion has been implemented, which leads to reinstallation vulnerabilities. FILETAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.1,
- "impactScore": 5.2,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-33558",
- "Issue_Url_old": "https://github.com/mdanzaruddin/CVE-2021-33558./issues/1",
- "Issue_Url_new": "https://github.com/mdanzaruddin/cve-2021-33558./issues/1",
- "Repo_new": "mdanzaruddin/cve-2021-33558.",
- "Issue_Created_At": "2021-06-01T21:18:29Z",
- "description": "clarify this \"vulnerability\"?. Can you clarify this report? The files you mention are not part of the Boa NUMBERTAG distribution: FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-32823",
- "Issue_Url_old": "https://github.com/rubysec/ruby-advisory-db/issues/476",
- "Issue_Url_new": "https://github.com/rubysec/ruby-advisory-db/issues/476",
- "Repo_new": "rubysec/ruby-advisory-db",
- "Issue_Created_At": "2021-06-01T21:41:34Z",
- "description": "Add advisory for bindata. Potential APITAG which was fixed in URLTAG as part of bindata NUMBERTAG No CVE yet",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
- "severity": "LOW",
- "baseScore": 3.7,
- "impactScore": 1.4,
- "exploitabilityScore": 2.2
- },
- {
- "CVE_ID": "CVE-2021-33898",
- "Issue_Url_old": "https://github.com/invoiceninja/invoiceninja/issues/5909",
- "Issue_Url_new": "https://github.com/invoiceninja/invoiceninja/issues/5909",
- "Repo_new": "invoiceninja/invoiceninja",
- "Issue_Created_At": "2021-06-03T12:44:38Z",
- "description": "Insecure deserialization versions NUMBERTAG What version of Invoice Ninja are you running NUMBERTAG and below What environment are you running? N/A Have you checked log files ( PATHTAG ) Please provide redacted output N/A Have you searched existing issues? Yes Have you reported this to Slack/forum before posting? No Describe the bug In versions NUMBERTAG and below of APITAG there is an unsafe call to APITAG in ERRORTAG which may allow an attacker to deserialize arbitrary PHP classes. In certain contexts this can result in remote code execution. The argument to unserialize is the output from a HTTP call to APITAG . This is without encryption. Attack vectors are then NUMBERTAG Malicious deserialized object from geoplugin.net NUMBERTAG MITM attack between the invoiceninja service and geoplugin.net Expected behavior Use JSON instead of native PHP objects for untrusted input. Additional context The responsible code is now commented out since APITAG URLTAG , however there is a note about triaging GDPR implications before reintroduction of the code block, so this may be introduced in future versions.",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.1,
- "impactScore": 5.9,
- "exploitabilityScore": 2.2
- },
- {
- "CVE_ID": "CVE-2021-32670",
- "Issue_Url_old": "https://github.com/simonw/datasette/issues/1360",
- "Issue_Url_new": "https://github.com/simonw/datasette/issues/1360",
- "Repo_new": "simonw/datasette",
- "Issue_Created_At": "2021-06-05T21:53:51Z",
- "description": "Security flaw, to be fixed in NUMBERTAG and NUMBERTAG Details to follow after the patch has been released.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-34184",
- "Issue_Url_old": "https://github.com/mackron/miniaudio/issues/319",
- "Issue_Url_new": "https://github.com/mackron/miniaudio/issues/319",
- "Repo_new": "mackron/miniaudio",
- "Issue_Created_At": "2021-06-06T15:45:59Z",
- "description": "Double free vulnerability cause buffer overflow. Hi Team, Double Free vulnerability cause buffer overflow is observed in FILETAG while fuzzing MINIAUDIO APITAG and master branch) using ASAN with AFL FUZZER Steps to Reproduce cd examples afl gcc fsanitize=address fsanitize=leak fsanitize=undefined simple_looping.c o simple_looping ldl lm lpthread ./simple_looping POC1 Download link to POC1 URLTAG OUTPUT APITAG NUMBERTAG ERROR: APITAG attempting double free on NUMBERTAG in thread T NUMBERTAG f NUMBERTAG cf in __interceptor_free ( PATHTAG NUMBERTAG f NUMBERTAG in _IO_fclose ( PATHTAG NUMBERTAG f NUMBERTAG in __interceptor_fclose ( PATHTAG NUMBERTAG b7e0b in ma_default_vfs_close__stdio .. APITAG NUMBERTAG b7e0b in ma_default_vfs_close .. APITAG NUMBERTAG b7e0b in ma_vfs_or_default_close .. APITAG NUMBERTAG b7e0b in ma_vfs_or_default_close .. APITAG NUMBERTAG b7e0b in ma_decoder_init_vfs .. APITAG NUMBERTAG in ma_decoder_init_file .. APITAG NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG a NUMBERTAG b2 in __libc_start_main ( PATHTAG NUMBERTAG d in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG freed by thread T0 here NUMBERTAG f NUMBERTAG cf in __interceptor_free ( PATHTAG NUMBERTAG f NUMBERTAG in _IO_fclose ( PATHTAG ) previously allocated by thread T0 here NUMBERTAG f NUMBERTAG bc8 in malloc ( PATHTAG NUMBERTAG f NUMBERTAG aad in _IO_fopen ( PATHTAG ) SUMMARY: APITAG double free ( PATHTAG ) in __interceptor_free NUMBERTAG ABORTING Request team to implement proper patch and validate",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-34185",
- "Issue_Url_old": "https://github.com/mackron/miniaudio/issues/320",
- "Issue_Url_new": "https://github.com/mackron/miniaudio/issues/320",
- "Repo_new": "mackron/miniaudio",
- "Issue_Created_At": "2021-06-06T15:51:52Z",
- "description": "Integer based buffer overflow vulnerability. Hi Team, Integer based buffer overflow caused by out of bound left shift is observed in FILETAG while fuzzing MINIAUDIO APITAG and master branch) using UBSAN enabled in AFL FUZZER Vulnerable code from miniaudio.h DRWAV_API drwav_uint NUMBERTAG drwav_bytes_to_u NUMBERTAG const drwav_uint8 data) { return (data NUMBERTAG data NUMBERTAG data NUMBERTAG data NUMBERTAG Steps to Reproduce cd examples afl gcc fsanitize=address fsanitize=leak fsanitize=undefined simple_looping.c o simple_looping ldl lm lpthread ./simple_looping POC2 Download link to [POC2 URLTAG OUTPUT .. APITAG runtime error: left shift of NUMBERTAG by NUMBERTAG places cannot be represented in type 'int' Request team to implement proper patch and validate",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44339",
- "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/15",
- "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/15",
- "Repo_new": "brackeen/ok-file-formats",
- "Issue_Created_At": "2021-06-07T04:58:26Z",
- "description": "heap buffer overflow in function APITAG at APITAG . Version NUMBERTAG defd URLTAG Environment Ubuntu NUMBERTAG Testcase CODETAG Command Compile test program: APITAG Compile test program with address sanitizer with this command: APITAG Result The result of running without ASAN: APITAG Information obtained by using ASAN: ERRORTAG Description A heap buffer overflow was discovered in ok_file_formats. The issue is being triggered in function APITAG at APITAG Poc Poc file is FILETAG .",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44335",
- "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/17",
- "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/17",
- "Repo_new": "brackeen/ok-file-formats",
- "Issue_Created_At": "2021-06-07T05:03:03Z",
- "description": "heap buffer overflow in function APITAG at APITAG . Version NUMBERTAG defd URLTAG Environment Ubuntu NUMBERTAG bit Testcase CODETAG Command Compile test program: APITAG Compile test program with address sanitizer with this command: APITAG Result The result of running without ASAN: APITAG Information obtained by using ASAN: ERRORTAG Description A heap buffer overflow was discovered in ok_file_formats. The issue is being triggered in function APITAG at APITAG Poc Poc file is FILETAG .",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44343",
- "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/18",
- "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/18",
- "Repo_new": "brackeen/ok-file-formats",
- "Issue_Created_At": "2021-06-07T05:04:12Z",
- "description": "heap buffer overflow in PATHTAG Version NUMBERTAG defd URLTAG Environment Ubuntu NUMBERTAG bit Testcase CODETAG Command Compile test program: APITAG Compile test program with address sanitizer with this command: APITAG Result The result of running without ASAN: APITAG Information obtained by using ASAN: ERRORTAG Description A heap buffer overflow was discovered in ok_file_formats. The issue is being triggered in PATHTAG Poc Poc file is FILETAG .",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44342",
- "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/19",
- "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/19",
- "Repo_new": "brackeen/ok-file-formats",
- "Issue_Created_At": "2021-06-07T05:05:25Z",
- "description": "heap buffer overflow in function APITAG at APITAG Version NUMBERTAG defd URLTAG Environment Ubuntu NUMBERTAG bit Testcase CODETAG Command Compile test program: APITAG Compile test program with address sanitizer with this command: APITAG Result The result of running without ASAN: APITAG Information obtained by using ASAN: ERRORTAG Description A heap buffer overflow was discovered in ok_file_formats. The issue is being triggered in function APITAG at APITAG Poc Poc file is FILETAG .",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-42586",
- "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/350",
- "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/350",
- "Repo_new": "libredwg/libredwg",
- "Issue_Created_At": "2021-06-07T07:46:30Z",
- "description": "Heap buffer overflow in copy_bytes in APITAG Affected version the latest commit URLTAG and NUMBERTAG What's the problem? A heap buffer overflow was discovered in copy_bytes in APITAG ASAN report: ERRORTAG Compile command APITAG How can we reproduce the issue? ERRORTAG POC file : FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-42585",
- "Issue_Url_old": "https://github.com/LibreDWG/libredwg/issues/351",
- "Issue_Url_new": "https://github.com/libredwg/libredwg/issues/351",
- "Repo_new": "libredwg/libredwg",
- "Issue_Created_At": "2021-06-07T07:50:57Z",
- "description": "Heap buffer overflow in copy_compressed_bytes in APITAG Affected version the latest commit URLTAG and NUMBERTAG What's the problem? A heap buffer overflow was discovered in copy_compressed_bytes in APITAG ASAN report: ERRORTAG Compile command APITAG How can we reproduce the issue? ERRORTAG POC file : FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-34555",
- "Issue_Url_old": "https://github.com/trusteddomainproject/OpenDMARC/issues/179",
- "Issue_Url_new": "https://github.com/trusteddomainproject/opendmarc/issues/179",
- "Repo_new": "trusteddomainproject/opendmarc",
- "Issue_Created_At": "2021-06-08T09:47:15Z",
- "description": "APITAG NUMBERTAG segfault several times on two VMs, APITAG NUMBERTAG Hi, yesterday and today APITAG has crashed for segfault half a dozen times on two virtual machines, one of them APITAG another APITAG both up to date and have APITAG version NUMBERTAG Until yesterday APITAG has worked fine. Last dmesg info was ERRORTAG Red Hat Abrtd service was running, there is coredump and other files saved by it. Is there some additional information you would need to investigate the issue? The package version is opendmarc NUMBERTAG APITAG on APITAG and opendmarc NUMBERTAG APITAG on APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-35513",
- "Issue_Url_old": "https://github.com/mermaid-js/mermaid/issues/2122",
- "Issue_Url_new": "https://github.com/mermaid-js/mermaid/issues/2122",
- "Repo_new": "mermaid-js/mermaid",
- "Issue_Created_At": "2021-06-08T17:31:30Z",
- "description": "Antiscript option should remove javascript urls . Antiscript option should remove javascript urls",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-35283",
- "Issue_Url_old": "https://github.com/atoms183/CMS/issues/1",
- "Issue_Url_new": "https://github.com/atoms183/cms/issues/1",
- "Repo_new": "atoms183/cms",
- "Issue_Created_At": "2021-06-09T05:44:41Z",
- "description": "product_ FILETAG SQL injection. product_ FILETAG There is SQL injection in line NUMBERTAG CODETAG Just submit the following post request APITAG FILETAG post : query=a",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-34539",
- "Issue_Url_old": "https://github.com/CubeCoders/AMP/issues/464",
- "Issue_Url_new": "https://github.com/cubecoders/amp/issues/464",
- "Repo_new": "cubecoders/amp",
- "Issue_Created_At": "2021-06-10T09:46:57Z",
- "description": "Security: Insufficient validation on Java Version setting.. This was originally reported by Joel Frederick Lewis We are awaiting a CVE number for this issue. Bug Report System Information Windows, Linux PATHTAG B2 Development I confirm: [x] that I have searched for an existing bug report for this issue. [x] that I am using the latest available version of AMP. [x] that my operating system is up to date. Symptoms The APITAG Version' setting within AMP doesn't validate its setting in the way you'd expect for a potentially sensitive setting. Reproduction Alter the path to Java by using the Inspect Element tool in a browser for a given setting. Notes Because of the authentication and permissions requirements (users with this combination would reasonably be expected to have a high level of access to the host) this is regarded as a low risk, but potentially high impact issue. Instances running inside Docker aren't affected in the same way since they would not affect the host system.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.2,
- "impactScore": 5.9,
- "exploitabilityScore": 1.2
- },
- {
- "CVE_ID": "CVE-2021-35306",
- "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/615",
- "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/615",
- "Repo_new": "axiomatic-systems/bento4",
- "Issue_Created_At": "2021-06-10T13:16:05Z",
- "description": "SEGV in mp NUMBERTAG aac. Hello, A SEGV has occurred when running program mp NUMBERTAG aac\uff0c System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Bento4 version NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of Bento4 APITAG APITAG NUMBERTAG run mp NUMBERTAG aac APITAG Output APITAG APITAG output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-35307",
- "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/616",
- "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/616",
- "Repo_new": "axiomatic-systems/bento4",
- "Issue_Created_At": "2021-06-10T14:10:25Z",
- "description": "SEGV in mp NUMBERTAG aac. Hello, A SEGV has occurred when running program mp NUMBERTAG aac\uff0c System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Bento4 version NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of Bento4 APITAG APITAG NUMBERTAG run mp NUMBERTAG aac APITAG Output APITAG APITAG output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-38244",
- "Issue_Url_old": "https://github.com/cBioPortal/cbioportal/issues/8680",
- "Issue_Url_new": "https://github.com/cbioportal/cbioportal/issues/8680",
- "Repo_new": "cbioportal/cbioportal",
- "Issue_Created_At": "2021-06-10T19:32:01Z",
- "description": "[SECURITY] Denial of service because of unsafe regex processing. I have tried to contact you by EMAILTAG skcc.org and asked for any other email in URLTAG Nobody replied. The APITAG is vulnerable to regex injection that may lead to Denial of Service. User controlled heatmap and alteration are used to build and run a regex expression: URLTAG The value end up in APITAG URLTAG Since the attacker controls the string and the regex pattern he may cause a APITAG by regex catastrophic backtracking on the server side.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-37262",
- "Issue_Url_old": "https://github.com/jflyfox/jfinal_cms/issues/23",
- "Issue_Url_new": "https://github.com/jflyfox/jfinal_cms/issues/23",
- "Repo_new": "jflyfox/jfinal_cms",
- "Issue_Created_At": "2021-06-10T19:40:20Z",
- "description": "[SECURITY] Denial of service because of unsafe regex processing. I have tried to contact you by EMAILTAG and created URLTAG asking for the contact. Nobody replied. The APITAG is vulnerable to regex injection that may lead to Denial of Service. User controlled path and APITAG are used to build and run a regex expression (first argument to APITAG URLTAG Since the attacker controls the string and the regex pattern he may cause a APITAG by regex catastrophic backtracking on the server side.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-35358",
- "Issue_Url_old": "https://github.com/dotCMS/core/issues/20540",
- "Issue_Url_new": "https://github.com/dotcms/core/issues/20540",
- "Repo_new": "dotcms/core",
- "Issue_Created_At": "2021-06-15T01:52:32Z",
- "description": "Store XSS in APITAG APITAG on APITAG Describe the bug Hi Team I found small a store xss in APITAG APITAG install: Docker: APITAG To Reproduce NUMBERTAG Login Admin panel NUMBERTAG Go to APITAG APITAG NUMBERTAG Click on APITAG new content NUMBERTAG Parameter: APITAG and APITAG NUMBERTAG Insert Payload Store XSS: \" APITAG foo / bar NUMBERTAG Click APITAG File' and BOOM XSS NUMBERTAG Save and refersh store XSS impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG Desktop (please complete the following information): OS: Win NUMBERTAG Browser Chrome: Version NUMBERTAG APITAG Build NUMBERTAG bit)",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.8,
- "impactScore": 2.7,
- "exploitabilityScore": 1.7
- },
- {
- "CVE_ID": "CVE-2021-35360",
- "Issue_Url_old": "https://github.com/dotCMS/core/issues/20541",
- "Issue_Url_new": "https://github.com/dotcms/core/issues/20541",
- "Repo_new": "dotcms/core",
- "Issue_Created_At": "2021-06-15T04:00:37Z",
- "description": "Reflected XSS Vulnerability on Docker: APITAG Describe the bug Hi Team I found small reflected xss APITAG install: Docker: APITAG To Reproduce NUMBERTAG Login Admin panel NUMBERTAG uln link1: APITAG /c/containers NUMBERTAG uln link2: APITAG /c/links NUMBERTAG insert payload: \"> APITAG NUMBERTAG para: 'SEARCH NUMBERTAG Boom XSS impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. Screenshots xss link1: FILETAG xss link2: FILETAG Desktop (please complete the following information): OS: Win NUMBERTAG Browser Chrome: Version NUMBERTAG APITAG Build NUMBERTAG bit)",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.8,
- "impactScore": 2.7,
- "exploitabilityScore": 1.7
- },
- {
- "CVE_ID": "CVE-2021-35041",
- "Issue_Url_old": "https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951",
- "Issue_Url_new": "https://github.com/fisco-bcos/fisco-bcos/issues/1951",
- "Repo_new": "fisco-bcos/fisco-bcos",
- "Issue_Created_At": "2021-06-15T12:05:29Z",
- "description": "The node may have a bug when dealing with unformatted packet and lead to a crash. Describe the bug A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably, as the flowing figure shows: FILETAG After NUMBERTAG seconds, over NUMBERTAG MB memory has been consumed. If I continue sending the packet, the node will consume all the memory. At last it be killed by the OS. In order to analyze the reason for this bug, I try to debug the code of the node. Here is what I found: First, I found that in the file APITAG , at line NUMBERTAG in the function decode : CODETAG the variable size is NUMBERTAG and the variable APITAG is a very big number under my packet. So the function will return APITAG whose value is NUMBERTAG The variable which accepts the return value is result in APITAG at line NUMBERTAG in the function APITAG : APITAG and the program will enter into a if else cluse: CODETAG Because the value of result is NUMBERTAG so here the program will call the function APITAG recursively. If I delete this call, the problem will not occur anymore. APITAG So I think the reason maybe the developers forget to release certain memory before the return statement if the packet is not decoded correctly! To Reproduce Steps to reproduce the behavior NUMBERTAG Construct a P2P packet which claims to have a big length (set a big value for variable APITAG NUMBERTAG Continuously send the packet to a running node NUMBERTAG The node will consume the memory continuously and crash. Expected behavior By handling the abnormal packets correctly, the memory cost will not sustainably increase and the node will not crash. Screenshots I have give the screenshots of the memory usage of the node in the description part. Environment (please complete the following information): OS: Ubuntu NUMBERTAG FISCO BCOS Version NUMBERTAG Additional context None!",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-34801",
- "Issue_Url_old": "https://github.com/xCss/Valine/issues/366",
- "Issue_Url_new": "https://github.com/xcss/valine/issues/366",
- "Repo_new": "xcss/valine",
- "Issue_Created_At": "2021-06-16T04:11:40Z",
- "description": "Found a fatal bug that can kill the comment system. \u5982\u679c\u60a8\u60f3\u62a5\u544a\u9519\u8bef\uff0c\u8bf7\u63d0\u4f9b\u4ee5\u4e0b\u4fe1\u606f If you want to report a bug, please provide the following information: \u53ef\u590d\u73b0\u95ee\u9898\u7684\u6b65\u9aa4 The steps to reproduce. The latest version of valine is APITAG first look at the effect of normal page loading comments: FILETAG When the commented user UA is incomplete\uff0csuch as\uff1a APITAG FILETAG This will cause the entire comment system of the current page to be damaged and the comments cannot be loaded normally FILETAG \u53ef\u590d\u73b0\u95ee\u9898\u7684\u7f51\u9875\u5730\u5740 FILETAG This website uses the latest version of valine, the comment cannot be loaded normally APITAG Valine NUMBERTAG PATHTAG Browser: APITAG \u603b\u7684\u6765\u8bf4\u5c31\u662f \u5982\u679c\u6709\u7528\u6237\u6076\u610f\u4fee\u6539 UA NUMBERTAG leancloud \u4ece\u91cc\u5230\u5916\u6392\u67e5\u4e86\u4e00\u904d \u624d\u53d1\u73b0\u4e86\u8fd9\u4e2a BUG\uff0c\u5e0c\u671b\u4f5c\u8005\u5927\u5927\u540e\u9762\u53ef\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5c34\u5c2c\u7684\u95ee\u9898",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-35196",
- "Issue_Url_old": "https://github.com/olivierkes/manuskript/issues/891",
- "Issue_Url_new": "https://github.com/olivierkes/manuskript/issues/891",
- "Repo_new": "olivierkes/manuskript",
- "Issue_Created_At": "2021-06-17T17:52:17Z",
- "description": "Possible security issue. Hi, do you have a process for reporting a possible security issue with Manuskript?",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-3517",
- "Issue_Url_old": "https://github.com/sparklemotion/nokogiri/issues/2274",
- "Issue_Url_new": "https://github.com/sparklemotion/nokogiri/issues/2274",
- "Repo_new": "sparklemotion/nokogiri",
- "Issue_Created_At": "2021-06-17T21:44:25Z",
- "description": "Investigate libxml2 vulnerabilities patched in USN NUMBERTAG This issue is to drive investigation and potential action around a set of upstream patches that Canonical judged valuable enough to backport to their distributions using a NUMBERTAG based version. References: URLTAG APITAG that it seems likely these are all backports from NUMBERTAG APITAG which Nokogiri is already using, but this issue exists so that I check that assumption.) History of this notication NUMBERTAG issue created after USN was issued",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
- "severity": "HIGH",
- "baseScore": 8.6,
- "impactScore": 4.7,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-35438",
- "Issue_Url_old": "https://github.com/phpipam/phpipam/issues/3351",
- "Issue_Url_new": "https://github.com/phpipam/phpipam/issues/3351",
- "Repo_new": "phpipam/phpipam",
- "Issue_Created_At": "2021-06-18T07:44:36Z",
- "description": "XSS (reflected) in IP calculator. verison NUMBERTAG FILETAG PATHTAG / APITAG alert(/xss/) APITAG Input the POC to IP calculator box and Get an alert box",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-36454",
- "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/24",
- "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/24",
- "Repo_new": "navigatecms/navigate-cms",
- "Issue_Created_At": "2021-06-22T08:59:25Z",
- "description": "Reflected XSS attack with navigate quickse parameter and affect many modules in APITAG NUMBERTAG EXPECTED BEHAVIOUR An authenticated malicious user can take advantage of a Reflected XSS vulnerability with navigate quickse parameter in URL and affect many modules. IMPACT Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. VULNERABILITY CODE I found the vulnerability code in many files. Because initial_url is built in these files. > PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG PATHTAG FILETAG After that initial_url is used in PATHTAG file to build HTML. FILETAG STEPS TO REPRODUCE NUMBERTAG We change the request and send the link to user CODETAG FILETAG NUMBERTAG People who already login and click to the link above NUMBERTAG When loading the page then the Reflected XSS is executed. FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-35452",
- "Issue_Url_old": "https://github.com/strukturag/libde265/issues/298",
- "Issue_Url_new": "https://github.com/strukturag/libde265/issues/298",
- "Repo_new": "strukturag/libde265",
- "Issue_Created_At": "2021-06-22T14:49:43Z",
- "description": "SEGV in slice.cc. Hello, A SEGV has occurred when running program dec NUMBERTAG System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Dec NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of libde NUMBERTAG APITAG APITAG NUMBERTAG run dec NUMBERTAG without asan) APITAG Output ERRORTAG APITAG output ERRORTAG This issue will cause Denial of Service attacks",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-36408",
- "Issue_Url_old": "https://github.com/strukturag/libde265/issues/299",
- "Issue_Url_new": "https://github.com/strukturag/libde265/issues/299",
- "Repo_new": "strukturag/libde265",
- "Issue_Created_At": "2021-06-23T03:45:54Z",
- "description": "Heap use after free in intrapred.h when decoding file. Hello, A Heap use after free has occurred when running program dec NUMBERTAG System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Dec NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of libde NUMBERTAG APITAG APITAG NUMBERTAG run dec NUMBERTAG APITAG asan info ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-37840",
- "Issue_Url_old": "https://github.com/aaPanel/aaPanel/issues/74",
- "Issue_Url_new": "https://github.com/aapanel/aapanel/issues/74",
- "Repo_new": "aapanel/aapanel",
- "Issue_Created_At": "2021-06-23T07:11:42Z",
- "description": "Security Vulnerability in APITAG Hi, I would like to report a security vulnerability in APITAG I am not sure this is the right place as its public and visible to all, would you like me to post the details here? or email?",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-44956",
- "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/43",
- "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/43",
- "Repo_new": "rockcarry/ffjpeg",
- "Issue_Created_At": "2021-06-23T19:48:31Z",
- "description": "Heap buffer overflows in APITAG at APITAG and NUMBERTAG Describe Two Heap buffer overflows were discovered in ffjpeg. The issues are being triggered in function jfif_decode at APITAG and NUMBERTAG Found by Cem Onat Karagun of Diesec System info OS version : Ubuntu NUMBERTAG ffjpeg Version : master NUMBERTAG fa4cf8a NUMBERTAG URLTAG Reproduce Compile ffjpeg with address sanitizer. APITAG POC Files: FILETAG FILETAG Run POCs with the commands below. APITAG Asan output NUMBERTAG ERRORTAG Asan output NUMBERTAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-44957",
- "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/44",
- "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/44",
- "Repo_new": "rockcarry/ffjpeg",
- "Issue_Created_At": "2021-06-23T19:51:49Z",
- "description": "global buffer overflow in function jfif_encode at APITAG Describe A global buffer overflow was discovered in ffjpeg. The issue is being triggered in function jfif_encode at APITAG Found by Cem Onat Karagun of Diesec System info OS version : Ubuntu NUMBERTAG ffjpeg Version : master NUMBERTAG fa4cf8a NUMBERTAG URLTAG Reproduce Compile ffjpeg with address sanitizer. APITAG APITAG file: FILETAG Run with the following command. APITAG Asan output: ERRORTAG APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-36440",
- "Issue_Url_old": "https://github.com/star7th/showdoc/issues/1406",
- "Issue_Url_new": "https://github.com/star7th/showdoc/issues/1406",
- "Repo_new": "star7th/showdoc",
- "Issue_Created_At": "2021-06-24T06:45:37Z",
- "description": "File Upload vulnerability. A File Upload vulnerability was discovered in APITAG NUMBERTAG description The file_url parameter allows remote download of compressed files, and the files in the compressed package will be released to the web directory when decompressed Vulnerability file: PATHTAG ERRORTAG APITAG CODETAG zip File FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-36409",
- "Issue_Url_old": "https://github.com/strukturag/libde265/issues/300",
- "Issue_Url_new": "https://github.com/strukturag/libde265/issues/300",
- "Repo_new": "strukturag/libde265",
- "Issue_Created_At": "2021-06-24T13:41:11Z",
- "description": "There is an Assertion failed at sps.cc. Hello, There is an Assertion APITAG failed at APITAG in libde NUMBERTAG when decoding file. System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Dec NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of libde NUMBERTAG APITAG APITAG NUMBERTAG run dec NUMBERTAG APITAG Output ERRORTAG gdb info ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-36410",
- "Issue_Url_old": "https://github.com/strukturag/libde265/issues/301",
- "Issue_Url_new": "https://github.com/strukturag/libde265/issues/301",
- "Repo_new": "strukturag/libde265",
- "Issue_Created_At": "2021-06-24T14:47:49Z",
- "description": "stack buffer overflow in fallback motion.cc when decoding file. Hello, A stack buffer overflow has occurred when running program dec NUMBERTAG System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Dec NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of libde NUMBERTAG APITAG APITAG NUMBERTAG run dec NUMBERTAG APITAG asan info ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-36411",
- "Issue_Url_old": "https://github.com/strukturag/libde265/issues/302",
- "Issue_Url_new": "https://github.com/strukturag/libde265/issues/302",
- "Repo_new": "strukturag/libde265",
- "Issue_Created_At": "2021-06-25T14:41:05Z",
- "description": "A SEGV has occurred when running program dec NUMBERTAG Hello, A SEGV of deblock.cc in function APITAG has occurred when running program dec NUMBERTAG source code CODETAG Due to incorrect access control, a SEGV caused by a READ memory access occurred at line NUMBERTAG of the code. This issue can cause a Denial of Service attack. System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG Dec NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of libde NUMBERTAG APITAG APITAG NUMBERTAG run dec NUMBERTAG without asan) APITAG Output ERRORTAG APITAG output ERRORTAG gdb info ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-36461",
- "Issue_Url_old": "https://github.com/microweber/microweber/issues/751",
- "Issue_Url_new": "https://github.com/microweber/microweber/issues/751",
- "Repo_new": "microweber/microweber",
- "Issue_Created_At": "2021-06-26T02:24:23Z",
- "description": "microweber NUMBERTAG has background upload getshell. FILETAG This pdf file describes the vulnerability in detail",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-36455",
- "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/25",
- "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/25",
- "Repo_new": "navigatecms/navigate-cms",
- "Issue_Created_At": "2021-06-26T09:25:58Z",
- "description": "SQL injection UNION attack with quicksearch parameter in APITAG NUMBERTAG EXPECTED BEHAVIOUR An authenticated malicious user can take advantage of a SQL injection UNION attack vulnerability with quicksearch parameter in URL. IMPACT A successful SQL injection attack may result in the unauthorized viewing of user lists, the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database, all of which are highly detrimental to a business. VULNERABILITY CODE I found quicksearch parameter is not handled in SQL query with WHERE clause in PATHTAG FILETAG And the protect function in PATHTAG is not use ESCAPE to filter special characters FILETAG Then it is use to query in: PATHTAG FILETAG STEPS TO REPRODUCE NUMBERTAG We change the request in URL ERRORTAG NUMBERTAG And then we could exploit all the data. FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-33889",
- "Issue_Url_old": "https://github.com/openthread/wpantund/issues/502",
- "Issue_Url_new": "https://github.com/openthread/wpantund/issues/502",
- "Repo_new": "openthread/wpantund",
- "Issue_Created_At": "2021-06-28T03:56:19Z",
- "description": "stack buffer overflow in metric_len . Context: Stack buffer overflow may be triggered while writing to a variable metric_len, which is defined as unsigned short (ref: URLTAG but is considered as unsigned int (ref: URLTAG Expected behavior and actual behavior: Expected Behavior: Trigger an exception, because size of buffer needed, is not available. Actual Behavior: The metric_len variable triggers stack buffer overflow. Version Details: The issue was first found in wpantund: APITAG Affected commits: APITAG to APITAG CVE CVETAG APITAG",
- "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.8,
- "impactScore": 5.9,
- "exploitabilityScore": 0.9
- },
- {
- "CVE_ID": "CVE-2021-35970",
- "Issue_Url_old": "https://github.com/coralproject/talk/issues/3600",
- "Issue_Url_new": "https://github.com/coralproject/talk/issues/3600",
- "Repo_new": "coralproject/talk",
- "Issue_Created_At": "2021-06-28T08:37:55Z",
- "description": "Severe Security Issue in Version NUMBERTAG E Mail Leak. I already contacted some maintainers privately about this, but they did not respond. That's why I'm now making this public. In Talk version NUMBERTAG it is very easy to query the e mail addresses of users without any authentication; thus, possibly revealing their true identities behind their pseudonyms. This is possible although the documentation states: > The primary email address of the user. Only accessible to Administrators or the current user. But in order to find out the e mail address of a user, you can e.g. simply send a APITAG APITAG query to the APITAG endpoint of the talk server \u00ad without any authentication. You can also query all e mail addresses with APITAG . I demand the maintainers ( MENTIONTAG , MENTIONTAG APITAG to merge the pull request URLTAG as soon as possible, and release version NUMBERTAG in the version NUMBERTAG branch.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-3652",
- "Issue_Url_old": "https://github.com/389ds/389-ds-base/issues/4817",
- "Issue_Url_new": "https://github.com/389ds/389-ds-base/issues/4817",
- "Repo_new": "389ds/389-ds-base",
- "Issue_Created_At": "2021-06-29T12:56:33Z",
- "description": "CRYPT password hash with asterisk. Issue Description If an entry contains an asterisk as the crypted password hash, binding is possible with any password for this entry APITAG {CRYPT} Package Version and Platform: Platform: APITAG Leap NUMBERTAG Package and version NUMBERTAG ds NUMBERTAG APITAG APITAG Browser firefox Steps to Reproduce Steps to reproduce the behavior NUMBERTAG Create an entry (e.g. a APITAG with the APITAG set to \"{CRYPT} \", e.g. by importing it from an ldif file NUMBERTAG Try to bind with that entry using an arbitrary password (e.g. \"llhh NUMBERTAG Check if the binding was successfull Expected results I would expect to fail the binding with any password because the asterisk is not a vaild character in a crypted password. Screenshots If applicable, add screenshots to help explain your problem. Additional context Problem occured after importing entries from a NIS database. In NIS (and in /etc/shadow), the asterisk is often used for special users like \"nobody\".",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 2.5,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-36513",
- "Issue_Url_old": "https://github.com/signalwire/freeswitch/issues/1245",
- "Issue_Url_new": "https://github.com/signalwire/freeswitch/issues/1245",
- "Repo_new": "signalwire/freeswitch",
- "Issue_Created_At": "2021-06-29T23:15:58Z",
- "description": "Usage of uninitialized value . There are a few uninitialized value use bugs in PATHTAG In function APITAG Array network_ip will be allocated in line NUMBERTAG CODETAG Then, it will be initialized by APITAG NUMBERTAG sofia_glue_get_addr(de >data >e_msg, network_ip, sizeof(network_ip), NULL NUMBERTAG for NUMBERTAG profile >acl_count NUMBERTAG last_acl = profile >acl NUMBERTAG if (!(acl_ok = APITAG last_acl NUMBERTAG break; However, APITAG may return earlier, leading network_ip in an uninitliazed state. Then network_ip will be used in APITAG It may bypass (ACL) security checks due to the uninitialized value of network_ip, leading to privilege escalation. Same in: CODETAG and in function APITAG CODETAG and in function APITAG CODETAG APITAG may return earlier, leading network_ip in an uninitialized state. Then network_ip will be used in function APITAG This function may print out sensitive data network_ip contained from previous stack. Fix: set network_ip NUMBERTAG preventing from uninitlized value use. Thank you for the review, I also report this bug to CVE.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-36531",
- "Issue_Url_old": "https://github.com/miniupnp/ngiflib/issues/18",
- "Issue_Url_new": "https://github.com/miniupnp/ngiflib/issues/18",
- "Repo_new": "miniupnp/ngiflib",
- "Issue_Created_At": "2021-06-30T02:34:21Z",
- "description": "APITAG heap buffer overflow in APITAG at APITAG in NGIFLIB_NO_FILE mode. This Overflow problem is because in NGIFLIB_NO_FILE mode, APITAG reads memory buffer without checking the boundary. Test Environment Ubuntu NUMBERTAG bit ngiflib(master NUMBERTAG fd4) How to trigger NUMBERTAG Compile the program with APITAG in NGIFLIB_NO_FILE mode APITAG NUMBERTAG run the compiled program APITAG POC file URLTAG Details ASAN report ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-36530",
- "Issue_Url_old": "https://github.com/miniupnp/ngiflib/issues/19",
- "Issue_Url_new": "https://github.com/miniupnp/ngiflib/issues/19",
- "Repo_new": "miniupnp/ngiflib",
- "Issue_Created_At": "2021-06-30T02:36:51Z",
- "description": "APITAG heap buffer overflow in APITAG at APITAG in NGIFLIB_NO_FILE mode. Similar to NUMBERTAG this Overflow problem is because in NGIFLIB_NO_FILE mode, APITAG copy memory buffer without checking the boundary. Test Environment Ubuntu NUMBERTAG bit ngiflib(master NUMBERTAG fd4) How to trigger NUMBERTAG Compile the program with APITAG in NGIFLIB_NO_FILE mode APITAG NUMBERTAG run the compiled program APITAG POC file URLTAG Details ASAN report ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-41043",
- "Issue_Url_old": "https://github.com/the-tcpdump-group/tcpslice/issues/11",
- "Issue_Url_new": "https://github.com/the-tcpdump-group/tcpslice/issues/11",
- "Repo_new": "the-tcpdump-group/tcpslice",
- "Issue_Created_At": "2021-06-30T11:50:26Z",
- "description": "Heap use after free. Tested on: version NUMBERTAG PRE GIT version NUMBERTAG a3 Command: tcpslice w FILETAG APITAG Segmentation fault Results NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG at pc NUMBERTAG ffff NUMBERTAG fa7d bp NUMBERTAG fffffffd NUMBERTAG sp NUMBERTAG fffffffce NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG thread T NUMBERTAG ffff NUMBERTAG fa7c in vsnprintf ( PATHTAG NUMBERTAG ffff NUMBERTAG in __snprintf_chk ( PATHTAG NUMBERTAG ffff NUMBERTAG ee in pcap_dump_open ( PATHTAG NUMBERTAG ea4 in extract_slice APITAG NUMBERTAG ea4 in main APITAG NUMBERTAG ffff NUMBERTAG a0b2 in __libc_start_main ( PATHTAG NUMBERTAG eadd in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes inside of NUMBERTAG byte region FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2020-36517",
- "Issue_Url_old": "https://github.com/home-assistant/plugin-dns/issues/50",
- "Issue_Url_new": "https://github.com/home-assistant/plugin-dns/issues/50",
- "Repo_new": "home-assistant/plugin-dns",
- "Issue_Created_At": "2021-06-30T12:07:56Z",
- "description": "performance impact after dns update to APITAG Since dns upgrade to APITAG my complete hassio setup is having performance issues. I am running haos on Raspberry Pi NUMBERTAG B. It's an old pi, but before dns APITAG everything was running without issues and I had no reason to upgrade hardware. Since dns upgrade, coredns will eventually get stuck at more than NUMBERTAG CPU usage constantly and everything else slows down to the level that it's unusable. Even 'ha dns restart' is failing with time out. It's happening also with clean image install without configuring any integrations. When I downgrade to dns APITAG using 'ha dns update version APITAG CPU usage is back to normal and whole system is responsive. Downgrading dns is not permanent fix as it gets automatically updated back to last version and CPU load increases again. Is there an option to permanently downgrade to dns APITAG or disable APITAG completely (if TLS is causing too much load on rpi1)? dns logs using APITAG [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out [INFO] APITAG NUMBERTAG NS IN . udp NUMBERTAG false NUMBERTAG NOERROR NUMBERTAG s [ERROR] plugin/errors NUMBERTAG NS: tls: APITAG timed out dns logs using APITAG (everything else the same, just downgraded dns): [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG in APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG in APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG in APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG in APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s [INFO] APITAG NUMBERTAG PTR IN NUMBERTAG APITAG APITAG udp NUMBERTAG false NUMBERTAG NXDOMAIN qr,aa,rd,ra NUMBERTAG s core NUMBERTAG supervisor APITAG Home Assistant OS NUMBERTAG CPU arm NUMBERTAG l",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-36564",
- "Issue_Url_old": "https://github.com/top-think/framework/issues/2559",
- "Issue_Url_new": "https://github.com/top-think/framework/issues/2559",
- "Repo_new": "top-think/framework",
- "Issue_Created_At": "2021-07-02T13:21:46Z",
- "description": "APITAG exists unserialize vulnerability . thinkphp NUMBERTAG has a unserialize vulnerability Vulnerability Demo Create Routing at APITAG ERRORTAG this is my poc ERRORTAG The file has been generated in the directory in public Vulnerability Analysis First one starts with __destruct, autosave can be bypassed by assigning a value of true FILETAG finally at APITAG FILETAG And this one happens to have the file_put_contents method in it FILETAG The parameters are all controllable, but we need to bypass the APITAG method, otherwise if we pass in escape symbols it will also output APITAG Here I pass in APITAG will be commented out in front and followed by APITAG is separated, causing the vulnerability, analysis is complete",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-36567",
- "Issue_Url_old": "https://github.com/top-think/framework/issues/2561",
- "Issue_Url_new": "https://github.com/top-think/framework/issues/2561",
- "Repo_new": "top-think/framework",
- "Issue_Created_At": "2021-07-02T13:42:08Z",
- "description": "PHP unserialize vulnerability in NUMBERTAG PHP unserialize vulnerability in NUMBERTAG ulnerability Demo This chain does not show back on the web page, but can execute system commands, and the public chain is a little different from the Internet First, simply write a route ERRORTAG exp ERRORTAG Attempt to write file successful FILETAG Ant sword connection successful FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-36412",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1838",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1838",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-07-03T03:57:55Z",
- "description": "A heap buffer overflow in function APITAG Hello, A heap buffer overflow has occurred when running program APITAG can reproduce on the lattest commit. System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of gpac APITAG APITAG NUMBERTAG run APITAG APITAG asan info ERRORTAG source code of rtp_pck_mpeg NUMBERTAG c CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-36548",
- "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/470",
- "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/470",
- "Repo_new": "monstra-cms/monstra",
- "Issue_Created_At": "2021-07-05T02:51:41Z",
- "description": "RCE APITAG Code Execution via Theme Blog Monstra version NUMBERTAG Describe the bug An attacker could insert any executable code through php via Theme Blog to execution command in the server To Reproduce NUMBERTAG Log into the panel NUMBERTAG Go to PATHTAG NUMBERTAG Click edit Blog NUMBERTAG Insert payload FILETAG APITAG APITAG <form method=\"GET\" name=\"<?php echo basename($_SERVER FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-36414",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1840",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1840",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-07-05T12:32:43Z",
- "description": "heap buffer overflow issue with gpac APITAG Hello, A heap buffer overflow has occurred when running program APITAG leads to a Deny of Service caused by dividing zero without sanity check,this can reproduce on the lattest commit. System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG FILETAG file: media.c APITAG line NUMBERTAG As below code shows: CODETAG Verification steps\uff1a APITAG the source code of gpac APITAG APITAG NUMBERTAG run APITAG APITAG In Command line: ERRORTAG gdb info FILETAG asan info ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-41821",
- "Issue_Url_old": "https://github.com/wazuh/wazuh/issues/9201",
- "Issue_Url_new": "https://github.com/wazuh/wazuh/issues/9201",
- "Repo_new": "wazuh/wazuh",
- "Issue_Created_At": "2021-07-05T16:36:54Z",
- "description": "Potential integer underflow in remote code. APITAG APITAG APITAG APITAG | | | | | | | Latest | Remoted| APITAG | APITAG | OS version | Hello team, After checking the remote code, we observed something that should be reviewed because it could incur an integer underflow. Specifically here: URLTAG After defining the size, and depending on the input value, the following can have a lower value: URLTAG For instance, with a buffer of APITAG Regards, Miguel Casares",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-36584",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1842",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1842",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-07-06T02:59:40Z",
- "description": "heap buffer overflow in gp_rtp_builder_do_t NUMBERTAG g. Hello, A heap buffer overflow has occurred when running program APITAG can reproduce on the lattest commit. System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of gpac APITAG APITAG NUMBERTAG run APITAG APITAG asan info ERRORTAG source code ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-38191",
- "Issue_Url_old": "https://github.com/tokio-rs/tokio/issues/3929",
- "Issue_Url_new": "https://github.com/tokio-rs/tokio/issues/3929",
- "Repo_new": "tokio-rs/tokio",
- "Issue_Created_At": "2021-07-06T09:45:58Z",
- "description": "Task dropped in wrong thread when aborting APITAG task. When aborting a task with APITAG , the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a APITAG . See this example that exploits it to send a non send value to a different thread: CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.9,
- "impactScore": 3.6,
- "exploitabilityScore": 2.2
- },
- {
- "CVE_ID": "CVE-2021-36605",
- "Issue_Url_old": "https://github.com/3xxx/engineercms/issues/52",
- "Issue_Url_new": "https://github.com/3xxx/engineercms/issues/52",
- "Repo_new": "3xxx/engineercms",
- "Issue_Created_At": "2021-07-06T14:16:22Z",
- "description": "APITAG has a stored XSS vulnerability. Description There is no escaping in the nickname field on the user list APITAG viewing this page, the APITAG code will be executed in the user's browser. Impact Version NUMBERTAG Steps to Reproduce APITAG the profile page after logging in\uff0c APITAG APITAG on the nickname and insert the javascript code\uff0c ERRORTAG APITAG save, the payload has been executed FILETAG The original request is as follows\uff1a ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-36417",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1846",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1846",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-07-07T03:09:17Z",
- "description": "A heap buffer overflow has occurred in function gf_isom_dovi_config_get. Hello, A heap buffer overflow has occurred in function gf_isom_dovi_config_get of APITAG when running program APITAG can reproduce on the lattest commit. System info\uff1a Ubuntu NUMBERTAG clang NUMBERTAG gcc NUMBERTAG FILETAG Verification steps\uff1a APITAG the source code of gpac APITAG APITAG NUMBERTAG run APITAG APITAG command line ERRORTAG asan info ERRORTAG source code CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-36550",
- "Issue_Url_old": "https://github.com/r0ck3t1973/xss_payload/issues/6",
- "Issue_Url_new": "https://github.com/r0ck3t1973/xss_payload/issues/6",
- "Repo_new": "r0ck3t1973/xss_payload",
- "Issue_Created_At": "2021-07-07T12:52:26Z",
- "description": "Bypass Cross Site Script Vulnerability on APITAG in APITAG version NUMBERTAG Hi, I found stored xss in Categories. To Reproduce NUMBERTAG Login into the panel NUMBERTAG Go to Documents: 'tiki NUMBERTAG tiki APITAG NUMBERTAG Click Categories: PATHTAG NUMBERTAG Create category NUMBERTAG insert payload bypass xss: APITAG APITAG APITAG NUMBERTAG Click Categories >> Click2 >> Boom alert message xss! Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. POC FILETAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-36551",
- "Issue_Url_old": "https://github.com/r0ck3t1973/xss_payload/issues/7",
- "Issue_Url_new": "https://github.com/r0ck3t1973/xss_payload/issues/7",
- "Repo_new": "r0ck3t1973/xss_payload",
- "Issue_Created_At": "2021-07-07T12:53:38Z",
- "description": "Bypass Cross Site Script Vulnerability on APITAG in APITAG version NUMBERTAG Hi Team, I found stored xss in Calendar To Reproduce NUMBERTAG Login into panel NUMBERTAG Go to Documents: PATHTAG NUMBERTAG Click Calendar: PATHTAG NUMBERTAG Click Add Event NUMBERTAG insert payload bypass xss in Description APITAG NUMBERTAG Click Details Event >> APITAG Boom alert message xss! Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\u2019s machine under the guise of the vulnerable site. POC FILETAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-38221",
- "Issue_Url_old": "https://github.com/mlogclub/bbs-go/issues/112",
- "Issue_Url_new": "https://github.com/mlogclub/bbs-go/issues/112",
- "Repo_new": "mlogclub/bbs-go",
- "Issue_Created_At": "2021-07-08T08:49:52Z",
- "description": "There are several stored XSS vulnerabilities. Affected version NUMBERTAG all versions yet) Including Custom Edition I guess. Usage of \"v html\" tag should be really careful in vue. I found several unsafe usage in bbs go webpage which data source might be from any user. It's necessary to filter the rich text before it is posted to the client. Otherwise it will be dangerous. Here is the XSS attack example screenshot (one of them) : FILETAG And the unsafe \"v html\" tag for topic content (one of them) : FILETAG I will report the poc code after mlogclub team confirm and fix this defect.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-36654",
- "Issue_Url_old": "https://github.com/boiteasite/cmsuno/issues/17",
- "Issue_Url_new": "https://github.com/boiteasite/cmsuno/issues/17",
- "Repo_new": "boiteasite/cmsuno",
- "Issue_Created_At": "2021-07-09T00:02:59Z",
- "description": "APITAG NUMBERTAG stored XSS. Hi :) cmsuno version NUMBERTAG is vulnerable to a stored cross site scripting. An authenticated attacker can inject a payload while updating the template's image filename after intercepting the request using Burpsuite via the tgo parameter. After successful update of the template, the xss is poped up in the website page. Steps to reproduce NUMBERTAG Go to FILETAG and click on plugins NUMBERTAG Click on Logo FILETAG NUMBERTAG Choose a random picture in your files repository, click on save and intercept the request using APITAG NUMBERTAG Change the tgo parameter value with the following FILETAG NUMBERTAG Forward the request and click on publish FILETAG NUMBERTAG Click on See the website FILETAG NUMBERTAG SS FILETAG FILETAG Thanks",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-37231",
- "Issue_Url_old": "https://github.com/wez/atomicparsley/issues/30",
- "Issue_Url_new": "https://github.com/wez/atomicparsley/issues/30",
- "Repo_new": "wez/atomicparsley",
- "Issue_Created_At": "2021-07-09T10:40:38Z",
- "description": "A stack buffer overflow occurs while parsing a file. S ystem Configuration APITAG version: atomicparsley APITAG ERRORTAG NUMBERTAG f Used arguments: T NUMBERTAG t + Environment APITAG system, version and so on): Ubuntu NUMBERTAG bit Additional information: compilation with asan NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG fffffffd NUMBERTAG at pc NUMBERTAG ffff NUMBERTAG e NUMBERTAG d bp NUMBERTAG fffffffd NUMBERTAG sp NUMBERTAG fffffffcce8 WRITE of size NUMBERTAG at NUMBERTAG fffffffd NUMBERTAG thread T0 Program received signal SIGSEGV, Segmentation fault NUMBERTAG ffff6ffcc NUMBERTAG in ?? () from PATHTAG NUMBERTAG ffff6ffe NUMBERTAG b in APITAG () from PATHTAG NUMBERTAG ffff NUMBERTAG b4a NUMBERTAG in ?? () from PATHTAG NUMBERTAG ffff NUMBERTAG af7f7 in ?? () from PATHTAG NUMBERTAG ffff NUMBERTAG ed in ?? () from PATHTAG NUMBERTAG ffff NUMBERTAG in ?? () from PATHTAG NUMBERTAG ffff NUMBERTAG e NUMBERTAG af in ?? () from PATHTAG NUMBERTAG fd NUMBERTAG in fread (__stream NUMBERTAG n NUMBERTAG c, __size NUMBERTAG ptr NUMBERTAG fffffffd6cd) at PATHTAG NUMBERTAG APITAG (buffer NUMBERTAG fffffffd6cd \"\", APITAG pos=<optimized out>, length NUMBERTAG c) at PATHTAG ERRORTAG PATHTAG NUMBERTAG a NUMBERTAG d0 in APITAG APITAG \"\", APITAG APITAG APITAG at PATHTAG ERRORTAG PATHTAG NUMBERTAG a NUMBERTAG b in APITAG (isofile=<optimized out>, optional_output=<optimized out>) at PATHTAG ERRORTAG PATHTAG I've attached the file. Please download and check the file. FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-36692",
- "Issue_Url_old": "https://github.com/libjxl/libjxl/issues/308",
- "Issue_Url_new": "https://github.com/libjxl/libjxl/issues/308",
- "Repo_new": "libjxl/libjxl",
- "Issue_Created_At": "2021-07-09T12:29:54Z",
- "description": "A stack use after scope issue with cjxl encode routine. Describe the bug A stack use after scope issue was discovered in cjxl encode routine when building with ASAN. To Reproduce Steps to reproduce the behavior: CODETAG The crash file FILETAG . Expected behavior cjxl should encode the PNG to JXL successfully. Environment OS NUMBERTAG generic NUMBERTAG Ubuntu Compiler version: clang version NUMBERTAG CPU type NUMBERTAG cjxl/djxl version string: cjxl NUMBERTAG APITAG Additional context ERRORTAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-45705",
- "Issue_Url_old": "https://github.com/Absolucy/nanorand-rs/issues/28",
- "Issue_Url_new": "https://github.com/absolucy/nanorand-rs/issues/28",
- "Repo_new": "absolucy/nanorand-rs",
- "Issue_Created_At": "2021-07-10T22:52:06Z",
- "description": "Aliased mutable references with APITAG . Due to the implementation of APITAG & APITAG , the following code is unsound: ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-36701",
- "Issue_Url_old": "https://github.com/danpros/htmly/issues/481",
- "Issue_Url_new": "https://github.com/danpros/htmly/issues/481",
- "Repo_new": "danpros/htmly",
- "Issue_Created_At": "2021-07-11T05:35:39Z",
- "description": "Arbitrary file deletion and Persistent XSS exists on htmly NUMBERTAG An Arbitrary file deletion vulnerability in the backend In PATHTAG line NUMBERTAG ERRORTAG When we delete our backup files, we can delete any files on the system through directory traversal. APITAG example: When we login, we can go to setting > backup > Creat back, then we client delete, we can get a link. when we modify the file field to APITAG and submit. CODETAG The administrator information has been deleted and no one can login to the system NUMBERTAG Persistent XSS on Blog title Since the Blog title is not processed by htmlentities APITAG when we modify the Blog title to APITAG , Javascript is executed. APITAG APITAG NUMBERTAG Persistent XSS on Creating regular blog post. When we Creating regular blog post. Enter in Content APITAG and visit this article, Javascript is executed. APITAG APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.1,
- "impactScore": 5.2,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-37593",
- "Issue_Url_old": "https://github.com/advisto/peel-shopping/issues/3",
- "Issue_Url_new": "https://github.com/advisto/peel-shopping/issues/3",
- "Repo_new": "advisto/peel-shopping",
- "Issue_Created_At": "2021-07-11T15:58:00Z",
- "description": "SQL Injection in APITAG parameter APITAG Vulnerability Name: SQL Injection in APITAG parameter Date of Discovery NUMBERTAG July NUMBERTAG Product version NUMBERTAG Download link URLTAG Author: faisalfs NUMBERTAG ulnerability Description: Public user/guest (unauthenticated) can inject malicious SQL query in order to affect the execution of predefined SQL commands via the \"_id_\" parameter on the PATHTAG endpoint. Upon successful of SQL injection attack, attacker can read sensitive data from the database or modify database data. Vulnerable URL: _ URLTAG Proof of Concept NUMBERTAG Assumed peel shopping NUMBERTAG out of box installation database name is _peel_. This query will check if APITAG name like _hex(%peel%)_ it will delay for NUMBERTAG seconds before redirect to homepage ( URLTAG that indicates TRUE SQL statement which mean the database name like \"_peel_\". url : URLTAG FILETAG NUMBERTAG Assumed the web is using APITAG database server check if db_version like APITAG it will delay for NUMBERTAG seconds if TRUE. url : URLTAG FILETAG NUMBERTAG By default, the database have a table name = peel_produits. This query will check if table_name _peel_produits_ is exist, it will delay for NUMBERTAG seconds if TRUE, else will redirect to homepage instantly. url : URLTAG FILETAG To produce SQL syntax error, it is possible to intercept the request before it is redirect to homepage using a tool like APITAG (repeater). Error syntax: URLTAG NUMBERTAG FILETAG NUMBERTAG FILETAG Dump table name = peel_profil FILETAG Consequences: Confidentiality: Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL Injection vulnerabilities. Integrity: Just as it may be possible to read sensitive information eg client/customer sensitive data, it is also possible to make changes or even delete this information with a SQL Injection attack. Mitigation: Use of Prepared Statements (with Parameterized Queries) References for Mitigation Vulnerability: FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
- "severity": "CRITICAL",
- "baseScore": 9.1,
- "impactScore": 5.2,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2020-36517",
- "Issue_Url_old": "https://github.com/home-assistant/plugin-dns/issues/51",
- "Issue_Url_new": "https://github.com/home-assistant/plugin-dns/issues/51",
- "Repo_new": "home-assistant/plugin-dns",
- "Issue_Created_At": "2021-07-11T20:22:04Z",
- "description": "Dns stops resolving within hours/days. Ha is configured with a local dns resolver, while all other means of resolving are blocked on our home automation subnet. When (re)started, HA dns runs perfectly fine, and can resolve all queries through the assigned server. CODETAG After a few hours, the resolver just stops resolving through the programmed server. and switches to dot NUMBERTAG APITAG for all dns requests, which are all refused by the router ofcourse. Somehow HA jforgot, that APITAG is its assigned dns server. I'd like to add full dns logs, but 'ha dns logs' just gives me the last errors, and not the full logfile. If there's a way to give more info, let me know and I'll add the data.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-37232",
- "Issue_Url_old": "https://github.com/wez/atomicparsley/issues/32",
- "Issue_Url_new": "https://github.com/wez/atomicparsley/issues/32",
- "Repo_new": "wez/atomicparsley",
- "Issue_Created_At": "2021-07-13T05:27:45Z",
- "description": "A stack buffer overflow occurs while parsing movie details. System Configuration APITAG version: atomicparsley APITAG Used arguments: T NUMBERTAG t + Environment APITAG system, version and so on): Ubuntu NUMBERTAG bit Additional information: compilation with asan Description Buffer overflow occurs while NUMBERTAG bit APITAG NUMBERTAG line) because the size of the APITAG NUMBERTAG line) is small NUMBERTAG bytes NUMBERTAG ERROR: APITAG stack buffer overflow on address NUMBERTAG fffffffd8c5 at pc NUMBERTAG ffff NUMBERTAG e NUMBERTAG d bp NUMBERTAG fffffffd5d0 sp NUMBERTAG fffffffcd NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG fffffffd8c5 thread T NUMBERTAG ffff NUMBERTAG e NUMBERTAG c ( PATHTAG NUMBERTAG fd NUMBERTAG in fread PATHTAG NUMBERTAG fd NUMBERTAG in APITAG , _IO_FILE , unsigned long) PATHTAG NUMBERTAG a NUMBERTAG a0 in APITAG , _IO_FILE , Trackage , APITAG ) PATHTAG NUMBERTAG a NUMBERTAG in APITAG , unsigned char) PATHTAG NUMBERTAG c NUMBERTAG e7 in real_main(int, char ) PATHTAG NUMBERTAG ffff NUMBERTAG b2 in __libc_start_main ( PATHTAG NUMBERTAG d in _start ( PATHTAG ) Address NUMBERTAG fffffffd8c5 is located in stack of thread T0 at offset NUMBERTAG in frame NUMBERTAG a NUMBERTAG df in APITAG , unsigned char) PATHTAG This frame has NUMBERTAG object(s): FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-23409",
- "Issue_Url_old": "https://github.com/pires/go-proxyproto/issues/75",
- "Issue_Url_new": "https://github.com/pires/go-proxyproto/issues/75",
- "Repo_new": "pires/go-proxyproto",
- "Issue_Created_At": "2021-07-13T07:56:23Z",
- "description": "APITAG is setting a hard timeout on connections regardless of header sending. I think this setting is supposed to timeout connections that are not sending the headers and terminate them after this amount of time. However, I set the setting to NUMBERTAG seconds, and the result is that all connections are terminated after NUMBERTAG seconds, even if they correctly sent the headers. The connection starts up, but is then abruptly ended after the NUMBERTAG seconds are passed. I think what is missing in NUMBERTAG is a call to APITAG to reset the timeout after the proxy header was sent successfully.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2022-1122",
- "Issue_Url_old": "https://github.com/uclouvain/openjpeg/issues/1368",
- "Issue_Url_new": "https://github.com/uclouvain/openjpeg/issues/1368",
- "Repo_new": "uclouvain/openjpeg",
- "Issue_Created_At": "2021-07-13T08:56:46Z",
- "description": "Exist a issues of freeing uninitialized pointer in PATHTAG will cause a segfault. Hi, I found a segmentation fault in current master, and I also reproduced it on latest released version NUMBERTAG Crash Summary\uff1a A issues of freeing uninitialized pointer exist in PATHTAG in main, it can lead to a segmentation fault via the POC provided below Crash Analysis NUMBERTAG run command: ./opj_decompress APITAG input APITAG BMP NUMBERTAG If there are lots of files in the imgdir directory, that will cause memory malloc failure FILETAG NUMBERTAG Then, since the pointer dirptr >filename is not initialized, free(dirptr >filename) is failed FILETAG GDB debugging results\uff1a FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-36797",
- "Issue_Url_old": "https://github.com/victronenergy/venus/issues/836",
- "Issue_Url_new": "https://github.com/victronenergy/venus/issues/836",
- "Repo_new": "victronenergy/venus",
- "Issue_Created_At": "2021-07-13T18:59:06Z",
- "description": "APITAG Root login by default. I am using APITAG on a Raspberry Pi for testing purposes and it seems that the default account setup is against security best practices: Root login should be disabled with all access which requires root done through sudo A standard user should be configured for normal access (e.g. pi ) A default password may be provided but it should be forcibly changed on first login Auto login should be disabled by default The documentation should recommend changing the password As it is at the moment, there are likely many devices running APITAG with unsecured root privileges available by default. It would also be beneficial to add a security policy to this repo so that vulnerabilities such as this can be highlighted in private while they are addressed: URLTAG",
- "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.8,
- "impactScore": 5.9,
- "exploitabilityScore": 0.9
- },
- {
- "CVE_ID": "CVE-2021-25740",
- "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/103675",
- "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/103675",
- "Repo_new": "kubernetes/kubernetes",
- "Issue_Created_At": "2021-07-14T03:30:07Z",
- "description": "WIP.",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
- "severity": "LOW",
- "baseScore": 3.1,
- "impactScore": 1.4,
- "exploitabilityScore": 1.6
- },
- {
- "CVE_ID": "CVE-2021-42716",
- "Issue_Url_old": "https://github.com/nothings/stb/issues/1166",
- "Issue_Url_new": "https://github.com/nothings/stb/issues/1166",
- "Repo_new": "nothings/stb",
- "Issue_Created_At": "2021-07-14T10:52:47Z",
- "description": "stbi__pnm_load heap buffer overflow bug . i find a heap buffer overflow(oob read) FILETAG in stbi__pnm_load, if req_comp && req_comp != s >img_n, the will call stbi__convert_format, But it does not multiply ri >bits_per_channel NUMBERTAG if ri.bits_per_channel NUMBERTAG will call stbi__convert NUMBERTAG to NUMBERTAG and make oob read APITAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.1,
- "impactScore": 5.2,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-27884",
- "Issue_Url_old": "https://github.com/YMFE/yapi/issues/2263",
- "Issue_Url_new": "https://github.com/ymfe/yapi/issues/2263",
- "Repo_new": "ymfe/yapi",
- "Issue_Created_At": "2021-07-15T11:41:16Z",
- "description": "YAPI NUMBERTAG days\u6f0f\u6d1e\uff0c\u53d1\u73b0\u670d\u52a1\u5668\u4ee3\u7801\u5360\u6ee1\u4e86. \u7248\u672c\u53f7 ~ \u4ec0\u4e48\u95ee\u9898 ~ \u5982\u4f55\u590d\u73b0\u6b64\u95ee\u9898 ~ APITAG \u4ec0\u4e48\u6d4f\u89c8\u5668 ~ APITAG Windows, APITAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.1,
- "impactScore": 2.5,
- "exploitabilityScore": 2.5
- },
- {
- "CVE_ID": "CVE-2022-1227",
- "Issue_Url_old": "https://github.com/containers/podman/issues/10941",
- "Issue_Url_new": "https://github.com/containers/podman/issues/10941",
- "Repo_new": "containers/podman",
- "Issue_Created_At": "2021-07-15T12:56:50Z",
- "description": "podman top not work with userns=keep id container. Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line) /kind bug Description Steps to reproduce the issue NUMBERTAG top with userns=keep id container ERRORTAG NUMBERTAG top with normal container CODETAG NUMBERTAG Describe the results you received: Describe the results you expected: Additional information you deem important (e.g. issue happens only occasionally): Output of podman version : APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-37786",
- "Issue_Url_old": "https://github.com/admin-ch/CovidCertificate-App-iOS/issues/146",
- "Issue_Url_new": "https://github.com/admin-ch/covidcertificate-app-ios/issues/146",
- "Repo_new": "admin-ch/covidcertificate-app-ios",
- "Issue_Created_At": "2021-07-16T14:31:40Z",
- "description": "Covid Check APITAG Crash App (dos). Hello, Small issue, a person could generate a QR code readable by the application (with an invalid signature), with the parameter \"dn\" containing the value APITAG the application will crashes each time the QR code is scanned, the problem is also present on Covid Cert but less problematic, indeed a possible scenario (with a bit of social engineering) is that a person creates a QR code with the payload that crashes the application and presents it to a third party (a restaurant for example), The third party can't check the validity of the certificate because the application will crashes at each scan, the third party could let the access to these services thinking that the certificate is valid and that it's a bug of the application. APITAG maybe extreme but with a lot of chances that it works). Payload : CODETAG APITAG Payload : CODETAG FILETAG Hoping to have helped ^^",
- "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 4.6,
- "impactScore": 3.6,
- "exploitabilityScore": 0.9
- },
- {
- "CVE_ID": "CVE-2021-43429",
- "Issue_Url_old": "https://github.com/Seagate/cortx-s3server/issues/1037",
- "Issue_Url_new": "https://github.com/seagate/cortx-s3server/issues/1037",
- "Repo_new": "seagate/cortx-s3server",
- "Issue_Created_At": "2021-07-18T08:19:31Z",
- "description": "Potential error due to the unreleased lock . Dear developers: Thank you for your checking. In the method APITAG , the lock APITAG may be not released if the branch condition satisfies and the method returns. URLTAG URLTAG CODETAG Best,",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-3660",
- "Issue_Url_old": "https://github.com/cockpit-project/cockpit/issues/16122",
- "Issue_Url_new": "https://github.com/cockpit-project/cockpit/issues/16122",
- "Repo_new": "cockpit-project/cockpit",
- "Issue_Created_At": "2021-07-20T13:49:33Z",
- "description": "Is cockpit vulnerable to clickjacking?. Through a security scan, I was notified: > APITAG remote web server does not set an X Frame Options response header or a Content Security Policy 'frame ancestors' response header in all content responses. This could potentially expose the site to a clickjacking or UI redress attack, in which an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent or malicious transactions._ Suggested solution is: > Return the X Frame Options or Content Security Policy (with the 'frame ancestors' directive) HTTP header with the page's response. Is there a way to do this through the config in cockpit? or is there some other reason it is not subject to clickjacking? Thank you",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.3,
- "impactScore": 1.4,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-37144",
- "Issue_Url_old": "https://github.com/cskaza/cszcms/issues/32",
- "Issue_Url_new": "https://github.com/cskaza/cszcms/issues/32",
- "Repo_new": "cskaza/cszcms",
- "Issue_Created_At": "2021-07-20T20:33:42Z",
- "description": "Bug Report: Multiple Arbitrary File Deletion vulnerability. Vulnerability Name: Multiple Arbitrary File Deletion Date of Discovery NUMBERTAG July NUMBERTAG Product version NUMBERTAG Download link URLTAG Author: faisalfs NUMBERTAG ulnerability Description: When unsanitized user input is supplied to a file deletion function, an arbitrary file deletion vulnerability arises. This occurs in PHP when the APITAG function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization. Exploiting the vulnerability allows an attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker can leverage the capability of arbitrary file deletion to circumvent certain webserver security mechanisms such as deleting .htaccess file that would deactivate those security constraints. Proof of Concept NUMBERTAG ulnerable URL: URLTAG Vulnerable Code: line NUMBERTAG PATHTAG FILETAG Steps to Reproduce NUMBERTAG Login as admin NUMBERTAG Goto Plugin Manager > Article > edit any article NUMBERTAG Upload any image as APITAG Picture\" and APITAG Upload\" and click save button NUMBERTAG Click APITAG File\" button for both APITAG Picture\" and APITAG Upload\" and click save button NUMBERTAG Intercept the request and replace existing image to any files on the server via parameter \"del_file\" and \"del_file2\" FILETAG Proof of Concept NUMBERTAG ulnerable URL: URLTAG Vulnerable Code: line NUMBERTAG PATHTAG FILETAG Step to Reproduce NUMBERTAG Login as admin NUMBERTAG Goto General Menu > Site Setting NUMBERTAG Upload any image as APITAG Logo\" and APITAG of og metatag\" and click save button NUMBERTAG Click APITAG File\" button for both APITAG Logo\" and APITAG of og metatag\" and click save button NUMBERTAG Intercept the request and replace existing image to any files on the server via parameter \"del_file\" and \"del_og_image\" FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.1,
- "impactScore": 5.2,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-37587",
- "Issue_Url_old": "https://github.com/JHUISI/charm/issues/276",
- "Issue_Url_new": "https://github.com/jhuisi/charm/issues/276",
- "Repo_new": "jhuisi/charm",
- "Issue_Created_At": "2021-07-21T14:01:46Z",
- "description": "Broken schemes in last release . Hello, At CT RSA NUMBERTAG enema and Alpar presented attacks against NUMBERTAG schemes and two of them are implemented in the last version of CHARM: DAC MACS and MA ABE YJ NUMBERTAG FILETAG FILETAG Moreover, the YCT NUMBERTAG scheme was broken in NUMBERTAG and is also implemented in CHARM: FILETAG It is possible to attack the NUMBERTAG implementations and mount decryption attacks against them. References: URLTAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-37473",
- "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/26",
- "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/26",
- "Repo_new": "navigatecms/navigate-cms",
- "Issue_Created_At": "2021-07-22T04:24:26Z",
- "description": "Multiple SQL Injection Vulnerabilities Identified in the latest version NUMBERTAG r NUMBERTAG Hi, I would like to report NUMBERTAG SQL Injection vulnerabilities identified in the latest version of the CMS. Vulnerability NUMBERTAG APITAG injection at APITAG vulnerable code: APITAG APITAG APITAG function APITAG { global $layout; global $DB; global $website; $out = ''; $item = new APITAG switch($_REQUEST FILETAG Vulnerability NUMBERTAG id at APITAG Vulnerable code APITAG : APITAG APITAG PATHTAG function APITAG { global $layout; global $DB; global $website; global $theme; global $user; $out = ''; $item = new APITAG switch($_REQUEST['act']) { case \"change_comment_status\": // change comment status if(empty($_REQUEST['id'])) { echo \"false\"; APITAG } switch($_REQUEST['opt']) { case 'publish': $DB >execute(' UPDATE nv_comments SET status NUMBERTAG WHERE website = '.$website >id.' AND APITAG id = '.$_REQUEST['id']); APITAG break; case 'unpublish': $DB >execute(' UPDATE nv_comments SET status NUMBERTAG WHERE website = '.$website >id.' AND APITAG id = '.$_REQUEST['id']); APITAG break; case 'delete': $DB >execute(' DELETE FROM nv_comments WHERE website = '.$website >id.' AND APITAG id = '.$_REQUEST['id']); APITAG break; } APITAG APITAG Attacker can use a traffic similar to: CODETAG Vulnerability NUMBERTAG APITAG at APITAG Vulnerable code APITAG APITAG PATHTAG function APITAG { global $layout; global $DB; global $website; global $theme; global $user; $out = ''; $item = new APITAG switch($_REQUEST['act']) { case 'products_order': if(!empty($_POST['products order'])) { APITAG { // save new order APITAG $response = APITAG order']); APITAG if($response!==true) { echo $response['error']; } else { echo 'true'; } } } APITAG APITAG Then it triggers ERRORTAG Vulnerability NUMBERTAG id in APITAG Vulnerable code: APITAG APITAG PATHTAG case \"change_comment_status\": if(empty($_REQUEST['id'])) { echo \"false\"; APITAG } switch($_REQUEST['opt']) { case 'publish': $DB >execute(' UPDATE nv_comments SET status NUMBERTAG APITAG WHERE website = '.$website >id.' AND id = '.$_REQUEST['id']); APITAG break; case 'unpublish': $DB >execute(' UPDATE nv_comments SET status NUMBERTAG APITAG WHERE website = '.$website >id.' AND id = '.$_REQUEST['id']); APITAG break; case 'delete': $DB >execute(' DELETE FROM nv_comments APITAG WHERE website = '.$website >id.' AND id = '.$_REQUEST['id']); APITAG break; } APITAG APITAG Attacker can easily craft something like this to trigger the vulnerability APITAG Vulnerability NUMBERTAG APITAG at APITAG vulnerable code: APITAG APITAG PATHTAG case 'load': case NUMBERTAG edit/new form if(!empty($_REQUEST['id'])) { APITAG { $item APITAG } else { $item APITAG } } if(isset($_REQUEST['form sent'])) { try { $item APITAG APITAG $item APITAG if(!empty($_REQUEST['property enabled'])) { $enableds = APITAG enabled']); } else { $enableds = APITAG } APITAG $item >id, $_REQUEST['template properties order'], $enableds); APITAG APITAG APITAG Then step into ERRORTAG Vulnerability NUMBERTAG APITAG at APITAG Vulnerable code: CODETAG Then steps into ERRORTAG Attacker can easily craft a traffic as below to cause the injection: APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-3664",
- "Issue_Url_old": "https://github.com/unshiftio/url-parse/issues/206",
- "Issue_Url_new": "https://github.com/unshiftio/url-parse/issues/206",
- "Repo_new": "unshiftio/url-parse",
- "Issue_Created_At": "2021-07-22T14:24:06Z",
- "description": "Security issues Hostname spoofing & Open Redirect. MENTIONTAG MENTIONTAG I have reported a security issue in huntr URLTAG There are NUMBERTAG attack scenarios possible for Open Redirect and Hostname APITAG take a look at the last comment) Please validate and let us know your opinion on this. Thank you.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-37778",
- "Issue_Url_old": "https://github.com/osqzss/gps-sdr-sim/issues/294",
- "Issue_Url_new": "https://github.com/osqzss/gps-sdr-sim/issues/294",
- "Repo_new": "osqzss/gps-sdr-sim",
- "Issue_Created_At": "2021-07-23T13:23:33Z",
- "description": "There is a buffer overflow when parsing command line parameters. Hi friends! When the parameter length is greater than NUMBERTAG characters of MAX_CHAR, the strcpy function overflows. The length check can be performed to fix the problem. APITAG CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-37764",
- "Issue_Url_old": "https://github.com/XOS-Shop/xos_shop_system/issues/1",
- "Issue_Url_new": "https://github.com/xos-shop/xos_shop_system/issues/1",
- "Repo_new": "xos-shop/xos_shop_system",
- "Issue_Created_At": "2021-07-24T23:10:12Z",
- "description": "Security Bug: Arbitrary File Deletion in Admin Panel. Hi MENTIONTAG , I found a file deletion vulnerability in the admin function module Vulnerability Name: Arbitrary File Deletion in Admin Panel Date of Discovery NUMBERTAG July NUMBERTAG Product version NUMBERTAG ulnerability Description: Exploiting the vulnerability allows an attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker can leverage the capability of arbitrary file deletion to circumvent certain webserver security mechanisms such as deleting .htaccess file that would deactivate those security constraints.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.1,
- "impactScore": 5.2,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-45928",
- "Issue_Url_old": "https://github.com/libjxl/libjxl/issues/360",
- "Issue_Url_new": "https://github.com/libjxl/libjxl/issues/360",
- "Repo_new": "libjxl/libjxl",
- "Issue_Created_At": "2021-07-26T11:42:15Z",
- "description": "Out of bounds write in master libjxl reported by oss fuzz. Hello, oss fuzz is reporting an out of bounds write in libjxl master: ERRORTAG Reproducer: FILETAG APITAG testcase minimized NUMBERTAG jxl",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-37600",
- "Issue_Url_old": "https://github.com/karelzak/util-linux/issues/1395",
- "Issue_Url_new": "https://github.com/util-linux/util-linux/issues/1395",
- "Repo_new": "util-linux/util-linux",
- "Issue_Created_At": "2021-07-27T08:45:02Z",
- "description": "Potential integer overflow in ipcutils.c. Hi, It seems that there exists a potential integer overflow that can lead buffer overflows. Please find the following description NUMBERTAG APITAG can be an arbitrary large number URLTAG NUMBERTAG Call to APITAG with the structure URLTAG NUMBERTAG Call to calloc with the large integer can cause a memory allocation with an overflowed size URLTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-37791",
- "Issue_Url_old": "https://github.com/cdfan/my-admin/issues/3",
- "Issue_Url_new": "https://github.com/cdfan/my-admin/issues/3",
- "Repo_new": "cdfan/my-admin",
- "Issue_Created_At": "2021-07-28T06:35:05Z",
- "description": "There is an ultra vires vulnerability in viewing personal center. Log in with user1 account on the trial website given by the author, and click the personal center to capture the package. poc: user1 login > PATHTAG CODETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.9,
- "impactScore": 3.6,
- "exploitabilityScore": 1.2
- },
- {
- "CVE_ID": "CVE-2021-37381",
- "Issue_Url_old": "https://github.com/caiteli/poc_information/issues/1",
- "Issue_Url_new": "https://github.com/caiteli/poc_information/issues/1",
- "Repo_new": "caiteli/poc_information",
- "Issue_Created_At": "2021-07-28T10:24:17Z",
- "description": "letter of thanks. Thank you for your submission about southsoft GMIS NUMBERTAG has a CSRF vulnerability ( CVETAG ). After receiving the vulnerability report, we verified and confirmed its effectiveness. We will fix this vulnerability as soon as possible in subsequent versions. Southsoft APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-37914",
- "Issue_Url_old": "https://github.com/argoproj/argo-workflows/issues/6441",
- "Issue_Url_new": "https://github.com/argoproj/argo-workflows/issues/6441",
- "Repo_new": "argoproj/argo-workflows",
- "Issue_Created_At": "2021-07-28T16:14:54Z",
- "description": "workflow re write vulnerability using input parameter. Summary It's possible to rewrite parts of a workflow on cluster using only an input parameter. Operators who allows users to run workflows specifying input parameters are vulnerable to this. Details From MENTIONTAG : It's possible to rewrite parts of a workflow on cluster using only an input parameter. This relies on taking advantage of the fact that the output of expression templates is evaluated a a literal part of the JSON stringified template. The following workflow accepts a string param, performs a trivial transformation (in this case, just printing it), and then passes the output as an env var to be printed. The poisoned param value is able to overwrite \"args\" because NUMBERTAG the golang JSON marshaler allows duplicate keys and NUMBERTAG the stringified template keys seem to be alphabetically ordered, so the poisoned \"env\" value can override the original \"args\" field. This is just a quick proof of concept. The motivated attacker could probably find a lot of different and nefarious ways to mutate a workflow. I believe this PR would close the vulnerability: URLTAG ERRORTAG Note: there seems to be some non determinism involved. The expected behavior is for the \"print\" step to output \"this happens instead\". If instead you get an error, re submit a few times. APITAG Message from the maintainers : Impacted by this bug? Give it a \ud83d\udc4d. We prioritise the issues with the most \ud83d\udc4d.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 2.5,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-39371",
- "Issue_Url_old": "https://github.com/geopython/OWSLib/issues/790",
- "Issue_Url_new": "https://github.com/geopython/owslib/issues/790",
- "Repo_new": "geopython/owslib",
- "Issue_Created_At": "2021-07-29T18:30:55Z",
- "description": "Propose to replace lxml with defusedxml. The vulnerabilities caused by using lxml can be addressed by using defusedxml URLTAG . I've had success with just replacing APITAG with APITAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40985",
- "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/444",
- "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/444",
- "Repo_new": "michaelrsweet/htmldoc",
- "Issue_Created_At": "2021-08-02T07:44:48Z",
- "description": "stack buffer underflow in htmldoc. os: ubuntu NUMBERTAG htmldoc version: master branch command : ./htmldoc webpage f FILETAG . APITAG FILETAG asan report ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2022-26291",
- "Issue_Url_old": "https://github.com/ckolivas/lrzip/issues/206",
- "Issue_Url_new": "https://github.com/ckolivas/lrzip/issues/206",
- "Repo_new": "ckolivas/lrzip",
- "Issue_Created_At": "2021-08-02T11:46:06Z",
- "description": "Multiple concurrency UAF bug between APITAG and APITAG function. Dear all, Our tool report that there would be multiple concurrency use after free between APITAG function and APITAG function, in the newest master branch NUMBERTAG afe8. Brief Explanation The related code simplified from APITAG and ERRORTAG are shown as follow: ERRORTAG Both thread T0 and thread T1 operate on a shared variable ucthread (i.e., T0 dealloc the a ucthread through APITAG , and T1 use the ucthread in all statements ERRORTAG , APITAG , and APITAG ). However, a use after free can occur if the deallocation of ucthread before the use of ucthread. For example, the following three thread interleaving can trigger three different UAFs: Interleaving (a) ERRORTAG Interleaving (b) ERRORTAG Interleaving (c) ERRORTAG Reproduce through delay injection To reproduce those use after free errors, we can insert two delays (e.g., APITAG ) into the original source code. For example, to reproduce interleaving (a) as mentioned earlier, you can insert a delay before APITAG statement in function in APITAG , and also a delay after, as shown as follows. ERRORTAG FILETAG compile the program: APITAG Download the testcase (I upload the POC here, please unzip first). FILETAG Run with the testcase with the following command: APITAG Then, you will see the use after free bug report. Here is the trace reported by ASAN: ERRORTAG I'm not sure if these use after free bugs could cause serious harm. I hope you can check whether it is necessary to fix these bugs. Thanks.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45834",
- "Issue_Url_old": "https://github.com/opendocman/opendocman/issues/326",
- "Issue_Url_new": "https://github.com/opendocman/opendocman/issues/326",
- "Repo_new": "opendocman/opendocman",
- "Issue_Created_At": "2021-08-02T17:49:53Z",
- "description": "Trying to get in touch regarding a security issue. Hi there, I couldn't find a APITAG in your repository and am not sure how to best contact you privately to disclose a security issue. Can you add a APITAG file with an e mail to your repository, so that our system can send you the vulnerability details? APITAG suggests that a security policy URLTAG is the best way to make sure security issues are responsibly disclosed. Once you've done that, you should receive an e mail within the next hour with more info. Thanks! (cc APITAG helper)",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-46743",
- "Issue_Url_old": "https://github.com/firebase/php-jwt/issues/351",
- "Issue_Url_new": "https://github.com/firebase/php-jwt/issues/351",
- "Repo_new": "firebase/php-jwt",
- "Issue_Created_At": "2021-08-04T05:17:10Z",
- "description": "Possibility of Reintroducing HS NUMBERTAG RSA NUMBERTAG Type Confusion. This is a follow up to the HS NUMBERTAG RS NUMBERTAG Type Confusion attack URLTAG against the JWT protocol. Now, firebase/php jwt attempts to side step this risk by forcing the user to hard code the algorithms they wish to support. URLTAG If APITAG is an array, and APITAG contains a kid field, the key used to verify a token is determined by the kid header. URLTAG Let's say you're a service that wants to check APITAG tokens against one key type and APITAG tokens against another. Your APITAG key has APITAG , while your APITAG public key has APITAG . You might call php jwt like so: CODETAG If anyone ever sets up JWT like this: Congratulations! you've just reintroduced the critical vulnerability in your usage of the app. All you have to do is set APITAG and use the SHA NUMBERTAG hash of the RSA public key as an HMAC key, and you can mint tokens all day long. What's going on here? The fundamental problem is that the keys passed to firebase/php jwt are just strings. This flies in the face of cryptography engineering best practices: A key should always be considered to be the raw key material alongside its parameter choices URLTAG . Is this a security vulnerability? This is not a vulnerability in the firebase/php jwt library. It is, however, a very sharp edge that an unsuspecting developer could cut themselves on. Cryptography should be easy to use, hard to misuse, and secure by default. Whether the JOSE authors want to acknowledge it or not, what they published was a cryptographic protocol one that fails to live up to these tenets. It's worth noting that PASETO URLTAG mitigates this in its specification, so library authors don't have to even worry about it. The good news is: This can be easily fixed. The bad news is: It constitutes a backwards compatibility break. How to Fix This Library If you were to update the API to require keys to be a Keyring object, which maps a string APITAG ( kid ) to a APITAG object and that APITAG object had a hard coded algorithm that it could be used with then this issue would be easily avoided. Pseudocode ERRORTAG ERRORTAG ERRORTAG CODETAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
- "severity": "CRITICAL",
- "baseScore": 9.1,
- "impactScore": 5.2,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2022-29583",
- "Issue_Url_old": "https://github.com/kardianos/service/issues/289",
- "Issue_Url_new": "https://github.com/kardianos/service/issues/289",
- "Repo_new": "kardianos/service",
- "Issue_Created_At": "2021-08-04T08:33:58Z",
- "description": "Windows service: unquoted service path can allow for privilege escalation. Hello! We use Telegraf URLTAG (which depend on this library) and our vulnerability scanner notifies us of the following vulnerability with the telegraf service: Windows Unquoted Search Path or Element can allow local privilege escalation URLTAG I did some brief digging around and I think the problem boils down to this line: URLTAG Here you take the path to the executing program (if I understood correctly) and later use it when you install the service. Doing this without adding quotes to the path means that the unquoted service path issue comes into effect. You should be able to simply add quotes to the path, and in doing to solve the issue at hand.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-38712",
- "Issue_Url_old": "https://github.com/helloxz/onenav/issues/25",
- "Issue_Url_new": "https://github.com/helloxz/onenav/issues/25",
- "Repo_new": "helloxz/onenav",
- "Issue_Created_At": "2021-08-04T08:58:49Z",
- "description": "disclosure of information about sqlite. disclosure of information about sqlite I download this cms and i first install it . FILETAG APITAG CODETAG bug code : APITAG then i try to require PATHTAG and PATHTAG http response status NUMBERTAG it means i can download onenav.db3 and FILETAG can gets some privacy information you can add some random code to document name or sqlite database name . this cms has many users.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-38113",
- "Issue_Url_old": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/1387",
- "Issue_Url_new": "https://github.com/e2openplugins/e2openplugin-openwebif/issues/1387",
- "Repo_new": "e2openplugins/e2openplugin-openwebif",
- "Issue_Created_At": "2021-08-04T12:12:19Z",
- "description": "Stored XSS bug.. Description Inserting APITAG code into the APITAG Bouquet\" function in the Bouquet Editor leads to Stored XSS. The payload in the APITAG executes each time the user goes to the OWIF interface and redirects to a different webpage. APITAG Link to streamable URLTAG Image OS: APITAG Version NUMBERTAG Desktop Browser APITAG Version APITAG CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-38138",
- "Issue_Url_old": "https://github.com/helloxz/onenav/issues/26",
- "Issue_Url_new": "https://github.com/helloxz/onenav/issues/26",
- "Repo_new": "helloxz/onenav",
- "Issue_Created_At": "2021-08-05T06:53:41Z",
- "description": "APITAG add link function exists xss vul. add link function path FILETAG input xss payload NUMBERTAG APITAG alert(\"XSS\") APITAG FILETAG click \u6dfb\u52a0 button FILETAG alert xss success input xss payload NUMBERTAG APITAG APITAG FILETAG Get user cookie success",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-44685",
- "Issue_Url_old": "https://github.com/dwisiswant0/advisory/issues/3",
- "Issue_Url_new": "https://github.com/dwisiswant0/advisory/issues/3",
- "Repo_new": "dwisiswant0/advisory",
- "Issue_Created_At": "2021-08-05T09:11:06Z",
- "description": "OS Command Injection in huntr NUMBERTAG Description _TBD_ CVE ID : _N/A_ References _URL_",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45459",
- "Issue_Url_old": "https://github.com/dwisiswant0/advisory/issues/4",
- "Issue_Url_new": "https://github.com/dwisiswant0/advisory/issues/4",
- "Repo_new": "dwisiswant0/advisory",
- "Issue_Created_At": "2021-08-05T09:12:53Z",
- "description": "OS Command Injection in huntr NUMBERTAG e NUMBERTAG d NUMBERTAG d NUMBERTAG cb NUMBERTAG d0b cb7c NUMBERTAG ac NUMBERTAG Description _TBD_ CVE ID : _N/A_ References _URL_",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44684",
- "Issue_Url_old": "https://github.com/dwisiswant0/advisory/issues/5",
- "Issue_Url_new": "https://github.com/dwisiswant0/advisory/issues/5",
- "Repo_new": "dwisiswant0/advisory",
- "Issue_Created_At": "2021-08-05T09:13:27Z",
- "description": "OS Command Injection in huntr ff NUMBERTAG b NUMBERTAG e NUMBERTAG c NUMBERTAG bf NUMBERTAG ec NUMBERTAG a NUMBERTAG Description _TBD_ CVE ID : _N/A_ References _URL_",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2022-24434",
- "Issue_Url_old": "https://github.com/mscdex/busboy/issues/250",
- "Issue_Url_new": "https://github.com/mscdex/busboy/issues/250",
- "Repo_new": "mscdex/busboy",
- "Issue_Created_At": "2021-08-05T18:27:04Z",
- "description": "Security alert: Busboy can crash on manipulated multipart/form data header names. I already wrote a PR for this problem. which is actually a problem of Dicer which busboy uses. For more information see mscdex/dicer NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-38384",
- "Issue_Url_old": "https://github.com/dherault/serverless-offline/issues/1259",
- "Issue_Url_new": "https://github.com/dherault/serverless-offline/issues/1259",
- "Repo_new": "dherault/serverless-offline",
- "Issue_Created_At": "2021-08-05T18:28:59Z",
- "description": "Custom Authorizer and AWS deployed stack don't have the same behavior. Bug Report APITAG Current Behavior APITAG When using a Custom Authorizer, the behaviour of serverless offline differs from the deployed stack on AWS. Sample Code APITAG This is where we define the function event trigger. As it's clear to see, we expect a HTTP POST on APITAG file: FILETAG APITAG Our custom authorizer APITAG method looks like this. file: FILETAG CODETAG We're basically generating the following policy to someone with the role \"USER\": CODETAG Expected behavior/code APITAG When testing locally using serverless offline, fetching the endpoint URLTAG the response is NUMBERTAG Forbidden as the screenshot shows URLTAG . But when we deploy the stack to AWS, fetching the endpoint URLTAG the result is NUMBERTAG ok as its seen here URLTAG . Environment serverless version NUMBERTAG APITAG version NUMBERTAG APITAG version: APITAG OS : Linux Mint NUMBERTAG Tessa Additional APITAG APITAG We found this issue while doing the research The Fault in Our Stars URLTAG , in which we explore how API Gateway Execute API Policy works under different conditions. One researcher from our company opened the issue NUMBERTAG URLTAG where he indicates another incorrectly behaviour by serverless offline regarding the way it evaluates policies. It still lacks a response to this date.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-38290",
- "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/580",
- "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/580",
- "Repo_new": "daylightstudio/fuel-cms",
- "Issue_Created_At": "2021-08-06T01:58:06Z",
- "description": "Host header attack vulnerability exists in fuel CMS NUMBERTAG An attacker can use man in the middle attack to attack users such as phishing.. The system does not verify the host value. If the host value is modified, the link returned by the website will splice the malicious host value\u3002like this\uff1a FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.1,
- "impactScore": 5.9,
- "exploitabilityScore": 2.2
- },
- {
- "CVE_ID": "CVE-2021-38167",
- "Issue_Url_old": "https://github.com/hap-wi/roxy-wi/issues/285",
- "Issue_Url_new": "https://github.com/hap-wi/roxy-wi/issues/285",
- "Repo_new": "hap-wi/roxy-wi",
- "Issue_Created_At": "2021-08-07T10:27:37Z",
- "description": "multiple vulnerabilities leading to preauth RCE. i found haproxy wi in aws/digitalocean marketplace when i was looking for a solution to manage multiple reverse proxies, since it was opensource i peaked at how it works and found some critical issues when combined leading to pre auth RCE \\ SQL injections: Inside APITAG some SQL statements have user controlled input supplied directly into SQL queries \\ \\ Unauthenticated SQLi when an attacker request any of the pages inside APITAG folder, authentication is checked via APITAG CODETAG APITAG takes uuid cookie value and try to update expiration timestamp for the given uuid with APITAG ERRORTAG uuid cookie value is directly supplied into the query, so an unauthenticated attacker can perform a blind SQL injection to dump the database or extract a valid uuid to bypass authentication \\ \\ authenticated SQLi One example of authenticated SQLi via reaching select_servers function ERRORTAG there's multiple injection points from user supplied input here one way to reach this is from hapservers.py CODETAG this could be exploited by least privilege account such as guest There's some more functions supplying user input to SQL queries \\ Command injection: Inside APITAG and APITAG some commands executed are supplied with user input one of many examples of a second order command injection here: CODETAG haproxy_sock_port is stored in settings table, and an authenticated user can change it from APITAG then calls options page to call that function and execute arbitrary system command most cmds in different functions are prone to command injection or second order from settings stored in the database and user controlled \\ Conclusion combining both unauthenticated SQLi to grab a valid uuid and bypass authentication, then use command injection an unauthenticated user can achieve pre auth RCE",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-38197",
- "Issue_Url_old": "https://github.com/gen2brain/go-unarr/issues/21",
- "Issue_Url_new": "https://github.com/gen2brain/go-unarr/issues/21",
- "Repo_new": "gen2brain/go-unarr",
- "Issue_Created_At": "2021-08-08T06:51:14Z",
- "description": "There is a vulnerability in unarr, which will lead to path traversal vulnerability. There is a vulnerability in unarr, which will lead to path traversal vulnerability Go unarr does not check the contents of the archive. Exploit process NUMBERTAG An attacker can construct a malicious tar package (or any compressed archive file). As shown in the figure below, obviously, this will not succeed under the tar command, because the tar command fixes the vulnerability. FILETAG NUMBERTAG The victim uses go unarr to unzip the archive As shown in the figure below, path traversal occurs during go unarr decompression, and we upload the file to the.. / directory FILETAG NUMBERTAG By triggering the path traversal vulnerability, an attacker can store any file in any privileged place (which means that rce can be caused under root privileges)",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-36691",
- "Issue_Url_old": "https://github.com/libjxl/libjxl/issues/422",
- "Issue_Url_new": "https://github.com/libjxl/libjxl/issues/422",
- "Repo_new": "libjxl/libjxl",
- "Issue_Created_At": "2021-08-08T09:14:24Z",
- "description": "Assertion failed in PATHTAG APITAG Describe the bug Assertion failed when compressing a gif with cjxl. CODETAG To Reproduce Steps to reproduce the behavior: CODETAG FILETAG Expected behavior No assertion failed. Environment OS: APITAG Compiler version: APITAG CPU type NUMBERTAG cjxl/djxl version string: cjxl NUMBERTAG f3e APITAG Additional context It seems that the memory allocation size is too large causing the assertion failed. URLTAG Some gdb information ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-38311",
- "Issue_Url_old": "https://github.com/contiki-os/contiki/issues/2685",
- "Issue_Url_new": "https://github.com/contiki-os/contiki/issues/2685",
- "Repo_new": "contiki-os/contiki",
- "Issue_Created_At": "2021-08-08T13:24:15Z",
- "description": "Telnet servers potentially lead to nonterminating acknowledgment loops. Hello, In the implementation of telnet servers until version NUMBERTAG and even the latest commit NUMBERTAG b5b NUMBERTAG potential nonterminating acknowledgment loops have been found in telnet servers. In order to prevent nonterminating acknowledgment loops, one rule made by RFC NUMBERTAG URLTAG is that, a request must not be acknowledged if a party receives what appears to be the request to enter some mode it is already in. However, when the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands. Hence, potential infinite acknowledgment loops exist in the telnet server during execution, which may lead to denial of service and excessive CPU consumption. Could you have a check? Thanks a lot.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40523",
- "Issue_Url_old": "https://github.com/contiki-os/contiki/issues/2686",
- "Issue_Url_new": "https://github.com/contiki-os/contiki/issues/2686",
- "Repo_new": "contiki-os/contiki",
- "Issue_Created_At": "2021-08-08T13:42:02Z",
- "description": "Incorrectly handling negotiated options of telnet servers. Hello, In the implementation of telnet servers until version NUMBERTAG and even the latest commit NUMBERTAG b5b NUMBERTAG telnet servers incorrectly handle negotiated options. According to the general constraints of RFC NUMBERTAG URLTAG , during negotiating some disabled command options or unnegotiated commands, telnet servers must give WILL/WONT or DO/DONT response for DO and WILL commands, respectively. However, telnet servers may not give any responses in this case. This bug appears as telnet servers put all responses in a fixed length buffer in the implementation. Telnet servers only put messages into buffer but don't have a check whether successfully or not. Hence, when the buffer is full, it can lead to responses lost. This bug could lead to clients waiting forever and other effects. Could you have a check? Thanks a lot.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-38386",
- "Issue_Url_old": "https://github.com/contiki-os/contiki/issues/2687",
- "Issue_Url_new": "https://github.com/contiki-os/contiki/issues/2687",
- "Repo_new": "contiki-os/contiki",
- "Issue_Created_At": "2021-08-08T13:52:04Z",
- "description": "Incorrectly executing commands of telnet servers. Telnet servers can execute many commands from clients like _ls_, _help_, _write_ and _append_. For example, the _ls_ command is able to show the contents of a certain directory in remote servers, and then servers reply executing results to clients. However, telnet servers don't correctly handle all commands. This bug could be reproduced in the case of showing the content of a directory with many files.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-38387",
- "Issue_Url_old": "https://github.com/contiki-os/contiki/issues/2688",
- "Issue_Url_new": "https://github.com/contiki-os/contiki/issues/2688",
- "Repo_new": "contiki-os/contiki",
- "Issue_Created_At": "2021-08-08T14:00:28Z",
- "description": "Silent quit of telnet servers leading to clients waiting forever. After telnet clients connect with telnet servers and send requests to servers, clients are blocked until receiving the responses from servers. So when the telnet server interrupts unexpectedly, the server should give an alert to clients. However, telnet servers often quit silently, thereby leading to clients waiting forever.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-38725",
- "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/581",
- "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/581",
- "Repo_new": "daylightstudio/fuel-cms",
- "Issue_Created_At": "2021-08-09T03:09:21Z",
- "description": "Fuel CMS NUMBERTAG has a brute force vulnerability . IN the forgot password page. Because there is no limit on the number of times, An attacker can brute crack the email address of the administrator. FILETAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-39480",
- "Issue_Url_old": "https://github.com/m4b/bingrep/issues/30",
- "Issue_Url_new": "https://github.com/m4b/bingrep/issues/30",
- "Repo_new": "m4b/bingrep",
- "Issue_Created_At": "2021-08-09T12:42:31Z",
- "description": "memory allocation of NUMBERTAG bytes failed FILETAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-38727",
- "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/582",
- "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/582",
- "Repo_new": "daylightstudio/fuel-cms",
- "Issue_Created_At": "2021-08-10T01:22:52Z",
- "description": "FUEL CMS NUMBERTAG allows SQL Injection via parameter 'col' in PATHTAG FILETAG FILETAG CODETAG payload : APITAG FILETAG FILETAG You can see that when you modify the sleep value, the response has a significant delay.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-38723",
- "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/583",
- "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/583",
- "Repo_new": "daylightstudio/fuel-cms",
- "Issue_Created_At": "2021-08-10T01:26:43Z",
- "description": "FUEL CMS NUMBERTAG allows SQL Injection via parameter 'col' in PATHTAG FILETAG CODETAG payload: APITAG FILETAG FILETAG You can see that when you modify the sleep value, the response has a significant delay.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-38721",
- "Issue_Url_old": "https://github.com/daylightstudio/FUEL-CMS/issues/584",
- "Issue_Url_new": "https://github.com/daylightstudio/fuel-cms/issues/584",
- "Repo_new": "daylightstudio/fuel-cms",
- "Issue_Created_At": "2021-08-10T01:37:40Z",
- "description": "FUEL CMS NUMBERTAG contains a cross site request forgery (CSRF) vulnerability. Because my mailbox function is not configured, it cannot be fully demonstrated. There is a CSRF vulnerability in the password modification page. URLTAG FILETAG csrf POC: CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43298",
- "Issue_Url_old": "https://github.com/embedthis/goahead/issues/304",
- "Issue_Url_new": "https://github.com/embedthis/goahead/issues/304",
- "Repo_new": "embedthis/goahead",
- "Issue_Created_At": "2021-08-10T02:59:10Z",
- "description": "Constant time password comparisons. Summary The password comparison routine employed in versions up to NUMBERTAG used a fail fast comparison which assist brute force password attacks. Detail The APITAG routine used the smatch routine which uses sncmp. This routine would fail as soon as a mismatch was detected. This fail fast behavior may provide information to remove brute force attacks and guide attackers into better password guesses by helping them focus their attacks. Threat Scope and Mitigation The attacker would need persistent access to a high speed network to perform the attack. If the password length is long, the threat level is lower, but a short password could be more vulnerable. Remedy Deploy APITAG NUMBERTAG Please contact Embedthis if you require further information, test code or assistance at EMAILTAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-38751",
- "Issue_Url_old": "https://github.com/exponentcms/exponent-cms/issues/1544",
- "Issue_Url_new": "https://github.com/exponentcms/exponent-cms/issues/1544",
- "Repo_new": "exponentcms/exponent-cms",
- "Issue_Created_At": "2021-08-10T04:04:36Z",
- "description": "HTTP Host Header Attack. Host value in HTTP header is not checked. Modifying Host header in HTTP request modifies the all links to an arbitrary value. Included example request, result, and location of bug in the source code. FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.3,
- "impactScore": 1.4,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-26423",
- "Issue_Url_old": "https://github.com/dotnet/announcements/issues/194",
- "Issue_Url_new": "https://github.com/dotnet/announcements/issues/194",
- "Repo_new": "dotnet/announcements",
- "Issue_Created_At": "2021-08-10T21:50:27Z",
- "description": "Microsoft Security Advisory CVETAG | .NET Core Denial of Service Vulnerability. Microsoft Security Advisory CVETAG | .NET Core Denial of Service Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG where .NET APITAG server applications providing APITAG endpoints could be tricked into endlessly looping while trying to read a single APITAG frame. Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET NUMBERTAG application running on .NET NUMBERTAG or lower Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software , you're exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue, please install the latest version of .NET NUMBERTAG NET Core NUMBERTAG or .NET Core NUMBERTAG If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You should see an output like the following: ERRORTAG If you're using .NET NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG from FILETAG .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG updates are also available from Microsoft Update. To access this either type APITAG for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core or .NET NUMBERTAG please email details to EMAILTAG . Reports may qualify for the Microsoft .NET Core & .NET NUMBERTAG Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at APITAG . Support You can ask questions about this issue on APITAG in the .NET APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-34485",
- "Issue_Url_old": "https://github.com/dotnet/announcements/issues/196",
- "Issue_Url_new": "https://github.com/dotnet/announcements/issues/196",
- "Repo_new": "dotnet/announcements",
- "Issue_Created_At": "2021-08-10T21:53:06Z",
- "description": "Microsoft Security Advisory CVETAG | .NET Core Information Disclosure Vulnerability. Microsoft Security Advisory CVETAG | .NET Core Information Disclosure Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG when dumps created by the tool to collect crash dumps and dumps on demand are created with global read permissions on Linux and APITAG Discussion Discussion for this issue can be found at URLTAG TBD APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET NUMBERTAG application running on .NET NUMBERTAG or lower Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower Any .NET Core NUMBERTAG application running on .NET Core NUMBERTAG or lower APITAG APITAG How do I know if I am affected? If you have a runtime or SDK with a version listed in affected software affected software , you're exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue, please install the latest version of .NET NUMBERTAG NET Core NUMBERTAG or .NET Core NUMBERTAG If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET Core SDKs. You can list the versions you have installed by running the APITAG command. You should see an output like the following: ERRORTAG If you're using .NET NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG for Visual Studio NUMBERTAG or later) from FILETAG If you're using .NET Core NUMBERTAG you should download and install Runtime NUMBERTAG or SDK NUMBERTAG for Visual Studio NUMBERTAG or NUMBERTAG from FILETAG .NET NUMBERTAG NET Core NUMBERTAG and .NET Core NUMBERTAG updates are also available from Microsoft Update. To access this either type APITAG for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates. Once you have installed the updated runtime or SDK, restart your apps for the update to take effect. Additionally, if you've deployed self contained applications URLTAG targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. Other Information Reporting Security Issues If you have found a potential security issue in .NET Core or .NET NUMBERTAG please email details to EMAILTAG . Reports may qualify for the Microsoft .NET Core & .NET NUMBERTAG Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at APITAG . Support You can ask questions about this issue on APITAG in the .NET APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-38756",
- "Issue_Url_old": "https://github.com/kishan0725/Hospital-Management-System/issues/4",
- "Issue_Url_new": "https://github.com/kishan0725/hospital-management-system/issues/4",
- "Repo_new": "kishan0725/hospital-management-system",
- "Issue_Created_At": "2021-08-11T01:57:20Z",
- "description": "Persistent Cross Site Scripting (XSS) Vulnerability in Prescription. Add XSS in Prescription as DOCTOR FILETAG Login as ADMIN FILETAG Persistent XSS upon logging in as ADMIN FILETAG Issue in FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-38755",
- "Issue_Url_old": "https://github.com/kishan0725/Hospital-Management-System/issues/5",
- "Issue_Url_new": "https://github.com/kishan0725/hospital-management-system/issues/5",
- "Repo_new": "kishan0725/hospital-management-system",
- "Issue_Created_At": "2021-08-11T02:12:04Z",
- "description": "Unauthenticated Doctor Deletion Vulnerability. Crafted HTTP packet can delete doctors without being authenticated as receptionist/admin. FILETAG Before: FILETAG After: FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-38757",
- "Issue_Url_old": "https://github.com/kishan0725/Hospital-Management-System/issues/6",
- "Issue_Url_new": "https://github.com/kishan0725/hospital-management-system/issues/6",
- "Repo_new": "kishan0725/hospital-management-system",
- "Issue_Created_At": "2021-08-11T02:15:37Z",
- "description": "Persistent Cross Site Scripting (XSS) Vulnerability in Contact Page. Add XSS to message section of Contact page to target receptionist/admin. FILETAG Log in as receptionist/admin. FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-38754",
- "Issue_Url_old": "https://github.com/kishan0725/Hospital-Management-System/issues/7",
- "Issue_Url_new": "https://github.com/kishan0725/hospital-management-system/issues/7",
- "Repo_new": "kishan0725/hospital-management-system",
- "Issue_Created_At": "2021-08-11T02:47:29Z",
- "description": "SQL Injection Vulnerability in Message Search. Intercept message search and save contents into a text file. FILETAG Run APITAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-37704",
- "Issue_Url_old": "https://github.com/flextype/flextype/issues/567",
- "Issue_Url_new": "https://github.com/flextype/flextype/issues/567",
- "Repo_new": "flextype/flextype",
- "Issue_Created_At": "2021-08-12T03:43:50Z",
- "description": "phpinfo APITAG shows PHP information including values of APITAG cookies.. All NUMBERTAG ersions (prior to NUMBERTAG are affected. System Information Leak ( APITAG ) vulnerability in flextype NUMBERTAG ia the APITAG parameter to NUMBERTAG PATHTAG NUMBERTAG PATHTAG it's allows remote attackers to obtain configuration information via a phpinfo action in a request to FILETAG , which calls the phpinfo function. FILETAG FILETAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.3,
- "impactScore": 1.4,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-42244",
- "Issue_Url_old": "https://github.com/PaquitoSoft/Notimoo/issues/3",
- "Issue_Url_new": "https://github.com/paquitosoft/notimoo/issues/3",
- "Repo_new": "paquitosoft/notimoo",
- "Issue_Created_At": "2021-08-12T20:12:15Z",
- "description": "XSS via title, message. FILETAG NUMBERTAG has an XSS vulnerability which is executed when a title or message containing Javascript code are set in a notification. FILETAG POC Create a notification with a javascript payload: ERRORTAG Affected lines: URLTAG URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-39608",
- "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/52",
- "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/52",
- "Repo_new": "flatcore/flatcore-cms",
- "Issue_Created_At": "2021-08-13T03:50:15Z",
- "description": "RCE via upload addons plugin. RCE via upload addon plugin It was identified that an authenticated user (admin) has the possibility to upload malicious files without any restriction. In this specific case, arbitrary server side PHP code such as web shells can be uploaded. As a result the attacker can run arbitrary code on the server side with the privileges of the web server. This could lead to a full system compromise. To Reproduce Steps to reproduce the behavior NUMBERTAG Login to flatcore CMS (admin user NUMBERTAG Click on APITAG NUMBERTAG Click on APITAG NUMBERTAG Click on APITAG or APITAG NUMBERTAG Choose a malious PHP file (revershell, APITAG example is FILETAG NUMBERTAG URL for malious PHP file: FILETAG Screenshots This POC for vuln : URLTAG Desktop (please complete the following information): OS: tested in Linux Browser : All Version : Last version Additional context This vulnerability is extremely serious affecting the system. An attacker can take control of the entire server.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.2,
- "impactScore": 5.9,
- "exploitabilityScore": 1.2
- },
- {
- "CVE_ID": "CVE-2021-39609",
- "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/53",
- "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/53",
- "Repo_new": "flatcore/flatcore-cms",
- "Issue_Created_At": "2021-08-13T04:02:13Z",
- "description": "Cross Site Scripting (XSS). Describe the bug Cross Site Scripting (XSS) via upload image function To Reproduce Steps to reproduce the behavior NUMBERTAG Login to flatcore CMS NUMBERTAG Click on APITAG file NUMBERTAG Drop svg file contains XSS payload , example filename : xss.svg NUMBERTAG and XSS in url : FILETAG Screenshots FILETAG xss.svg CODETAG Desktop (please complete the following information): OS: All Browser : All Version : Last version Additional context XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-39391",
- "Issue_Url_old": "https://github.com/beego/beego/issues/4727",
- "Issue_Url_new": "https://github.com/beego/beego/issues/4727",
- "Repo_new": "beego/beego",
- "Issue_Created_At": "2021-08-15T12:28:51Z",
- "description": "XSS in Admin Panel. When navigating to a page, the path is not sanitized in the APITAG statistics\" in the admin panel, leading to an XSS. For example, navigating to APITAG leads to an alert when viewed on the admin panel: FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-23448",
- "Issue_Url_old": "https://github.com/jarradseers/config-handler/issues/1",
- "Issue_Url_new": "https://github.com/jarradseers/config-handler/issues/1",
- "Repo_new": "jarradseers/config-handler",
- "Issue_Created_At": "2021-08-15T13:34:55Z",
- "description": "Vulnerable to Prototype Pollution. Hey i recently found that your package is vulnerable to Prototype Pollution. FILETAG APITAG FILETAG APITAG _output_ polluted",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2022-21694",
- "Issue_Url_old": "https://github.com/onionshare/onionshare/issues/1389",
- "Issue_Url_new": "https://github.com/onionshare/onionshare/issues/1389",
- "Repo_new": "onionshare/onionshare",
- "Issue_Created_At": "2021-08-15T16:57:30Z",
- "description": "Use nginx as the web service, instead of flask's APITAG Right now when APITAG starts a web service, it uses APITAG to start it directly in flask. I think instead we should launch an nginx subprocess and use that along with gunicorn to host the flask app. We already have an issue to use gunicorn NUMBERTAG instead of flask directly, and this will be much simpler if we use nginx If we use nginx, we can get gzip for free and don't need to gzip everything and fill up APITAG NUMBERTAG and I suspect we could simplify a lot of the web server code in other ways too If we use nginx, we get simple working range requests NUMBERTAG If we use nginx and implement the download accelerator NUMBERTAG we get much better performance, e.g. quicker download speeds Before implementing this, I'm not sure how a few things will work: Progress bars. If someone downloads a file from nginx, how can we hook into the real time file transfer to make progress bars work? APITAG sharing after files have been sent\". How do we know that the files are finished sending?",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-38713",
- "Issue_Url_old": "https://github.com/helloxz/imgurl/issues/72",
- "Issue_Url_new": "https://github.com/helloxz/imgurl/issues/72",
- "Repo_new": "helloxz/imgurl",
- "Issue_Created_At": "2021-08-16T02:29:43Z",
- "description": "Store Cross Site Script Attack on Upload HTTP Request Header . Hi, how is going? I test imgurl upload functions. And I found a XSS vulnarability. First step\uff1a Put payload on upload header : ERRORTAG FILETAG FILETAG Second then web administrator click FILETAG FILETAG FILETAG The method to solve it: all the request header filter special character\u3002 \u8fc7\u6ee4http\u8bf7\u6c42\u5934\u7684\u6240\u6709\u7279\u6b8a\u5b57\u7b26\u3002",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-39384",
- "Issue_Url_old": "https://github.com/wkeyuan/DWSurvey/issues/80",
- "Issue_Url_new": "https://github.com/wkeyuan/dwsurvey/issues/80",
- "Repo_new": "wkeyuan/dwsurvey",
- "Issue_Created_At": "2021-08-16T02:45:58Z",
- "description": "There are arbitrary file reading vulnerabilities and background rce vulnerabilities. In the latest version of dwsurvey oss NUMBERTAG there is a APITAG Request forwarding. Since the same request object and response object are shared before and after forwarding, the forwarded response will be output to the byte array buffer in memory, and finally the file is written in the printstream function. Because APITAG is a jump between internal resources, you can request internal sensitive files on the server, such as: / WEB INF / FILETAG , causing arbitrary file vulnerabilities by writing and re accessing; In addition, it can also cause rce in combination with background file upload. Request forwarding exists in the server method in the PATHTAG file FILETAG Due to the existence of bytearrayoutputstream, the forwarded response is saved in the byte array buffer in memory The flushdo function was passed in FILETAG Here, it is converted into a string and assigned to the document variable FILETAG Pass in printstream function FILETAG Splice savepath and filename as the target file, and finally write the response content to the file. The savepath and filename variables can also be controlled from the above FILETAG payload\uff1a URLTAG The FILETAG file will be written in the web root directory and then accessed FILETAG Successfully read database configuration file: FILETAG You can also find a file upload place in the background to create rce, create a new questionnaire > Advanced Editor in the background, and upload a picture horse and burpsuite to capture the package FILETAG FILETAG Visit FILETAG \uff0cthe JSP file will be generated in the web root directory Due to the Jsoup. parse method resolution to escape of JSP tags, when tested, when using the ' APITAG APITAG ' tag to package payload, can successfully bypass escaped FILETAG So the uploaded image file content is: APITAG APITAG APITAG Visit URLTAG successfully rce: FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-39383",
- "Issue_Url_old": "https://github.com/wkeyuan/DWSurvey/issues/81",
- "Issue_Url_new": "https://github.com/wkeyuan/dwsurvey/issues/81",
- "Repo_new": "wkeyuan/dwsurvey",
- "Issue_Created_At": "2021-08-16T02:59:50Z",
- "description": "There is a remote command execution vulnerability. The save method in the PATHTAG file directly accepts the parameters passed from the client to write to the file, and the file is directly included in FILETAG , resulting in rce A file write operation was performed on the specified file in the APITAG method FILETAG In the save method, the APITAG method is invoked to write the FILETAG , and the APITAG variable comes from the assignment at the beginning of the Sava method. FILETAG FILETAG FILETAG The APITAG method of the APITAG class filters the request parameters by judging whether the URI contains APITAG FILETAG You can see that it is mainly Chinese substitution for special characters FILETAG Since it is determined whether to call the filter function by judging whether the URI contains APITAG , it can be bypassed by adding APITAG in front of the path Finally, it is found in FILETAG that the file is included FILETAG Poc: ERRORTAG visit URLTAG , success rce: FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40592",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1876",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1876",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-16T09:08:59Z",
- "description": "Infinite Loop in APITAG Hi. There is an infinite loop bug in APITAG to reproduce, follow the command below with the attachment file. APITAG FILETAG Credit : APITAG of Venustech",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-39416",
- "Issue_Url_old": "https://github.com/remoteclinic/RemoteClinic/issues/17",
- "Issue_Url_new": "https://github.com/remoteclinic/remoteclinic/issues/17",
- "Repo_new": "remoteclinic/remoteclinic",
- "Issue_Created_At": "2021-08-16T11:38:23Z",
- "description": "Multiple Cross Site Scripting Vulnerabilities in Remote Clinic NUMBERTAG In Remote Clinic NUMBERTAG there are multiple Cross Site Scripting vulnerabilities via the Contact, Email, Weight, Profession, ref_contact, and address parameters in FILETAG are vulnerable due to the _POSTs not being sanitized properly for XSS despite being sent through the friendly function. In Remote Clinic NUMBERTAG there is Stored Cross Site Scripting and no sanitization for the gender, age, serial parameters when retrieved by _POST in FILETAG to be sent to the database. This is possible by changing the values in the dropdowns in the inspect menu. In Remote Clinic NUMBERTAG in FILETAG , the Contact, Email, Weight, Profession, ref_contact, and address parameters being edited are not sanitized for Cross Site Scripting when they are retrieved by _POST. In Remote APITAG NUMBERTAG in FILETAG , the serial, age, and gender dropdowns are able to be changed via the inspect menu In Remote Clinic NUMBERTAG in FILETAG , the Title, First Name, Last Name, Skype, and Address parameters sent by _POST to be put in the database, is unsanitized and prone to Cross Site Scripting (XSS) In Remote Clinic NUMBERTAG in FILETAG , most of the parameters being passed into the database are sanitized insufficiently. The parameters that allow Cross Site Scripting are portal_name, guardian_short_name, guardian_name, opening_time, closing_time, access_level NUMBERTAG access_level NUMBERTAG access_level NUMBERTAG access_level NUMBERTAG access_level NUMBERTAG currency, mobile_number, address, patient_contact, patient_address, and patient_email.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2020-36517",
- "Issue_Url_old": "https://github.com/home-assistant/plugin-dns/issues/53",
- "Issue_Url_new": "https://github.com/home-assistant/plugin-dns/issues/53",
- "Repo_new": "home-assistant/plugin-dns",
- "Issue_Created_At": "2021-08-17T02:16:14Z",
- "description": "Don't hard code upstream DNS resolvers. Applications should not hard code their own DNS resolvers; they should use the configuration provided by the network (via DHCP) or by the user, perhaps with an overridable default if no other option exists. This is an anti pattern: URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-39274",
- "Issue_Url_old": "https://github.com/1N3/Sn1per/issues/357",
- "Issue_Url_new": "https://github.com/1n3/sn1per/issues/357",
- "Repo_new": "1N3/Sn1per",
- "Issue_Created_At": "2021-08-17T15:39:45Z",
- "description": "Insecure permissions NUMBERTAG on installation folder after running install script allow code execution/privilege escalation.. Sn1per NUMBERTAG free, tested on Ubuntu NUMBERTAG root APITAG uname a Linux snipertest NUMBERTAG gcp NUMBERTAG Ubuntu SMP Wed Jul NUMBERTAG UTC NUMBERTAG APITAG root APITAG cat /etc/lsb release APITAG DISTRIB_RELEASE NUMBERTAG DISTRIB_CODENAME=hirsute APITAG NUMBERTAG Issue is from FILETAG script lines NUMBERTAG snip] mkdir p $INSTALL_DIR NUMBERTAG dev/null chmod NUMBERTAG Rf $INSTALL_DIR NUMBERTAG dev/null chown root $INSTALL_DIR/sniper NUMBERTAG dev/null chmod NUMBERTAG INSTALL_DIR/sniper NUMBERTAG dev/null [snip] root APITAG ls ld PATHTAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG PATHTAG user APITAG id uid NUMBERTAG user) gid NUMBERTAG user) APITAG sudoers) user APITAG cd PATHTAG PATHTAG ls la total NUMBERTAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG Dockerfile rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG bin drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG conf rwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG loot drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG modes drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG plugins drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG pro rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG APITAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG sniper rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG APITAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG templates rwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG wordlists NUMBERTAG Code execution as root via main script modification: PATHTAG mv sniper . APITAG PATHTAG echo \"touch /proof\" > sniper PATHTAG cat . APITAG >> sniper PATHTAG chmod +x sniper PATHTAG ls la sniper rwxrwxr NUMBERTAG user user NUMBERTAG Aug NUMBERTAG sniper PATHTAG root APITAG sniper [ ] Loaded configuration file from PATHTAG [OK] [ ] Loaded configuration file from APITAG [OK] ____ _________ / _/___ ___ _____ / ___/ __ \\ / // __ \\/ _ \\/ ___/ (__ ) / / // // /_/ / __/ / PATHTAG PATHTAG PATHTAG /_/ + =[ FILETAG + =[ Sn1per NUMBERTAG by MENTIONTAG You need to specify a target or workspace to use. Type sniper help for command usage. root APITAG root APITAG ls la /proof rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG proof NUMBERTAG Code execution as root via config file modification PATHTAG mv APITAG . APITAG PATHTAG echo \"touch /proof2\" > APITAG PATHTAG cat . APITAG >> APITAG PATHTAG root APITAG ls la /proof2 ls: cannot access '/proof2': No such file or directory root APITAG sniper [ ] Loaded configuration file from PATHTAG [OK] [ ] Loaded configuration file from APITAG [OK] ____ _________ / _/___ ___ _____ / ___/ __ \\ / // __ \\/ _ \\/ ___/ (__ ) / / // // /_/ / __/ / PATHTAG PATHTAG PATHTAG /_/ + =[ FILETAG + =[ Sn1per NUMBERTAG by MENTIONTAG You need to specify a target or workspace to use. Type sniper help for command usage. root APITAG ls la /proof2 rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG proof2 root APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-39273",
- "Issue_Url_old": "https://github.com/1N3/Sn1per/issues/358",
- "Issue_Url_new": "https://github.com/1n3/sn1per/issues/358",
- "Repo_new": "1N3/Sn1per",
- "Issue_Created_At": "2021-08-17T15:43:44Z",
- "description": "Insecure permissions NUMBERTAG recursively set on installation directory and all files after running main script allow privilege escalation/code execution as root. Sn1per NUMBERTAG free edition, Ubuntu NUMBERTAG Installation directory permissions before first run of the script: root APITAG ls la PATHTAG total NUMBERTAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG Dockerfile rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG bin drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG conf rwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG loot drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG modes drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG plugins drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG pro rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG APITAG rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG sniper rw r r NUMBERTAG root root NUMBERTAG Aug NUMBERTAG APITAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG templates rwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG wordlists Running sn1per: root APITAG sniper t APITAG [ ] Loaded configuration file from PATHTAG [OK] [ ] Loaded configuration file from APITAG [OK] [ ] Saving loot to PATHTAG [OK] [ ] Scanning APITAG [OK] ... [ ] Opening loot directory PATHTAG [OK] + =[ Generating reports... [snip] + =[ Sorting all files... + =[ Removing blank screenshots and files... + =[ Sn1per Professional is not installed. To download Sn1per Professional, go to FILETAG + =[ Done! Permissions on installation directory after script finishes: root APITAG ls la PATHTAG total NUMBERTAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG drwxr xr NUMBERTAG root root NUMBERTAG Aug NUMBERTAG rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG Dockerfile rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG bin drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG conf rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG loot drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG modes drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG plugins drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG pro rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG APITAG rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG FILETAG rwsrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG sniper rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG APITAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG templates rwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG APITAG drwxrwxrw NUMBERTAG root root NUMBERTAG Aug NUMBERTAG wordlists Issue: Lines NUMBERTAG from init function from main script: chmod NUMBERTAG Rf $INSTALL_DIR NUMBERTAG dev/null chown root $INSTALL_DIR/sniper NUMBERTAG dev/null chmod NUMBERTAG INSTALL_DIR/sniper NUMBERTAG dev/null",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40607",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1879",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1879",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-19T02:52:37Z",
- "description": "heap buffer overflow in schm_box_size. It's a heap buffer overflow bug caused by missing NUMBERTAG check of the end of URI. Step to reproduce NUMBERTAG get latest commit code APITAG GPAC version NUMBERTAG DEV re NUMBERTAG gbbd NUMBERTAG e master NUMBERTAG compile with enable sanitizer NUMBERTAG run ./MP4BOX hint poc out /dev/null Env: Ubunut NUMBERTAG clang NUMBERTAG ASAN report ERRORTAG Buggy code and reason: CODETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-39491",
- "Issue_Url_old": "https://github.com/yogeshojha/rengine/issues/460",
- "Issue_Url_new": "https://github.com/yogeshojha/rengine/issues/460",
- "Repo_new": "yogeshojha/rengine",
- "Issue_Created_At": "2021-08-20T03:48:35Z",
- "description": "FILETAG I have confirmed that this issue can be reproduced as described on a latest version/pull of APITAG yes Technical details Debian NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-40608",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1883",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1883",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-20T05:15:45Z",
- "description": "BUG : free on unknown addrees. It's a pointer free on unknown addrees bug caused by freeing a uninitialized pointer. Step to reproduce NUMBERTAG get latest commit code (GPAC version NUMBERTAG DEV re NUMBERTAG g NUMBERTAG ba NUMBERTAG master NUMBERTAG compile with enable sanitizer NUMBERTAG run ./MP4BOX hint poc_isom_hinter out /dev/null Env: Ubunut NUMBERTAG clang NUMBERTAG ASAN report ERRORTAG Buggy code and reason: in APITAG CODETAG It is supposed to init t NUMBERTAG g in APITAG but in APITAG it might forget that mission. CODETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-41131",
- "Issue_Url_old": "https://github.com/theupdateframework/python-tuf/issues/1527",
- "Issue_Url_new": "https://github.com/theupdateframework/python-tuf/issues/1527",
- "Repo_new": "theupdateframework/python-tuf",
- "Issue_Created_At": "2021-08-20T18:14:23Z",
- "description": "Metadata API: Delegation role names validation. Description of issue or feature request : Delegation role names are not restricted in any way in the spec, but they are targets metadata role names. They could be APITAG , APITAG or APITAG . The problem is that at some point those delegation role names are used when constructing an URL used to download the delegated target metadata file: URLTAG which is likely to be a problem. Current behavior : No validation is used for Delegation role names. Expected behavior : Escape special symbols like APITAG or APITAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.7,
- "impactScore": 5.8,
- "exploitabilityScore": 2.2
- },
- {
- "CVE_ID": "CVE-2021-39599",
- "Issue_Url_old": "https://github.com/cbkhwx/cxuucmsv3/issues/7",
- "Issue_Url_new": "https://github.com/cbkhwx/cxuucmsv3/issues/7",
- "Repo_new": "cbkhwx/cxuucmsv3",
- "Issue_Created_At": "2021-08-21T06:09:44Z",
- "description": "2 xss vulnerability exists in FILETAG file.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-41868",
- "Issue_Url_old": "https://github.com/onionshare/onionshare/issues/1396",
- "Issue_Url_new": "https://github.com/onionshare/onionshare/issues/1396",
- "Repo_new": "onionshare/onionshare",
- "Issue_Created_At": "2021-08-21T11:13:36Z",
- "description": "File uploaded before checking for user's authentication. Version: APITAG cli NUMBERTAG installed via pip3) Start up: onionshare cli receive Observed behavior: Unauthenticated users (not passing the APITAG Basic_ header) are still able to upload files on the remote machine running APITAG NUMBERTAG The problem is probably related to the logic in FILETAG in which files are uploaded and stored remotely before checking for user authentication. This issue is affecting both: POST /upload POST /upload ajax Proof of concept images attached FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-39501",
- "Issue_Url_old": "https://github.com/eyoucms/eyoucms/issues/17",
- "Issue_Url_new": "https://github.com/weng-xianhu/eyoucms/issues/17",
- "Repo_new": "weng-xianhu/eyoucms",
- "Issue_Created_At": "2021-08-21T15:19:24Z",
- "description": "There is Open redirect vulnerability in param \"referurl\" of Logout function. Author: APITAG from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Submit date: PATHTAG Target: FILETAG Version NUMBERTAG FILETAG Description: Logout function accepts a user controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. FILETAG APITAG Requests: CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-39499",
- "Issue_Url_old": "https://github.com/eyoucms/eyoucms/issues/18",
- "Issue_Url_new": "https://github.com/weng-xianhu/eyoucms/issues/18",
- "Repo_new": "weng-xianhu/eyoucms",
- "Issue_Created_At": "2021-08-21T15:53:36Z",
- "description": "Change email address in user's function lead to XSS. I and MENTIONTAG found a XSS vulnerability on a user function called APITAG when we audit your source code. The vulnerability occurs when we input new email with injecting some trick to trigger XSS in title param like: APITAG To trigger this bug, we did following below NUMBERTAG Access url: URLTAG APITAG NUMBERTAG Enter a valid email NUMBERTAG Click to Send ( APITAG in your language) button. And then the XSS is triggered. Solution: To fix this vulnerability, please validate input from user into title param",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-39503",
- "Issue_Url_old": "https://github.com/gaozhifeng/PHPMyWind/issues/15",
- "Issue_Url_new": "https://github.com/gaozhifeng/phpmywind/issues/15",
- "Repo_new": "gaozhifeng/phpmywind",
- "Issue_Created_At": "2021-08-22T08:31:32Z",
- "description": "PHP Code Execution via create new site function in FILETAG . Author: APITAG from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Submit date: PATHTAG Target: FILETAG Condition: Admin user Version NUMBERTAG Description: In APITAG function of FILETAG file call to APITAG function to append content when i create a new site to FILETAG file, becase of filtered input without \"<, >, ?, =, `,....\" the attacker can append ?> to close php syntax and adding new php function In FILETAG file FILETAG FILETAG APITAG function: FILETAG APITAG FILETAG In FILETAG file FILETAG Then back to .php files in /admin/ directory to execute code FILETAG Request CODETAG Response CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.2,
- "impactScore": 5.9,
- "exploitabilityScore": 1.2
- },
- {
- "CVE_ID": "CVE-2021-39602",
- "Issue_Url_old": "https://github.com/Gabe-commiter/Miniftpd/issues/1",
- "Issue_Url_new": "https://github.com/gabe-commiter/miniftpd/issues/1",
- "Repo_new": "gabe-commiter/miniftpd",
- "Issue_Created_At": "2021-08-22T10:26:19Z",
- "description": "Buffer overflows problem. Buffer overflow exists in the APITAG function in the APITAG file. Overwrite rbp when new path name length exceeds NUMBERTAG CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-45890",
- "Issue_Url_old": "https://github.com/AuthGuard/AuthGuard/issues/166",
- "Issue_Url_new": "https://github.com/authguard/authguard/issues/166",
- "Repo_new": "authguard/authguard",
- "Issue_Created_At": "2021-08-23T19:06:49Z",
- "description": "Authentication ignores inactive identifiers.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40606",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1885",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1885",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-24T02:45:45Z",
- "description": "Bug: Memcpy from unknown addrees. It's a memcpy from unknown addrees bug. Step to reproduce NUMBERTAG get latest commit code (GPAC version NUMBERTAG DEV re NUMBERTAG g NUMBERTAG ba NUMBERTAG master NUMBERTAG compile with enable sanitizer NUMBERTAG run ./MP4BOX hint poc_isom_hinter out /dev/null Env: Ubunut NUMBERTAG clang NUMBERTAG ASAN report ERRORTAG Buggy code in bitstream.c: CODETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-41683",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4745",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4745",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-08-24T03:27:50Z",
- "description": "stack overflow in ecma_get_lex_env_type. APITAG revision APITAG Build platform APITAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-41682",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4747",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4747",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-08-24T03:35:55Z",
- "description": "heap use after free in APITAG APITAG revision NUMBERTAG bcd NUMBERTAG f Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40559",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1886",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1886",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-24T07:11:15Z",
- "description": "Segmentation fault casued by null pointer dereference using mp4box in naludmx_parse_nal_avc, APITAG FILETAG (unzip first) Here is the trace reported by gdb NUMBERTAG ac NUMBERTAG in naludmx_parse_nal_avc (ct NUMBERTAG a NUMBERTAG data NUMBERTAG f NUMBERTAG tr NUMBERTAG size NUMBERTAG e, nal_type NUMBERTAG skip_nal NUMBERTAG fffffff4fc4, is_slice NUMBERTAG fffffff4fd0, is_islice NUMBERTAG fffffff4fd4) at PATHTAG NUMBERTAG ad7d3 in naludmx_process (filter NUMBERTAG cbe0) at PATHTAG NUMBERTAG a0 in gf_filter_process_task (task NUMBERTAG eee0) at PATHTAG NUMBERTAG c in gf_fs_thread_proc (sess_thread NUMBERTAG e0) at PATHTAG NUMBERTAG in gf_fs_run (fsess NUMBERTAG at PATHTAG NUMBERTAG ea in gf_media_import (importer NUMBERTAG fffffff5bf0) at PATHTAG NUMBERTAG cdf9 in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG c3 in APITAG (argc NUMBERTAG arg NUMBERTAG fffffffddb8) at PATHTAG NUMBERTAG d6b in main (argc NUMBERTAG arg NUMBERTAG fffffffddb8) at PATHTAG NUMBERTAG caaa NUMBERTAG in generic_start_main NUMBERTAG caaff5 in __libc_start_main NUMBERTAG f NUMBERTAG in _start () ~~~~",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40566",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1887",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1887",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-24T08:04:48Z",
- "description": "Segmentation fault casued by null pointer dereference using mp4box in mpgviddmx_process, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG cf5a9b in memcpy NUMBERTAG a NUMBERTAG a7 in mpgviddmx_process (filter NUMBERTAG cbd0) at PATHTAG NUMBERTAG a0 in gf_filter_process_task (task NUMBERTAG a0e0) at PATHTAG NUMBERTAG c in gf_fs_thread_proc (sess_thread NUMBERTAG b0) at PATHTAG NUMBERTAG in gf_fs_run (fsess NUMBERTAG at PATHTAG NUMBERTAG ea in gf_media_import (importer NUMBERTAG fffffff5c NUMBERTAG at PATHTAG NUMBERTAG cdf9 in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG c3 in APITAG (argc NUMBERTAG arg NUMBERTAG fffffffdde8) at PATHTAG NUMBERTAG d6b in main (argc NUMBERTAG arg NUMBERTAG fffffffdde8) at PATHTAG NUMBERTAG caaa NUMBERTAG in generic_start_main NUMBERTAG caaff5 in __libc_start_main NUMBERTAG f NUMBERTAG in _start () ~~~~ The reason for this bug is that the program does not check the nullity of the pointer before copy memory to it. APITAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40567",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1889",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1889",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-24T11:14:59Z",
- "description": "Segmentation fault using mp4box in gf_odf_size_descriptor, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG a NUMBERTAG e8 in gf_odf_size_descriptor (desc NUMBERTAG e NUMBERTAG a0, APITAG at PATHTAG NUMBERTAG aeaaee in gf_odf_size_dcd (dcd NUMBERTAG fffffff6ae0, APITAG at PATHTAG NUMBERTAG a NUMBERTAG b NUMBERTAG in gf_odf_size_descriptor APITAG APITAG at PATHTAG NUMBERTAG aeade9 in gf_odf_write_dcd (bs NUMBERTAG a NUMBERTAG dcd NUMBERTAG fffffff6ae0) at PATHTAG NUMBERTAG a NUMBERTAG bd in gf_odf_write_descriptor (bs=bs APITAG APITAG at PATHTAG NUMBERTAG af NUMBERTAG in gf_odf_desc_write_bs APITAG bs=bs APITAG at PATHTAG NUMBERTAG af NUMBERTAG b7 in gf_odf_desc_write APITAG APITAG APITAG at PATHTAG NUMBERTAG af NUMBERTAG f6 in gf_odf_desc_copy APITAG APITAG at PATHTAG NUMBERTAG d2a3f in gf_isom_set_extraction_slc APITAG APITAG APITAG APITAG at PATHTAG NUMBERTAG ce NUMBERTAG ff in gf_hinter_finalize (file=file APITAG APITAG out>, APITAG at PATHTAG NUMBERTAG c NUMBERTAG in APITAG (file NUMBERTAG c NUMBERTAG APITAG max_ptime NUMBERTAG rtp_rate NUMBERTAG base_flags=<optimized out>, copy_data=GF_FALSE, interleave=GF_FALSE, regular_iod=GF_FALSE, single_group=GF_FALSE, hint_no_offset=GF_FALSE) at PATHTAG NUMBERTAG bd NUMBERTAG in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40239",
- "Issue_Url_old": "https://github.com/Gabe-commiter/Miniftpd/issues/2",
- "Issue_Url_new": "https://github.com/gabe-commiter/miniftpd/issues/2",
- "Repo_new": "gabe-commiter/miniftpd",
- "Issue_Created_At": "2021-08-24T18:07:12Z",
- "description": "APITAG trigger buffer overflow on APITAG function. Hi MENTIONTAG I found a issue, that can trigger buffer overflow on your application. The issue exists on APITAG function (from line NUMBERTAG to NUMBERTAG on ftpproto.c At glance, we can see you defined APITAG , it's not problem, however, when you use APITAG on line NUMBERTAG and NUMBERTAG they trigger bufferoverflow. ERRORTAG ERRORTAG Solution : Please use APITAG to limit maximum input characters. See: URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40188",
- "Issue_Url_old": "https://github.com/PHPFusion/PHPFusion/issues/2372",
- "Issue_Url_new": "https://github.com/phpfusion/phpfusion/issues/2372",
- "Repo_new": "phpfusion/phpfusion",
- "Issue_Created_At": "2021-08-24T22:29:42Z",
- "description": "File Manager does not filter php extension lead to Upload malicious files. By APITAG From In NUMBERTAG cta team, HPT Cyber Security Center Describe the bug File Manager function in admin panel does not filter all of php extensions like FILETAG , .php7, .phtml, .php5, ...\", The attacker can upload malicious file and execute code in server Version APITAG version: APITAG NUMBERTAG To Reproduce Steps to reproduce the behavior NUMBERTAG Go to administrator panel and click on APITAG function NUMBERTAG Click on Upload file button, then choose .php file NUMBERTAG The path of file will return in response NUMBERTAG Finally, access and execute code on server Screenshots FILETAG Request and response of function FILETAG Execute code on server: FILETAG Additional context Although APITAG have NUMBERTAG step verification for administrator panel, but if cookie of admin users were stolen, the attacker can POST request upload file with that cookie and execute code on server REQUEST: ERRORTAG RESPONSE: CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.2,
- "impactScore": 5.9,
- "exploitabilityScore": 1.2
- },
- {
- "CVE_ID": "CVE-2021-40943",
- "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/643",
- "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/643",
- "Repo_new": "axiomatic-systems/bento4",
- "Issue_Created_At": "2021-08-25T02:00:03Z",
- "description": "Null pointer reference in APITAG How to reproduce: CODETAG You can see the asan information below: ERRORTAG FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40941",
- "Issue_Url_old": "https://github.com/axiomatic-systems/Bento4/issues/644",
- "Issue_Url_new": "https://github.com/axiomatic-systems/bento4/issues/644",
- "Repo_new": "axiomatic-systems/bento4",
- "Issue_Created_At": "2021-08-25T02:03:31Z",
- "description": "allocator is out of memory in APITAG How to reproduce: CODETAG You can see the asan information below: ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40541",
- "Issue_Url_old": "https://github.com/PHPFusion/PHPFusion/issues/2373",
- "Issue_Url_new": "https://github.com/phpfusion/phpfusion/issues/2373",
- "Repo_new": "phpfusion/phpfusion",
- "Issue_Created_At": "2021-08-25T03:33:12Z",
- "description": "Cross site Scripting bypass in APITAG function. APITAG From In NUMBERTAG cta Team, HPT Cyber Security Center Describe the bug preg patterns filter html tag without \"//\" in APITAG function, the authenticated user can trigger xss by append \"//\" in the end of text Version APITAG version: APITAG NUMBERTAG To Reproduce Steps to reproduce the behavior NUMBERTAG Go to any post textarea function NUMBERTAG Add \"<svg onload=alert NUMBERTAG in textarea form and submit NUMBERTAG When authenticated user or admin use preview html function the malicious script will be executed, even the attacker can store malicious script when admin publish submission Screenshots preg pattern filter html tag without \"//\" in the end of html FILETAG User preview and submit submission FILETAG Admin preview submission of user FILETAG Admin publish submission and the attacker can store malicious script FILETAG Additional context REQUEST: CODETAG RESPONSE: CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40569",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1890",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1890",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-25T05:36:34Z",
- "description": "Segmentation fault caused by double free using mp4box in gf_free, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG f NUMBERTAG acf in free NUMBERTAG de4d in gf_free (ptr=<optimized out>) at PATHTAG NUMBERTAG f3d5d in iloc_entry_del (location NUMBERTAG dd NUMBERTAG at PATHTAG NUMBERTAG iloc_box_del (s NUMBERTAG f NUMBERTAG at PATHTAG NUMBERTAG fa NUMBERTAG f in gf_isom_box_del (a NUMBERTAG f NUMBERTAG at PATHTAG NUMBERTAG b5c in gf_isom_box_parse_ex APITAG bs=bs APITAG APITAG parent_type NUMBERTAG at PATHTAG NUMBERTAG cf2 in gf_isom_parse_root_box APITAG bs NUMBERTAG c NUMBERTAG box_type=box_type APITAG APITAG APITAG at PATHTAG NUMBERTAG f in APITAG (mov=mov APITAG APITAG APITAG APITAG at PATHTAG NUMBERTAG e NUMBERTAG in gf_isom_parse_movie_boxes (progressive_mode=GF_FALSE, APITAG APITAG mo NUMBERTAG c NUMBERTAG at PATHTAG NUMBERTAG gf_isom_open_file APITAG \"tmp\", APITAG out>, tmp_dir NUMBERTAG at PATHTAG NUMBERTAG a NUMBERTAG in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~ It seems that the pointer has been free previously in configfile.c ~~~~ APITAG ~~~~",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40573",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1891",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1891",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-25T06:44:03Z",
- "description": "System abort caused by double free using mp4box. FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG f NUMBERTAG acf in free NUMBERTAG de4d in gf_free (ptr=<optimized out>) at PATHTAG NUMBERTAG f3d5d in iloc_entry_del (location NUMBERTAG dd NUMBERTAG at PATHTAG NUMBERTAG iloc_box_del (s NUMBERTAG f NUMBERTAG at PATHTAG NUMBERTAG fa NUMBERTAG f in gf_isom_box_del (a NUMBERTAG f NUMBERTAG at PATHTAG NUMBERTAG b5c in gf_isom_box_parse_ex APITAG bs=bs APITAG APITAG parent_type NUMBERTAG at PATHTAG NUMBERTAG cf2 in gf_isom_parse_root_box APITAG bs NUMBERTAG c NUMBERTAG box_type=box_type APITAG APITAG APITAG at PATHTAG NUMBERTAG f in APITAG (mov=mov APITAG APITAG APITAG APITAG at PATHTAG NUMBERTAG e NUMBERTAG in gf_isom_parse_movie_boxes (progressive_mode=GF_FALSE, APITAG APITAG mo NUMBERTAG c NUMBERTAG at PATHTAG NUMBERTAG gf_isom_open_file APITAG \"tmp\", APITAG out>, tmp_dir NUMBERTAG at PATHTAG NUMBERTAG a NUMBERTAG in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40563",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1892",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1892",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-25T07:12:15Z",
- "description": "Segmentation fault casued by null pointer dereference using mp4box in APITAG APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG in APITAG (ctx=ctx APITAG dsi=dsi APITAG APITAG APITAG APITAG APITAG max_height NUMBERTAG fffffff4d NUMBERTAG max_enh_width NUMBERTAG fffffff4d NUMBERTAG APITAG sar NUMBERTAG fffffff4d NUMBERTAG at PATHTAG NUMBERTAG ab in naludmx_check_pid APITAG ctx=ctx APITAG at PATHTAG NUMBERTAG in naludmx_process (filter NUMBERTAG a0bd0) at PATHTAG NUMBERTAG fe4c NUMBERTAG in gf_filter_process_task (task NUMBERTAG ed0) at PATHTAG NUMBERTAG f7b NUMBERTAG in gf_fs_thread_proc APITAG at PATHTAG NUMBERTAG f NUMBERTAG in gf_fs_run (fsess=fsess APITAG at PATHTAG NUMBERTAG c NUMBERTAG b4b in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~ The reason for this bug is that the program does not check the nullity of the pointer. APITAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40572",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1893",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1893",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-25T07:18:42Z",
- "description": "Segmentation fault caused by double free using mp4box in a NUMBERTAG dmx_finalize, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGABRT gef\u27a4 bt NUMBERTAG f NUMBERTAG d NUMBERTAG in raise NUMBERTAG f NUMBERTAG f3a in abort NUMBERTAG f NUMBERTAG ed6 in __libc_message NUMBERTAG f2da NUMBERTAG in _int_free NUMBERTAG f NUMBERTAG af7 in free NUMBERTAG de4d in gf_free (ptr=<optimized out>) at PATHTAG NUMBERTAG e3d4d in a NUMBERTAG dmx_finalize (filter=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG c in gf_fs_del (fsess=fsess APITAG at PATHTAG NUMBERTAG c1a NUMBERTAG a in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2020-36517",
- "Issue_Url_old": "https://github.com/home-assistant/plugin-dns/issues/54",
- "Issue_Url_new": "https://github.com/home-assistant/plugin-dns/issues/54",
- "Repo_new": "home-assistant/plugin-dns",
- "Issue_Created_At": "2021-08-25T19:14:14Z",
- "description": ".local named devices (i.e. ESPHOME devices) only resolve for a few minutes after booting HA. APITAG devices show up being APITAG only a few minutes after booting the system. After that, they turn to APITAG although they are still online. mDNS resolving seems to breakdown within a few minutes after rebooting the OS. Running Home Assistant Operating System, which is, according to the site, the recommended installation method.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40609",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1894",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1894",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-26T04:44:12Z",
- "description": "heap buffer overflow in MP4BOX at souce file PATHTAG FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40571",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1895",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1895",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-26T09:51:24Z",
- "description": "Segmentation fault using mp4box in ilst_box_read, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG in ilst_box_read (s NUMBERTAG f NUMBERTAG bs NUMBERTAG c NUMBERTAG at PATHTAG NUMBERTAG ff1fa in gf_isom_box_read (bs NUMBERTAG c NUMBERTAG a NUMBERTAG f NUMBERTAG at PATHTAG NUMBERTAG gf_isom_box_parse_ex APITAG bs=bs APITAG APITAG parent_type NUMBERTAG at PATHTAG NUMBERTAG cf2 in gf_isom_parse_root_box APITAG bs NUMBERTAG c NUMBERTAG box_type=box_type APITAG APITAG APITAG at PATHTAG NUMBERTAG f in APITAG (mov=mov APITAG APITAG APITAG APITAG at PATHTAG NUMBERTAG e NUMBERTAG in gf_isom_parse_movie_boxes (progressive_mode=GF_FALSE, APITAG APITAG mo NUMBERTAG c NUMBERTAG at PATHTAG NUMBERTAG gf_isom_open_file APITAG \"tmp\", APITAG out>, tmp_dir NUMBERTAG at PATHTAG NUMBERTAG a NUMBERTAG in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40574",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1897",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1897",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-26T11:19:33Z",
- "description": "System abort APITAG dumped) caused by buffer overflow using APITAG in gf_text_get_utf8_line. FILETAG (unzip first) This is the output of the program: ~~~~ stack smashing detected : APITAG terminated Aborted (core dumped) ~~~~ Here is the trace reported by gdb (the stack is smashed): ~~~~ Stopped reason: SIGABRT gef\u27a4 bt NUMBERTAG f NUMBERTAG d NUMBERTAG in raise NUMBERTAG f NUMBERTAG f3a in abort NUMBERTAG f NUMBERTAG ed6 in __libc_message NUMBERTAG f NUMBERTAG a NUMBERTAG in __fortify_fail NUMBERTAG f NUMBERTAG a3e in __stack_chk_fail NUMBERTAG f3ad in gf_text_get_utf8_line APITAG out>, APITAG out>, txt_in=<optimized out>, unicode_type NUMBERTAG at PATHTAG NUMBERTAG c NUMBERTAG c3a5c NUMBERTAG e in NUMBERTAG bcc NUMBERTAG fc NUMBERTAG in NUMBERTAG e NUMBERTAG c3aac3 in NUMBERTAG ec3a0c3a7c NUMBERTAG e in NUMBERTAG bdcd NUMBERTAG a5c3 in NUMBERTAG ac NUMBERTAG e in gf_isom_load_extra_boxes (movie NUMBERTAG c NUMBERTAG f NUMBERTAG c NUMBERTAG aacc2, moov_boxes=<optimized out>, moov_boxes_size=<optimized out>, udta_only=(unknown NUMBERTAG at PATHTAG NUMBERTAG in ?? () ~~~~",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40564",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1898",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1898",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-26T11:34:51Z",
- "description": "Segmentation fault caused by null pointer dereference using mp4box in avc_parse_slice, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG bcd NUMBERTAG d in avc_parse_slice (svc_idr_flag=GF_FALSE, si NUMBERTAG fffffff NUMBERTAG avc NUMBERTAG ae NUMBERTAG bs NUMBERTAG df NUMBERTAG at PATHTAG NUMBERTAG gf_avc_parse_nalu (bs NUMBERTAG df NUMBERTAG avc NUMBERTAG ae NUMBERTAG at PATHTAG NUMBERTAG d in naludmx_parse_nal_avc (is_islice=<synthetic pointer>, is_slice=<synthetic pointer>, skip_nal=<synthetic pointer>, nal_type NUMBERTAG size NUMBERTAG f, data NUMBERTAG e5b NUMBERTAG ct NUMBERTAG ada NUMBERTAG at PATHTAG NUMBERTAG naludmx_process (filter NUMBERTAG a0bd0) at PATHTAG NUMBERTAG fe4c NUMBERTAG in gf_filter_process_task (task NUMBERTAG d NUMBERTAG at PATHTAG NUMBERTAG f7b NUMBERTAG in gf_fs_thread_proc APITAG at PATHTAG NUMBERTAG f NUMBERTAG in gf_fs_run (fsess=fsess APITAG at PATHTAG NUMBERTAG c NUMBERTAG b4b in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~ The reason for this bug is that the program does not check the nullity of the pointer. APITAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-41571",
- "Issue_Url_old": "https://github.com/apache/pulsar/issues/11814",
- "Issue_Url_new": "https://github.com/apache/pulsar/issues/11814",
- "Repo_new": "apache/pulsar",
- "Issue_Created_At": "2021-08-27T07:58:36Z",
- "description": "FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40570",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1899",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1899",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-27T09:02:37Z",
- "description": "Segmentation fault caused by buffer overflow using mp4box in avc_compute_poc, APITAG FILETAG (unzip first) Program output: ~~~~ APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! [avc h NUMBERTAG offset_for_ref_frame overflow from poc_cycle_length [AVC|H NUMBERTAG Warning: Error parsing NAL unit [AVC|H NUMBERTAG Error parsing Sequence Param Set APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! Segmentation fault (core dumped) ~~~~ Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG b NUMBERTAG f NUMBERTAG in avc_compute_poc (si=si APITAG at PATHTAG NUMBERTAG bce NUMBERTAG in gf_avc_parse_nalu (bs=<optimized out>, avc NUMBERTAG ae NUMBERTAG at PATHTAG NUMBERTAG d in naludmx_parse_nal_avc (is_islice=<synthetic pointer>, is_slice=<synthetic pointer>, skip_nal=<synthetic pointer>, nal_type NUMBERTAG size NUMBERTAG f, data NUMBERTAG dfba PATHTAG <incomplete sequence NUMBERTAG ct NUMBERTAG ada NUMBERTAG at PATHTAG NUMBERTAG naludmx_process (filter NUMBERTAG a0bd0) at PATHTAG NUMBERTAG fe4c NUMBERTAG in gf_filter_process_task (task NUMBERTAG ed0) at PATHTAG NUMBERTAG f7b NUMBERTAG in gf_fs_thread_proc APITAG at PATHTAG NUMBERTAG f NUMBERTAG in gf_fs_run (fsess=fsess APITAG at PATHTAG NUMBERTAG c NUMBERTAG b4b in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~ The reason for this bug is that the program does not check whether the length of a buffer fit its actual size. APITAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40568",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1900",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1900",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-27T09:14:32Z",
- "description": "Segmentation fault caused by buffer overflow using mp4box in svc_parse_slice, APITAG FILETAG (unzip first) Program output: ~~~~ APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! [AVC|H NUMBERTAG Warning: Error parsing NAL unit [AVC|H NUMBERTAG Error parsing Sequence Param Set [AVC|H NUMBERTAG Warning: Error parsing NAL unit [AVC|H NUMBERTAG Error parsing Sequence Param Set APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! [AVC|H NUMBERTAG Warning: Error parsing NAL unit Segmentation fault (core dumped) ~~~~ Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG bccc NUMBERTAG in svc_parse_slice (si NUMBERTAG fffffff NUMBERTAG avc NUMBERTAG ae NUMBERTAG bs NUMBERTAG de0) at PATHTAG NUMBERTAG gf_avc_parse_nalu (bs NUMBERTAG de0, avc NUMBERTAG ae NUMBERTAG at PATHTAG NUMBERTAG d in naludmx_parse_nal_avc (is_islice=<synthetic pointer>, is_slice=<synthetic pointer>, skip_nal=<synthetic pointer>, nal_type NUMBERTAG size NUMBERTAG c, data NUMBERTAG b NUMBERTAG a1 \"trak\", ct NUMBERTAG ada NUMBERTAG at PATHTAG NUMBERTAG naludmx_process (filter NUMBERTAG a0bd0) at PATHTAG NUMBERTAG fe4c NUMBERTAG in gf_filter_process_task (task NUMBERTAG e NUMBERTAG at PATHTAG NUMBERTAG f7b NUMBERTAG in gf_fs_thread_proc APITAG at PATHTAG NUMBERTAG f NUMBERTAG in gf_fs_run (fsess=fsess APITAG at PATHTAG NUMBERTAG c NUMBERTAG b4b in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40292",
- "Issue_Url_old": "https://github.com/zyx0814/dzzoffice/issues/195",
- "Issue_Url_new": "https://github.com/zyx0814/dzzoffice/issues/195",
- "Repo_new": "zyx0814/dzzoffice",
- "Issue_Created_At": "2021-08-28T04:05:10Z",
- "description": "Lacking of sanitizer of input data lead to Stored XSS. Author: APITAG from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Email: EMAILTAG Submit date: PATHTAG Target: FILETAG Version NUMBERTAG FILETAG Description: Because of lacking of sanitizer of input data, attacker can injection malicious code into settingnew param to trigger Stored XSS. The vulnerability can affected APITAG and APITAG in template FILETAG FILETAG XSS NUMBERTAG Steps to reproduce the behavior NUMBERTAG Go to Setting settings > Login settings NUMBERTAG Update Registration link name to APITAG NUMBERTAG Click Save changes Request CODETAG Response ERRORTAG APITAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-40191",
- "Issue_Url_old": "https://github.com/zyx0814/dzzoffice/issues/196",
- "Issue_Url_new": "https://github.com/zyx0814/dzzoffice/issues/196",
- "Repo_new": "zyx0814/dzzoffice",
- "Issue_Created_At": "2021-08-28T04:19:09Z",
- "description": "Lacking of sanitizer APITAG lead to Cross site Scripting in Upload function. Author: APITAG from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Email: EMAILTAG Submit date: PATHTAG Target: FILETAG Version NUMBERTAG FILETAG Description: Because of lacking of sanitizer of input data at all of upload functions in APITAG and return wrong response content type of output data in APITAG , The Authenticated user (not an admin) can injection malicious code into APITAG and craft a specific html file, then user click on that file the script will be executed. To Reproduce Steps to reproduce the behavior NUMBERTAG Go to any textarea form and use upload function NUMBERTAG Inject malicious script into APITAG like <img src=x onerror=alert NUMBERTAG Craft an specific html file to send request to server in webclient, when user click on that file malicious script will be executed Request ERRORTAG IMAGE FILETAG FILETAG FILETAG FILETAG Response ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-43453",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4754",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4754",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-08-28T22:00:46Z",
- "description": "Heap overflow on an ill formed JS program. APITAG revision APITAG Build platform ERRORTAG Build steps APITAG Test case There are two test cases, where APITAG can trigger a direct crash of the clean built jerry and APITAG can trigger a heap overflow of the ASAN enabled built jerry. This bug is found by a naive fuzzer. And I use APITAG to reduce the test cases. I sincerely apologize for making them struggling. + FILETAG ERRORTAG + FILETAG ERRORTAG Execution steps APITAG ERRORTAG Output See above. Backtrace See above. Expected behavior Not to crash",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40313",
- "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1469",
- "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1469",
- "Repo_new": "piwigo/piwigo",
- "Issue_Created_At": "2021-08-29T05:50:52Z",
- "description": "FILETAG then i got APITAG The point of vulnerability is in APITAG parameter selection is not filtered FILETAG Unfiltered parametersselection is spliced FILETAG The next step is to capture packets using APITAG by simply constructing parameters APITAG Remember to replace the value of the token above FILETAG Save parameters to file\uff0cthen just use sqlmap to exploit python sqlmap.py r NUMBERTAG current db FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40317",
- "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1470",
- "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1470",
- "Repo_new": "piwigo/piwigo",
- "Issue_Created_At": "2021-08-29T13:49:36Z",
- "description": "FILETAG Then we can see: FILETAG Select default, use Burpsuite during clicking APPLY. FILETAG Then in sqlmap: python sqlmap.py r FILETAG o APITAG FILETAG See APITAG FILETAG Here there seems to be no confirmation of the legitimacy of the parameter $_POST FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40562",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1901",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1901",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-29T14:05:34Z",
- "description": "Segmentation fault caused by floating point exception using mp4box in naludmx_enqueue_or_dispatch, APITAG FILETAG (unzip first) Program output: ~~~~ [AVC|H NUMBERTAG Possible Variable Frame Rate: VUI \"fixed_frame_rate_flag\" absent [AVC|H NUMBERTAG Warning: Error parsing NAL unit [AVC|H NUMBERTAG Error parsing Sequence Param Set APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! [AVC|H NUMBERTAG Possible Variable Frame Rate: VUI \"fixed_frame_rate_flag\" absent [AVC|H NUMBERTAG Possible Variable Frame Rate: VUI \"fixed_frame_rate_flag\" absent [AVC|H NUMBERTAG Possible Variable Frame Rate: VUI \"fixed_frame_rate_flag\" absent [AVC|H NUMBERTAG Possible Variable Frame Rate: VUI \"fixed_frame_rate_flag\" absent [AVC|H NUMBERTAG Possible Variable Frame Rate: VUI \"fixed_frame_rate_flag\" absent Floating point exception (core dumped) ~~~~ Here is the trace reported by gdb: ~~~~ Stopped reason: SIGFPE gef\u27a4 bt NUMBERTAG ee NUMBERTAG in naludmx_enqueue_or_dispatch (ct NUMBERTAG ada NUMBERTAG n_pck NUMBERTAG flush_ref=<optimized out>) at PATHTAG NUMBERTAG e NUMBERTAG in naludmx_process APITAG at PATHTAG NUMBERTAG f4a in naludmx_process (filter NUMBERTAG a0bd0) at PATHTAG NUMBERTAG fe4c NUMBERTAG in gf_filter_process_task (task NUMBERTAG ed0) at PATHTAG NUMBERTAG f7b NUMBERTAG in gf_fs_thread_proc APITAG at PATHTAG NUMBERTAG f NUMBERTAG in gf_fs_run (fsess=fsess APITAG at PATHTAG NUMBERTAG c NUMBERTAG b4b in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40565",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1902",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1902",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-29T14:14:22Z",
- "description": "Segmentation fault caused by null pointer dereference using mp4box in gf_avc_parse_nalu, APITAG FILETAG (unzip first) Program output: ~~~~ APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG exp golomb read failed, not enough bits in bitstream ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! APITAG corrupted exp golomb code NUMBERTAG leading zeros, ma NUMBERTAG allowed ! Segmentation fault (core dumped) ~~~~ Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG bd NUMBERTAG in gf_avc_parse_nalu (bs=<optimized out>, avc NUMBERTAG ae NUMBERTAG at PATHTAG NUMBERTAG d in naludmx_parse_nal_avc (is_islice=<synthetic pointer>, is_slice=<synthetic pointer>, skip_nal=<synthetic pointer>, nal_type NUMBERTAG size NUMBERTAG b, data NUMBERTAG e NUMBERTAG ct NUMBERTAG ada NUMBERTAG at PATHTAG NUMBERTAG naludmx_process (filter NUMBERTAG a0bd0) at PATHTAG NUMBERTAG fe4c NUMBERTAG in gf_filter_process_task (task NUMBERTAG d NUMBERTAG at PATHTAG NUMBERTAG f7b NUMBERTAG in gf_fs_thread_proc APITAG at PATHTAG NUMBERTAG f NUMBERTAG in gf_fs_run (fsess=fsess APITAG at PATHTAG NUMBERTAG c NUMBERTAG b4b in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG bb6 in generic_start_main NUMBERTAG f NUMBERTAG a5 in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44124",
- "Issue_Url_old": "https://github.com/vext01/hiby-issues/issues/9",
- "Issue_Url_new": "https://github.com/vext01/hiby-issues/issues/9",
- "Repo_new": "vext01/hiby-issues",
- "Issue_Created_At": "2021-08-29T17:42:19Z",
- "description": "Path traversal vulnerability in web server.. The web server used to upload music on Hiby OS devices doesn't protect against path traversal using APITAG . The vulnerability has already been publicly disclosed here: URLTAG This is still present in the latest NUMBERTAG firmware for the R3 Pro.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40660",
- "Issue_Url_old": "https://github.com/javadelight/delight-nashorn-sandbox/issues/117",
- "Issue_Url_new": "https://github.com/javadelight/delight-nashorn-sandbox/issues/117",
- "Repo_new": "javadelight/delight-nashorn-sandbox",
- "Issue_Created_At": "2021-08-30T01:48:26Z",
- "description": "A APITAG vulnerability can be exploited after version NUMBERTAG There is a weak expression can be exploited to launch a DOS attack. FILETAG Execution stack is as follow: FILETAG POC: FILETAG Run result: FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40576",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1904",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1904",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-08-31T12:13:57Z",
- "description": "Segmentation fault caused by null pointer dereference using mp4box in gf_isom_get_payt_count, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG ab4f NUMBERTAG in gf_isom_get_payt_count APITAG APITAG at PATHTAG NUMBERTAG in APITAG (file=file APITAG APITAG APITAG APITAG APITAG APITAG at PATHTAG NUMBERTAG d NUMBERTAG in APITAG (file NUMBERTAG c NUMBERTAG full_dump=GF_FALSE) at PATHTAG NUMBERTAG in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG in generic_start_main NUMBERTAG f NUMBERTAG f NUMBERTAG in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-32838",
- "Issue_Url_old": "https://github.com/python-restx/flask-restx/issues/372",
- "Issue_Url_new": "https://github.com/python-restx/flask-restx/issues/372",
- "Repo_new": "python-restx/flask-restx",
- "Issue_Created_At": "2021-08-31T17:26:29Z",
- "description": "GHSL NUMBERTAG Hello, The FILETAG has found a potential vulnerability in your project. Please create a Security Advisory URLTAG and invite me in to further disclose and discuss the vulnerability details and potential fix. Alternatively, please add a Security Policy URLTAG containing a security email address to send the details to. If you prefer to contact us by email, please reach out to EMAILTAG with reference to GHSL NUMBERTAG Thank you, Kevin Backhouse APITAG Security Lab",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40575",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1905",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1905",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-09-01T06:02:21Z",
- "description": "Segmentation fault casued by null pointer dereference using mp4box in mpgviddmx_process, APITAG FILETAG (unzip first) Here is the trace reported by gdb: ~~~~ Stopped reason: SIGSEGV gef\u27a4 bt NUMBERTAG a NUMBERTAG in memcpy (__len NUMBERTAG ffffffffffffffff, __src NUMBERTAG ada NUMBERTAG dest NUMBERTAG a NUMBERTAG at PATHTAG NUMBERTAG mpgviddmx_process (filter NUMBERTAG a0bd0) at PATHTAG NUMBERTAG fe3e NUMBERTAG in gf_filter_process_task (task NUMBERTAG f NUMBERTAG at PATHTAG NUMBERTAG f7ab NUMBERTAG in gf_fs_thread_proc APITAG at PATHTAG NUMBERTAG f NUMBERTAG b8 in gf_fs_run (fsess=fsess APITAG at PATHTAG NUMBERTAG c NUMBERTAG c8b in gf_media_import APITAG at PATHTAG NUMBERTAG in convert_file_info APITAG \"tmp\", APITAG at PATHTAG NUMBERTAG aaa in APITAG (argc=<optimized out>, argv=<optimized out>) at PATHTAG NUMBERTAG f NUMBERTAG in generic_start_main NUMBERTAG f NUMBERTAG f NUMBERTAG in __libc_start_main NUMBERTAG c4e9 in _start () ~~~~ Here is the trace reported by ASAN NUMBERTAG ERROR: APITAG negative size param: (size NUMBERTAG fdaf NUMBERTAG ff NUMBERTAG PATHTAG NUMBERTAG fdaf NUMBERTAG f1c in memcpy PATHTAG NUMBERTAG fdaf NUMBERTAG f1c in mpgviddmx_process PATHTAG NUMBERTAG fdaf NUMBERTAG efa0 in gf_filter_process_task PATHTAG NUMBERTAG fdaf NUMBERTAG f0e2 in gf_fs_thread_proc PATHTAG NUMBERTAG fdaf NUMBERTAG fb0 in gf_fs_run PATHTAG NUMBERTAG fdaf1ff NUMBERTAG f5 in gf_media_import PATHTAG NUMBERTAG ce NUMBERTAG c NUMBERTAG f in convert_file_info PATHTAG NUMBERTAG ce NUMBERTAG c NUMBERTAG in APITAG PATHTAG NUMBERTAG fdaef9a6bf6 in __libc_start_main ( PATHTAG NUMBERTAG ce NUMBERTAG be NUMBERTAG f9 in _start ( PATHTAG NUMBERTAG is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG fdaf NUMBERTAG b NUMBERTAG in __interceptor_malloc ( PATHTAG NUMBERTAG fdaf NUMBERTAG a NUMBERTAG in filein_initialize PATHTAG NUMBERTAG fdaf NUMBERTAG b0f0 in gf_filter_new_finalize PATHTAG NUMBERTAG fdaf NUMBERTAG f NUMBERTAG in gf_filter_new PATHTAG NUMBERTAG fdaf NUMBERTAG in APITAG PATHTAG NUMBERTAG fdaf NUMBERTAG a NUMBERTAG in gf_fs_load_source PATHTAG NUMBERTAG fdaf1ff NUMBERTAG a6 in gf_media_import PATHTAG NUMBERTAG ce NUMBERTAG c NUMBERTAG f in convert_file_info PATHTAG NUMBERTAG ce NUMBERTAG c NUMBERTAG in APITAG PATHTAG NUMBERTAG fdaef9a6bf6 in __libc_start_main ( PATHTAG ) SUMMARY: APITAG negative size param ( PATHTAG NUMBERTAG ABORTING ~~~~",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40944",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1906",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1906",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-09-01T07:25:03Z",
- "description": "Null pointer reference in GPAC at PATHTAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! [x] I looked for a similar issue and couldn't find any. [x] I tried with the latest version of GPAC. Installers available at URLTAG [x] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...) Step to reproduce: CODETAG Im not sure if it's a correct usage of \"nhmlr filter\" , or by which way could i parse nhml file? Env: Ubunut NUMBERTAG clang NUMBERTAG ASAN report ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40610",
- "Issue_Url_old": "https://github.com/blackQvQ/emlog/issues/1",
- "Issue_Url_new": "https://github.com/blackqvq/emlog/issues/1",
- "Repo_new": "blackqvq/emlog",
- "Issue_Created_At": "2021-09-01T07:31:56Z",
- "description": "emlog pro NUMBERTAG management XSS Vulnerability. \u5728\u540e\u53f0\u7ba1\u7406\u7684\u5199\u6587\u7ae0\u6709\u4e24\u4e2a\u53ef\u5199\u5165xss \u6587\u7ae0\u6807\u9898 FILETAG \u9700\u8981\u8bc4\u8bba\u89e6\u53d1 FILETAG FILETAG \u8fd8\u6709\u4e00\u4e2a\u5728\u524d\u53f0\u89e6\u53d1 FILETAG FILETAG \u8fd8\u6709\u7cfb\u7edf\u8bbe\u7f6e\u7684\u9996\u9875\u4f4e\u90e8\u4fe1\u606f FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-40616",
- "Issue_Url_old": "https://github.com/thinkcmf/thinkcmf/issues/722",
- "Issue_Url_new": "https://github.com/thinkcmf/thinkcmf/issues/722",
- "Repo_new": "thinkcmf/thinkcmf",
- "Issue_Created_At": "2021-09-01T09:17:18Z",
- "description": "thinkcmf NUMBERTAG unauthorized vulnerability. thinkcmf NUMBERTAG found an unauthorized vulnerability. The attacker can modify the password of the administrator account with id NUMBERTAG through the background user management group permissions. The use condition is that the background user management group authority is required. By default, the password of the administrator account with id NUMBERTAG cannot be modified. Vulnerable PATHTAG FILETAG Browser access PATHTAG the password of the administrator account with id NUMBERTAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40542",
- "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/189",
- "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/189",
- "Repo_new": "os4ed/opensis-classic",
- "Issue_Created_At": "2021-09-01T09:41:11Z",
- "description": "Unauthenticated Reflect Cross site Scripting in FILETAG file. Author: APITAG from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Email: EMAILTAG Submit date: PATHTAG Target: FILETAG Version NUMBERTAG FILETAG Description: Because of lacking of sanitizer of input data at APITAG in APITAG file, The Unauthenticated user can inject and execute javascript code on APITAG parameter FILETAG Testing on local site: FILETAG Testing on demo site: FILETAG To Reproduce XSS NUMBERTAG Steps to reproduce the behavior NUMBERTAG Acess APITAG file NUMBERTAG Add APITAG behind APITAG file NUMBERTAG The backend will echo and execute malicious script Request ERRORTAG Response ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40543",
- "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/191",
- "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/191",
- "Repo_new": "os4ed/opensis-classic",
- "Issue_Created_At": "2021-09-01T10:55:25Z",
- "description": "Unauthenticated SQL Injection in FILETAG file. Author: APITAG from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Email: EMAILTAG Submit date: PATHTAG Target: FILETAG Version NUMBERTAG FILETAG Description: Because of lacking of sanitizer of input data at two parameters APITAG and APITAG in APITAG file, The Unauthenticated user can inject sql code and get all informations in database FILETAG Use sqlmap tool dump users of database FILETAG To Reproduce SQL INJECTION Steps to reproduce the behavior NUMBERTAG Acess APITAG file NUMBERTAG Add APITAG behind APITAG file Request CODETAG Response CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2022-27044",
- "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/156",
- "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/156",
- "Repo_new": "saitoha/libsixel",
- "Issue_Created_At": "2021-09-01T11:17:40Z",
- "description": "heap buffer overflow in PATHTAG Hi,I found a heap buffer overflow in the current master NUMBERTAG a5be8b URLTAG I build APITAG with ASAN ,this is ASAN report. OS: Ubuntu NUMBERTAG LTS NUMBERTAG Kernel NUMBERTAG generic POC: FILETAG ERRORTAG It happens in: URLTAG when NUMBERTAG y NUMBERTAG width NUMBERTAG then gdb info: FILETAG In this position,[r NUMBERTAG rc NUMBERTAG will be APITAG => APITAG So,writing to data will cause overflow and then it writes to a location (chunk) in the heap that should not be written to. heap info: Before: CODETAG After: CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40617",
- "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/192",
- "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/192",
- "Repo_new": "os4ed/opensis-classic",
- "Issue_Created_At": "2021-09-01T12:17:31Z",
- "description": "SQL Injection in APITAG . Hi MENTIONTAG , I found a sql injection vulnerability in APITAG function. I can inject special character in URL to escape SQL query in backend because of lacking of sanitize user input. APITAG APITAG Bug: ERRORTAG In line NUMBERTAG the code does not sanitize param u , in order that, I can escape the SQL query easily. Solution: Use function APITAG before assign APITAG to username param. The code look like: APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40618",
- "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/193",
- "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/193",
- "Repo_new": "os4ed/opensis-classic",
- "Issue_Created_At": "2021-09-01T12:48:52Z",
- "description": "SQL Injection in file FILETAG . Author: APITAG from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Email: EMAILTAG Submit date: PATHTAG Target: FILETAG Version NUMBERTAG FILETAG Description: Because of lacking of sanitizer of input data, attacker can injection malicious sql into query by control parameters such as APITAG , APITAG or APITAG , APITAG in file APITAG . Request ERRORTAG Response CODETAG APITAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40635",
- "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/195",
- "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/195",
- "Repo_new": "os4ed/opensis-classic",
- "Issue_Created_At": "2021-09-01T15:52:40Z",
- "description": "SQL Injection in id Parameter. Author: CP0 ERRORTAG NUMBERTAG K from NUMBERTAG n NUMBERTAG cta team, HPT APITAG Center Email: EMAILTAG Submit date: PATHTAG Target: FILETAG Version NUMBERTAG FILETAG Due to no security mechanism was implemented in parameter id , attacker can inject arbitrary SQL query and extract database informations FILETAG Vulnerable code section FILETAG FILETAG FILETAG FILETAG Request and Response APITAG GET APITAG + &table_name=courses HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG Ubuntu; Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: / Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate X Requested With: APITAG Connection: close Referer: URLTAG Cookie: APITAG APITAG APITAG HTTP NUMBERTAG OK Date: Wed NUMBERTAG Sep NUMBERTAG GMT Server: Apache NUMBERTAG APITAG X Powered By: PHP NUMBERTAG ubuntu NUMBERTAG Expires: Thu NUMBERTAG No NUMBERTAG GMT Cache Control: no store, no cache, must revalidate, post check NUMBERTAG pre check NUMBERTAG Pragma: no cache Vary: Accept Encoding Content Length NUMBERTAG Connection: close Content Type: text/html course_modal_request|| APITAG NUMBERTAG courses were found. APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Reading APITAG APITAG APITAG APITAG APITAG APITAG Writing APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2020-8561",
- "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/104720",
- "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/104720",
- "Repo_new": "kubernetes/kubernetes",
- "Issue_Created_At": "2021-09-01T20:18:50Z",
- "description": "TITLE: PLACEHOLDER ISSUE. /triage accepted /lifecycle frozen /area security /kind bug /committee security response",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.1,
- "impactScore": 1.4,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-40639",
- "Issue_Url_old": "https://github.com/jflyfox/jfinal_cms/issues/27",
- "Issue_Url_new": "https://github.com/jflyfox/jfinal_cms/issues/27",
- "Repo_new": "jflyfox/jfinal_cms",
- "Issue_Created_At": "2021-09-02T10:25:19Z",
- "description": "File reading. You can read any file in the web directory, including the database configuration file And all files in the root directory poc: FILETAG APITAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41189",
- "Issue_Url_old": "https://github.com/DSpace/DSpace/issues/7928",
- "Issue_Url_new": "https://github.com/dspace/dspace/issues/7928",
- "Repo_new": "dspace/dspace",
- "Issue_Created_At": "2021-09-02T14:01:40Z",
- "description": "REST service returns wrong object for the APITAG group. Describe the bug The APITAG group has the APITAG collection as linked object: URLTAG URLTAG This is not true, as it's not a APITAG group. FILETAG Related work URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.2,
- "impactScore": 5.9,
- "exploitabilityScore": 1.2
- },
- {
- "CVE_ID": "CVE-2021-39191",
- "Issue_Url_old": "https://github.com/zmartzone/mod_auth_openidc/issues/672",
- "Issue_Url_new": "https://github.com/openidc/mod_auth_openidc/issues/672",
- "Repo_new": "openidc/mod_auth_openidc",
- "Issue_Created_At": "2021-09-02T16:50:58Z",
- "description": "open redirect for target_link_uri parameter. see URLTAG thanks MENTIONTAG Recently we have forged a URL for a phishing attack that redirects the user, after their authentication on our OP, to any site of our choice. the forged url is as follows: APITAG example: APITAG After authentication, user is redirect to FILETAG According to the APITAG Connect documentation, URLTAG > \"target_link_uri > OPTIONAL. URL that the RP is requested to redirect to after authentication. RPs MUST verify the value of the target_link_uri to prevent being used as an open redirector to external sites.\" > Does the module verify the value of the target_link_uri to prevent being used as an open redirector to external sites? and how to configure it in the module?",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-39194",
- "Issue_Url_old": "https://github.com/charleskorn/kaml/issues/179",
- "Issue_Url_new": "https://github.com/charleskorn/kaml/issues/179",
- "Repo_new": "charleskorn/kaml",
- "Issue_Created_At": "2021-09-02T18:45:21Z",
- "description": "Polymorphic serialization hangs. Hello. Many thanks for this great library. We ran into an issue that is quite strange. The deserialization hangs in this specific case, meaning that the process does not terminate, but uses NUMBERTAG CPU. CODETAG This is what I see when I pause and enter debugger FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40656",
- "Issue_Url_old": "https://github.com/libsixel/libsixel/issues/25",
- "Issue_Url_new": "https://github.com/libsixel/libsixel/issues/25",
- "Repo_new": "libsixel/libsixel",
- "Issue_Created_At": "2021-09-03T03:34:45Z",
- "description": "heap buffer overflow in PATHTAG Hi,I found a heap buffer overflow in the current master NUMBERTAG d NUMBERTAG URLTAG It sames with the PATHTAG NUMBERTAG URLTAG (I found this problem NUMBERTAG days ago) OS: Ubuntu NUMBERTAG LTS NUMBERTAG Kernel NUMBERTAG generic POC: FILETAG It's the command line's report: APITAG and here is the ASAN report for saitoha/libsixel URLTAG (the current master FILETAG In this position,[r NUMBERTAG rc NUMBERTAG will be APITAG => APITAG So,writing to data will cause overflow and then it writes to a location (chunk) in the heap that should not be written to. heap info: Before: CODETAG After: CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40812",
- "Issue_Url_old": "https://github.com/libgd/libgd/issues/750",
- "Issue_Url_new": "https://github.com/libgd/libgd/issues/750",
- "Repo_new": "libgd/libgd",
- "Issue_Created_At": "2021-09-05T05:18:46Z",
- "description": "APITAG return value check. Hi, Two previous issues NUMBERTAG and NUMBERTAG show that a return value check for APITAG is necessary and it can cause read out of bound with a corrupted TGA file. APITAG is similar to APITAG and it also shows the error condition in its return value. some usages for APITAG are comparing return values to see any error occurred or not. (in FILETAG and FILETAG but there are some other call sites that do not check the return value and also the passed arguments are tainted and can be corrupted. this is the list of them: |file|function|line| | | | | |gd_webp.c| APITAG |gd_bmp.c | APITAG NUMBERTAG gd_bmp.c | APITAG NUMBERTAG APITAG so they need to add some condition check for APITAG . Regards.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40636",
- "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/198",
- "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/198",
- "Repo_new": "os4ed/opensis-classic",
- "Issue_Created_At": "2021-09-05T08:05:52Z",
- "description": "XSS and Error based SQL injection in FILETAG . Due to lack of protection, parameters APITAG , APITAG , id , APITAG can be abused to injection SQL queries to extract information from databases some other SQLi tricks, parameter msg can be used to inject XSS payload and steal user's cookie (and even takeover user's account) FILETAG As we can see, no security mechanism was implemented which resulted in a lot of vulnerabilities. Exploiting FILETAG Injection point : APITAG In beneath, I've presented how information can be extracted via SQL injection. XSS can be exploited by giving the correct information in other parameters and inject Javascript code in APITAG , msg . Request: APITAG GET APITAG APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG Ubuntu; Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Connection: keep alive Cookie: APITAG APITAG Upgrade Insecure Requests NUMBERTAG APITAG Response: APITAG HTTP NUMBERTAG OK Date: Sun NUMBERTAG Sep NUMBERTAG GMT Server: Apache NUMBERTAG APITAG X Powered By: PHP NUMBERTAG ubuntu NUMBERTAG Expires: Thu NUMBERTAG No NUMBERTAG GMT Cache Control: no store, no cache, must revalidate, post check NUMBERTAG pre check NUMBERTAG Pragma: no cache Vary: Accept Encoding Content Encoding: gzip Content Length NUMBERTAG Keep Alive: timeout NUMBERTAG ma NUMBERTAG Connection: Keep Alive Content Type: text/htmlx APITAG Solution Add security functions such as APITAG to sanitize parameters before processing or printing out to the screen. For XSS, use htmlentities to properly encode the output.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40637",
- "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/199",
- "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/199",
- "Repo_new": "os4ed/opensis-classic",
- "Issue_Created_At": "2021-09-05T10:01:03Z",
- "description": "Reflected XSS in FILETAG . Description By injecting Javascript code, an attacker can steal the user's cookie and takeover the user's account. This happened because of the lack of security implementation for type parameter. Exploitation FILETAG Injection point: APITAG Request: APITAG GET APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG Ubuntu; Linu NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Connection: keep alive Cookie: APITAG APITAG Upgrade Insecure Requests NUMBERTAG APITAG Response: APITAG HTTP NUMBERTAG OK Date: Sun NUMBERTAG Sep NUMBERTAG GMT Server: Apache NUMBERTAG APITAG X Powered By: PHP NUMBERTAG ubuntu NUMBERTAG Expires: Thu NUMBERTAG No NUMBERTAG GMT Cache Control: no store, no cache, must revalidate, post check NUMBERTAG pre check NUMBERTAG Pragma: no cache Content Length NUMBERTAG Keep Alive: timeout NUMBERTAG ma NUMBERTAG Connection: Keep Alive Content Type: text/html APITAG Solution: Before using any user's input, make sure to verify and sanitize it properly, trust nothing that's sent from the client. In the case of XSS, please consider using APITAG function to encode the user's input before printing it out to the user's screen",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40669",
- "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/196",
- "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/196",
- "Repo_new": "wuzhicms/wuzhicms",
- "Issue_Created_At": "2021-09-05T14:05:26Z",
- "description": "Wuzhicms NUMBERTAG PATHTAG hava a SQL Injection Vulnerability . Vulnerability file: APITAG ERRORTAG The APITAG parameter is controllable and the direct filtering of the APITAG parameter is not rigorous. POC ERRORTAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40670",
- "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/197",
- "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/197",
- "Repo_new": "wuzhicms/wuzhicms",
- "Issue_Created_At": "2021-09-06T02:43:30Z",
- "description": "Wuzhicms NUMBERTAG PATHTAG hava a SQL Injection Vulnerability . Vulnerability file: APITAG ERRORTAG In the APITAG file, the APITAG parameter and the APITAG parameter under the listing method are controllable, and the APITAG parameter is not strictly filtered, causing SQL injection vulnerabilities! POC ERRORTAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40678",
- "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1476",
- "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1476",
- "Repo_new": "piwigo/piwigo",
- "Issue_Created_At": "2021-09-06T02:58:29Z",
- "description": "Persistent Cross Site Scripting in Batch APITAG Description: In the single mode function of the Piwigo system, modifying the author parameter of the picture can cause persistent cross site scripting Vulnerable Instances: APITAG request ERRORTAG FILETAG suggestion Restrict user input and output",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-40663",
- "Issue_Url_old": "https://github.com/janbialostok/deep-assign/issues/1",
- "Issue_Url_new": "https://github.com/janbialostok/deep-assign/issues/1",
- "Repo_new": "janbialostok/deep-assign",
- "Issue_Created_At": "2021-09-06T04:52:21Z",
- "description": "Prototype Pollution in APITAG npm package. \u270d\ufe0f Description APITAG URLTAG npm package is vulnerable to prototype pollution vulnerability prior to version NUMBERTAG Proof of Concept LIVE POC LINK URLTAG CODETAG \ud83d\udca5 Impact May lead to Information PATHTAG External References for similar vulnerabilities/blogs: URLTAG CVETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-23442",
- "Issue_Url_old": "https://github.com/tony-tsx/cookiex-deep/issues/1",
- "Issue_Url_new": "https://github.com/tony-tsx/cookiex-deep/issues/1",
- "Repo_new": "tony-tsx/cookiex-deep",
- "Issue_Created_At": "2021-09-06T06:29:37Z",
- "description": "APITAG npm package is vulnerable to prototype pollution vulnerability prior to version NUMBERTAG APITAG URLTAG npm package is vulnerable to prototype pollution vulnerability prior to version NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40674",
- "Issue_Url_old": "https://github.com/wuzhicms/wuzhicms/issues/198",
- "Issue_Url_new": "https://github.com/wuzhicms/wuzhicms/issues/198",
- "Repo_new": "wuzhicms/wuzhicms",
- "Issue_Created_At": "2021-09-06T13:00:49Z",
- "description": "There are NUMBERTAG SQL injections in Wuzhicms NUMBERTAG background. There are NUMBERTAG SQL injections in Wuzhicms NUMBERTAG background one Wuzhicms NUMBERTAG PATHTAG hava a SQL Injection Vulnerability Vulnerability file: APITAG ERRORTAG the APITAG parameter is not strictly filtered, causing SQL injection vulnerabilities! POC ERRORTAG FILETAG FILETAG two The second SQL injection and the first SQL injection are in a different function in the same file! Wuzhicms NUMBERTAG PATHTAG hava a SQL Injection Vulnerability Vulnerability file: APITAG ERRORTAG Set APITAG and APITAG to be controllable. the APITAG parameter is not strictly filtered, causing SQL injection vulnerabilities! POC ERRORTAG FILETAG FILETAG three Wuzhicms NUMBERTAG PATHTAG hava a SQL Injection Vulnerability Someone has submitted a SQL injection vulnerability in the file APITAG before ( URLTAG but I found that in addition to the APITAG parameter, it can be injected In addition, the APITAG parameter can also be injected! Vulnerability file: APITAG ERRORTAG Set APITAG NUMBERTAG and APITAG to be controllable. the APITAG parameter is not strictly filtered, causing SQL injection vulnerabilities! POC ERRORTAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40902",
- "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/57",
- "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/57",
- "Repo_new": "flatcore/flatcore-cms",
- "Issue_Created_At": "2021-09-06T15:27:36Z",
- "description": "Stored XSS in Index. Describe the bug Cross Site Scripting (XSS) via save Exclude URLs To Reproduce Steps to reproduce the behavior NUMBERTAG Login to flatcore CMS NUMBERTAG Click on APITAG new Page' after click APITAG NUMBERTAG Insert into a XSS payload in Exclude URLs NUMBERTAG And XSS save on : URLTAG Screenshots FILETAG XSS payload APITAG alert NUMBERTAG APITAG Desktop (please complete the following information): OS: all Browser : all Version : all Additional context The XSS attack will help the hacker get the login session of other users requiring them to have at least one APITAG new Pages\" permission.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-40881",
- "Issue_Url_old": "https://github.com/sanluan/PublicCMS/issues/57",
- "Issue_Url_new": "https://github.com/sanluan/publiccms/issues/57",
- "Repo_new": "sanluan/publiccms",
- "Issue_Created_At": "2021-09-07T02:44:20Z",
- "description": "The default bat file parameters are controllable, resulting in rce. In the selection of planned tasks, the parameters are controllable and repo can be echoed directly, so the parameters of the parameters will be imported into the default bat warehouse script and the executed commands can be echoed url\uff1a URLTAG FILETAG The parameters of the parameters should be controlled",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40882",
- "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1477",
- "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1477",
- "Repo_new": "piwigo/piwigo",
- "Issue_Created_At": "2021-09-07T03:39:07Z",
- "description": "Persistent cross site scripts in Piwigo system album properties (version NUMBERTAG Description: Piwigo system album name and description of the location can be written to XSS code, resulting in persistent cross site scripting attacks Vulnerable Instances: FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40884",
- "Issue_Url_old": "https://github.com/projectsend/projectsend/issues/992",
- "Issue_Url_new": "https://github.com/projectsend/projectsend/issues/992",
- "Repo_new": "projectsend/projectsend",
- "Issue_Created_At": "2021-09-07T05:13:56Z",
- "description": "Insecure Object Reference in Files function. Dear MENTIONTAG MENTIONTAG , I have found an IDOR vulnerability in Files function. Description Because of not checking authorization in parameters ids and id , The user with uploader role can download , edit all files of users in application To Reproduce Download file NUMBERTAG Access url APITAG url NUMBERTAG Add value for id parameter from APITAG > APITAG to download all files in application FILETAG Edit File NUMBERTAG Access url APITAG NUMBERTAG Add value for id parameter from APITAG > APITAG to edit all files in application Files of user kietna on application FILETAG User kietna edit private file of admin user FILETAG FILETAG FILETAG Solution You need to check authorization for id and ids parameters, make sure that a user on the system can only interact with that user's files",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
- "severity": "HIGH",
- "baseScore": 8.1,
- "impactScore": 5.2,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40886",
- "Issue_Url_old": "https://github.com/projectsend/projectsend/issues/993",
- "Issue_Url_new": "https://github.com/projectsend/projectsend/issues/993",
- "Repo_new": "projectsend/projectsend",
- "Issue_Created_At": "2021-09-07T07:07:48Z",
- "description": "Path traversal in Upload file function. Dear MENTIONTAG I found a Path traversal vulnerability on your application! Description Because of not checking if clause for chunks parameter and use APITAG wrapper, the user with Uploader role can add value APITAG for chunks param to bypass APITAG santitizer and add another APITAG like APITAG to use APITAG wrapper and upload file to any place of server FILETAG In Step NUMBERTAG parameter that I can control when using upload function chunk , chunks , APITAG In Step NUMBERTAG The if clause check if chunks parameter < APITAG , the APITAG parameter will be handled. So i add value APITAG for chunks param then it will pass Step NUMBERTAG and go to Step NUMBERTAG FILETAG if i don't add value for chunk then the chunk parameter goes to APITAG and add value APITAG for chunks parameter, i can pass this if FILETAG Finally, if i add APITAG different from multipart , i can call APITAG wrapper to write a file on server with APITAG like APITAG Step To Reproduce NUMBERTAG Use burpsuite to capture upload request NUMBERTAG Change Content Type header to APITAG NUMBERTAG Add APITAG APITAG NUMBERTAG The file was uploaded in webroot directory with APITAG name FILETAG Request: ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40887",
- "Issue_Url_old": "https://github.com/projectsend/projectsend/issues/994",
- "Issue_Url_new": "https://github.com/projectsend/projectsend/issues/994",
- "Repo_new": "projectsend/projectsend",
- "Issue_Created_At": "2021-09-07T09:04:17Z",
- "description": "Path Traversal vulnerability in FILETAG . Dear MENTIONTAG , I found a Path traversal vulnerability in FILETAG Description Becase of lacking sanitization input for APITAG parameter, The attacker can add APITAG to move all of php files or any file on the system that has permissions to APITAG folder FILETAG Step To Reproduce NUMBERTAG Using burpsuite tool to capture request of FILETAG function NUMBERTAG Adding APITAG in APITAG parameter, in this step the attacker can move php files with the aim of sabotaging the system or read sentitive file in system like APITAG NUMBERTAG Then access APITAG to get a new name of file FILETAG NUMBERTAG Then access APITAG Request move APITAG file ERRORTAG FILETAG Then webroot returned Directory Listing because of moving APITAG file to APITAG folder FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-23449",
- "Issue_Url_old": "https://github.com/patriksimek/vm2/issues/363",
- "Issue_Url_new": "https://github.com/patriksimek/vm2/issues/363",
- "Repo_new": "patriksimek/vm2",
- "Issue_Created_At": "2021-09-07T09:20:16Z",
- "description": "Sandbox breakout. Hi, I would like to report a sandbox breakout, but I believe this should be done in a responsible, private way. Please create a security policy and an advisory, as instructed here: URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 10.0,
- "impactScore": 6.0,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40942",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1908",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1908",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-09-07T10:07:06Z",
- "description": "heap buffer overflow in APITAG at APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! [x] I looked for a similar issue and couldn't find any. [x] I tried with the latest version of GPAC. Installers available at URLTAG [x] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...) Step to reproduce: CODETAG Env: Ubunut NUMBERTAG clang NUMBERTAG My cmd line an ASAN report APITAG add PATHTAG new new.mp4 ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-41457",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1909",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1909",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-09-07T15:26:17Z",
- "description": "Stack buffer overflow in APITAG at PATHTAG in nhmldmx_init_parsing. [x] I looked for a similar issue and couldn't find any. [x] I tried with the latest version of GPAC. Installers available at URLTAG [x] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). Step to reproduce NUMBERTAG get latest commit code (GPAC version NUMBERTAG DEV re NUMBERTAG gd NUMBERTAG acad8 master NUMBERTAG compile with enable sanitizer NUMBERTAG make NUMBERTAG dirs which every of them has a large name(length NUMBERTAG this makes the file's abs path lengh larger than NUMBERTAG we called it APITAG NUMBERTAG run APITAG add {path to APITAG new new.mp4 Env: Ubunut NUMBERTAG clang NUMBERTAG My cmd line an ASAN report APITAG add PATHTAG new new.mp4 ASAN report: ERRORTAG Maybe fix for issue NUMBERTAG dose not consider this situation that there is a stack buffer overflow in nhmldmx_init_parsing",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41458",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1910",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1910",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-09-07T16:19:06Z",
- "description": "SEGV on unknown address in APITAG at PATHTAG in gf_blob_get. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-41456",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1911",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1911",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-09-07T16:21:54Z",
- "description": "Stack buffer overflow in APITAG at PATHTAG in nhmldmx_send_sample. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41459",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1912",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1912",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-09-07T16:28:12Z",
- "description": "Stack buffer overflow in APITAG at PATHTAG in nhmldmx_send_sample. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! [x] I looked for a similar issue and couldn't find any. [x] I tried with the latest version of GPAC. Installers available at URLTAG [x] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). Step to reproduce NUMBERTAG get latest commit code (GPAC version NUMBERTAG DEV re NUMBERTAG gd NUMBERTAG acad8 master NUMBERTAG compile with enable sanitizer NUMBERTAG run APITAG add APITAG new new.mp4 Env: Ubunut NUMBERTAG clang NUMBERTAG ASAN report ERRORTAG Different from issue NUMBERTAG the overflow memory is related to APITAG parameter. The APITAG para has the same problem, please fix them together. Buggy code at APITAG CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2020-28483",
- "Issue_Url_old": "https://github.com/gin-gonic/gin/issues/2862",
- "Issue_Url_new": "https://github.com/gin-gonic/gin/issues/2862",
- "Repo_new": "gin-gonic/gin",
- "Issue_Created_At": "2021-09-07T19:52:25Z",
- "description": "X Forwarded For handling is still unsafe, CVETAG is NOT fixed. Description APITAG / trusted proxy handling is incorrect, which makes it possible for anyone to force the value of APITAG , if: the app has trusted proxies defined and the trusted proxy handles APITAG in the usual way, by appending its own IP address at the end (the default configuration trusts every proxy and is of course also vulnerable, in a very trivial way). This was reported in URLTAG with a fix at URLTAG That PR did not get merged, and the one that did ( URLTAG does not fix the issue. There is a fix for this already at URLTAG APITAG How to reproduce You actually have that in your tests already, see URLTAG But here's a standalone version APITAG ERRORTAG Expectations APITAG Actual result APITAG APITAG Environment go version NUMBERTAG gin version (or commit ref NUMBERTAG operating system: APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
- "severity": "HIGH",
- "baseScore": 7.1,
- "impactScore": 4.2,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40888",
- "Issue_Url_old": "https://github.com/projectsend/projectsend/issues/995",
- "Issue_Url_new": "https://github.com/projectsend/projectsend/issues/995",
- "Repo_new": "projectsend/projectsend",
- "Issue_Created_At": "2021-09-08T02:13:10Z",
- "description": "Reflected Cross site Scripting in APITAG function . Dear MENTIONTAG I found a vulnerability that execute malicious script of user, Description: Because of lacking of sanitizer when echo output data in APITAG function in APITAG , the low privilege user APITAG role) can call this function through FILETAG file and execute scripting code FILETAG FILETAG APITAG ERRORTAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-40940",
- "Issue_Url_old": "https://github.com/monstra-cms/monstra/issues/471",
- "Issue_Url_new": "https://github.com/monstra-cms/monstra/issues/471",
- "Repo_new": "monstra-cms/monstra",
- "Issue_Created_At": "2021-09-08T14:55:01Z",
- "description": "Monstra NUMBERTAG case without filtering leads to unrestricted file upload vulnerability. Brief of this vulnerability The Monstra NUMBERTAG source code does not filter the case of php, which leads to an unrestricted file upload vulnerability. Test Environment APITAG Affect version APITAG POC ERRORTAG APITAG FILETAG Reason of This Vulnerability APITAG in the Upload file module does not check whether the file extension is APITAG file\uff1a APITAG ERRORTAG Repair suggestions Add case verification at $_FILES['file']['name'], as follows: ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40883",
- "Issue_Url_old": "https://github.com/emlog/emlog/issues/108",
- "Issue_Url_new": "https://github.com/emlog/emlog/issues/108",
- "Repo_new": "emlog/emlog",
- "Issue_Created_At": "2021-09-09T01:15:50Z",
- "description": "emlog NUMBERTAG has RCE vulnerability. in FILETAG line NUMBERTAG FILETAG After decompression, the uploaded file will be automatically saved PATHTAG so We can add our own webshell in the plugins file downloaded from the official APITAG upload and access it FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40889",
- "Issue_Url_old": "https://github.com/boiteasite/cmsuno/issues/19",
- "Issue_Url_new": "https://github.com/boiteasite/cmsuno/issues/19",
- "Repo_new": "boiteasite/cmsuno",
- "Issue_Created_At": "2021-09-09T04:11:04Z",
- "description": "PHP Code Execution via change password function. Dear MENTIONTAG I found a security problem can lead to remote code execution in APITAG version NUMBERTAG Description: APITAG action in APITAG file call to APITAG function to write username in APITAG file when user successfully changed password, Becase of filtere without APITAG the attacker can inject malicious php code into FILETAG FILETAG APITAG FILETAG When submit username and password, php code will be executed FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40921",
- "Issue_Url_old": "https://github.com/dmolsen/Detector/issues/35",
- "Issue_Url_new": "https://github.com/dmolsen/detector/issues/35",
- "Repo_new": "dmolsen/detector",
- "Issue_Created_At": "2021-09-09T08:02:29Z",
- "description": "FILETAG Where the Issue Occurred The code below displays the user controlled parameter cid without sufficient sanitization: URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40922",
- "Issue_Url_old": "https://github.com/pixeline/bugs/issues/552",
- "Issue_Url_new": "https://github.com/pixeline/bugs/issues/552",
- "Repo_new": "pixeline/bugs",
- "Issue_Created_At": "2021-09-09T08:57:52Z",
- "description": "FILETAG Where the Issue Occurred The code below displays the user controlled parameter APITAG , APITAG , and email without sufficient sanitization: CVETAG CVETAG CVETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-41197",
- "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/51908",
- "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/51908",
- "Repo_new": "tensorflow/tensorflow",
- "Issue_Created_At": "2021-09-09T18:05:47Z",
- "description": "tf.pad crashes with large paddings. System information Have I written custom code (as opposed to using a stock example script provided in APITAG Yes OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: N/A APITAG installed from (source or binary): binary APITAG version (use command below NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source): N/A APITAG version (if compiling from source): N/A APITAG version: N/A GPU model and memory: N/A Describe the current behavior APITAG crashes when the argument \"paddings\" has large values. Describe the expected behavior Expect an exception to be thrown if the input paddings is unexpected. Standalone code to reproduce the issue ERRORTAG outputs: APITAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-41413",
- "Issue_Url_old": "https://github.com/brackeen/ok-file-formats/issues/20",
- "Issue_Url_new": "https://github.com/brackeen/ok-file-formats/issues/20",
- "Repo_new": "brackeen/ok-file-formats",
- "Issue_Created_At": "2021-09-10T01:15:24Z",
- "description": "bugs found in APITAG and APITAG via honggfuzz. Test code : CODETAG Tools: honggfuzz NUMBERTAG Target version: master NUMBERTAG Result: CODETAG Here are the poc CVETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40925",
- "Issue_Url_old": "https://github.com/ladybirdweb/faveo-helpdesk/issues/5423",
- "Issue_Url_new": "https://github.com/ladybirdweb/faveo-helpdesk/issues/5423",
- "Repo_new": "ladybirdweb/faveo-helpdesk",
- "Issue_Created_At": "2021-09-10T02:01:59Z",
- "description": "APITAG XSS in FILETAG of bugs. Faveo Version NUMBERTAG and below versions PHP version NUMBERTAG Database Driver & Version : APITAG NUMBERTAG Server specification : Apache NUMBERTAG Turn on the APITAG in APITAG Description: Reflected Cross Site Scripting (XSS) may allow an attacker to execute APITAG code in the context of the victim\u2019s browser. This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim. Steps To Reproduce NUMBERTAG Go to the FILETAG NUMBERTAG Login NUMBERTAG Go tot the page with the following link: URLTAG NUMBERTAG Boom! Where the Issue Occurred The code below displays the user controlled input APITAG in APITAG without sufficient sanitization: URLTAG Note Although the dompdf page is accessible from localhost, it can be attacked if the localhost user clicks on the aforementioned link. Downloaded from [ ] master branch [ ] release tag NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40926",
- "Issue_Url_old": "https://github.com/JamesHeinrich/getID3/issues/341",
- "Issue_Url_new": "https://github.com/jamesheinrich/getid3/issues/341",
- "Repo_new": "jamesheinrich/getid3",
- "Issue_Created_At": "2021-09-10T03:02:54Z",
- "description": "APITAG XSS in FILETAG of APITAG NUMBERTAG Describe the bug Reflected Cross Site Scripting (XSS) may allow an attacker to execute APITAG code in the context of the victim\u2019s browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim. To Reproduce Steps to reproduce the behavior NUMBERTAG Access to the following link: URLTAG NUMBERTAG Boom! Where the Issue Occurred The code below displays the user controlled parameter showtagfiles without sufficient sanitization: URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43635",
- "Issue_Url_old": "https://github.com/jcv8000/Codex/issues/8",
- "Issue_Url_new": "https://github.com/jcv8000/codex/issues/8",
- "Repo_new": "jcv8000/codex",
- "Issue_Created_At": "2021-09-10T09:06:09Z",
- "description": "Code Execution vulnerability on Codex. Issue Cross site scripting(XSS) on Codex APITAG name lead to code execution. Reproduction NUMBERTAG Open Code NUMBERTAG Create new Notebook NUMBERTAG Insert payload on the Notebook(or page) name field On Mac APITAG test APITAG On Windows APITAG test APITAG NUMBERTAG Once you move your mouse over the link \"test\" , Calculator will be opened. APITAG Mitigation Disable APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40954",
- "Issue_Url_old": "https://github.com/bettershop/LaikeTui/issues/11",
- "Issue_Url_new": "https://github.com/bettershop/laiketui/issues/11",
- "Repo_new": "bettershop/laiketui",
- "Issue_Created_At": "2021-09-10T09:35:05Z",
- "description": "Any file upload exists at the background plug in. Any file upload exists at the background plug in FILETAG Locate file\uff1a PATHTAG FILETAG Firstly, the upload format is not filtered. Secondly, uploading the compressed package will decompress the index file in the compressed package and automatically include the file As a result, files with any suffix can be uploaded or compressed packages can be uploaded. The compressed packages contain webshell files FILETAG Upload succeeded\uff01 FILETAG The file is in the PATHTAG Let's visit FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40955",
- "Issue_Url_old": "https://github.com/bettershop/LaikeTui/issues/12",
- "Issue_Url_new": "https://github.com/bettershop/laiketui/issues/12",
- "Repo_new": "bettershop/laiketui",
- "Issue_Created_At": "2021-09-10T12:12:54Z",
- "description": "Background SQL injection. Background SQL injection FILETAG Parameter id is not filtered FILETAG The corresponding url is URLTAG FILETAG Using sleep function to delay NUMBERTAG seconds as an example FILETAG FILETAG Using sleep function to delay NUMBERTAG seconds as an example FILETAG Get the database through sqlmap FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.2,
- "impactScore": 5.9,
- "exploitabilityScore": 1.2
- },
- {
- "CVE_ID": "CVE-2021-41196",
- "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/51936",
- "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/51936",
- "Repo_new": "tensorflow/tensorflow",
- "Issue_Created_At": "2021-09-10T21:36:31Z",
- "description": "APITAG crashes. System information Have I written custom code (as opposed to using a stock example script provided in APITAG yes OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG Linux Ubuntu NUMBERTAG Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: n/a APITAG installed from (source or binary): binary APITAG version (use command below NUMBERTAG Python version NUMBERTAG Bazel version (if compiling from source): n/a APITAG version (if compiling from source): n/a APITAG version: n/a GPU model and memory: n/a Describe the current behavior APITAG crashes when APITAG contains APITAG , and outputs a all inf tensor when APITAG contains negative values. Describe the expected behavior Expect a ERRORTAG to be thrown if the input APITAG contains zero or negative values. Standalone code to reproduce the issue If the APITAG has APITAG : ERRORTAG Outputs: ERRORTAG If the APITAG has negative values: ERRORTAG The output is a tensor with shape = APITAG and all inf values.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40956",
- "Issue_Url_old": "https://github.com/bettershop/LaikeTui/issues/13",
- "Issue_Url_new": "https://github.com/bettershop/laiketui/issues/13",
- "Repo_new": "bettershop/laiketui",
- "Issue_Created_At": "2021-09-11T12:30:37Z",
- "description": "SQL injection exists in the APITAG menu management function. SQL injection exists in the APITAG menu management function FILETAG The link where SQL injection exists is APITAG Locate the vulnerable file APITAG FILETAG Because the parameter id is not filtered, it leads to SQL injection vulnerabilities ERRORTAG Use burpsuite to request url APITAG FILETAG View SQL monitoring FILETAG Use sqlmap SQL injection Get the database FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40927",
- "Issue_Url_old": "https://github.com/citelao/Spotify-for-Alfred/issues/137",
- "Issue_Url_new": "https://github.com/citelao/spotify-for-alfred/issues/137",
- "Repo_new": "citelao/spotify-for-alfred",
- "Issue_Created_At": "2021-09-13T01:49:14Z",
- "description": "APITAG XSS in FILETAG . Describe the bug Reflected Cross Site Scripting (XSS) may allow an attacker to execute APITAG code in the context of the victim\u2019s browser. This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim. To Reproduce Steps to reproduce the behavior NUMBERTAG Access to the following link: URLTAG NUMBERTAG Boom! Where the Issue Occurred The code below displays the user controlled parameter ERRORTAG without sufficient sanitization: URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-40928",
- "Issue_Url_old": "https://github.com/d8ahazard/FlexTV/issues/37",
- "Issue_Url_new": "https://github.com/d8ahazard/flextv/issues/37",
- "Repo_new": "d8ahazard/flextv",
- "Issue_Created_At": "2021-09-13T02:14:03Z",
- "description": "APITAG XSS in FILETAG of Phlex and APITAG NUMBERTAG Are you hosting your own version of Flex TV, or using the one at FILETAG Yes NUMBERTAG On what OS are you running Flex TV? Ubuntu NUMBERTAG Are you using a new instance of XAMPP, or an existing webserver? Apache NUMBERTAG Turn on the APITAG in APITAG NUMBERTAG b. If not XAMPP, what APITAG stack are you using? No NUMBERTAG Have you enabled the sockets module and ensured PHP has write access to the directory containing Flex TV? Yes Description: Reflected Cross Site Scripting (XSS) may allow an attacker to execute APITAG code in the context of the victim\u2019s browser. This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim. Steps To Reproduce NUMBERTAG Go to the page with the following link: URLTAG NUMBERTAG Boom! Where the Issue Occurred The code below displays the user controlled input APITAG in APITAG without sufficient sanitization: URLTAG For Phlex: URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-41402",
- "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/59",
- "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/59",
- "Repo_new": "flatcore/flatcore-cms",
- "Issue_Created_At": "2021-09-13T09:36:05Z",
- "description": "Code execution vulnerabilities in the background. Describe the bug Code execution vulnerabilities in the background To Reproduce Steps to reproduce the behavior: APITAG in to the background NUMBERTAG Go to APITAG position APITAG info and enter the malicious php code in the Permalink parameter to jump out of the structure to execute the malicious code APITAG save PATHTAG and PATHTAG files will be inserted with malicious code APITAG the homepage and you will see that the malicious code we inserted was successfully executed and returned the result Screenshots FILETAG Click Save New Page PATHTAG and PATHTAG files will be inserted with malicious code FILETAG FILETAG FILETAG Desktop (please complete the following information): OS: APITAG Browser All Version Last version",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-25741",
- "Issue_Url_old": "https://github.com/kubernetes/kubernetes/issues/104980",
- "Issue_Url_new": "https://github.com/kubernetes/kubernetes/issues/104980",
- "Repo_new": "kubernetes/kubernetes",
- "Issue_Created_At": "2021-09-13T20:58:56Z",
- "description": "PLACEHOLDER ISSUE. /triage accepted /lifecycle frozen /area security /kind bug /committee security response",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
- "severity": "HIGH",
- "baseScore": 8.1,
- "impactScore": 5.2,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2022-30334",
- "Issue_Url_old": "https://github.com/brave/brave-browser/issues/18071",
- "Issue_Url_new": "https://github.com/brave/brave-browser/issues/18071",
- "Repo_new": "brave/brave-browser",
- "Issue_Created_At": "2021-09-13T23:57:55Z",
- "description": "Strip referrer and origin in cross origin requests from a APITAG origin. If a cross origin request originates from a APITAG service, we should match the Tor Browser behavior and: omit the Referer header send a value of null for the Origin header whenever present (e.g. in the case of a POST request) Same origin requests should follow our normal referrer policy URLTAG . Test page: FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41403",
- "Issue_Url_old": "https://github.com/flatCore/flatCore-CMS/issues/60",
- "Issue_Url_new": "https://github.com/flatcore/flatcore-cms/issues/60",
- "Repo_new": "flatcore/flatcore-cms",
- "Issue_Created_At": "2021-09-14T02:58:17Z",
- "description": "Server side request forgery vulnerability (SSRF). Describe the bug Server side request forgery vulnerability (SSRF) To Reproduce Steps to reproduce the behavior NUMBERTAG go to APITAG NUMBERTAG Enter the intranet address in the box to request NUMBERTAG Can make a request to the intranet Screenshots FILETAG request packet FILETAG Locate the vulnerable code APITAG The start_index parameter calls the function fc_crawler FILETAG Tracing the fc_crawler function Locate the vulnerable code ERRORTAG FILETAG Continue to track the APITAG function FILETAG Led to the SSRF vulnerability Desktop (please complete the following information): OS: APITAG Browser all Version last version",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41415",
- "Issue_Url_old": "https://github.com/youranreus/Subscription-Manager/issues/2",
- "Issue_Url_new": "https://github.com/youranreus/subscription-manager/issues/2",
- "Repo_new": "youranreus/subscription-manager",
- "Issue_Created_At": "2021-09-14T03:11:22Z",
- "description": "Subscription Manager NUMBERTAG FILETAG hava a SQL Injection Vulnerability. Vulnerability file: APITAG ERRORTAG In the APITAG file, the APITAG parameter and the APITAG parameter under the APITAG method are controllable, and the APITAG parameter is not strictly filtered, causing XSS injection vulnerabilities! POC ERRORTAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-41061",
- "Issue_Url_old": "https://github.com/RIOT-OS/RIOT/issues/16844",
- "Issue_Url_new": "https://github.com/riot-os/riot/issues/16844",
- "Repo_new": "riot-os/riot",
- "Issue_Created_At": "2021-09-14T07:24:59Z",
- "description": "ieee NUMBERTAG security: Nonce is reused after reboot. Description The frame counter used with ieee NUMBERTAG security is initialized with NUMBERTAG at startup. While it is protected against overflow, it is not protected against being reset, and that reset happens whenever the device restarts. As the key is flashed into the device in ieee NUMBERTAG security's normal operation, and the sender LL address is constant per device, the same nonce (varying only through the resetting frame counter) is used in the AES encryption multiple times. Reuse of the same (nonce, key) breaks confidentiality guarantees. (AES CCM is used here, so AIU it's not as bad URLTAG as if GCM were used, when there'd be key leakage). Steps to reproduce the issue APITAG done on microbit NUMBERTAG I have high confidence in this working on any APITAG encryption capable device). Sniff for packages, eg. by building the default module. Build the gcoap example with APITAG Send out a GET request to the sniffer module, path APITAG Repeat the request a few times (to cancel any jitter in the number of messages sent during startup) Reboot the device, eg. by power cycling it Send out GET requests to the same address, path APITAG Expected results Requests after the reboot use different sequence numbers. Actual results Requests after the reboot start from the same zero sequence number again. Requests have byte wise identical requests in regions of equal content, eg. (asterisks mine) ERRORTAG ERRORTAG APITAG the APITAG in the second row where the shared \"l\" of \"hello\" and \"well\" is, as well as the NUMBERTAG co\" of the \"core\" / \"coap\" option; variation is in MIDs (first row bytes NUMBERTAG token (second row, first NUMBERTAG bytes) and the diverting texts). Versions and cross references All since introduction in NUMBERTAG until current HEAD. Since NUMBERTAG the module in question has been marked as experimental. Disclosing this has been discussed in the closed security list URLTAG , and was deemed responsible given the overall circumstances. CVETAG CVETAG has been assigned to this issue. Road forward This is not trivial to fix, as we don't have any committed persistence inside generic devices, and even with APITAG minimal security the problem is just shifted (for FILETAG requires monotony of ASNs on the device which is equivalent to this problem, although it'd shift the attack difficulty to an active replay of old beacons). Likewise, most advanced modes need persistence, until (with ace ake authz URLTAG asymmetric negotiation comes into play. Off my head I don't know any standard solutions that can do with neither asymmetric cryptography nor local persistence; some randomness based scheme could possibly be deployed but it'd be very ad hoc, custom and eventually not easier than the existing solutions. I think that the discussion in NUMBERTAG can serve as a starting point.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-41418",
- "Issue_Url_old": "https://github.com/Amozing/Am0zang/issues/1",
- "Issue_Url_new": "https://github.com/amozing/am0zang/issues/1",
- "Repo_new": "amozing/am0zang",
- "Issue_Created_At": "2021-09-14T10:09:23Z",
- "description": "APITAG has an unauthorized access vulnerability. APITAG for assets using Fofa:\" ariang\" && country=\"CN\" (It's OK without \u201dCN\u201c ) FILETAG APITAG You can view the download history, view APITAG status, settings and settings of APITAG FILETAG FILETAG FILETAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2022-27046",
- "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/157",
- "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/157",
- "Repo_new": "saitoha/libsixel",
- "Issue_Created_At": "2021-09-14T12:18:43Z",
- "description": "heap use after free in PATHTAG Hi,I found a heap use after free in the current master NUMBERTAG a5be8b URLTAG I build img2sixel with ASAN,this is ASAN report. OS: Ubuntu NUMBERTAG LTS NUMBERTAG Kernel NUMBERTAG generic POC: FILETAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-41715",
- "Issue_Url_old": "https://github.com/libsixel/libsixel/issues/27",
- "Issue_Url_new": "https://github.com/libsixel/libsixel/issues/27",
- "Repo_new": "libsixel/libsixel",
- "Issue_Created_At": "2021-09-14T12:27:12Z",
- "description": "heap use after free in PATHTAG Hi,I found a heap use after free in the current master fb NUMBERTAG URLTAG It sames with the PATHTAG NUMBERTAG URLTAG (I just found the problem.) OS: Ubuntu NUMBERTAG LTS NUMBERTAG Kernel NUMBERTAG generic POC: FILETAG It's the command line's report: ERRORTAG and here is the ASAN report for saitoha/libsixel (the current master NUMBERTAG a5be8b URLTAG : ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-3807",
- "Issue_Url_old": "https://github.com/chalk/ansi-regex/issues/38",
- "Issue_Url_new": "https://github.com/chalk/ansi-regex/issues/38",
- "Repo_new": "chalk/ansi-regex",
- "Issue_Created_At": "2021-09-14T15:37:45Z",
- "description": "Backport of security patch, for benefit of yargs. I know it's a pain in the neck, but would you consider back porting URLTAG to the NUMBERTAG release line, for the benefit of yargs URLTAG . Yargs is making the effort during the transition to ESM to support both CJS and ESM, which makes us unable to update to the latest version of APITAG . If you were willing to make an exception (_I know you're pushing folks towards using ESM exclusively_) it would be really valuable for yargs users using CJK character sets.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41432",
- "Issue_Url_old": "https://github.com/flatpressblog/flatpress/issues/88",
- "Issue_Url_new": "https://github.com/flatpressblog/flatpress/issues/88",
- "Repo_new": "flatpressblog/flatpress",
- "Issue_Created_At": "2021-09-15T18:15:56Z",
- "description": "Stored XSS in the Blog Content. APITAG NUMBERTAG Stored XSS in the Blog Content A stored Cross Site Scripting (XSS) vulnerability exists in version NUMBERTAG of the APITAG application that allows for arbitrary execution of APITAG commands. Steps to reproduce the vulnerability NUMBERTAG isit the APITAG Administration area NUMBERTAG Navigate to the Entries > Write Entry NUMBERTAG Enter any Subject NUMBERTAG In the content area put the following payload: APITAG FILETAG NUMBERTAG Click the APITAG button NUMBERTAG Stored XSS payload is triggered. FILETAG Also we can verify the stored XSS payload by navigating to the home page. FILETAG Discovered by Martin Kubecka, September NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-41329",
- "Issue_Url_old": "https://github.com/datalust/seq-tickets/issues/1322",
- "Issue_Url_new": "https://github.com/datalust/seq-tickets/issues/1322",
- "Repo_new": "datalust/seq-tickets",
- "Issue_Created_At": "2021-09-15T23:38:50Z",
- "description": "Query cache collisions when queries differ only by in clause contents. Seq uses time slice caching to speed up APITAG queries and a few others, in particular, those that drive Dashboards URLTAG . Behind the scenes, cache entries are keyed based on the clauses of the query, active signals, and so on. A bug in recent Seq versions up to NUMBERTAG causes the keys generated for in clauses to collide, when all elements of the detected set are constants. For example: APITAG and ERRORTAG will generate the same cache key, and thus produce incorrect results when two cacheable queries differ only in this respect. The bug is caused by inlining of arrays of constants: instead of APITAG generating an expression that constructs an array with a constant element, the array is precomputed and inlined as a constant itself. The code that subsequently generates query cache keys does not properly account for this case. Query cache entries will not collide if: The queries do not group by time and are not executed from a dashboard, The queries run over different signals, Any other aspect of the query, including the select , where , group by , having , and order by clauses, differ in any way.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-41461",
- "Issue_Url_old": "https://github.com/concrete5/concrete5-legacy/issues/2006",
- "Issue_Url_new": "https://github.com/concretecms/concrete5-legacy/issues/2006",
- "Repo_new": "concretecms/concrete5-legacy",
- "Issue_Created_At": "2021-09-16T06:01:54Z",
- "description": "FILETAG Where the Issue Occurred The code below displays the user controlled parameter rel , APITAG , and mode in PATHTAG rel in PATHTAG and cID in PATHTAG without sufficient sanitization: URLTAG URLTAG URLTAG URLTAG URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-41467",
- "Issue_Url_old": "https://github.com/hjue/JustWriting/issues/106",
- "Issue_Url_new": "https://github.com/hjue/justwriting/issues/106",
- "Repo_new": "hjue/justwriting",
- "Issue_Created_At": "2021-09-17T06:50:17Z",
- "description": "APITAG XSS in PATHTAG Describe the bug/issue Reflected Cross Site Scripting (XSS) may allow an attacker to execute APITAG code in the context of the victim\u2019s browser. Note that these multiple XSS vulnerabilities exist in the APITAG To Reproduce Steps to reproduce the behavior NUMBERTAG Go to the following link: URLTAG NUMBERTAG Boom! Where the vulnerability occurred? The code below displays the user controlled parameter challenge in PATHTAG with incorrect sanitization: URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-41490",
- "Issue_Url_old": "https://github.com/ompl/ompl/issues/833",
- "Issue_Url_new": "https://github.com/ompl/ompl/issues/833",
- "Repo_new": "ompl/ompl",
- "Issue_Created_At": "2021-09-18T06:09:08Z",
- "description": "Memory leaks in APITAG Here are some outputs NUMBERTAG f5dbf NUMBERTAG in operator new(unsigned long) ( PATHTAG NUMBERTAG f5dbe NUMBERTAG b NUMBERTAG in APITAG const PATHTAG NUMBERTAG f5dbe3d NUMBERTAG in APITAG const ) const PATHTAG NUMBERTAG f5dbe NUMBERTAG in APITAG const ) const PATHTAG NUMBERTAG f5dbe NUMBERTAG in APITAG const&) PATHTAG After our analysis, this crash comes from APITAG In line PATHTAG of APITAG they can apply for memory space. At the same time, the APITAG function can release the memory. However, during our testing, the program will still run to APITAG PATHTAG (application meomory space) after the last call of APITAG so the memory space is not completely released and causing memory leaks.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41502",
- "Issue_Url_old": "https://github.com/intelliants/subrion/issues/885",
- "Issue_Url_new": "https://github.com/intelliants/subrion/issues/885",
- "Repo_new": "intelliants/subrion",
- "Issue_Created_At": "2021-09-19T07:45:36Z",
- "description": "FILETAG no: FILETAG detailed steps: After publishing a blog with uploaded pictures, click APITAG Blog Entry\" to enter the modification page, open Burp Suit and then directly click \"save\", modify the content of image FILETAG Any member browses the blog page: FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-41641",
- "Issue_Url_old": "https://github.com/denoland/deno/issues/12152",
- "Issue_Url_new": "https://github.com/denoland/deno/issues/12152",
- "Repo_new": "denoland/deno",
- "Issue_Created_At": "2021-09-20T12:46:38Z",
- "description": "APITAG Deno Sandbox Escape. The Deno file sandbox does not handle symbolic links correctly. When running Deno with specific write access the APITAG method can be used to gain access to any directory. Proof of concept: URLTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
- "severity": "HIGH",
- "baseScore": 8.4,
- "impactScore": 5.8,
- "exploitabilityScore": 2.0
- },
- {
- "CVE_ID": "CVE-2021-41652",
- "Issue_Url_old": "https://github.com/sruupl/batflat/issues/113",
- "Issue_Url_new": "https://github.com/sruupl/batflat/issues/113",
- "Repo_new": "sruupl/batflat",
- "Issue_Created_At": "2021-09-20T16:54:46Z",
- "description": "Insecure permissions for APITAG The whole database can be easily dumped with a single http request URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41663",
- "Issue_Url_old": "https://github.com/bg5sbk/MiniCMS/issues/41",
- "Issue_Url_new": "https://github.com/bg5sbk/minicms/issues/41",
- "Repo_new": "bg5sbk/minicms",
- "Issue_Created_At": "2021-09-21T10:09:19Z",
- "description": "An xss vulnerability was found where my article was posted. FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-41729",
- "Issue_Url_old": "https://github.com/meiko-S/BaiCloud-cms/issues/3",
- "Issue_Url_new": "https://github.com/meiko-s/baicloud/issues/3",
- "Repo_new": "meiko-s/baicloud",
- "Issue_Created_At": "2021-09-22T04:36:17Z",
- "description": "Bug Report: Multiple Arbitrary File Deletion vulnerabilities. Vulnerability Name: Multiple Arbitrary File Deletion Date of Discovery NUMBERTAG August NUMBERTAG Product version NUMBERTAG Download link Author: hibiki sama Vulnerability Description: When unsanitized user input is supplied to a file deletion function, an arbitrary file deletion vulnerability arises. This occurs in PHP when the APITAG function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization. Exploiting the vulnerability allows an attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker can leverage the capability of arbitrary file deletion to circumvent certain webserver security mechanisms such as deleting .htaccess file that would deactivate those security constraints. Proof of Concept NUMBERTAG ulnerable URL: FILETAG Vulnerable Code: line NUMBERTAG kanacms\\user FILETAG It can be found that there is no verification, just judge whether it is the same as the previous or default, and then use unlink to delete the file as long as the file exists Therefore, the vulnerability analysis and utilization are very simple FILETAG We deleted the installed lock file / install / APITAG FILETAG Proof of Concept NUMBERTAG ulnerable URL: FILETAG Vulnerable Code: line NUMBERTAG PATHTAG There is an arbitrary file deletion vulnerability. I have to say that the system is really problematic in judging this The file causing the problem is in / user / FILETAG It is also a problem caused by the comparison between oldimg and img FILETAG Similar to the above analysis, it only judges whether it is the same as the original, and then splices.. / and directly calls unlink, so the use is also very simple Just delete the hidden of the form attribute in HTML, and then directly enter the file name you want to delete",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.1,
- "impactScore": 5.2,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41677",
- "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/202",
- "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/202",
- "Repo_new": "os4ed/opensis-classic",
- "Issue_Created_At": "2021-09-22T07:15:59Z",
- "description": "SQL injection in function FILETAG . A SQL injection vulnerability exists in version NUMBERTAG of APITAG when APITAG or APITAG is used as the application database. An attacker can then issue the SQL command through the PATHTAG Grade= parameter FILETAG POC FILETAG REQUEST CODETAG RESPONSE ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-23639",
- "Issue_Url_old": "https://github.com/simonhaenisch/md-to-pdf/issues/99",
- "Issue_Url_new": "https://github.com/simonhaenisch/md-to-pdf/issues/99",
- "Repo_new": "simonhaenisch/md-to-pdf",
- "Issue_Created_At": "2021-09-22T07:38:13Z",
- "description": "Security: gray matter exposes front matter JS engine that leads to arbitrary code execution. The library gray matter URLTAG (used by md to pdf to parse front matter) exposes a JS engine by default, which essentially runs eval on the given Markdown. URLTAG Given that md to pdf is _only_ a Markdown to PDF library and looking at how other projects use it I think it is an undesirable _feature_ to be able to execute any arbitrary Javascript by anyone in control of the Markdown content. A possible fix would be to override gray matter's JS engine: APITAG APITAG CODETAG poc.js: CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41678",
- "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/203",
- "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/203",
- "Repo_new": "os4ed/opensis-classic",
- "Issue_Created_At": "2021-09-22T08:17:21Z",
- "description": "SQL injection in function FILETAG . A SQL injection vulnerability exists in version NUMBERTAG of APITAG when APITAG or APITAG is used as the application database. An attacker can then issue the SQL command through the PATHTAG staff FILETAG FILETAG POC FILETAG REQUEST ERRORTAG RESPONSE ERRORTAG SOLUTION Use function APITAG before assign $_REQUEST['staff'] to $value param. CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41679",
- "Issue_Url_old": "https://github.com/OS4ED/openSIS-Classic/issues/204",
- "Issue_Url_new": "https://github.com/os4ed/opensis-classic/issues/204",
- "Repo_new": "os4ed/opensis-classic",
- "Issue_Created_At": "2021-09-22T08:56:02Z",
- "description": "SQL INJECTION IN FUNCTION FILETAG . A SQL injection vulnerability exists in version NUMBERTAG of APITAG when APITAG or APITAG is used as the application database. An attacker can then issue the SQL command through the PATHTAG period parameter. FILETAG POC: FILETAG REQUEST: GET PATHTAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: en US,en;q NUMBERTAG Accept Encoding: gzip, deflate Connection: close Referer: URLTAG Cookie: APITAG APITAG Upgrade Insecure Requests NUMBERTAG RESPONSE: HTTP NUMBERTAG OK Date: Wed NUMBERTAG Sep NUMBERTAG GMT Server: APITAG APITAG Expires: Thu NUMBERTAG No NUMBERTAG GMT Cache Control: no store, no cache, must revalidate Pragma: no cache Vary: Accept Encoding Content Length NUMBERTAG Connection: close Content Type: text/html; charset=UTF NUMBERTAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43492",
- "Issue_Url_old": "https://github.com/AlquistManager/alquist/issues/42",
- "Issue_Url_new": "https://github.com/alquistmanager/alquist/issues/42",
- "Repo_new": "alquistmanager/alquist",
- "Issue_Created_At": "2021-09-22T20:04:48Z",
- "description": "FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43496",
- "Issue_Url_old": "https://github.com/varun-suresh/Clustering/issues/12",
- "Issue_Url_new": "https://github.com/varun-suresh/clustering/issues/12",
- "Repo_new": "varun-suresh/clustering",
- "Issue_Created_At": "2021-09-22T22:24:23Z",
- "description": "FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43495",
- "Issue_Url_old": "https://github.com/AlquistManager/alquist/issues/43",
- "Issue_Url_new": "https://github.com/alquistmanager/alquist/issues/43",
- "Repo_new": "alquistmanager/alquist",
- "Issue_Created_At": "2021-09-22T22:32:57Z",
- "description": "FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43494",
- "Issue_Url_old": "https://github.com/codingforentrepreneurs/OpenCV-REST-API/issues/2",
- "Issue_Url_new": "https://github.com/codingforentrepreneurs/opencv-rest-api/issues/2",
- "Repo_new": "codingforentrepreneurs/opencv-rest-api",
- "Issue_Created_At": "2021-09-22T22:50:48Z",
- "description": "FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43493",
- "Issue_Url_old": "https://github.com/cksgf/ServerManagement/issues/21",
- "Issue_Url_new": "https://github.com/cksgf/servermanagement/issues/21",
- "Repo_new": "cksgf/servermanagement",
- "Issue_Created_At": "2021-09-22T23:11:43Z",
- "description": "FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43668",
- "Issue_Url_old": "https://github.com/syndtr/goleveldb/issues/373",
- "Issue_Url_new": "https://github.com/syndtr/goleveldb/issues/373",
- "Repo_new": "syndtr/goleveldb",
- "Issue_Created_At": "2021-09-23T05:55:20Z",
- "description": "Nil pointer in leveldb. Hi, recently we received an issue report in Go ethereum project, it's a leveldb relevant panic because of nil pointer. The version we used is APITAG The original stack trace can be found here. ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-41752",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4779",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4779",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-09-23T13:13:53Z",
- "description": "stack overflow in APITAG APITAG revision e1ce7dd7 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Linu NUMBERTAG generic NUMBERTAG with glibc NUMBERTAG Build steps PATHTAG clean debug compile flag= fsanitize=address \\ compile flag= m NUMBERTAG compile flag= fno omit frame pointer \\ compile flag= fno common compile flag= g strip=off \\ system allocator=on logging=on linker flag= fuse ld=gold \\ error messages=on lto=off stack limit NUMBERTAG Test case ERRORTAG Execution platform the same as the build platform. Output ERRORTAG Backtrace see above",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41581",
- "Issue_Url_old": "https://github.com/libressl-portable/openbsd/issues/126",
- "Issue_Url_new": "https://github.com/libressl/openbsd/issues/126",
- "Repo_new": "libressl/openbsd",
- "Issue_Created_At": "2021-09-23T14:25:43Z",
- "description": "stack buffer overflow in function APITAG The following program can make APITAG : ERRORTAG Here is the asan report: ERRORTAG This is because the buffer working is full of data thus is not ended with APITAG , and the call of strdup can crash the program. In the function APITAG of APITAG , the variable wi means the bytes have been written in buffer work \uff0cif wi is greater than or equal to APITAG , the parse should be stopped because the last byte should be APITAG . The following patch can fix this problem: CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-41736",
- "Issue_Url_old": "https://github.com/grame-cncm/faust/issues/653",
- "Issue_Url_new": "https://github.com/grame-cncm/faust/issues/653",
- "Repo_new": "grame-cncm/faust",
- "Issue_Created_At": "2021-09-24T09:33:04Z",
- "description": "Memory corruptions in Faust compiler. I went on with some tests (similarly to NUMBERTAG and I discovered overall NUMBERTAG different vulnerabilities. You can reproduce by compiling with asan enabled. Here I attach a resume of the stacktrace and the crashing inputs. If it is possible, I would like to request for at least some CVEs that I need for a paper. FILETAG Error type : ABRT on unknown address NUMBERTAG e NUMBERTAG fdc (pc NUMBERTAG fe0e NUMBERTAG a9fb7 bp NUMBERTAG dc NUMBERTAG sp NUMBERTAG fe0e0e NUMBERTAG T2) Error location NUMBERTAG ba NUMBERTAG in APITAG , APITAG > >::vector(unsigned long, APITAG > const&) ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : SEGV on unknown address NUMBERTAG pc NUMBERTAG ba NUMBERTAG a bp NUMBERTAG fff NUMBERTAG d NUMBERTAG sp NUMBERTAG fff NUMBERTAG d NUMBERTAG a0 T0) Error location NUMBERTAG ba NUMBERTAG a in ppsig::printui(std::ostream&, APITAG std::char_traits APITAG , std::allocator APITAG > const&, APITAG ) const ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : SEGV on unknown address NUMBERTAG pc NUMBERTAG aec NUMBERTAG bp NUMBERTAG ffc NUMBERTAG b0 sp NUMBERTAG ffc NUMBERTAG d NUMBERTAG T0) Error location NUMBERTAG aec NUMBERTAG in APITAG , APITAG > > const&) ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : ABRT on unknown address NUMBERTAG e NUMBERTAG fe8 (pc NUMBERTAG fc NUMBERTAG ecfb7 bp NUMBERTAG dc NUMBERTAG sp NUMBERTAG fc NUMBERTAG aa NUMBERTAG T2) Error location NUMBERTAG b NUMBERTAG f NUMBERTAG in APITAG ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : stack overflow on address NUMBERTAG ffec7cfdf NUMBERTAG pc NUMBERTAG d NUMBERTAG bp NUMBERTAG ffec7cfe7b0 sp NUMBERTAG ffec7cfdf NUMBERTAG T0) Error location NUMBERTAG d NUMBERTAG in __interceptor_strcmp ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : heap buffer overflow on address NUMBERTAG cb8 at pc NUMBERTAG b9f8f9 bp NUMBERTAG fe NUMBERTAG fac NUMBERTAG sp NUMBERTAG fe NUMBERTAG fac NUMBERTAG Error location NUMBERTAG b9f8f8 in APITAG , APITAG , APITAG , APITAG , APITAG > > const&) propagate.cpp Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : SEGV on unknown address NUMBERTAG pc NUMBERTAG f NUMBERTAG a bp NUMBERTAG fff5c0e NUMBERTAG d0 sp NUMBERTAG fff5c0e3cc0 T0) Error location NUMBERTAG f NUMBERTAG a in APITAG , APITAG ) ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : SEGV on unknown address NUMBERTAG pc NUMBERTAG ed6b6 bp NUMBERTAG ffd6c0d NUMBERTAG e0 sp NUMBERTAG ffd6c0d NUMBERTAG e0 T0) Error location NUMBERTAG ed6b6 in APITAG , APITAG , APITAG , APITAG , APITAG , APITAG , APITAG std::char_traits APITAG , std::allocator APITAG > const&) ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG Error type : SEGV on unknown address NUMBERTAG pc NUMBERTAG ba NUMBERTAG bp NUMBERTAG fffc NUMBERTAG a9d0 sp NUMBERTAG fffc NUMBERTAG a8e0 T0) Error location NUMBERTAG ba NUMBERTAG in ppsig::printui(std::ostream&, APITAG std::char_traits APITAG , std::allocator APITAG > const&, APITAG ) const ( PATHTAG ) Testcase path : PATHTAG Testcase size NUMBERTAG APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41732",
- "Issue_Url_old": "https://github.com/zeek/zeek/issues/1798",
- "Issue_Url_new": "https://github.com/zeek/zeek/issues/1798",
- "Repo_new": "zeek/zeek",
- "Issue_Created_At": "2021-09-24T12:58:26Z",
- "description": "There is a http request splitting vulnerability. By sending a specific HTTP POST request, ZEEK will split a request into multiple and split the wrong fields. This will invalidate any ZEEK HTTP based security APITAG ZEEK's internal security plug ins). POC APITAG Detailed information ZEEK version APITAG start ZEEK CODETAG Send normal request ERRORTAG ZEEK generates NUMBERTAG log The request method is POST, the host is APITAG and the uri is / FILETAG ERRORTAG send poc ERRORTAG ZEEK generates HTTP logs with NUMBERTAG errors The first display request method is POST, host is uri is / FILETAG The second display request method is bc, host is uri is abc The third display request method is POST, the host is APITAG and the uri is / FILETAG Obviously, ZEEK divides an HTTP request into three, and the request method, request host and request URI are misplaced. This will invalidate any ZEEK HTTP based analysis. HTTP request splitting vulnerability exists. ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45706",
- "Issue_Url_old": "https://github.com/iqlusioninc/crates/issues/876",
- "Issue_Url_new": "https://github.com/iqlusioninc/crates/issues/876",
- "Repo_new": "iqlusioninc/crates",
- "Issue_Created_At": "2021-09-24T15:06:20Z",
- "description": "APITAG no op in zeroize_derive NUMBERTAG for enum s. I discovered a bug where APITAG doesn't generate a Drop implementation when used on enum s. It seems to me that it was accidentally fixed by NUMBERTAG in zeroize_derive version NUMBERTAG The bug still exists in version NUMBERTAG If I'm not missing something and this bug is real, version NUMBERTAG should probably be yanked and a report filed at APITAG Advisory Database. APITAG : APITAG APITAG : CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-37274",
- "Issue_Url_old": "https://github.com/purple-WL/CNVD-2020-75301/issues/1",
- "Issue_Url_new": "https://github.com/purple-wl/cnvd-2020-75301/issues/1",
- "Repo_new": "purple-wl/cnvd-2020-75301",
- "Issue_Created_At": "2021-09-25T03:51:14Z",
- "description": "Kingdee KIS Professional Edition Insecure Permissions. Vulnerability submission record APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-41746",
- "Issue_Url_old": "https://github.com/purple-WL/Yonyou-TurboCRM-SQL-injection/issues/1",
- "Issue_Url_new": "https://github.com/purple-wl/yonyou-turbocrm-sql-injection/issues/1",
- "Repo_new": "purple-wl/yonyou-turbocrm-sql-injection",
- "Issue_Created_At": "2021-09-26T09:31:04Z",
- "description": "SQL injection. Yonyou APITAG is a customer relationship management system. Yonyou APITAG has SQL injection vulnerabilities. Attackers can use the vulnerabilities to obtain sensitive database information. Visit FILETAG and click OK FILETAG Capture the packet and enter the SQL statement WAITFOR DELAY NUMBERTAG in the orgcode parameter There is a delay and an error is reported: FILETAG Use APITAG to scan for injection points FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41959",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4781",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4781",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-09-27T07:23:09Z",
- "description": "Unfreed float causing memory leak in ecma regexp object. APITAG revision NUMBERTAG ff5bf Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ERRORTAG Backtrace ERRORTAG Expected behavior According to our analysis, the root cause of this assertion failed is at PATHTAG While getting next_set_status, function ecma op object APITAG called function APITAG which alloc a NUMBERTAG bit chunk memory use as a float number if index is larger than NUMBERTAG ffffff. This chunk is not freed, causing assertion failed. To repair, ecma_make_length_value(index) should be replaced by last_index created by ecma regexp APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-23446",
- "Issue_Url_old": "https://github.com/handsontable/handsontable/issues/8752",
- "Issue_Url_new": "https://github.com/handsontable/handsontable/issues/8752",
- "Repo_new": "handsontable/handsontable",
- "Issue_Created_At": "2021-09-27T08:57:20Z",
- "description": "Fix APITAG vulnerability and clean up major code smells. Description Steps to reproduce NUMBERTAG Demo URLTAG Your environment Handsontable version: Browser Name and version: Operating System:",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44095",
- "Issue_Url_old": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/1",
- "Issue_Url_new": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/1",
- "Repo_new": "projectworldsofficial/hospital-management-system-in-php",
- "Issue_Created_At": "2021-09-27T17:15:07Z",
- "description": "Vulnerability/BUG SQL Injection on login page.. Hi I found a SQL injection vulnerability in you hospital management system. Loign page request APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Above query will only sleep database for NUMBERTAG second but Using APITAG bad user can dump the database as show in image. FILETAG Control User inputs consumed by the application should be sanitized based on the data type and data sets. For example, user input for age should only be allowed to contain numbers. Blacklist approach where certains characters and keywords are sanitized is not recommended. Remediation To prevent this follow the following steps: a) Validate all input data against a whitelist b) Use of parameterized queries String APITAG = \"SELECT FROM User WHERE APITAG = ? \"; APITAG APITAG = APITAG APITAG APITAG APITAG rs = APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-3747",
- "Issue_Url_old": "https://github.com/canonical/multipass/issues/2261",
- "Issue_Url_new": "https://github.com/canonical/multipass/issues/2261",
- "Repo_new": "canonical/multipass",
- "Issue_Created_At": "2021-09-28T03:23:29Z",
- "description": "placeholder. Placeholder.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-41947",
- "Issue_Url_old": "https://github.com/intelliants/subrion/issues/887",
- "Issue_Url_new": "https://github.com/intelliants/subrion/issues/887",
- "Repo_new": "intelliants/subrion",
- "Issue_Created_At": "2021-09-28T06:23:17Z",
- "description": "SQL injection in visual mode. Login as admin Go to \" URLTAG UNION ALL SELECT username, password FROM sbr NUMBERTAG members APITAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.2,
- "impactScore": 5.9,
- "exploitabilityScore": 1.2
- },
- {
- "CVE_ID": "CVE-2021-41948",
- "Issue_Url_old": "https://github.com/intelliants/subrion-plugin-contact_us/issues/8",
- "Issue_Url_new": "https://github.com/intelliants/subrion-plugin-contact_us/issues/8",
- "Repo_new": "intelliants/subrion-plugin-contact_us",
- "Issue_Created_At": "2021-09-28T06:48:55Z",
- "description": "1 click stored XSS from admin panel to site. Login into admin panel Go to APITAG Insert into List of subjects APITAG Go to APITAG Click subject FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-41826",
- "Issue_Url_old": "https://github.com/PlaceOS/auth/issues/36",
- "Issue_Url_new": "https://github.com/placeos/auth/issues/36",
- "Repo_new": "placeos/auth",
- "Issue_Created_At": "2021-09-28T15:52:23Z",
- "description": "CVETAG : URL Redirection to Untrusted Site APITAG Redirect'). The application accepts a user controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. CODETAG FILETAG Payload: URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-44096",
- "Issue_Url_old": "https://github.com/EGavilan-Media/User-Registration-and-Login-System-With-Admin-Panel/issues/2",
- "Issue_Url_new": "https://github.com/egavilan-media/user-registration-and-login-system-with-admin-panel/issues/2",
- "Repo_new": "egavilan-media/user-registration-and-login-system-with-admin-panel",
- "Issue_Created_At": "2021-09-28T18:02:52Z",
- "description": "Vulnerability/BUG SQL Injection on \"profile_action update_user\". Hi I found a SQL injection vulnerability User Registration and Login System With Admin Panel APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Above query will only sleep database for NUMBERTAG second but Using APITAG bad user can dump the database as show in image. FILETAG Control User inputs consumed by the application should be sanitized based on the data type and data sets. For example, user input for age should only be allowed to contain numbers. Blacklist approach where certains characters and keywords are sanitized is not recommended. Remediation To prevent this follow the following steps: a) Validate all input data against a whitelist b) Use of parameterized queries String APITAG = \"SELECT FROM User WHERE APITAG = ? \"; APITAG APITAG = APITAG APITAG APITAG APITAG rs = APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-4048",
- "Issue_Url_old": "https://github.com/JuliaLang/julia/issues/42415",
- "Issue_Url_new": "https://github.com/julialang/julia/issues/42415",
- "Repo_new": "julialang/julia",
- "Issue_Created_At": "2021-09-28T18:29:48Z",
- "description": "stegr! call segfault. MENTIONTAG alerted us to segfaults that were occurring on some machines during CI builds while running the APITAG test. Using rr, we were able to trace these segfaults back to a call to APITAG in lapack.jl URLTAG While we ran out of time to fully debug and fix this, we have a MWE that replicates the problem on AMD machines. Here's the MWE: CODETAG CC: MENTIONTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.1,
- "impactScore": 5.2,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41921",
- "Issue_Url_old": "https://github.com/201206030/novel-plus/issues/62",
- "Issue_Url_new": "https://github.com/201206030/novel-plus/issues/62",
- "Repo_new": "201206030/novel-plus",
- "Issue_Created_At": "2021-09-29T03:20:17Z",
- "description": "There is unrestricted file upload in your source code.. File path: PATHTAG Code: It allows unrestricted file upload. ERRORTAG Achieve the purpose of attacking the server by uploading evil jsp files. Example: FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-46141",
- "Issue_Url_old": "https://github.com/uriparser/uriparser/issues/121",
- "Issue_Url_new": "https://github.com/uriparser/uriparser/issues/121",
- "Repo_new": "uriparser/uriparser",
- "Issue_Created_At": "2021-09-29T06:35:00Z",
- "description": "input format check and memory manager issue. A bug was found within the uriparser. Though it might not be an intended use of the relevant API, the bug can still produce critical issues within a program using uriparser. It would be best if the affected logic is checked beforehand. The bug was found with a fuzzer based on the test APITAG For the input provided by the user, it is the address on the Stack Memory, and is free to see if it is the address on the HEAP Memory. Also, as free also uses Memory Manager as shown below, malloc should also use Memory Manager _memory >free(memory, (URI_CHAR )uri APITAG It also requires a Format check for the inputs that the user accidentally or incorrectly entered. _ crash log NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG d9be0 (pc NUMBERTAG ca NUMBERTAG bp NUMBERTAG sp NUMBERTAG fff NUMBERTAG d NUMBERTAG T0) APITAG signal is caused by a WRITE memory access NUMBERTAG ca NUMBERTAG in APITAG , unsigned long, unsigned long, APITAG , APITAG NUMBERTAG d NUMBERTAG in free NUMBERTAG c NUMBERTAG in (anonymous APITAG , void NUMBERTAG fca1c NUMBERTAG a4b2 in APITAG Steps to reproduce NUMBERTAG git clone FILETAG NUMBERTAG cd uriparser & mkdir build & cd build NUMBERTAG Build cmake APITAG APITAG DBUILD_SHARED_LIBS:BOOL=ON .. make j NUMBERTAG Download the attached APITAG NUMBERTAG Build TEST CODE NUMBERTAG cpp) clang++ g fsanitize=address,fuzzer no link o NUMBERTAG cpp I PATHTAG Luriparser/build luriparser NUMBERTAG Run PATHTAG NUMBERTAG OS:ubuntu NUMBERTAG FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46142",
- "Issue_Url_old": "https://github.com/uriparser/uriparser/issues/122",
- "Issue_Url_new": "https://github.com/uriparser/uriparser/issues/122",
- "Repo_new": "uriparser/uriparser",
- "Issue_Created_At": "2021-09-29T06:38:40Z",
- "description": "input format check and memory manager issue2. A bug was found within the uriparser. Though it might not be an intended use of the relevant API, the bug can still produce critical issues within a program using uriparser. It would be best if the affected logic is checked beforehand. The bug was found with a fuzzer based on the test APITAG Test APITAG APITAG assigns a URI, but this is an address on Stack Memory To assign normally, you must assign a memory from the object in APITAG because it is memory free from the object in APITAG With different Memory Manager, you can become a problem. It also requires a Format check for the inputs that the user accidentally or incorrectly entered. _ crash log NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG d9be0 (pc NUMBERTAG ca NUMBERTAG bp NUMBERTAG sp NUMBERTAG ffd NUMBERTAG e6e0 T0) APITAG signal is caused by a WRITE memory access NUMBERTAG ca NUMBERTAG in APITAG , unsigned long, unsigned long, APITAG , APITAG NUMBERTAG d NUMBERTAG in free NUMBERTAG c NUMBERTAG in (anonymous APITAG , void NUMBERTAG faf2e1ac4b2 in APITAG Steps to reproduce NUMBERTAG git clone FILETAG NUMBERTAG cd uriparser & mkdir build & cd build NUMBERTAG Build cmake APITAG APITAG DBUILD_SHARED_LIBS:BOOL=ON .. make j NUMBERTAG Download the attached APITAG NUMBERTAG Build TEST CODE NUMBERTAG cpp) clang++ g fsanitize=address,fuzzer no link o NUMBERTAG cpp I PATHTAG I uriparser/ Luriparser/build luriparser NUMBERTAG Run PATHTAG NUMBERTAG OS:ubuntu NUMBERTAG FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-41938",
- "Issue_Url_old": "https://github.com/gongfuxiang/shopxo/issues/64",
- "Issue_Url_new": "https://github.com/gongfuxiang/shopxo/issues/64",
- "Repo_new": "gongfuxiang/shopxo",
- "Issue_Created_At": "2021-09-30T03:31:31Z",
- "description": "After entering the management page\uff0cthere is an arbitrary file upload vulnerability in NUMBERTAG locations. Affects version APITAG After entering the management page as admininstrator there is an arbitrary file upload vulnerability in NUMBERTAG locations , you can upload webshell into the site. The first location: APITAG the post url is APITAG the step is NUMBERTAG download the default theme from FILETAG NUMBERTAG unzip the zip NUMBERTAG Only delete files with \"php\" suffix due to file security check, new a evil file named FILETAG or APITAG in the \"css\" folder and the root folder FILETAG FILETAG NUMBERTAG Recompress the file as a new zip file NUMBERTAG upload it you will find the evil file is in APITAG and APITAG FILETAG The second location: APITAG the post url is APITAG like the first location NUMBERTAG download a casual plugin from FILETAG like this NUMBERTAG unzip the zip NUMBERTAG new a evil file named FILETAG in the APITAG folder NUMBERTAG Recompress the file as a new zip file NUMBERTAG upload it you will find the evil file is in APITAG FILETAG The third location: APITAG the post url is APITAG the step is NUMBERTAG new a evil file APITAG and compress the file as a new zip file NUMBERTAG upload it you will find the evil file in APITAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.2,
- "impactScore": 5.9,
- "exploitabilityScore": 1.2
- },
- {
- "CVE_ID": "CVE-2021-44097",
- "Issue_Url_old": "https://github.com/EGavilan-Media/Contact-Form-With-Messages-Entry-Management/issues/1",
- "Issue_Url_new": "https://github.com/egavilan-media/contact-form-with-messages-entry-management/issues/1",
- "Repo_new": "egavilan-media/contact-form-with-messages-entry-management",
- "Issue_Created_At": "2021-09-30T08:45:03Z",
- "description": "Vulnerability/BUG SQL Injection while APITAG Hi I found a SQL injection vulnerability in your Contact Form With Messages Entry Management APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Above query will only sleep database for NUMBERTAG second but Using APITAG bad user can dump the database as show in image. FILETAG Control User inputs consumed by the application should be sanitized based on the data type and data sets. For example, user input for age should only be allowed to contain numbers. Blacklist approach where certains characters and keywords are sanitized is not recommended. Remediation To prevent this follow the following steps: a) Validate all input data against a whitelist b) Use of parameterized queries String APITAG = \"SELECT FROM User WHERE APITAG = ? \"; APITAG APITAG = APITAG APITAG APITAG APITAG rs = APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41952",
- "Issue_Url_old": "https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version/issues/1",
- "Issue_Url_new": "https://github.com/hieuminhnv/zenario-cms-last-version/issues/1",
- "Repo_new": "hieuminhnv/zenario-cms-last-version",
- "Issue_Created_At": "2021-09-30T08:49:15Z",
- "description": "XSS upload file to .SVG in Zenario CMS NUMBERTAG Summary hi team, I found small XSS upload file to SVG. Info NUMBERTAG Zenario CMS NUMBERTAG last version NUMBERTAG APITAG NUMBERTAG bit) FILETAG Steps NUMBERTAG Login to account URLTAG FILETAG NUMBERTAG Choose Users & Contacts and create any user NUMBERTAG Click Image >> Upload an image FILETAG NUMBERTAG use burpsuite and capture request file a.svg FILETAG NUMBERTAG click to image avatar >> click right mouse >> Inspect Element (F NUMBERTAG found to link vlun svg FILETAG NUMBERTAG Copy domain >> open web >> BOOM XSS alert message FILETAG Inpact : Attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.8,
- "impactScore": 2.7,
- "exploitabilityScore": 1.7
- },
- {
- "CVE_ID": "CVE-2021-41862",
- "Issue_Url_old": "https://github.com/killme2008/aviatorscript/issues/421",
- "Issue_Url_new": "https://github.com/killme2008/aviatorscript/issues/421",
- "Repo_new": "killme2008/aviatorscript",
- "Issue_Created_At": "2021-09-30T09:20:15Z",
- "description": "There is a critical expression injection RCE vulnerability in this expression engine\uff08\u8be5\u8868\u8fbe\u5f0f\u5f15\u64ce\u5b58\u5728\u8868\u8fbe\u5f0f\u6ce8\u5165\u6f0f\u6d1e\uff09. The new object can be directly entered when entering the aviator expression, but it is not allowed to call non public static methods. You can use the APITAG to load the BCEL code to complete the RCE. First prepare a malicious APITAG Set the public static method exec to execute arbitrary commands. APITAG APITAG APITAG static\u65b9\u6cd5exec\u6765\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\uff09 ERRORTAG Then encode it in BCEL. \uff08\u7136\u540e\u5c06\u5176BCEL\u7f16\u7801\u3002\uff09 ERRORTAG Prepare the vulnerability environment. Use the latest version of aviatorscript. \uff08\u51c6\u5907\u6f0f\u6d1e\u73af\u5883\u3002\u4f7f\u7528\u6700\u65b0\u7248\u7684aviatorscript\u3002\uff09 CODETAG Perform aviator expression injection. \uff08\u8fdb\u884caviator\u8868\u8fbe\u5f0f\u6ce8\u5165\u3002\uff09 CODETAG The command was executed successfully. \uff08\u6210\u529f\u6267\u884c\u547d\u4ee4\u3002\uff09 FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44098",
- "Issue_Url_old": "https://github.com/EGavilan-Media/Expense-Management-System/issues/1",
- "Issue_Url_new": "https://github.com/egavilan-media/expense-management-system/issues/1",
- "Repo_new": "egavilan-media/expense-management-system",
- "Issue_Created_At": "2021-09-30T09:22:03Z",
- "description": "Vulnerability/BUG SQL Injection while updating details.. Hi I found a SQL injection vulnerability in your Expense Management System APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG APITAG Above query will only sleep database for NUMBERTAG second but Using APITAG bad user can dump the database as show in image. FILETAG Control User inputs consumed by the application should be sanitized based on the data type and data sets. For example, user input for age should only be allowed to contain numbers. Blacklist approach where certains characters and keywords are sanitized is not recommended. Remediation To prevent this follow the following steps: a) Validate all input data against a whitelist b) Use of parameterized queries String APITAG = \"SELECT FROM User WHERE APITAG = ? \"; APITAG APITAG = APITAG APITAG APITAG APITAG rs = APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-3312",
- "Issue_Url_old": "https://github.com/alkacon/opencms-core/issues/721",
- "Issue_Url_new": "https://github.com/alkacon/opencms-core/issues/721",
- "Repo_new": "alkacon/opencms-core",
- "Issue_Created_At": "2021-09-30T16:06:30Z",
- "description": "APITAG NUMBERTAG Security Vulnerability. Hello, I'm Riccardo Iesari from NTT Data Italia, during an assessment for a client we discovered a security vulnerability in APITAG NUMBERTAG The issue concerns an unrestricted file upload, this leads to several other vulnerabilities varying from stored XSS to RCE APITAG Command Execution). The exploit of this vulnerability allows a malicious user to directly attack the server where the CMS is running, expanding the attack surface. Below are some references from OWASP regarding the vulnerabilities found: URLTAG URLTAG We would like to know how to correctly report to you this vulnerability, feel free to contact us at riccardo. EMAILTAG . Best regards, Riccardo Iesari.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-42248",
- "Issue_Url_old": "https://github.com/tidwall/gjson/issues/236",
- "Issue_Url_new": "https://github.com/tidwall/gjson/issues/236",
- "Repo_new": "tidwall/gjson",
- "Issue_Created_At": "2021-10-01T04:53:27Z",
- "description": "APITAG can cause APITAG attacks. GJSON NUMBERTAG allows attackers to cause a redos via crafted JSON input.. func APITAG { APITAG := APITAG APITAG APITAG }",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-42006",
- "Issue_Url_old": "https://github.com/gpertea/gclib/issues/11",
- "Issue_Url_new": "https://github.com/gpertea/gclib/issues/11",
- "Repo_new": "gpertea/gclib",
- "Issue_Created_At": "2021-10-04T15:26:20Z",
- "description": "Uninitialized GFF line info causes out of bounds read, possible out of bounds write.. Reproduce APITAG Input : FILETAG Steps to Reproduce NUMBERTAG Compile FILETAG (will fetch APITAG NUMBERTAG Decompress APITAG input: APITAG NUMBERTAG Run: APITAG Output: APITAG Root Cause URLTAG When APITAG reads a GFF line with no info segment, the APITAG at APITAG will not be set, causing it to take on whatever stale value happens to be in that location of the stack. Triggered accidentally, this can cause a segfault due to reading an invalid address here: URLTAG However, a maliciously crafted input may be able to place a valid pointer at this location, causing a more severe vulnerability. Proposed Patch At a minimum, t should be zeroed during initialization: ERRORTAG Ideally, the library should gracefully handle no info being found (this only works if t is zero initialized): ERRORTAG Credit This bug was detected using AFL URLTAG and localized using ARCUS URLTAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-42171",
- "Issue_Url_old": "https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version/issues/2",
- "Issue_Url_new": "https://github.com/hieuminhnv/zenario-cms-last-version/issues/2",
- "Repo_new": "hieuminhnv/zenario-cms-last-version",
- "Issue_Created_At": "2021-10-05T10:49:07Z",
- "description": "Upload file to RCE in Zenario CMS NUMBERTAG Summary hi team, I found high Upload file to RCE. Info Zenario CMS NUMBERTAG last version APITAG NUMBERTAG bit) FILETAG Steps NUMBERTAG Login to account URLTAG FILETAG NUMBERTAG Choose Documents >> Upload documents FILETAG NUMBERTAG Use burpsuite and capture request file FILETAG FILETAG NUMBERTAG Click Edit document metadata >> use burpsuite to capture >> save FILETAG NUMBERTAG In value current_value , edit value html to php FILETAG NUMBERTAG Click Actions >> view public link FILETAG APITAG link to URL >> BOOM FILETAG Inpact : An attacker could upload a dangerous executable file like a virus, malware, etc.. The web server can be compromised by uploading and executing a web shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.2,
- "impactScore": 5.9,
- "exploitabilityScore": 1.2
- },
- {
- "CVE_ID": "CVE-2021-42185",
- "Issue_Url_old": "https://github.com/shadoweb/wdja/issues/12",
- "Issue_Url_new": "https://github.com/shadoweb/wdja/issues/12",
- "Repo_new": "shadoweb/wdja",
- "Issue_Created_At": "2021-10-06T08:00:02Z",
- "description": "Wdja NUMBERTAG has a foreground SQL injection vulnerability. There is an SQL injection vulnerability in the foreground search function, through which an attacker can get the background account password",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41128",
- "Issue_Url_old": "https://github.com/beatrichartz/csv/issues/103",
- "Issue_Url_new": "https://github.com/beatrichartz/csv/issues/103",
- "Repo_new": "beatrichartz/csv",
- "Issue_Created_At": "2021-10-06T08:33:36Z",
- "description": "Encode Formulas to prevent CSV injection. If this is a feature request, why do we need it? We are using this library to generate CSVs for user generated input and transmitting them to another party. APITAG sadly requires a CSV and not a sane format like a JSON) We did a pentest on the application The pentest uncovered a CSV Injection vulnerability URLTAG , if the user generated input includes formulas like APITAG To address this, I suggest to implement encoding of APITAG as APITAG If this is a bug, steps to reproduce it Generate a CSV with a cell value of APITAG Open with Excel See value APITAG Is your input CSV RFC NUMBERTAG URLTAG compliant? Yes Are you interested in helping with a PR? Yes",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-42054",
- "Issue_Url_old": "https://github.com/xebd/accel-ppp/issues/156",
- "Issue_Url_new": "https://github.com/xebd/accel-ppp/issues/156",
- "Repo_new": "xebd/accel-ppp",
- "Issue_Created_At": "2021-10-06T09:29:07Z",
- "description": "The stack buffer underflow bug can be triggered even by remote client. Using version APITAG . The issue NUMBERTAG can be triggered even by remote client. Steps to reproduce NUMBERTAG Build access ppp: CODETAG NUMBERTAG Run APITAG , use pptp server: APITAG The running configuration APITAG is: ERRORTAG use APITAG and the APITAG is as follows: APITAG NUMBERTAG Install pptp client: APITAG NUMBERTAG Run the client: APITAG APITAG we need to follow the forked subprocesses and control them, therefore we used the APITAG to execute the pptp client instead of simply using APITAG NUMBERTAG Kill ( APITAG ) the client after authentication succeeded. Then the APITAG will crash due to ERRORTAG . ERRORTAG The detailed log of APITAG is shown in FILETAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-42218",
- "Issue_Url_old": "https://github.com/ompl/ompl/issues/839",
- "Issue_Url_new": "https://github.com/ompl/ompl/issues/839",
- "Repo_new": "ompl/ompl",
- "Issue_Created_At": "2021-10-07T07:30:39Z",
- "description": "A memory leak in VFRRT. When I\u2019m testing ompl, here is a memory leak occured. After positioning,we found that the error is caused by the following code in APITAG FILETAG In line NUMBERTAG A motion object was requested with it\u2019s constructor,and also new a state in that motion.but in line NUMBERTAG the state in motion was assigned. The space applied in the constructor becomes a wild APITAG why memory leaks. We suggest to use the default constructor in line APITAG that: FILETAG I did my experiment on Ubuntu NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-3312",
- "Issue_Url_old": "https://github.com/alkacon/opencms-core/issues/725",
- "Issue_Url_new": "https://github.com/alkacon/opencms-core/issues/725",
- "Repo_new": "alkacon/opencms-core",
- "Issue_Created_At": "2021-10-07T08:28:02Z",
- "description": "XXE vulnerability allows exfiltration of data from the server file system by uploading a crafted SVG. In APITAG NUMBERTAG it is possible for logged in users with edit permissions to exfiltrate data from the server's file system and send it to an external server by uploading specially crafted SVGs files. Example in which the first line of /etc/issue is read and sent to the server APITAG The SVG file to upload: CODETAG The FILETAG file served by the external server APITAG APITAG CVE ID: CVETAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-42198",
- "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/168",
- "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/168",
- "Repo_new": "matthiaskramm/swftools",
- "Issue_Created_At": "2021-10-07T12:57:51Z",
- "description": "A NULL pointer dereference exists in the function APITAG in rfxswf.c. system info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master a9d NUMBERTAG Command line PATHTAG D APITAG APITAG output NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG fac bp NUMBERTAG ffffed NUMBERTAG e0 sp NUMBERTAG fffffffdd NUMBERTAG T NUMBERTAG fab in APITAG PATHTAG NUMBERTAG bf8 in APITAG PATHTAG NUMBERTAG in APITAG PATHTAG NUMBERTAG acd in main PATHTAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG APITAG NUMBERTAG ABORTING POC URLTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-42204",
- "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/169",
- "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/169",
- "Repo_new": "matthiaskramm/swftools",
- "Issue_Created_At": "2021-10-07T13:00:58Z",
- "description": "heap buffer overflow exists in the function APITAG in rfxswf.c. system info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master a9d NUMBERTAG Command line PATHTAG D APITAG APITAG output NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG efdf at pc NUMBERTAG d bp NUMBERTAG fffffffdbe0 sp NUMBERTAG fffffffdbd0 READ of size NUMBERTAG at NUMBERTAG efdf thread T NUMBERTAG c in APITAG PATHTAG NUMBERTAG cc in APITAG APITAG NUMBERTAG fbc in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG c2dc in fontcallback2 PATHTAG NUMBERTAG c6 in APITAG APITAG NUMBERTAG in main PATHTAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG in _start ( PATHTAG NUMBERTAG efdf is located NUMBERTAG bytes to the left of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG ffff6f NUMBERTAG in malloc ( PATHTAG NUMBERTAG fa7 in rfx_alloc PATHTAG NUMBERTAG PATHTAG ) SUMMARY: APITAG heap buffer overflow PATHTAG APITAG Shadow bytes around the buggy address NUMBERTAG c NUMBERTAG fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9df0: fa fa fa fa fa fa fd fd fd fd fa[fa NUMBERTAG fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c NUMBERTAG fff9e NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING POC APITAG URLTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-42195",
- "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/174",
- "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/174",
- "Repo_new": "matthiaskramm/swftools",
- "Issue_Created_At": "2021-10-07T13:17:16Z",
- "description": "heap buffer overflow exists in the function APITAG in swfdump.c. system info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master a9d NUMBERTAG Command line PATHTAG D APITAG APITAG output NUMBERTAG ERROR: APITAG heap buffer overflow on address NUMBERTAG e8d3 at pc NUMBERTAG aca bp NUMBERTAG fffffffdee0 sp NUMBERTAG fffffffded0 READ of size NUMBERTAG at NUMBERTAG e8d3 thread T NUMBERTAG ac9 in APITAG PATHTAG NUMBERTAG in main PATHTAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG in _start ( PATHTAG NUMBERTAG e8d3 is located NUMBERTAG bytes to the right of NUMBERTAG byte region APITAG allocated by thread T0 here NUMBERTAG ffff6f NUMBERTAG in malloc ( PATHTAG NUMBERTAG fa7 in rfx_alloc PATHTAG NUMBERTAG PATHTAG ) SUMMARY: APITAG heap buffer overflow PATHTAG APITAG Shadow bytes around the buggy address NUMBERTAG c0c7fff9cc NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9cd NUMBERTAG fa fa fa fa fa NUMBERTAG fa NUMBERTAG c0c7fff9ce0: fa fa fa fa NUMBERTAG fa fa fa fa NUMBERTAG c0c7fff9cf NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9d NUMBERTAG fa fa fa fa fa NUMBERTAG fa NUMBERTAG c0c7fff9d NUMBERTAG fa fa fa fa NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9d NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9d NUMBERTAG fa fa fa fa fa NUMBERTAG fa NUMBERTAG c0c7fff9d NUMBERTAG fa fa fa fa NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9d NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9d NUMBERTAG fa fa fa fa fa NUMBERTAG fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING POC APITAG URLTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-42203",
- "Issue_Url_old": "https://github.com/matthiaskramm/swftools/issues/176",
- "Issue_Url_new": "https://github.com/matthiaskramm/swftools/issues/176",
- "Repo_new": "matthiaskramm/swftools",
- "Issue_Created_At": "2021-10-07T13:21:58Z",
- "description": "heap use after free exists in the function APITAG in swftext.c. system info Ubuntu NUMBERTAG clang NUMBERTAG swfdump (latest master a9d NUMBERTAG Command line PATHTAG D APITAG APITAG output NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG d6a0 at pc NUMBERTAG d bp NUMBERTAG fffffffd NUMBERTAG sp NUMBERTAG fffffffd NUMBERTAG WRITE of size NUMBERTAG at NUMBERTAG d6a0 thread T NUMBERTAG c in APITAG APITAG NUMBERTAG c NUMBERTAG in APITAG APITAG NUMBERTAG a NUMBERTAG in APITAG APITAG NUMBERTAG c2dc in fontcallback2 PATHTAG NUMBERTAG c6 in APITAG APITAG NUMBERTAG in main PATHTAG NUMBERTAG ffff NUMBERTAG a NUMBERTAG f in __libc_start_main ( PATHTAG NUMBERTAG c NUMBERTAG in _start ( PATHTAG NUMBERTAG d6a0 is located NUMBERTAG bytes inside of NUMBERTAG byte region APITAG freed by thread T0 here NUMBERTAG ffff6f NUMBERTAG ca in __interceptor_free ( PATHTAG NUMBERTAG db2c in APITAG PATHTAG NUMBERTAG PATHTAG ) previously allocated by thread T0 here NUMBERTAG ffff6f NUMBERTAG a in __interceptor_calloc ( PATHTAG NUMBERTAG c in rfx_calloc PATHTAG NUMBERTAG PATHTAG ) SUMMARY: APITAG heap use after free APITAG APITAG Shadow bytes around the buggy address NUMBERTAG c0c7fff9a NUMBERTAG fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa NUMBERTAG c0c7fff9a NUMBERTAG fa fa fa fa fa fa fa fa NUMBERTAG fa NUMBERTAG c0c7fff9aa0: fa fa fa fa NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9ab NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9ac NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9ad0: fa fa fa fa[fd]fd fd fd fd fd fd fa fa fa fa fa NUMBERTAG c0c7fff9ae NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9af NUMBERTAG fa fa fa fa fa NUMBERTAG fa NUMBERTAG c0c7fff9b NUMBERTAG fa fa fa fa NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9b NUMBERTAG fa fa fa fa fa NUMBERTAG c0c7fff9b NUMBERTAG fa fa fa fa NUMBERTAG fa Shadow byte legend (one shadow byte represents NUMBERTAG application bytes): Addressable NUMBERTAG Partially addressable NUMBERTAG Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb APITAG internal: fe NUMBERTAG ABORTING POC APITAG URLTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-40978",
- "Issue_Url_old": "https://github.com/nisdn/CVE-2021-40978/issues/1",
- "Issue_Url_new": "https://github.com/nisdn/cve-2021-40978/issues/1",
- "Repo_new": "nisdn/cve-2021-40978",
- "Issue_Created_At": "2021-10-07T18:27:12Z",
- "description": "Did you report this upstream?. Did you report this upstream?",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-42715",
- "Issue_Url_old": "https://github.com/nothings/stb/issues/1224",
- "Issue_Url_new": "https://github.com/nothings/stb/issues/1224",
- "Repo_new": "nothings/stb",
- "Issue_Created_At": "2021-10-07T20:06:19Z",
- "description": "In stb_image's HDR reader, loading a specially constructed invalid HDR file can result in an infinite loop within the RLE decoder. Describe the bug In stb_image's HDR reader, loading a specially constructed invalid HDR file can result in an infinite loop within the RLE decoder. This issue includes a fix in pull request NUMBERTAG and a proof of concept file that can be used to reproduce the crash. We're reporting this on APITAG Issues following the guidance in issue NUMBERTAG The issue occurs in this loop URLTAG within APITAG : CODETAG The proof of concept file manages to get this part of the decoder into a state where: nleft is equal to NUMBERTAG s is at the end of the file. Because s is at the end of the file, APITAG always returns NUMBERTAG since APITAG here: CODETAG This means that count is always set to NUMBERTAG this passes the error check, but doesn't affect any program state, meaning that the loop runs forever, an availability issue. To Reproduce This .zip contains a NUMBERTAG KB .hdr file, APITAG which reproduces this issue: FILETAG Calling APITAG with a path to this file never returns. I was able to verify this using tests/image_test.c (modified slightly in order to build) on Windows version NUMBERTAG H2 with Microsoft Visual Studio NUMBERTAG and I expect it should reproduce on other systems as well. This file was found using the Radamsa fuzzer URLTAG . I think this particular file works by setting the RLE flags on the last scanline in the file and being truncated in just the right place, but I'm not NUMBERTAG sure. Expected behavior stbi_load should eventually return. Based on Bruce Walter's FILETAG , it seems like the intended behavior is that a run length of NUMBERTAG should be treated as invalid, which is the approach the pull request takes. However, other solutions are possible (e.g. detecting when the end of the file has been reached) I don't have any preference either way. Thanks!",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-42716",
- "Issue_Url_old": "https://github.com/nothings/stb/issues/1225",
- "Issue_Url_new": "https://github.com/nothings/stb/issues/1225",
- "Repo_new": "nothings/stb",
- "Issue_Created_At": "2021-10-07T20:08:31Z",
- "description": "In stb_image's PNM reader, loading a specially constructed valid NUMBERTAG bit PGM file with NUMBERTAG channels can cause a crash due to an out of bounds read. Summary stb_image's PNM loader in version NUMBERTAG incorrectly interpreted NUMBERTAG bit PGM files as NUMBERTAG bit when converting to RGBA, leading to buffer overflow when later reinterpreting the result as a NUMBERTAG bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to NUMBERTAG bytes of non consecutive heap data without control over the read location. CVE number: CVETAG URLTAG Describe the bug In stb_image's PNM reader, loading a valid NUMBERTAG bit PGM file that is large enough with the number of components set to NUMBERTAG can cause a crash in APITAG due to an out of bounds read. This issue includes a fix in pull request NUMBERTAG and a proof of concept file that can be used to reproduce the crash. We're reporting this on APITAG Issues following the guidance in issue NUMBERTAG This appears to be due to how when APITAG loads a NUMBERTAG bit PGM file with N bytes of data, it incorrectly calls APITAG instead of APITAG , returning a buffer that is NUMBERTAG N bytes long instead of NUMBERTAG N bytes. Since APITAG is still NUMBERTAG when control returns to APITAG , APITAG attempts to read APITAG bytes of data from this buffer, resulting in out of bounds reads. When N is large enough, this results in an access violation. To Reproduce This .zip contains a NUMBERTAG KB .pgm file, APITAG which reproduces this issue: FILETAG Calling APITAG with a path to this file and with a req_comp of NUMBERTAG produces a crash. I was able to verify this using tests/image_test.c (modified slightly in order to build) on Windows version NUMBERTAG H2 with Microsoft Visual Studio NUMBERTAG and I expect it should reproduce on other systems as well. This file was generated using the following Python script, and should be a valid PGM file: APITAG It was derived from an example found using the Radamsa fuzzer URLTAG . Interestingly, PATHTAG is also a NUMBERTAG bit PGM file, but reading it doesn't cause a crash! I believe the reason is because this is a NUMBERTAG image, so it only includes N NUMBERTAG bytes of image data, and as a result the out of bounds reads don't cross a page boundary that would result in an access violation. Expected behavior The example file should be loaded without crashing. Screenshots Here's a screenshot showing where the crash occurs and the call stack, when run with the example file in image_test.c. APITAG that the call in image_test.c may be off by NUMBERTAG lines; the specific callsite is APITAG .) FILETAG Thanks!",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.1,
- "impactScore": 5.2,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-42341",
- "Issue_Url_old": "https://github.com/OpenRC/openrc/issues/459",
- "Issue_Url_new": "https://github.com/openrc/openrc/issues/459",
- "Repo_new": "openrc/openrc",
- "Issue_Created_At": "2021-10-08T01:34:40Z",
- "description": "checkpath APITAG invalid pointer. I am a long time Gentoo user. I run Gentoo stable and unstable on a wide range of machines. On just one, a Gentoo unstable, running on a znver2 CPU, I get this error: APITAG This has persisted for months. I have done \"emerge e world\" many times, with various mtune, march, etc. and nothing affects the result. So I did a \"git pull, and looked at PATHTAG Then make this one change: CODETAG The problem goes away. Looks like APITAG is just a wrapper on APITAG According to \"man strlen\" ERRORTAG Looks to me like \"str\" is not big enough to hold \"path\" incuding its trailikng NUMBERTAG No idea how that makes \"free(path);\" fail. But I'm glad it does. .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-40978",
- "Issue_Url_old": "https://github.com/mkdocs/mkdocs/issues/2601",
- "Issue_Url_new": "https://github.com/mkdocs/mkdocs/issues/2601",
- "Repo_new": "mkdocs/mkdocs",
- "Issue_Created_At": "2021-10-08T03:48:27Z",
- "description": "CVETAG Path Traversal.. Hey! We have verified a security flaw in the current version of APITAG a path traversal failure affecting the built in dev server. That flaw turns the server susceptible to providing data outside the scope of the application allowing anyone to request sensitive files. If you need further information, don't hesitate to get in touch with me. CVETAG URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-22564",
- "Issue_Url_old": "https://github.com/libjxl/libjxl/issues/708",
- "Issue_Url_new": "https://github.com/libjxl/libjxl/issues/708",
- "Repo_new": "libjxl/libjxl",
- "Issue_Created_At": "2021-10-08T08:45:08Z",
- "description": "Crash during multiple concurrent/parallel decoding. Hello, This crash occurs when a Qt application decode more JXL files at the same time via my qt jpegxl image plugin URLTAG During the crash I see following message: APITAG ERRORTAG Here is a simple console application I am able to reproduce crash easily: FILETAG How to compile and run: APITAG The application decodes bucuresti2.jxl file in two threads NUMBERTAG main thread NUMBERTAG worker thread). Each thread have different instance of the plug in and each plug in create own APITAG It may not crash during first iteration, but sooner or later it crashes. The output may run like this: CODETAG Sometime it crashes immediately: CODETAG When just one thread with plug in is running at a time, there is no crash.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-42248",
- "Issue_Url_old": "https://github.com/tidwall/gjson/issues/237",
- "Issue_Url_new": "https://github.com/tidwall/gjson/issues/237",
- "Repo_new": "tidwall/gjson",
- "Issue_Created_At": "2021-10-08T09:28:45Z",
- "description": "APITAG can cause APITAG attacks. GJSON NUMBERTAG allows attackers to cause a redos via crafted JSON input.. func APITAG { APITAG := APITAG APITAG APITAG }",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-42242",
- "Issue_Url_old": "https://github.com/jflyfox/jfinal_cms/issues/28",
- "Issue_Url_new": "https://github.com/jflyfox/jfinal_cms/issues/28",
- "Repo_new": "jflyfox/jfinal_cms",
- "Issue_Created_At": "2021-10-10T14:34:59Z",
- "description": "Administrator Interface Command Execution Vulnerability. Vulnerability summary A command execution vulnerability exists in jfinal_cms NUMBERTAG JDK version requirements\uff1a JDK version used based on RMI NUMBERTAG u NUMBERTAG u NUMBERTAG u NUMBERTAG JDK version used based on LDAP NUMBERTAG u NUMBERTAG u NUMBERTAG u NUMBERTAG jfinal_cms version NUMBERTAG fastjson APITAG FILETAG vulnerability recurrence JDK version used in the test: JDK8u NUMBERTAG Run the tool on kali, start rmi and ldap services URLTAG APITAG FILETAG replace rmi or ldap address in payload: CODETAG Create the FILETAG file and copy the payload in FILETAG Log in to the Backstage management system, select template management default password:admin/admin NUMBERTAG FILETAG Click FILETAG FILETAG Click Replace file FILETAG Replace with the FILETAG file containing the payload just created FILETAG Visit /ueditor, execute the command to pop up the calculator APITAG FILETAG Vulnerability analysis APITAG The APITAG class is instantiated in the index method of the /ueditor route FILETAG APITAG The APITAG class is instantiated in the constructor of the APITAG class FILETAG APITAG The construction method of APITAG calls APITAG FILETAG APITAG Call APITAG to parse the file content, and the file content here is controllable, just replace the file content with the payload. FILETAG APITAG The file comes from APITAG . With any file upload vulnerability in the background, this file can be replaced with a file containing the payload to trigger fastjson deserialization FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41241",
- "Issue_Url_old": "https://github.com/nextcloud/groupfolders/issues/1692",
- "Issue_Url_new": "https://github.com/nextcloud/groupfolders/issues/1692",
- "Repo_new": "nextcloud/groupfolders",
- "Issue_Created_At": "2021-10-11T13:47:33Z",
- "description": "Groupfolders for which a user has no reading rights APITAG Permissions) can still be copied and read out!. Example: Employee list / NC users: MA1 site manager MA2 accountant MA3 project employee Lisa MA4 project employee Hans NC folder structure (group folder): Group folder company location Berlin ...\u251c\u2500\u2500 Administration ..........\u251c\u2500\u2500 accounting ...\u251c\u2500\u2500 projects ..........\u251c\u2500\u2500 Project A ..........\u251c\u2500\u2500 Project B The following should be set via APITAG Permissions\u201d: Write and read rights to all folders should have: MA1 site manager Write and read rights to accounting folders should have: only MA2 accountant Write and read rights to project folder A should have: only MA3 project employee Lisa Write and read rights to project folder B should have: only MA4 project employee Hans All of this is easy to set using the APITAG Permissions\u201d in the APITAG However\u2026 For the root folder APITAG folder company location Berlin\u201d, all NC users must have at least reading rights, otherwise you won\u2019t see a folder at all\u2026 \u201cMA4 Projektmitarbeiter Hans\u201d does not initially see the APITAG Accounting\u201d folder. However, if he copies the complete root directory APITAG folder company location Berlin\u201d and inserts it into another of his own folders, all directories and their contents are visible to him. Can this copying of the \u201cinvisible\u201d folder or in general be prevented somehow? How would you solve this problem? Thank\u2019s for the Tipps. Matthias",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.3,
- "impactScore": 1.4,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-42342",
- "Issue_Url_old": "https://github.com/embedthis/goahead/issues/305",
- "Issue_Url_new": "https://github.com/embedthis/goahead/issues/305",
- "Repo_new": "embedthis/goahead",
- "Issue_Created_At": "2021-10-12T00:50:25Z",
- "description": "Upload form vars bypass CGI prefixing.. Summary A security vulnerability exists with the file upload filter where user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. Detail The upload filter accepts uploaded files with optional user form variables. When used with the CGI handler, these form variables are passed as O/S process environment variables. Form variables in Post requests are prefixed using the ME_GOAHEAD_CGI_VAR_PREFIX which is typically set to CGI_. However, the upload filter is not setting the untrusted var bit and so the CGI handler does not use the prefix. Threat Scope and Mitigation For users who have the upload filter configured and the CGI handler configured, the vulnerability can be used to perform remote code execution. CVE Pending. Remedy Deploy APITAG NUMBERTAG Credit Thanks to William Bowling at URLTAG and confirmed and extended by Zup. Please contact Embedthis if you require further information, test code or assistance at EMAILTAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-42917",
- "Issue_Url_old": "https://github.com/xbmc/xbmc/issues/20305",
- "Issue_Url_new": "https://github.com/xbmc/xbmc/issues/20305",
- "Repo_new": "xbmc/xbmc",
- "Issue_Created_At": "2021-10-12T06:07:43Z",
- "description": "Kodi NUMBERTAG Buffer Overflow. Bug report Describe the bug The attached ASX FILE causes a crash in Kodi NUMBERTAG on Windows NUMBERTAG To reproduce the issue, the attached file poc.asx can be used. it should crash with an access violation like the following: Thread NUMBERTAG E4 exit Thread E NUMBERTAG exit Thread E NUMBERTAG exit Breakpoint at NUMBERTAG FFB6E NUMBERTAG set! INT3 breakpoint at APITAG NUMBERTAG FFB6E NUMBERTAG E0BFF4F7E NUMBERTAG E0BFF4F7E NUMBERTAG FFB NUMBERTAG C NUMBERTAG return to APITAG from NUMBERTAG E0BFF4F7F NUMBERTAG E0BFF4F7F NUMBERTAG E0BFF4F NUMBERTAG Expected Behavior Should display file type not supported or unable to open file Actual Behavior To Reproduce Steps to reproduce the behavior: firstly, close running kodi application head =''' APITAG APITAG APITAG APITAG APITAG ''' APITAG fobj = APITAG APITAG APITAG poc.asx is generated now open with kodi . it will take hrs to open kodi .on some cases it crash FILETAG Debug NUMBERTAG E0BFF4D5C NUMBERTAG E0BFF4DB NUMBERTAG YK NUMBERTAG F NUMBERTAG E0BFF4D5D NUMBERTAG E0BFF4DB NUMBERTAG E0BFF4D5D NUMBERTAG E0BFF4DB NUMBERTAG YK NUMBERTAG F NUMBERTAG E0BFF4D5E NUMBERTAG E0BFF4DA NUMBERTAG ERRORTAG null NUMBERTAG or unexpected EOF found in input stream NUMBERTAG E0BFF4D5E NUMBERTAG FF NUMBERTAG DAD4D return to APITAG from APITAG NUMBERTAG E0BFF4D5F NUMBERTAG E0BFF4DB NUMBERTAG YK NUMBERTAG F NUMBERTAG E0BFF4D5F NUMBERTAG FFB6E NUMBERTAG C NUMBERTAG APITAG NUMBERTAG E0BFF4D NUMBERTAG E0BFF4D NUMBERTAG E0BFF4D NUMBERTAG YK NUMBERTAG F NUMBERTAG E0BFF4D NUMBERTAG E NUMBERTAG E0BFF4D NUMBERTAG E0BFF4D NUMBERTAG E0BFF4D NUMBERTAG CBDAC NUMBERTAG E0BFF4D NUMBERTAG FF NUMBERTAG D NUMBERTAG APITAG NUMBERTAG E0BFF4D NUMBERTAG CBDAC NUMBERTAG A0 &\"pt NUMBERTAG F NUMBERTAG E0BFF4DC NUMBERTAG CBDD NUMBERTAG F NUMBERTAG APITAG APITAG <REF HREF= PATHTAG NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG CBF7D NUMBERTAG A NUMBERTAG E0BFF4DC NUMBERTAG BDA NUMBERTAG E0BFF4DC NUMBERTAG FF NUMBERTAG B NUMBERTAG B0 APITAG NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG FFB NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG CBF NUMBERTAG F NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DBA NUMBERTAG YK NUMBERTAG F NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DC NUMBERTAG CBF NUMBERTAG PATHTAG NUMBERTAG E0BFF4DC NUMBERTAG E0BFF4DCA NUMBERTAG E0BFF4DCA NUMBERTAG F NUMBERTAG E0BFF4DCB NUMBERTAG F3AC NUMBERTAG E0BFF4DCB NUMBERTAG FFB NUMBERTAG C NUMBERTAG CD return to APITAG from APITAG NUMBERTAG E0BFF4DCC NUMBERTAG CB4C NUMBERTAG AD NUMBERTAG F NUMBERTAG E0BFF4DCC NUMBERTAG CB4C NUMBERTAG AC NUMBERTAG E0BFF4DCD NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4DCD NUMBERTAG FF NUMBERTAG CF1D NUMBERTAG return to APITAG from NUMBERTAG E0BFF4DCE NUMBERTAG CB4C NUMBERTAG AC NUMBERTAG E0BFF4DCE NUMBERTAG CBDDD NUMBERTAG F NUMBERTAG F NUMBERTAG E0BFF4DCF NUMBERTAG CBDDD NUMBERTAG F NUMBERTAG F NUMBERTAG E0BFF4DCF NUMBERTAG FFB6E NUMBERTAG F NUMBERTAG B return to APITAG from NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4E NUMBERTAG PATHTAG NUMBERTAG E0BFF4DD NUMBERTAG CBDDD NUMBERTAG F NUMBERTAG F NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4DD NUMBERTAG CB4C NUMBERTAG AC NUMBERTAG E0BFF4DD NUMBERTAG FF NUMBERTAG A NUMBERTAG D5 return to APITAG from APITAG NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4E NUMBERTAG PATHTAG NUMBERTAG E0BFF4DD NUMBERTAG CB6C NUMBERTAG A NUMBERTAG F NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4E NUMBERTAG PATHTAG NUMBERTAG E0BFF4DD NUMBERTAG CB4C NUMBERTAG AD NUMBERTAG F NUMBERTAG E0BFF4DD NUMBERTAG CB4C NUMBERTAG AC NUMBERTAG E0BFF4DD NUMBERTAG C NUMBERTAG E0BFF4DD NUMBERTAG FF NUMBERTAG E NUMBERTAG B return to APITAG from APITAG NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4DD NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4DD NUMBERTAG CBDA NUMBERTAG PATHTAG NUMBERTAG E0BFF4DD NUMBERTAG CB4AB NUMBERTAG E0BFF4DD NUMBERTAG E0BFF4DDA NUMBERTAG F NUMBERTAG E0BFF4DDA NUMBERTAG F NUMBERTAG C NUMBERTAG E0BFF4DDB NUMBERTAG E0BFF4DDB NUMBERTAG E0BFF4DDC NUMBERTAG E0BFF4EB NUMBERTAG E0BFF4DDC NUMBERTAG E0BFF4DDD NUMBERTAG CB6CA4D NUMBERTAG F NUMBERTAG E0BFF4DDD NUMBERTAG CB6C NUMBERTAG A NUMBERTAG F NUMBERTAG E0BFF4DDE NUMBERTAG E0BFF4DEF NUMBERTAG E0BFF4DDE NUMBERTAG FF NUMBERTAG C NUMBERTAG FEF return to APITAG from APITAG NUMBERTAG E0BFF4DDF NUMBERTAG CB4AB NUMBERTAG E0BFF4DDF NUMBERTAG CBF NUMBERTAG C NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG CBD0D NUMBERTAG D0 PATHTAG NUMBERTAG E0BFF4DE NUMBERTAG FF NUMBERTAG CB NUMBERTAG BE return to APITAG from APITAG NUMBERTAG E0BFF4DE NUMBERTAG CB4AB NUMBERTAG E0BFF4DE NUMBERTAG CBF NUMBERTAG E NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG CB4AB NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4DE NUMBERTAG FFB NUMBERTAG C NUMBERTAG D1 return to APITAG from APITAG NUMBERTAG E0BFF4DE NUMBERTAG CB4AB NUMBERTAG E0BFF4DE NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG CBF NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG FFB NUMBERTAG C NUMBERTAG DC return to APITAG from APITAG NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4DE NUMBERTAG E0BFF4E0F NUMBERTAG E0BFF4DEA NUMBERTAG E0BFF4DEA NUMBERTAG E0BFF4DEB NUMBERTAG E0BFF4DEB NUMBERTAG FFB NUMBERTAG C NUMBERTAG DC return to APITAG from APITAG NUMBERTAG E0BFF4DEC NUMBERTAG CBF3CAC NUMBERTAG nd descriptors. Usage: class APITAG APITAG def my_abstract_method(self, ...): ... NUMBERTAG E0BFF4DEC NUMBERTAG E0BFF4DED NUMBERTAG F6EC NUMBERTAG E0BFF4DED NUMBERTAG E0BFF4DEE NUMBERTAG E0BFF4DEE NUMBERTAG CBDA9AEE0 &\"\u00c0\u00c6I NUMBERTAG F NUMBERTAG E0BFF4DEF NUMBERTAG CBDA9AEE0 &\"\u00c0\u00c6I NUMBERTAG F NUMBERTAG E0BFF4DEF NUMBERTAG CBD0D NUMBERTAG D0 PATHTAG NUMBERTAG E0BFF4DF NUMBERTAG FFFFFFFF NUMBERTAG E0BFF4DF NUMBERTAG CBD0D NUMBERTAG D0 PATHTAG NUMBERTAG E0BFF4DF NUMBERTAG E0BFF4E NUMBERTAG E0BFF4DF NUMBERTAG FF NUMBERTAG CB NUMBERTAG AD return to APITAG from APITAG NUMBERTAG E0BFF4DF NUMBERTAG E0BFF4DF NUMBERTAG E0BFF4DF NUMBERTAG FF NUMBERTAG DB NUMBERTAG APITAG NUMBERTAG E0BFF4DF NUMBERTAG E0BFF4DF NUMBERTAG CBF NUMBERTAG DA NUMBERTAG E0BFF4DF NUMBERTAG FF NUMBERTAG FFD NUMBERTAG return to APITAG from APITAG NUMBERTAG E0BFF4DF NUMBERTAG CB4AB NUMBERTAG E0BFF4DF NUMBERTAG FFB NUMBERTAG C NUMBERTAG E0BFF4DF NUMBERTAG CBF NUMBERTAG E0BFF4DF NUMBERTAG FF NUMBERTAG FFD NUMBERTAG return to APITAG from APITAG NUMBERTAG E0BFF4DF NUMBERTAG CB4AB NUMBERTAG E0BFF4DF NUMBERTAG CBF0D4AC NUMBERTAG E0BFF4DF NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4DF NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4DF NUMBERTAG CB4AB NUMBERTAG E0BFF4DF NUMBERTAG E0BFF4DFA NUMBERTAG CBF NUMBERTAG A NUMBERTAG E0BFF4DFA8 FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4DFB NUMBERTAG FCFC NUMBERTAG E0BFF4DFB NUMBERTAG C NUMBERTAG A NUMBERTAG E0BFF4DFC NUMBERTAG E0BFF4DFC NUMBERTAG CBDA9AEE0 &\"\u00c0\u00c6I NUMBERTAG F NUMBERTAG E0BFF4DFD NUMBERTAG B NUMBERTAG E0BFF4DFD NUMBERTAG CBDA9AEE0 &\"\u00c0\u00c6I NUMBERTAG F NUMBERTAG E0BFF4DFE NUMBERTAG CB NUMBERTAG A NUMBERTAG E0BFF4DFE NUMBERTAG CBD0A NUMBERTAG PATHTAG NUMBERTAG E0BFF4DFF NUMBERTAG E0BFF4E NUMBERTAG E0BFF4DFF NUMBERTAG FF NUMBERTAG FFD NUMBERTAG return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG F NUMBERTAG C NUMBERTAG E0BFF4E NUMBERTAG FFB NUMBERTAG C NUMBERTAG D0 return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG CBD0D NUMBERTAG D NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG CB NUMBERTAG BE return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG F7BC NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG FFD NUMBERTAG return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG CBD NUMBERTAG C1C0 \"\u00f0\u201cQ NUMBERTAG F NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG CB NUMBERTAG BE return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG F7EC NUMBERTAG E0BFF4E NUMBERTAG CB NUMBERTAG C NUMBERTAG D NUMBERTAG F NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4E NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4E NUMBERTAG CB4C NUMBERTAG E0BFF4E NUMBERTAG FFFFFFFF NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG PATHTAG NUMBERTAG E0BFF4E NUMBERTAG CBDFB4C NUMBERTAG APITAG %s %s terminating (autodelete NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG FC NUMBERTAG D5 return to APITAG from APITAG NUMBERTAG E0BFF4E0A NUMBERTAG E0BFF4E0A NUMBERTAG F NUMBERTAG E0BFF4E0B NUMBERTAG CBD0D NUMBERTAG D0 PATHTAG NUMBERTAG E0BFF4E0B NUMBERTAG FFB6E NUMBERTAG F NUMBERTAG B return to APITAG from NUMBERTAG E0BFF4E0C NUMBERTAG CBD0AA NUMBERTAG E0BFF4E0C NUMBERTAG FF NUMBERTAG FFD NUMBERTAG return to APITAG from APITAG NUMBERTAG E0BFF4E0D NUMBERTAG C8EC NUMBERTAG E0BFF4E0D NUMBERTAG CB NUMBERTAG A NUMBERTAG E0BFF4E0E NUMBERTAG C8FC NUMBERTAG E0BFF4E0E NUMBERTAG CBDA9AEE0 &\"\u00c0\u00c6I NUMBERTAG F NUMBERTAG E0BFF4E0F NUMBERTAG C NUMBERTAG C NUMBERTAG E0BFF4E0F NUMBERTAG FF NUMBERTAG CB NUMBERTAG BE return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG CBDA9AEE0 &\"\u00c0\u00c6I NUMBERTAG F NUMBERTAG E0BFF4E NUMBERTAG CBDFB4A NUMBERTAG PATHTAG NUMBERTAG E0BFF4E NUMBERTAG CBD NUMBERTAG C1C0 \"\u00f0\u201cQ NUMBERTAG F NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG F NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG CB NUMBERTAG AD return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG C NUMBERTAG E1 return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG F0 APITAG NUMBERTAG E0BFF4E NUMBERTAG C NUMBERTAG E0BFF4E NUMBERTAG CBF0D4CC0 \" return list(iterable) Let the base class default method raise the ERRORTAG return APITAG o NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG FFD NUMBERTAG return to APITAG from APITAG NUMBERTAG E0BFF4E NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4E NUMBERTAG FFFFFFFFFFFFFFFE NUMBERTAG E0BFF4E NUMBERTAG C NUMBERTAG C NUMBERTAG E0BFF4E NUMBERTAG CBF0D4CC0 \" return list(iterable) Let the base class default method raise the ERRORTAG return APITAG o NUMBERTAG E0BFF4E NUMBERTAG CBD NUMBERTAG A8F NUMBERTAG F NUMBERTAG E0BFF4E NUMBERTAG FF NUMBERTAG CB NUMBERTAG BE return to APITAG from APITAG NUMBERTAG E0BFF4F7E NUMBERTAG E0BFF4F7E NUMBERTAG FFB NUMBERTAG C NUMBERTAG return to APITAG from NUMBERTAG E0BFF4F7F NUMBERTAG E0BFF4F7F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E8FFFFFB NUMBERTAG E0BFF4F NUMBERTAG D0FFFFFB NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F8A NUMBERTAG E0BFF4F8A NUMBERTAG E0BFF4F8B NUMBERTAG E0BFF4F8B NUMBERTAG E0BFF4F8C NUMBERTAG E0BFF4F8C NUMBERTAG E0BFF4F8D NUMBERTAG E0BFF4F8D NUMBERTAG E0BFF4F8E NUMBERTAG E0BFF4F8E NUMBERTAG E0BFF4F8F NUMBERTAG E0BFF4F8F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG E0BFF4F NUMBERTAG Your Environment Used Operating system: [ ] Windows NUMBERTAG Operating system version/name: Kodi version NUMBERTAG note: Once the issue is made we require you to update it with new information or Kodi versions should that be required. Team Kodi will consider your problem report however, we will not make any promises the problem will be solved.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2022-28368",
- "Issue_Url_old": "https://github.com/dompdf/dompdf/issues/2598",
- "Issue_Url_new": "https://github.com/dompdf/dompdf/issues/2598",
- "Repo_new": "dompdf/dompdf",
- "Issue_Created_At": "2021-10-12T14:16:06Z",
- "description": "Remote code execution vulnerability through persisted font. A malicious user is able to use Dompdf to execute code remotely under the following conditions: the Dompdf font directory ( PATHTAG by default) is accessible through the web a remote user is able to inject CSS into a document rendered by Dompdf On a vulnerable system a user can reference a specially crafted font file that is able to pass the initial parsing process, at which time Dompdf persists the font file to the font directory with an extension matching that of the file on the remote system. At this point the user is able to load the persisted file to execute code within the context of the PHP process. Recommended mitigations for Dompdf versions prior to NUMBERTAG move Dompdf and/or the Dompdf font directory outside the web root disable access to remote resources by setting the APITAG option to false sanitize user input Vulnerability details are available on the Positive Security blog URLTAG . Refer to the wiki for additional information on securing Dompdf URLTAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41355",
- "Issue_Url_old": "https://github.com/dotnet/runtime/issues/60301",
- "Issue_Url_new": "https://github.com/dotnet/runtime/issues/60301",
- "Repo_new": "dotnet/runtime",
- "Issue_Created_At": "2021-10-12T17:02:13Z",
- "description": "Microsoft Security Advisory CVETAG | .NET Core Information Disclosure Vulnerability. Microsoft Security Advisory CVETAG | .NET Core Information Disclosure Vulnerability APITAG APITAG Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Information Disclosure vulnerability exists in .NET where APITAG may send credentials in plain text on Linux. Announcement Announcement for this issue can be found at URLTAG APITAG APITAG Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. APITAG APITAG Affected software Any .NET application that uses APITAG with a vulnerable version listed below on system based on Linux. Package name | Vulnerable versions | Secure versions | | APITAG NUMBERTAG or lower NUMBERTAG APITAG APITAG How do I know if I am affected? If you are using a package version listed in affected software affected software , you're exposed to the vulnerability. APITAG APITAG How do I fix the issue? To fix the issue, please update to the latest version URLTAG of the affected software affected software . Other Information Reporting Security Issues If you have found a potential security issue in .NET, please email details to EMAILTAG . Reports may qualify for the Microsoft .NET Core & .NET NUMBERTAG Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at APITAG . Support You can ask questions about this issue on APITAG in the .NET APITAG organization. The main repos are located at URLTAG and URLTAG The Announcements repo ( URLTAG will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue. Disclaimer The information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. External Links CVETAG CVETAG Revisions NUMBERTAG APITAG NUMBERTAG Advisory published. APITAG NUMBERTAG APITAG Updated NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.7,
- "impactScore": 3.6,
- "exploitabilityScore": 2.1
- },
- {
- "CVE_ID": "CVE-2021-42584",
- "Issue_Url_old": "https://github.com/convos-chat/convos/issues/623",
- "Issue_Url_new": "https://github.com/convos-chat/convos/issues/623",
- "Repo_new": "convos-chat/convos",
- "Issue_Created_At": "2021-10-12T19:56:57Z",
- "description": "Vulnerability in URLTAG I have identified a stored cross site scripting vulnerability in URLTAG below is the POC for your reference: POC: APITAG by jberger) Reference Link: URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-42863",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4793",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4793",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-10-13T02:35:23Z",
- "description": "Buffer overflow in ecma builtin typedarray prototype.c. APITAG revision d NUMBERTAG e7 Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Output ICE: Assertion 'object_p >type_flags_refs >= ECMA_OBJECT_REF_ONE' failed at PATHTAG (ecma_deref_object NUMBERTAG Error: ERR_FAILED_INTERNAL_ASSERTION Aborted (core dumped) Backtrace NUMBERTAG GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG f NUMBERTAG e NUMBERTAG in __GI_abort () at APITAG NUMBERTAG in jerry_port_fatal APITAG at PATHTAG NUMBERTAG fccb4a in jerry_fatal APITAG at PATHTAG NUMBERTAG fccba0 in jerry_assert_fail (assertion NUMBERTAG db0 \"object_p >type_flags_refs >= ECMA_OBJECT_REF_ONE\", file NUMBERTAG d NUMBERTAG PATHTAG function NUMBERTAG a NUMBERTAG APITAG \"ecma_deref_object\", line NUMBERTAG at PATHTAG NUMBERTAG f NUMBERTAG b NUMBERTAG in ecma_deref_object (object_p NUMBERTAG b NUMBERTAG APITAG ) at PATHTAG NUMBERTAG f NUMBERTAG in ecma_free_value (value NUMBERTAG at PATHTAG NUMBERTAG f NUMBERTAG in ecma_fast_free_value (value NUMBERTAG at PATHTAG NUMBERTAG fea NUMBERTAG in opfunc_call (frame_ctx_p NUMBERTAG ffcb NUMBERTAG d NUMBERTAG at PATHTAG NUMBERTAG ff5e4b in vm_execute (frame_ctx_p NUMBERTAG ffcb NUMBERTAG d NUMBERTAG at PATHTAG NUMBERTAG ff NUMBERTAG ea in vm_run (shared_p NUMBERTAG ffcb NUMBERTAG d NUMBERTAG a0, this_binding_value NUMBERTAG lex_env_p NUMBERTAG b NUMBERTAG APITAG ) at PATHTAG NUMBERTAG fb NUMBERTAG in ecma_op_function_call_simple (func_obj_p NUMBERTAG b NUMBERTAG APITAG , this_arg_value NUMBERTAG APITAG arguments_list_len NUMBERTAG at PATHTAG NUMBERTAG fb1a NUMBERTAG in ecma_op_function_call (func_obj_p NUMBERTAG b NUMBERTAG APITAG , this_arg_value NUMBERTAG APITAG arguments_list_len NUMBERTAG at PATHTAG NUMBERTAG fea4a9 in opfunc_call (frame_ctx_p NUMBERTAG ffcb NUMBERTAG d NUMBERTAG d0) at PATHTAG NUMBERTAG ff5e4b in vm_execute (frame_ctx_p NUMBERTAG ffcb NUMBERTAG d NUMBERTAG d0) at PATHTAG NUMBERTAG ff NUMBERTAG ea in vm_run (shared_p NUMBERTAG ffcb NUMBERTAG d NUMBERTAG e0, this_binding_value NUMBERTAG lex_env_p NUMBERTAG b NUMBERTAG APITAG ) at PATHTAG NUMBERTAG fe NUMBERTAG c1 in vm_run_global (bytecode_p NUMBERTAG b6a8 APITAG , APITAG APITAG ) at PATHTAG NUMBERTAG f NUMBERTAG in jerry_run (func_val NUMBERTAG at PATHTAG NUMBERTAG f NUMBERTAG d NUMBERTAG in main (argc NUMBERTAG arg NUMBERTAG ffcb NUMBERTAG d NUMBERTAG c8) at PATHTAG NUMBERTAG f NUMBERTAG e NUMBERTAG b3 in __libc_start_main (main NUMBERTAG f NUMBERTAG APITAG , argc NUMBERTAG arg NUMBERTAG ffcb NUMBERTAG d NUMBERTAG c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG ffcb NUMBERTAG d NUMBERTAG b8) at PATHTAG NUMBERTAG f NUMBERTAG ce in _start () Expected behavior APITAG in ecma builtin typearray APITAG should check type of the array give backed by filter. We have already made this crash an arbitrary read/write, if you need that APITAG please contact us.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-42227",
- "Issue_Url_old": "https://github.com/kindsoft/kindeditor/issues/336",
- "Issue_Url_new": "https://github.com/kindsoft/kindeditor/issues/336",
- "Repo_new": "kindsoft/kindeditor",
- "Issue_Created_At": "2021-10-14T06:26:59Z",
- "description": "There is a stored xss vulnerability in kindeditor NUMBERTAG APITAG description] > Cross APITAG Scripting (XSS) vulnerability exists in APITAG NUMBERTAG ia > a Google search PATHTAG and then the .html > file on the website that uses this editor (the file suffix is allowed). > > > > APITAG Type] > Cross Site Scripting (XSS) > > > > APITAG of Product] > URLTAG > > > > APITAG Product Code Base] > kindeditor NUMBERTAG APITAG Component] > POST PATHTAG HTTP NUMBERTAG Content Disposition: form data; APITAG APITAG > Content Type: text/html > > APITAG APITAG NUMBERTAG APITAG Type] > Remote > > > > APITAG Code execution] > true > > > > APITAG Vectors] > You just need to search in google: PATHTAG > Then upload the .html file on the website that uses this editor (the file suffix is allowed)",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-42648",
- "Issue_Url_old": "https://github.com/cdr/code-server/issues/4355",
- "Issue_Url_new": "https://github.com/coder/code-server/issues/4355",
- "Repo_new": "coder/code-server",
- "Issue_Created_At": "2021-10-14T08:16:39Z",
- "description": "Cross Site Scripting\uff08XSS\uff09vulnerability in code server. APITAG APITAG Information Web Browser: firefox Local OS: Debian Remote OS: Debian Remote Architecture: APITAG NUMBERTAG Steps to Reproduce APITAG your browser and insert payload APITAG NUMBERTAG example: APITAG APITAG APITAG Screenshot FILETAG APITAG Notes APITAG This issue can be reproduced in VS Code: Yes",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-22563",
- "Issue_Url_old": "https://github.com/libjxl/libjxl/issues/735",
- "Issue_Url_new": "https://github.com/libjxl/libjxl/issues/735",
- "Repo_new": "libjxl/libjxl",
- "Issue_Created_At": "2021-10-14T20:01:32Z",
- "description": "splines: segfault due to out of bounds access of segment array. Hello, this NUMBERTAG byte JPEG XL image, found via fuzz testing, causes a segfault during decoding (using the latest commit on the main branch). FILETAG ERRORTAG It looks like, when drawing spline segments, APITAG for this image contains NUMBERTAG entries but APITAG can return higher values for y that result in APITAG reading beyond the end of this. URLTAG The following patch to APITAG demonstrates a possible guard to prevent the segfault, but there's almost certainly a better way to fix this. CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
- "severity": "MEDIUM",
- "baseScore": 4.4,
- "impactScore": 2.5,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-42859",
- "Issue_Url_old": "https://github.com/michaelrsweet/mxml/issues/286",
- "Issue_Url_new": "https://github.com/michaelrsweet/mxml/issues/286",
- "Repo_new": "michaelrsweet/mxml",
- "Issue_Created_At": "2021-10-15T03:56:39Z",
- "description": "stack buffer overflow and heap buffer overflow. Hi, We have used Mini xml in our project, so I test NUMBERTAG and master branch and found something: Fisrt, there are some memory leaks in NUMBERTAG and master: ERRORTAG and : this is your testmxml.c: ERRORTAG also ,we I input an unformed string to APITAG there will be a stack buffer overflow and heap buffer overflow. I think if you add a longth check in mxml_string_getc when every pointer change(\"like ( s)++\"), will be better? Of course Maybe I have use it in a wrong . you can check it here: this is my testcase: CODETAG you can compile your lib with CFLAGS =+ \" g O0 fno omit frame pointer gline tables only fsanitize=address fsanitize address use after scope fsanitize=fuzzer no link\" and LDFLAGS =+\" fsanitize=fuzzer no link fsanitize=address\" and clang++ g O1 fno omit frame pointer gline tables only fsanitize=address fsanitize address use after scope fsanitize=fuzzer no link mxml_fuzzer.cpp I ./ fsanitize=fuzzer ./libmxml.a run and these are the backtrace: ERRORTAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-46398",
- "Issue_Url_old": "https://github.com/filebrowser/filebrowser/issues/1621",
- "Issue_Url_new": "https://github.com/filebrowser/filebrowser/issues/1621",
- "Repo_new": "filebrowser/filebrowser",
- "Issue_Created_At": "2021-10-16T16:07:16Z",
- "description": "Security Issue APITAG details and report are not disclosed here). Hi, this is Febin, an Independent security researcher. I have found a critical vulnerability in filebrowser. I reported the vulnerability to EMAILTAG from FILETAG . I also reported a private report on the issue via APITAG Link to the Private Report: URLTAG URLTAG Thanks.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-45864",
- "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/476",
- "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/476",
- "Repo_new": "justdan96/tsmuxer",
- "Issue_Created_At": "2021-10-18T14:12:22Z",
- "description": "segmentation fault in APITAG APITAG Hi, I found a segmentation fault. Some info: APITAG To reproduce NUMBERTAG Compile APITAG NUMBERTAG Run tsmuxer APITAG POC FILETAG ASAN output: ERRORTAG gdb ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-42870",
- "Issue_Url_old": "https://github.com/xebd/accel-ppp/issues/158",
- "Issue_Url_new": "https://github.com/xebd/accel-ppp/issues/158",
- "Repo_new": "xebd/accel-ppp",
- "Issue_Created_At": "2021-10-18T14:22:42Z",
- "description": "Abnormal packet sequence can cause stack buffer underflow. Using version APITAG . Summary Sending PPTP Call Clear Request Packet after PPTP Start Control Connection Request and PPTP Outgoing Call Request to server can cause ERRORTAG . APITAG Here is the detailed information of sent packets: Packet NUMBERTAG CODETAG Packet NUMBERTAG CODETAG Packet NUMBERTAG CODETAG Hint: the APITAG field is randomly generated thus directly forwarding those three packets might not reproduce the scene. To reproduce it, it's neccessary to construct similar packets. Crash report log of server: ERRORTAG Here is the asan report: ERRORTAG Reproduce info Build APITAG : CODETAG Run APITAG , use the following command: APITAG The running configuration APITAG is: ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44081",
- "Issue_Url_old": "https://github.com/open5gs/open5gs/issues/1206",
- "Issue_Url_new": "https://github.com/open5gs/open5gs/issues/1206",
- "Repo_new": "open5gs/open5gs",
- "Issue_Created_At": "2021-10-18T14:24:48Z",
- "description": "Version NUMBERTAG AMF stack smashing . When I use open5gs of version NUMBERTAG on Ubuntu NUMBERTAG system, I found a problem: When the UE is in initially registered period, if the length of MSIN\uff08part of Supi\uff09 exceeds the normal length by NUMBERTAG characters, AMF stack smashing will be caused, resulting in denial of AMF service FILETAG I analyzed the causes of this problem: When open5gs handles the APITAG process, the requested space size is fixed\uff08OGS_MAX_IMSI_BCD_LEN is NUMBERTAG and AMF does not verify the length of Supi APITAG leads to stack overflow FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45861",
- "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/478",
- "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/478",
- "Repo_new": "justdan96/tsmuxer",
- "Issue_Created_At": "2021-10-18T14:29:17Z",
- "description": "Assertion Failed in APITAG APITAG Hi, I Found an Assertion Failed error. Some info: APITAG To reproduce NUMBERTAG Compile APITAG NUMBERTAG Run tsmuxer ERRORTAG POC FILETAG gdb output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2022-0341",
- "Issue_Url_old": "https://github.com/Vanessa219/vditor/issues/1102",
- "Issue_Url_new": "https://github.com/vanessa219/vditor/issues/1102",
- "Repo_new": "vanessa219/vditor",
- "Issue_Created_At": "2021-10-21T10:02:39Z",
- "description": "\u6240\u89c1\u5373\u6240\u5f97\u6a21\u5f0f\u4f20\u5165\u5b57\u7b26\u4e32 APITAG \u62a5\u9519. \u7f16\u8f91\u6a21\u5f0f wysiwyg \u6240\u89c1\u5373\u6240\u5f97\u6a21\u5f0f \u63cf\u8ff0\u95ee\u9898 APITAG APITAG \u65f6\u62a5\u9519 markdown APITAG APITAG ') \u671f\u5f85\u7684\u7ed3\u679c \u4e0d\u62a5\u9519\uff0c\u4ee3\u7801\u6b63\u5e38\u6267\u884c \u622a\u5c4f\u6216\u5f55\u50cf FILETAG \u7248\u672c\u4fe1\u606f \u7248\u672c\uff1a\"vditor\": APITAG \u64cd\u4f5c\u7cfb\u7edf\uff1amacbook pro \u6d4f\u89c8\u5668\uff1a\u8c37\u6b4c",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-25742",
- "Issue_Url_old": "https://github.com/kubernetes/ingress-nginx/issues/7837",
- "Issue_Url_new": "https://github.com/kubernetes/ingress-nginx/issues/7837",
- "Repo_new": "kubernetes/ingress-nginx",
- "Issue_Created_At": "2021-10-21T16:08:21Z",
- "description": "CVETAG : Ingress nginx custom snippets allows retrieval of ingress nginx serviceaccount token and secrets across all namespaces. Issue Details A security issue was discovered in ingress nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. This issue has been rated High ( PATHTAG URLTAG , and assigned CVETAG . Affected Components and Configurations This bug affects ingress nginx. Multitenant environments where non admin users have permissions to create Ingress objects are most affected by this issue. Affected Versions with no mitigation NUMBERTAG APITAG NUMBERTAG or NUMBERTAG Set allow snippet annotations URLTAG to false in your ingress nginx APITAG based on how you deploy ingress nginx: Static Deploy Files Edit the APITAG for ingress nginx after deployment: APITAG Add directive: APITAG CODETAG APITAG to false APITAG URLTAG URLTAG Detection If you find evidence that this vulnerability has been exploited, please contact security APITAG Additional Details See ingress nginx Issue NUMBERTAG for more details. Acknowledgements This vulnerability was reported by Mitch Hulscher. Thank You, CJ Cullen on behalf of the Kubernetes Security Response Committee",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
- "severity": "HIGH",
- "baseScore": 7.1,
- "impactScore": 4.2,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-41170",
- "Issue_Url_old": "https://github.com/sroehrl/neoan3-template/issues/8",
- "Issue_Url_new": "https://github.com/sroehrl/neoan3-template/issues/8",
- "Repo_new": "sroehrl/neoan3-template",
- "Issue_Created_At": "2021-10-21T23:24:03Z",
- "description": "Closure injection has a vulnerability. In the template evaluation, closures are evaluated based on whether a value is callable within the current scope. In theory, one could create a multi step attack by storing particular values into the database that are known to be eventually rendered by the template engine. would the value of such a key happen to be a callable, one could execute global or local functions & methods. While it is unclear how one could use this to exploit neoan3, this constitutes a security concern.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43086",
- "Issue_Url_old": "https://github.com/ARM-software/astc-encoder/issues/296",
- "Issue_Url_new": "https://github.com/arm-software/astc-encoder/issues/296",
- "Repo_new": "arm-software/astc-encoder",
- "Issue_Created_At": "2021-10-22T05:18:39Z",
- "description": "stack buffer overflow in function APITAG Version APITAG Environment Ubuntu NUMBERTAG bit Command Compile test program: APITAG Compile test program with address sanitizer: Update Makefile: CODETAG Compile program: APITAG Result The result of running without ASAN: CODETAG Information obtained by using ASAN: ERRORTAG Description ERRORTAG Poc Poc file is this URLTAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-23463",
- "Issue_Url_old": "https://github.com/h2database/h2database/issues/3195",
- "Issue_Url_new": "https://github.com/h2database/h2database/issues/3195",
- "Repo_new": "h2database/h2database",
- "Issue_Created_At": "2021-10-22T07:07:50Z",
- "description": "Report a H2 Database Engine SQLXML XXE vulnerability. Hello, I am threedr3am of APITAG Security Lab URLTAG ( EMAILTAG lub). We found a security vulnerability(SCSL NUMBERTAG in the H2 Database Engine jar URLTAG when using this component to connect to the h2 database , The returned data content field is parsed through SQLXML, which will cause the client XXE ( FILETAG Oracle mysql jdbc also recently fixed a similar security vulnerability, please refer to: URLTAG This is their fix commit: URLTAG vulnerability detail: When analyzing the data returned by the database, the APITAG class provides the APITAG method, which parses the string data into an object of the APITAG class. FILETAG When the object executes the APITAG APITAG method, if the input parameter is APITAG it will result in unprotected parsing of XML, resulting in XXE. FILETAG vulnerability reproduction NUMBERTAG The table exists in the database ERRORTAG NUMBERTAG There is data in the tb_test table CODETAG NUMBERTAG Query the database to return the message field and parse it through SQLXML CODETAG NUMBERTAG result FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.1,
- "impactScore": 5.2,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-4229",
- "Issue_Url_old": "https://github.com/faisalman/ua-parser-js/issues/536",
- "Issue_Url_new": "https://github.com/faisalman/ua-parser-js/issues/536",
- "Repo_new": "faisalman/ua-parser-js",
- "Issue_Created_At": "2021-10-22T13:46:48Z",
- "description": "Security issue: compromised npm packages of ua parser js NUMBERTAG Questions about deprecated npm package ua parser js. Hi! See a warning at npm URLTAG APITAG First question Can we use range APITAG , or it is not safe? Second question Will you create a new package, or try to remove hijacked versions and continue update this package?",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43518",
- "Issue_Url_old": "https://github.com/teeworlds/teeworlds/issues/2981",
- "Issue_Url_new": "https://github.com/teeworlds/teeworlds/issues/2981",
- "Repo_new": "teeworlds/teeworlds",
- "Issue_Created_At": "2021-10-23T10:33:38Z",
- "description": "Stack buffer overflow (write) while loading map in APITAG APITAG The client crashes when an invalid map ( FILETAG is loaded. Such a map can be delivered to the client by a malicious server. Tested on Ubuntu NUMBERTAG Teeworlds version: APITAG URLTAG Compilation with ASAN: CODETAG Run and connect to a server that delivers an invalid map: ERRORTAG Compilation without ASAN: APITAG Run and connect to a server that delivers an invalid map: APITAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2002-20001",
- "Issue_Url_old": "https://github.com/mozilla/ssl-config-generator/issues/162",
- "Issue_Url_new": "https://github.com/mozilla/ssl-config-generator/issues/162",
- "Repo_new": "mozilla/ssl-config-generator",
- "Issue_Created_At": "2021-10-23T22:32:53Z",
- "description": "Stop recommending DHE, because of \"dheater\" vulnerability. These guys URLTAG found a way to saturate the server CPU core to NUMBERTAG using as little as NUMBERTAG KB/s of incoming traffic. The pre requisite is that the server supports DHE as the key exchange. Therefore, to avoid creating such a vulnerable configuration, I propose removing DHE from all levels of SSL config.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-42970",
- "Issue_Url_old": "https://github.com/cbkhwx/cxuucmsv3/issues/8",
- "Issue_Url_new": "https://github.com/cbkhwx/cxuucmsv3/issues/8",
- "Repo_new": "cbkhwx/cxuucmsv3",
- "Issue_Created_At": "2021-10-24T02:33:04Z",
- "description": "A xss vulnerability was discovered in cxuucms NUMBERTAG There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the imgurl of PATHTAG parameter :content POC APITAG APITAG Then view the webpage named test xss in admin feedback list page , XSS vulnerability is triggered successfully. APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2022-24615",
- "Issue_Url_old": "https://github.com/srikanth-lingala/zip4j/issues/377",
- "Issue_Url_new": "https://github.com/srikanth-lingala/zip4j/issues/377",
- "Repo_new": "srikanth-lingala/zip4j",
- "Issue_Created_At": "2021-10-24T15:43:05Z",
- "description": "Collection of Recent Reported Bugs for zip4j NUMBERTAG Recently we ( Zhang Cen URLTAG and Huang Wenjie URLTAG found and submitted several bugs of latest zip4j NUMBERTAG For your convenience, here lists the bug summary for all reported bugs (will keep it updated). Note that each issue is a unique bug (we sorted and refined them from thousands of crashes) Any discussion about the bugs are welcome. URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG URLTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-43116",
- "Issue_Url_old": "https://github.com/alibaba/nacos/issues/7127",
- "Issue_Url_new": "https://github.com/alibaba/nacos/issues/7127",
- "Repo_new": "alibaba/nacos",
- "Issue_Created_At": "2021-10-26T10:13:19Z",
- "description": "A vulnerability was found that could cause any existing user to log in. APITAG Describe the bug A clear and concise description of what the bug is. A vulnerability was found that could cause any existing user to log in Expected behavior A clear and concise description of what you expected to happen. Acutally behavior A clear and concise description of what you actually to happen. How to Reproduce Steps to reproduce the behavior NUMBERTAG Download the latest version of APITAG NUMBERTAG Access prompt page FILETAG NUMBERTAG Enter any user name and APITAG login to capture packets Change the returned package to the following FILETAG FILETAG HTTP NUMBERTAG Server: APITAG Date: Sun NUMBERTAG Apr NUMBERTAG GMT Content Type: application/json;charset=UTF NUMBERTAG Connection: close Vary: Origin Vary: Access Control Request Method Vary: Access Control Request Headers Access Control Allow Origin: URLTAG Access Control Allow Credentials: true Authorization: Bearer APITAG Content Length NUMBERTAG APITAG NUMBERTAG We can see the successful login FILETAG Desktop (please complete the following information): OS: [e.g. Centos] Version APITAG Module [e.g. naming/config] SDK [e.g. original, spring cloud alibaba nacos, dubbo] Additional context Add any other context about the problem here.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2022-23562",
- "Issue_Url_old": "https://github.com/tensorflow/tensorflow/issues/52676",
- "Issue_Url_new": "https://github.com/tensorflow/tensorflow/issues/52676",
- "Repo_new": "tensorflow/tensorflow",
- "Issue_Created_At": "2021-10-26T11:38:05Z",
- "description": "Undefined behaviour in Range. APITAG make sure that this is a bug. As per our FILETAG , we only address code/doc bugs, performance issues, feature requests and build/installation issues on APITAG tag:bug_template APITAG System information Have I written custom code (as opposed to using a stock example script provided in APITAG No OS Platform and Distribution (e.g., Linux Ubuntu NUMBERTAG all Mobile device (e.g. APITAG NUMBERTAG Pixel NUMBERTAG Samsung Galaxy) if the issue happens on mobile device: n/a APITAG installed from (source or binary): source APITAG version (use command below): git HEAD Python version NUMBERTAG Bazel version (if compiling from source NUMBERTAG APITAG version (if compiling from source NUMBERTAG APITAG version: n/a GPU model and memory: n/a You can collect some of this information using our environment capture FILETAG You can also obtain the APITAG version with NUMBERTAG TF NUMBERTAG APITAG NUMBERTAG TF NUMBERTAG APITAG Describe the current behavior URLTAG has undefined behaviour when size is greater than APITAG This leads to the unit test APITAG failing on AARCH NUMBERTAG where the g++ implements different behaviour from NUMBERTAG On NUMBERTAG the result of the cast is large and ve, on AARCH NUMBERTAG it is large and +ve. Neither is incorrect as the behaviour of casting into a type that cannot hold the value is undefined. Describe the expected behavior The code should be written to avoid relying on undefined behaviour of the source. Contributing URLTAG Do you want to contribute a PR? (yes/no): yes Briefly describe your candidate solution(if contributing): Test the variable 'size' for exceeding the greatest possible value that can be safely cast to int NUMBERTAG t and throw an error if found. Standalone code to reproduce the issue Provide a reproducible test case that is the bare minimum necessary to generate the problem. If possible, please share a link to PATHTAG notebook. $ bazel test flaky_test_attempts NUMBERTAG test_output=all cache_test_results=no remote_http_cache=\"\" remote_cache_proxy=\"\" noremote_accept_cached config=nonccl verbose_failures PATHTAG Other info / logs Include any logs or source code that would be helpful to diagnose the problem. If including tracebacks, please include the full traceback. Large logs and files should be attached. APITAG ERROR: APITAG APITAG APITAG Traceback (most recent call last): File PATHTAG line NUMBERTAG in APITAG v = APITAG NUMBERTAG e NUMBERTAG limit NUMBERTAG File PATHTAG line NUMBERTAG in error_handler return fn( args, kwargs) File PATHTAG line NUMBERTAG in op_dispatch_handler return dispatch_target( args, kwargs) File PATHTAG line NUMBERTAG in range return APITAG limit, delta, name=name) File PATHTAG line NUMBERTAG in _range APITAG name) File PATHTAG line NUMBERTAG in raise_from_not_ok_status raise APITAG from None pylint: disable=protected access ERRORTAG OOM when allocating tensor with shape NUMBERTAG and type float on PATHTAG by allocator cpu APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43854",
- "Issue_Url_old": "https://github.com/nltk/nltk/issues/2866",
- "Issue_Url_new": "https://github.com/nltk/nltk/issues/2866",
- "Repo_new": "nltk/nltk",
- "Issue_Created_At": "2021-10-26T21:56:15Z",
- "description": "word_tokenize/EN hangs on incorrect strings. Hi NLTK team, I have a string that I pass to APITAG (which uses ERRORTAG under the hood), and the call hangs. The string in question is taken from Wikipedia and is the result of some vandalism. It can be generated by this APITAG The call seems to hang, I did not go deep too much but after running this for a couple of hours I just stopped the process. What would be an ok solution to process this in a robust fashion? I have a pipeline that has correct sentences as well as, from time to time, this kind of sentences.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43117",
- "Issue_Url_old": "https://github.com/ambitiousleader/some-automated-script/issues/1",
- "Issue_Url_new": "https://github.com/ambitiousleader/some-automated-script/issues/1",
- "Repo_new": "ambitiousleader/some-automated-script",
- "Issue_Created_At": "2021-10-27T08:08:15Z",
- "description": "fastadmin NUMBERTAG file upload getshell. Detail: FILETAG ERRORTAG PATHTAG Line NUMBERTAG FILETAG Four method ,analyse one by one PATHTAG APITAG Line NUMBERTAG check upload file size is not bigger than default FILETAG PATHTAG APITAG Line NUMBERTAG PHP file and HTML file is not allowed to upload FILETAG PATHTAG APITAG Line NUMBERTAG check file APITAG is default APITAG =$this >config FILETAG PATHTAG APITAG Line NUMBERTAG check upload file is a picture,because judgment is logical or,as long as type value in_array return true,we can upload other PHP suffix file that can be parsed\uff0csuch as php5,phtml,php3 and so on FILETAG change the content type to gif,filename to xx.phtml FILETAG however,phtml can't be parsed,I find that if the CMS is build with Debian or Ubuntu environment,attack can be APITAG or Ubuntu apache2 configuration file write as follow,it will contains mods enabled/ .conf file automatically\uff0cwhich default parse phtml as php FILETAG FILETAG so,access the shell address to complete the attack,this ip is my debian's ip address FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43398",
- "Issue_Url_old": "https://github.com/weidai11/cryptopp/issues/1080",
- "Issue_Url_new": "https://github.com/weidai11/cryptopp/issues/1080",
- "Repo_new": "weidai11/cryptopp",
- "Issue_Created_At": "2021-10-28T08:39:07Z",
- "description": "Dangerous Correlation Between Key Length and Execution Time . Hello. I'm using Crypto++ built by the latest version of source code in this repository on Ubuntu NUMBERTAG The function is as follows: CODETAG It seems that the execution time of APITAG is positively correlated with the length of the private key instead of a constant value. I did a simple experiment and heres the result. But I haven't studied the reason yet. FILETAG I suppose this may leak the length information of the input private key and facilitate malicious attacks on key decryption. Besides, the execution time becomes abnormally long when the private key reaches hundreds of bytes long, which causes a little inconvenience to me. Hope you can check this case. Have a good day!",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45884",
- "Issue_Url_old": "https://github.com/brave/brave-browser/issues/19070",
- "Issue_Url_new": "https://github.com/brave/brave-browser/issues/19070",
- "Repo_new": "brave/brave-browser",
- "Issue_Created_At": "2021-10-28T16:16:06Z",
- "description": "hackerone NUMBERTAG CNAME Uncloacking in SOCKS5 protocol. URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-41232",
- "Issue_Url_old": "https://github.com/github/securitylab/issues/464",
- "Issue_Url_new": "https://github.com/github/securitylab/issues/464",
- "Repo_new": "github/securitylab",
- "Issue_Created_At": "2021-10-29T07:59:45Z",
- "description": "GO]: [ CVETAG : LDAP Injection All For One]. Query Relevant PR: URLTAG Report Constructing LDAP names or search filters directly from tainted data enables attackers to inject specially crafted values that changes the initial meaning of the name or filter itself. Successful LDAP injections attacks can read, modify or delete sensitive information from the directory service. This query identifies cases in which a LDAP query executes user provided input without being sanitized before. [x] Are you planning to discuss this vulnerability submission publicly? APITAG Post, social networks, etc). We would love to have you spread the word about the good work you are doing Result(s) Provide at least one useful result found by your query, on some revision of a real project. [go real world web URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43155",
- "Issue_Url_old": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/18",
- "Issue_Url_new": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/18",
- "Repo_new": "projectworldsofficial/online-book-store-project-in-php",
- "Issue_Created_At": "2021-10-30T12:45:40Z",
- "description": "SQL Injection vulnerability via the \"bookisbn\" parameter in FILETAG . Author APITAG ( APITAG Version NUMBERTAG Proof of concept CODETAG Response in Burpsuite FILETAG View source code FILETAG FILETAG FILETAG FILETAG FILETAG FILETAG Remediation Please validate input of \" bookisbn \" parameter in APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43156",
- "Issue_Url_old": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/19",
- "Issue_Url_new": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/19",
- "Repo_new": "projectworldsofficial/online-book-store-project-in-php",
- "Issue_Created_At": "2021-10-31T05:35:12Z",
- "description": "CSRF vulnerability in FILETAG allows a remote attacker to delete any book. Author APITAG ( APITAG Version NUMBERTAG Details The GET request for deleting a book with APITAG looks like this: APITAG Changing the value of the bookisbn parameter under admin privilege will delete the book with that ISBN. A remote attacker can embed the request into an innocent looking hyperlink: APITAG Step to reproduce NUMBERTAG First, create a malicious HTML page then host a website containing that page. APITAG CODETAG NUMBERTAG Entice the admin to click on the link to the malicious site. When the admin browses to that site, the link would be automatically clicked via APITAG and the book will be deleted. Response in Burpsuite FILETAG FILETAG Source code review FILETAG FILETAG Remediation Implement an Anti CSRF Token.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43157",
- "Issue_Url_old": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/1",
- "Issue_Url_new": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/1",
- "Repo_new": "projectworldsofficial/online-shopping-webvsite-in-php",
- "Issue_Created_At": "2021-10-31T12:18:55Z",
- "description": "SQL Injection vulnerability via the \"id\" parameter in FILETAG . Author APITAG ( APITAG Version NUMBERTAG Steps to reproduce NUMBERTAG A customer login to the store (to be able to access Cart page NUMBERTAG Add any product to cart NUMBERTAG Go to Cart page NUMBERTAG Click on \" Remove \" button to remove a product NUMBERTAG Intercept the request and insert the payload in the value of the id parameter. Example payload: APITAG Proof of concept CODETAG Response in Burpsuite FILETAG Source code review FILETAG FILETAG Remediation Validate input of id parameter in APITAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43158",
- "Issue_Url_old": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/2",
- "Issue_Url_new": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/2",
- "Repo_new": "projectworldsofficial/online-shopping-webvsite-in-php",
- "Issue_Created_At": "2021-10-31T12:31:11Z",
- "description": "CSRF vulnerability in FILETAG allows a remote attacker to remove any product in the customer's cart. Author APITAG ( APITAG Version NUMBERTAG Details The GET request for removing a prodcut with APITAG looks like this: APITAG Changing the value of the id parameter in the customer session will remove the product with that ID. A remote attacker can embed the request into an innocent looking hyperlink: APITAG Step to reproduce NUMBERTAG First, create a malicious HTML page then host a website containing that page. APITAG CODETAG NUMBERTAG Entice the customer to click on the link to the malicious site. When the customer browses to that site, the link would be automatically clicked via APITAG and the product will be removed. Response in Burpsuite FILETAG FILETAG Source code review FILETAG FILETAG Remediation Implement an Anti CSRF Token.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.3,
- "impactScore": 1.4,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43620",
- "Issue_Url_old": "https://github.com/nvzqz/fruity/issues/14",
- "Issue_Url_new": "https://github.com/nvzqz/fruity/issues/14",
- "Repo_new": "nvzqz/fruity",
- "Issue_Created_At": "2021-10-31T23:36:20Z",
- "description": "Display for APITAG truncates at null bytes. This issue was originally reported privately, but I thought I should create an issue to inform others about it, as it has not yet been fixed. The implementation of FILETAG for FILETAG truncates at null bytes, since it uses APITAG URLTAG . It should be possible to use APITAG URLTAG and APITAG URLTAG instead to create the complete string. Example: APITAG That example only prints the string \"null\". Since APITAG URLTAG uses FILETAG to create strings, it has the same issue. APITAG URLTAG and APITAG URLTAG also have the same issue. If you believe this is a valid issue, I encourage you to file a security advisory at URLTAG including a patch version if it is possible to release within two weeks. Thank you for your work on this crate. Creating a security advisory is not meant to be anything other than a way to provide information to other users.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43421",
- "Issue_Url_old": "https://github.com/Studio-42/elFinder/issues/3429",
- "Issue_Url_new": "https://github.com/studio-42/elfinder/issues/3429",
- "Repo_new": "studio-42/elfinder",
- "Issue_Created_At": "2021-11-01T11:06:24Z",
- "description": "RCE APITAG NUMBERTAG Describe the bug bypass ext check Steps to reproduce the behavior NUMBERTAG create a .php file using the following URL: URLTAG APITAG file : URLTAG APITAG PHP code in FILETAG URLTAG echo APITAG p (please complete the following information): OS: Windows XAMPP",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43816",
- "Issue_Url_old": "https://github.com/containerd/containerd/issues/6194",
- "Issue_Url_new": "https://github.com/containerd/containerd/issues/6194",
- "Repo_new": "containerd/containerd",
- "Issue_Created_At": "2021-11-02T00:39:45Z",
- "description": "cri + selinux: /etc/hosts from APITAG mount getting relabeled. Description When running rke2/k3s pointing at our bundled (or stock) containerd, one can apply an unprivileged pod that relabels APITAG on the host by mounting a APITAG APITAG volume at the same location in the container: ERRORTAG Steps to reproduce the issue NUMBERTAG Install RKE2 on APITAG NUMBERTAG with APITAG enabled (the default when installed via FILETAG NUMBERTAG Establish that your APITAG is correctly labeled: CODETAG NUMBERTAG Apply this pod spec: ERRORTAG NUMBERTAG Wiat for the pod to spin up then check your APITAG : CODETAG Describe the results you received and expected Expected: APITAG retained APITAG type label with no categories Received: APITAG relabeled to APITAG with category labels specific to the container that bind mounted it What version of containerd are you using NUMBERTAG and NUMBERTAG k3s1) Any other relevant information ERRORTAG First seen while running k8s e2e conformance via sonobuoy against rke NUMBERTAG rc1+rke2r1 (most recently against NUMBERTAG rc1+rke2r1): URLTAG APITAG seen with k3s NUMBERTAG that also ships with containerd NUMBERTAG Show configuration if it is related to CRI plugin. ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.1,
- "impactScore": 6.0,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-43464",
- "Issue_Url_old": "https://github.com/intelliants/subrion/issues/888",
- "Issue_Url_new": "https://github.com/intelliants/subrion/issues/888",
- "Repo_new": "intelliants/subrion",
- "Issue_Created_At": "2021-11-03T02:21:06Z",
- "description": "There is a remote command execution vulnerability. Remote code execution vulnerabilities in the background Affected version subrion NUMBERTAG lates login address URLTAG Find Fields after login FILETAG On the right are the operations related to the column, choose one here, select Facebook FILETAG open Required field FILETAG Validation PHP code can enter any php code, here is a sentence of Trojan exec('echo ^ APITAG PATHTAG );exec('echo APITAG Off ^ APITAG PATHTAG ); Then go to APITAG to trigger it FILETAG At this time, you can access the shell and execute any command FILETAG principle The reason is that the code at the background Fields will be written to the database FILETAG Then when the information is modified, the data in it will be executed through APITAG FILETAG Proposed changes The incoming Validation PHP code adds filtering for sensitive functions, such as APITAG , APITAG , etc.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43521",
- "Issue_Url_old": "https://github.com/HardySimpson/zlog/issues/206",
- "Issue_Url_new": "https://github.com/hardysimpson/zlog/issues/206",
- "Repo_new": "hardysimpson/zlog",
- "Issue_Created_At": "2021-11-03T09:30:35Z",
- "description": "stack buffer overflow at zlog_conf_build_with_file . Hi, I found a stack buffer overflow at zlog_conf_build_with_file PATHTAG Here is the stack backtrace: ERRORTAG Of course , I byte read overflow is not important. But you can see, \"p\" It will read the memory that is underflow the \"line\" buffer. If there is exactly NUMBERTAG or NUMBERTAG or anthiny that means \"space\", \"p\" will go on move and the next \"p++\" will cause a write overflow. That is really a bug. Sepecally, I think the byte read overflow is like an address. So , there will be a crash or other wired things. If I'm right? If you need the crash case you can tell me.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43478",
- "Issue_Url_old": "https://github.com/kr0za/bugs/issues/1",
- "Issue_Url_new": "https://github.com/kr0za/bugs/issues/1",
- "Repo_new": "kr0za/bugs",
- "Issue_Created_At": "2021-11-03T14:09:05Z",
- "description": "install bug. In FILETAG , it is not checked whether FILETAG already exists in the website root directory. The install directory is not automatically deleted after the system installation. When you visit /install again, reinstall the website again. APITAG Installation succeeded APITAG The install directory is not automatically deleted after the system is installed,visit /install again APITAG The website was reinstalled APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.5,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43479",
- "Issue_Url_old": "https://github.com/mikaelstaer/The-Secretary/issues/10",
- "Issue_Url_new": "https://github.com/mikaelstaer/the-secretary/issues/10",
- "Repo_new": "mikaelstaer/the-secretary",
- "Issue_Created_At": "2021-11-04T08:53:43Z",
- "description": "install rce. my env\uff1a Version NUMBERTAG php NUMBERTAG windows At APITAG input was saved to PATHTAG causing RCE APITAG APITAG Create a new database named APITAG and then visit FILETAG to install the website APITAG Then visit PATHTAG APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43579",
- "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/453",
- "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/453",
- "Repo_new": "michaelrsweet/htmldoc",
- "Issue_Created_At": "2021-11-04T15:10:19Z",
- "description": "Stack buffer overflow in APITAG In APITAG , the APITAG variable is read from the BMP file header and directly used to read into a fixed size buffer. CODETAG A maliciously crafted BMP file could set the APITAG variable to a number big enough to overflow the stack and thus the return address. I am attaching a proof of concept below. It can be tested with: APITAG FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-42057",
- "Issue_Url_old": "https://github.com/blacksmithgu/obsidian-dataview/issues/615",
- "Issue_Url_new": "https://github.com/blacksmithgu/obsidian-dataview/issues/615",
- "Repo_new": "blacksmithgu/obsidian-dataview",
- "Issue_Created_At": "2021-11-04T19:08:34Z",
- "description": "Arbitrary Code Execution via APITAG Queries ( CVETAG ). Describe the bug I discovered a way to craft malicious markdown files that will cause the obsidian dataview plugin to execute arbitrary commands on users\u2019 systems. This is due to the unsafe use of eval within the APITAG URLTAG function located in PATHTAG This has been assigned a CVE of CVETAG CVETAG for tracking. To Reproduce The following proof of concept can be used to display a file on a user\u2019s system by executing the cat command: APITAG dataviewjs APITAG /etc/passwd NUMBERTAG stdout NUMBERTAG dv.span(stdout));\"\" APITAG ` A malicious user could leverage this vulnerability to execute arbitrary code on other users' systems by getting them to open an untrusted markdown file. This is especially dangerous in environments where users share vaults. Expected behavior APITAG should not make an unsafe call to eval using user supplied input. Additional Context Shortly after we privately disclosed this issue, MENTIONTAG promptly changed the default behavior of Dataview to no longer enable APITAG Queries by default (see release FILETAG . This helps protect new dataview users and provides a way for existing dataview users to mitigate this issue by disabling the APITAG Query functionality when opening untrusted markdown. MENTIONTAG is currently working on additional solutions and provided permission for us to open a public issue here for tracking.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-43116",
- "Issue_Url_old": "https://github.com/alibaba/nacos/issues/7182",
- "Issue_Url_new": "https://github.com/alibaba/nacos/issues/7182",
- "Repo_new": "alibaba/nacos",
- "Issue_Created_At": "2021-11-05T07:48:43Z",
- "description": "Found a login background vulnerability. The steps to APITAG FILETAG APITAG the latest version of APITAG URLTAG APITAG the steps for installation APITAG the installation is successful, access the default login page FILETAG APITAG any account and password Click login and the login failed FILETAG APITAG at login time FILETAG Intercepting return packet FILETAG The intercepted return packet is FILETAG APITAG returns the package and lets it pass FILETAG The packet is: HTTP NUMBERTAG Server: APITAG Date: Sun NUMBERTAG Apr NUMBERTAG GMT Content Type: application/json;charset=UTF NUMBERTAG Connection: close Vary: Origin Vary: Access Control Request Method Vary: Access Control Request Headers Access Control Allow Origin: URLTAG Access Control Allow Credentials: true Authorization: Bearer APITAG Content Length NUMBERTAG APITAG NUMBERTAG At this point you can see that you have successfully entered the background FILETAG The reason for this problem is that NACOS uses the default JWT key",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-3962",
- "Issue_Url_old": "https://github.com/ImageMagick/ImageMagick/issues/4446",
- "Issue_Url_new": "https://github.com/imagemagick/imagemagick/issues/4446",
- "Repo_new": "imagemagick/imagemagick",
- "Issue_Created_At": "2021-11-06T05:20:44Z",
- "description": "heap use after free in magick at dcm.c APITAG APITAG version NUMBERTAG Operating system Linux Operating system, version and so on OS: Ubuntu NUMBERTAG LTS Version: APITAG NUMBERTAG Q NUMBERTAG HDRI NUMBERTAG FILETAG Copyright: (C NUMBERTAG APITAG Studio Delegates (built in): fontconfig freetype jng jpeg lzma pangocairo png x xml zlib Compiler: gcc NUMBERTAG Description Hello, We are currently working on fuzz testing feature, and we found a heap use after free on magick . Steps to Reproduce build it APITAG run it APITAG output APITAG double free detected in tcache NUMBERTAG When I compile in ASAN mode APITAG APITAG NUMBERTAG ERROR: APITAG heap use after free on address NUMBERTAG f NUMBERTAG at pc NUMBERTAG f0f NUMBERTAG c bp NUMBERTAG ffe3d8a7fd0 sp NUMBERTAG ffe3d8a7fc8 READ of size NUMBERTAG at NUMBERTAG f NUMBERTAG thread T NUMBERTAG f0f NUMBERTAG b in APITAG PATHTAG NUMBERTAG f NUMBERTAG eb8 in APITAG PATHTAG NUMBERTAG b NUMBERTAG in APITAG PATHTAG NUMBERTAG d3 in APITAG PATHTAG NUMBERTAG bd NUMBERTAG in APITAG PATHTAG NUMBERTAG d NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG in APITAG PATHTAG NUMBERTAG f NUMBERTAG in main PATHTAG NUMBERTAG f NUMBERTAG dfd NUMBERTAG bf6 in __libc_start_main PATHTAG NUMBERTAG e NUMBERTAG in _start ( PATHTAG NUMBERTAG f NUMBERTAG is located NUMBERTAG bytes inside of NUMBERTAG byte region FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2020-36517",
- "Issue_Url_old": "https://github.com/home-assistant/plugin-dns/issues/64",
- "Issue_Url_new": "https://github.com/home-assistant/plugin-dns/issues/64",
- "Repo_new": "home-assistant/plugin-dns",
- "Issue_Created_At": "2021-11-06T16:24:00Z",
- "description": "APITAG is misconfigured leading to unexpected healthcheck behaviour. APITAG is configured to healthcheck the Cloudflare fallback every NUMBERTAG minutes, however in practice, a check is performed once a minute (and retries are generated when it fails). This is also why users have reported seeing small packet storms when Cloudflare is not reachable (by MENTIONTAG here URLTAG and MENTIONTAG here URLTAG . The intended behaviour appears to be to check once every NUMBERTAG minutes CODETAG However, that is not the only check being performed, because the encompassing server block is referenced elsewhere CODETAG A check will be run once a minute against APITAG as well as the locals (if present). We can see this is the case by enabling coredns' prometheus endpoints and pointing telegraf at them FILETAG That's failures per minute each failure represents a single query (for APITAG ) sent to APITAG . However, to APITAG (and any other upstream for that matter) it's just another query, so when it's query to it's upstream (one of APITAG or APITAG ) fails, it retries and we end up with new packets hitting the wire, one after the other. In terms of the fix, it's not clear why the fallback behaviour is implemented/hardcoded in the first place (I couldn't find any architecture discussions on it in that repo, perhaps I missed them), but the correct way to have implemented this would be one of the following options Option NUMBERTAG not include APITAG in the forwards statement at all (as it's handled by the fallback). CODETAG (It'd need some logic to handle empty locals) Option NUMBERTAG Not use a separate server block CODETAG (perhaps there some other reason an entire separate server block was stood up, but I don't see any reference to it). You could also add some config to handle APITAG locally (so the healthcheck against APITAG isn't passed upstream), but that's more horrid than the current setup. Turning off healthchecks against the locals is likely to be undesirable due to then having to wait for coredns 's timeouts if a local does go down, so I've not included that The reason this isn't a PR is because it's blocked by a decision on approach. Additional Observations Whilst capturing telemetry there were a few things I noticed which might help inform a decision on the above When in use, the Cloudflare fallback introduces a significant level of latency: FILETAG At the network level, Cloudflare is only NUMBERTAG ms away, but the average query duration for CF upstreams is half a second. The presumption is that's due to APITAG overheads, but unfortunately coredns doesn't currently expose metrics that can help verify this. I'd posit therefore that as well as fixing the healthcheck issue The choice to have cloudflare enabled/disabled should be available to the user If mandatory, the choice to use APITAG should be open to the user I like coredns , but it does feel rather out of place in an appliance it's approach to dynamic timeouts isn't really very well tuned to the foibles of domestic connections/networks.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-46700",
- "Issue_Url_old": "https://github.com/saitoha/libsixel/issues/158",
- "Issue_Url_new": "https://github.com/saitoha/libsixel/issues/158",
- "Repo_new": "saitoha/libsixel",
- "Issue_Created_At": "2021-11-07T11:26:43Z",
- "description": "double free or corruption in .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43628",
- "Issue_Url_old": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/2",
- "Issue_Url_new": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/2",
- "Repo_new": "projectworldsofficial/hospital-management-system-in-php",
- "Issue_Created_At": "2021-11-08T04:40:11Z",
- "description": "SQL Injection vulnerability via the \"email\" parameter in FILETAG . Author APITAG ( APITAG Version NUMBERTAG Steps to reproduce NUMBERTAG Go to Staff Login page NUMBERTAG Input username , password and choose Admin in the User Type NUMBERTAG Click on the Login button NUMBERTAG Intercept the request and insert the payload in the value of the email parameter. Example payload: APITAG Proof of concept CODETAG Response in Burpsuite FILETAG Source code review FILETAG FILETAG FILETAG FILETAG Remediation Validate input of email parameter in APITAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43666",
- "Issue_Url_old": "https://github.com/ARMmbed/mbedtls/issues/5136",
- "Issue_Url_new": "https://github.com/mbed-tls/mbedtls/issues/5136",
- "Repo_new": "mbed-tls/mbedtls",
- "Issue_Created_At": "2021-11-08T06:19:02Z",
- "description": "APITAG can't exit when the input password length is NUMBERTAG Summary I am using APITAG The testfile is as follows: CODETAG The program keeps running that cannot exit. Neither result nor error is given. Expected behavior Exit with a result, or an error code if not supported. Actual behavior The function does not exit.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43668",
- "Issue_Url_old": "https://github.com/ethereum/go-ethereum/issues/23866",
- "Issue_Url_new": "https://github.com/ethereum/go-ethereum/issues/23866",
- "Repo_new": "ethereum/go-ethereum",
- "Issue_Created_At": "2021-11-08T06:39:09Z",
- "description": "Nodes crash down after receiving a serial of messages generated by fuzzer, and cannot be recovered. System information Geth version: ERRORTAG OS & Version: APITAG Network: Private test net Expected behaviour Node sync block in the private net. Actual behaviour Node crashed down with \"runtime error: invalid memory address or nil pointer dereference\" Steps to reproduce the behaviour NUMBERTAG setup a NUMBERTAG node private geth nodes lcoally NUMBERTAG setup a fuzzing node continually sending fuzzed messages to other NUMBERTAG normal geth nodes NUMBERTAG After more than NUMBERTAG hours fuzzing experiment, one of the geth node who is run in fast mode crashed down. The running command for the node is CODETAG ERRORTAG When submitting logs: please submit them as text and not screenshots.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-43629",
- "Issue_Url_old": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/3",
- "Issue_Url_new": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/3",
- "Repo_new": "projectworldsofficial/hospital-management-system-in-php",
- "Issue_Created_At": "2021-11-08T09:53:16Z",
- "description": "SQL Injection vulnerability via multiple parameters in FILETAG . Author APITAG ( APITAG Version NUMBERTAG ulnerable parameters Staff Registration: afullname aemail apassword Doctor Registration: dfullname demail dpassword APITAG Delete Clerks: APITAG Delete Doctor: APITAG Steps to reproduce NUMBERTAG Go to Staff Login page NUMBERTAG Login with User Type = Admin NUMBERTAG Input personal information in the form NUMBERTAG Click on the Register button NUMBERTAG Intercept the request and insert the payload in the value of parameters. Example payload: APITAG Proof of concept CODETAG Response in Burpsuite FILETAG Source code review FILETAG FILETAG FILETAG Register function URLTAG FILETAG Delete function URLTAG FILETAG Remediation Validate input of all vulnerable parameters in APITAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43630",
- "Issue_Url_old": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/4",
- "Issue_Url_new": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/4",
- "Repo_new": "projectworldsofficial/hospital-management-system-in-php",
- "Issue_Created_At": "2021-11-08T13:16:26Z",
- "description": "SQL Injection vulnerability via multiple parameters in FILETAG . Author APITAG ( APITAG Version NUMBERTAG ulnerable parameters apfullname apphone_no apaddress APITAG APITAG Steps to reproduce NUMBERTAG Login to your patient account NUMBERTAG On the next patient page, enter personal information into the form NUMBERTAG Click on the Submit button NUMBERTAG Intercept the request and insert the payload in the value of parameters NUMBERTAG Forward the request Example payload: APITAG Proof of concept CODETAG Response in Burpsuite FILETAG Source code review FILETAG FILETAG FILETAG FILETAG FILETAG Remediation Validate input of all vulnerable parameters in APITAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43631",
- "Issue_Url_old": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/5",
- "Issue_Url_new": "https://github.com/projectworldsofficial/hospital-management-system-in-php/issues/5",
- "Repo_new": "projectworldsofficial/hospital-management-system-in-php",
- "Issue_Created_At": "2021-11-08T14:00:14Z",
- "description": "SQL Injection vulnerability via \"appointment_no\" parameter in FILETAG . Author APITAG ( APITAG Version NUMBERTAG Steps to reproduce NUMBERTAG Go to Staff Login page NUMBERTAG Login with User Type = Clerk NUMBERTAG In the All Appointments page, click on a record in the list NUMBERTAG Intercept the request and insert the payload in the value of the APITAG parameter NUMBERTAG Forward the request Example payloads: Boolean based ERRORTAG Time based APITAG UNION based ERRORTAG Proof of concept ERRORTAG Response in Burpsuite Time based FILETAG UNION based FILETAG Source code review FILETAG FILETAG FILETAG FILETAG Remediation Validate input of the APITAG parameter in APITAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43724",
- "Issue_Url_old": "https://github.com/intelliants/subrion/issues/890",
- "Issue_Url_new": "https://github.com/intelliants/subrion/issues/890",
- "Repo_new": "intelliants/subrion",
- "Issue_Created_At": "2021-11-08T16:01:45Z",
- "description": "this is Cross Site Scripting (XSS). I have found Cross Site Scripting (XSS) bug in subrion CMS version NUMBERTAG in the Create Page functionality of the admin Account. Steps to Reproduce: just login as admin and clink this url URLTAG As an admin Create test page In the Add a Page section go to the Page Content then clink \u201cimage\u201d choose local file NUMBERTAG svg to upload in url : URLTAG the content of APITAG APITAG APITAG APITAG FILETAG and then double click NUMBERTAG svg we can get a url as FILETAG FILETAG open the url FILETAG Xss prompt box will pop up FILETAG Impact: Session cookies can be stolen , user can be redirected to phishing pages , browser of the user visiting this page can be controlled etc. POC's have been uploaded. FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.8,
- "impactScore": 2.7,
- "exploitabilityScore": 1.7
- },
- {
- "CVE_ID": "CVE-2022-26296",
- "Issue_Url_old": "https://github.com/riscv-boom/riscv-boom/issues/577",
- "Issue_Url_new": "https://github.com/riscv-boom/riscv-boom/issues/577",
- "Repo_new": "riscv-boom/riscv-boom",
- "Issue_Created_At": "2021-11-09T00:36:07Z",
- "description": "New transient execution attack on Boom.. APITAG Type of issue : bug report APITAG APITAG Impact : rtl refactoring APITAG Development Phase : proposal Hi, I found a new transient execution attack on risc v boom. The attack relies on the bug NUMBERTAG which is a performance bug originally. But the same bug can also be used to transiently poison the BIM table using a transiently accessed secret. The attached APITAG attack is a Meltdown type of attack where a supervisor mode software transiently leaks a secret from the machine mode software (i.e., either a firmware or an enclave). The attack is based on two vulnerabilities NUMBERTAG boom transiently executes load instruction before checking PMP violation , and NUMBERTAG BIM table can be transiently updated using the accessed value . The attack is quite slow than using D cache as a side channel, but it still works and almost correctly retrieves the secret value (i.e NUMBERTAG deadbeef ). Used boom commit: d NUMBERTAG c2c3f How to reproduce the attack: APITAG This can be mitigated by fixing either one of two bugs above. FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-43659",
- "Issue_Url_old": "https://github.com/halo-dev/halo/issues/1522",
- "Issue_Url_new": "https://github.com/halo-dev/halo/issues/1522",
- "Repo_new": "halo-dev/halo",
- "Issue_Created_At": "2021-11-09T07:20:53Z",
- "description": "Arbitrary file upload in the backend could cause a stored XSS vulnerability.. What is version of Halo has the issue NUMBERTAG What database are you using? Other What is your deployment method? Fat Jar Your site address. _No response_ What happened? At the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability. the file upload function points. APITAG upload HTML file, show success. APITAG access the HTML file, you can see that it is parsed by the browser. APITAG If you upload malicious XSS code, you will get the user's token, like this Payload CODETAG FILETAG APITAG Analyzing the code, it can be seen that all suffixes can be uploaded, and there is no restriction on the suffix name of the file APITAG Its recommended to only allow the parameter extension to be FILETAG or other image suffixes APITAG Relevant log output _No response_ Additional information _No response_",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-43674",
- "Issue_Url_old": "https://github.com/ThinkUpLLC/ThinkUp/issues/2289",
- "Issue_Url_new": "https://github.com/thinkupllc/thinkup/issues/2289",
- "Repo_new": "thinkupllc/thinkup",
- "Issue_Created_At": "2021-11-10T12:15:33Z",
- "description": "Possible Path manipulation vulnerability. Hello, I would like to report for path manipulation vulnerability. The path of the vulnrability: File APITAG line NUMBERTAG ERRORTAG File APITAG cache APITAG ERRORTAG File APITAG ERRORTAG File APITAG CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43700",
- "Issue_Url_old": "https://github.com/gongwalker/ApiManager/issues/26",
- "Issue_Url_new": "https://github.com/gongwalker/apimanager/issues/26",
- "Repo_new": "gongwalker/apimanager",
- "Issue_Created_At": "2021-11-10T13:32:12Z",
- "description": "APITAG NUMBERTAG sql injection. poc : python3 sqlmap.py u \" URLTAG \" sqlmap identified the following injection point(s) with a total of HTTP(s) requests: Parameter: tag (GET) Type: boolean based blind Title: AND boolean based blind WHERE or HAVING clause Payload: act=api&tag NUMBERTAG AND NUMBERTAG AND APITAG Type: time based blind Title: APITAG NUMBERTAG AND time based blind (query SLEEP) Payload: act=api&tag NUMBERTAG AND (SELECT NUMBERTAG FROM APITAG AND APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43466",
- "Issue_Url_old": "https://github.com/thymeleaf/thymeleaf-spring/issues/263",
- "Issue_Url_new": "https://github.com/thymeleaf/thymeleaf-spring/issues/263",
- "Repo_new": "thymeleaf/thymeleaf-spring",
- "Issue_Created_At": "2021-11-10T17:39:51Z",
- "description": "High vulnerability issue 'thymeleaf spring5' dependency JAR. Version of Thymeleaf : FILETAG Environment: Spring Boot NUMBERTAG Detailed steps to reproduce your issue: Veracode APITAG Composition Analysis' finds below given High vulnerability issue in all versions of 'thymeleaf spring5' dependency Jars. Any possible workarounds you may have found No High Severity CVETAG URLTAG Template Injection: thymeleaf spring5 is vulnerable to template injection. An attacker can inject malicious input through the render function in APITAG , leading to remote code execution. Can you please look into it ?",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43703",
- "Issue_Url_old": "https://github.com/forget-code/zzcms/issues/1",
- "Issue_Url_new": "https://github.com/forget-code/zzcms/issues/1",
- "Repo_new": "forget-code/zzcms",
- "Issue_Created_At": "2021-11-11T03:47:58Z",
- "description": "By disabling APITAG to bypass administrator authentication restrictions. The administrator authentication code in FILETAG is as follows FILETAG FILETAG is the web application administrator authentication page. When the identity authentication fails, it will jump to the login page. There is a problem with the jump code on line NUMBERTAG of FILETAG . The page is redirected through APITAG but the program execution is not stopped immediately after the jump. So after disabling APITAG you can directly access the administrator console.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45787",
- "Issue_Url_old": "https://github.com/magicblack/maccms10/issues/746",
- "Issue_Url_new": "https://github.com/magicblack/maccms10/issues/746",
- "Repo_new": "magicblack/maccms10",
- "Issue_Created_At": "2021-11-11T07:08:11Z",
- "description": "\u7f51\u7ad9\u540e\u53f0\u5b58\u6dfb\u52a0\u89c6\u9891\u5904\u5b58\u5728\u5b58\u50a8\u578bXSS\u6f0f\u6d1e. APITAG FILETAG \u63d2\u5165\u7684xss\u4ee3\u7801\u4e5f\u4f1a\u5728\u524d\u53f0\u88ab\u6267\u884c FILETAG APITAG \u53e6\u5916\uff0c\u540e\u53f0\u6dfb\u52a0\u6587\u7ae0\u5904\u4e5f\u6709\u76f8\u540c\u95ee\u9898",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-43707",
- "Issue_Url_old": "https://github.com/maccmspro/maccms10/issues/18",
- "Issue_Url_new": "https://github.com/maccmspro/maccms10/issues/18",
- "Repo_new": "maccmspro/maccms10",
- "Issue_Created_At": "2021-11-11T10:26:51Z",
- "description": "XSS. \u8fdb\u5165\u540e\u53f0\uff0c\u70b9\u51fb\u57fa\u7840 >\u53cb\u94fe\u7ba1\u7406 >\u6dfb\u52a0\uff0c\u5728\u540d\u79f0\u5904link_name FILETAG APITAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43775",
- "Issue_Url_old": "https://github.com/aimhubio/aim/issues/999",
- "Issue_Url_new": "https://github.com/aimhubio/aim/issues/999",
- "Repo_new": "aimhubio/aim",
- "Issue_Created_At": "2021-11-11T12:25:17Z",
- "description": "Security vulnerabilty. What would be the right contact to report a security vulnerabilty? thanks!",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 8.6,
- "impactScore": 4.0,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43678",
- "Issue_Url_old": "https://github.com/gaoming13/wechat-php-sdk/issues/30",
- "Issue_Url_new": "https://github.com/gaoming13/wechat-php-sdk/issues/30",
- "Repo_new": "gaoming13/wechat-php-sdk",
- "Issue_Created_At": "2021-11-11T13:57:38Z",
- "description": "Possible XSS vulnerability. Hello, I would like to report for XSS vulnerability. Vulnerability path File FILETAG Line NUMBERTAG ERRORTAG Line NUMBERTAG ERRORTAG Line NUMBERTAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43679",
- "Issue_Url_old": "https://github.com/shopex/ecshop/issues/4",
- "Issue_Url_new": "https://github.com/shopex/ecshop/issues/4",
- "Repo_new": "shopex/ecshop",
- "Issue_Created_At": "2021-11-11T15:27:51Z",
- "description": "Possible SQL injection vulnerability. Hello, I would like to report for SQLI vulnerability. Vulnerability path File PATHTAG APITAG File PATHTAG ERRORTAG File PATHTAG ERRORTAG File PATHTAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43681",
- "Issue_Url_old": "https://github.com/ZeroDream-CN/SakuraPanel/issues/23",
- "Issue_Url_new": "https://github.com/zerodream-cn/sakurapanel/issues/23",
- "Repo_new": "zerodream-cn/sakurapanel",
- "Issue_Created_At": "2021-11-11T16:17:30Z",
- "description": "Possible XSS vulnerability . Hello, I would like to report for XSS vulnerability. In file FILETAG line NUMBERTAG APITAG In function APITAG ERRORTAG line NUMBERTAG APITAG exit will terminate the script and print the message which have the value $data['proxy_name']. Then there is XSS vulnerability",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43682",
- "Issue_Url_old": "https://github.com/baijunyao/thinkphp-bjyblog/issues/6",
- "Issue_Url_new": "https://github.com/baijunyao/thinkphp-bjyblog/issues/6",
- "Repo_new": "baijunyao/thinkphp-bjyblog",
- "Issue_Created_At": "2021-11-11T16:39:45Z",
- "description": "Possible XSS vulnerability. Hello, I would like to report XSS vulnerability. In file FILETAG line NUMBERTAG APITAG In file FILETAG line NUMBERTAG function U APITAG function U APITAG function redirect CODETAG exit function will terminate the script and print the message to the user which has $_SERVER['HTTP_HOST']. Then there is XSS vulnerability.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43683",
- "Issue_Url_old": "https://github.com/HaschekSolutions/pictshare/issues/133",
- "Issue_Url_new": "https://github.com/hascheksolutions/pictshare/issues/133",
- "Repo_new": "hascheksolutions/pictshare",
- "Issue_Created_At": "2021-11-11T17:03:54Z",
- "description": "Possible XSS vulnerability. Hello, I would like to report for XSS vulnerability. in FILETAG function APITAG ERRORTAG line NUMBERTAG CODETAG exit function will terminate the script and print the message which has $_REQUEST['hash']. Then there is XSS vulnerability.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43685",
- "Issue_Url_old": "https://github.com/LibreTime/libretime/issues/1437",
- "Issue_Url_new": "https://github.com/libretime/libretime/issues/1760",
- "Repo_new": "libretime/libretime",
- "Issue_Created_At": "2021-11-11T18:10:07Z",
- "description": "Possible path manipulation vulnerability. Hello, I would like to report for path manipulation vulnerability. The path of the vulnerability. In file FILETAG line NUMBERTAG ERRORTAG line NUMBERTAG ERRORTAG line NUMBERTAG ERRORTAG In file FILETAG line NUMBERTAG ERRORTAG In file FILETAG line NUMBERTAG APITAG line NUMBERTAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-23732",
- "Issue_Url_old": "https://github.com/Quobject/docker-cli-js/issues/22",
- "Issue_Url_new": "https://github.com/quobject/docker-cli-js/issues/22",
- "Repo_new": "quobject/docker-cli-js",
- "Issue_Created_At": "2021-11-11T20:38:01Z",
- "description": "Document lack of sanitization. This code appears to use child processes but doesn't sanitize the input. A project I was working on used this code for something like the following to run something in a container of the user's choosing: APITAG If the user just entered a semicolon after the container name, they could easily inject/run arbitrary commands on the host machine. It's easy enough to only allow valid container names and nothing more in this instance, but the problem was not knowing that there was no sanitization being done behind the scenes. A more ambitious goal might be to make sure no malicious user input can get through, but until that's implemented there should at least be a note in the documentation about it.",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.0,
- "impactScore": 6.0,
- "exploitabilityScore": 2.2
- },
- {
- "CVE_ID": "CVE-2021-45710",
- "Issue_Url_old": "https://github.com/tokio-rs/tokio/issues/4225",
- "Issue_Url_new": "https://github.com/tokio-rs/tokio/issues/4225",
- "Repo_new": "tokio-rs/tokio",
- "Issue_Created_At": "2021-11-12T01:00:56Z",
- "description": "Race leads to panic in APITAG . Version Reproduced with tokio NUMBERTAG and NUMBERTAG Platform APITAG Description There is a race between APITAG , APITAG , and APITAG . The following program yields a panic roughly every NUMBERTAG seconds on my NUMBERTAG c NUMBERTAG t workstation, compiled with Rust NUMBERTAG in release mode: CODETAG All of the panics occur when APITAG attempts ERRORTAG . For example: ERRORTAG I suspect this is a race where the APITAG happens between the APITAG check and the ERRORTAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.1,
- "impactScore": 5.9,
- "exploitabilityScore": 2.2
- },
- {
- "CVE_ID": "CVE-2021-45786",
- "Issue_Url_old": "https://github.com/magicblack/maccms10/issues/747",
- "Issue_Url_new": "https://github.com/magicblack/maccms10/issues/747",
- "Repo_new": "magicblack/maccms10",
- "Issue_Created_At": "2021-11-12T07:46:08Z",
- "description": "There is an arbitrary user login vulnerability. View the login code\uff0c FILETAG In addition to logging in through the user name and password, you can also log in through the \"col\" and \"openid\" parameters, But these two parameters are completely controllable. That causing any user to login vulnerability poc\uff1a APITAG Local test results\uff1a APITAG APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43721",
- "Issue_Url_old": "https://github.com/leanote/desktop-app/issues/364",
- "Issue_Url_new": "https://github.com/leanote/desktop-app/issues/364",
- "Repo_new": "leanote/desktop-app",
- "Issue_Created_At": "2021-11-12T09:17:28Z",
- "description": "Markdown type note XSS issue. i found a xss problem in the markdown type note you can verify the XSS with payload: APITAG and This leads to remote code execution with payload : APITAG the test version is NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-44584",
- "Issue_Url_old": "https://github.com/emlog/emlog/issues/113",
- "Issue_Url_new": "https://github.com/emlog/emlog/issues/113",
- "Repo_new": "emlog/emlog",
- "Issue_Created_At": "2021-11-12T10:12:19Z",
- "description": "emlog pro NUMBERTAG has XSS Vulnerability. APITAG APITAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43686",
- "Issue_Url_old": "https://github.com/nZEDb/nZEDb/issues/2659",
- "Issue_Url_new": "https://github.com/nzedb/nzedb/issues/2659",
- "Repo_new": "nzedb/nzedb",
- "Issue_Created_At": "2021-11-12T15:10:52Z",
- "description": "Possible XSS vulnerability. Hello, I would like to report for XSS vulnerability. The path of the vulnerability file PATHTAG line NUMBERTAG ERRORTAG file PATHTAG in line NUMBERTAG ERRORTAG exit function will terminate the script and print the message which has the input $_GET['t']. Then there is XSS vulnerability.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43689",
- "Issue_Url_old": "https://github.com/yicenburan/manage/issues/2",
- "Issue_Url_new": "https://github.com/yicenburan/manage/issues/2",
- "Repo_new": "yicenburan/manage",
- "Issue_Created_At": "2021-11-12T21:31:27Z",
- "description": "Possible XSS vilnerability. Hello, I would like to report to XSS vulnerability. The path of the vulnerability. In file PATHTAG line NUMBERTAG ERRORTAG line NUMBERTAG ERRORTAG line NUMBERTAG ERRORTAG In file PATHTAG line NUMBERTAG ERRORTAG exit function will terminate the script and print a message to the user. Then there is XSS vulnerability because it contains values from $_POST.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43690",
- "Issue_Url_old": "https://github.com/Yurunsoft/YurunProxy/issues/3",
- "Issue_Url_new": "https://github.com/yurunsoft/yurunproxy/issues/3",
- "Repo_new": "yurunsoft/yurunproxy",
- "Issue_Created_At": "2021-11-13T17:22:16Z",
- "description": "Possible XSS vulnerability. Hello, I would like to report to XSS vulnerability. The path. In file FILETAG line NUMBERTAG CODETAG In file FILETAG line NUMBERTAG ERRORTAG In file FILETAG line NUMBERTAG ERRORTAG Exit function will terminate the script and print a message which have values from the socket_read. Which will lead to XSS vulnerability.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43691",
- "Issue_Url_old": "https://github.com/toocool/tripexpress/issues/40",
- "Issue_Url_new": "https://github.com/toocool/tripexpress/issues/40",
- "Repo_new": "toocool/tripexpress",
- "Issue_Created_At": "2021-11-13T17:44:22Z",
- "description": "Possible path manipulation vulnerability. Hello, I would like to report for path manipulation vulnerability. The path of the vulnerability. In file PATHTAG APITAG line NUMBERTAG ERRORTAG The variable src is coming from $_SERVER[\"argv\"]. Then there is path manipulation vulnerability.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43692",
- "Issue_Url_old": "https://github.com/zxq2233/youtube-php-mirroring/issues/3",
- "Issue_Url_new": "https://github.com/zxq2233/youtube-php-mirroring/issues/3",
- "Repo_new": "zxq2233/youtube-php-mirroring",
- "Issue_Created_At": "2021-11-13T18:06:33Z",
- "description": "Possible XSS vulnerability. Hello, I would like to report for XSS vulnerability. The path of the vulnerability: In file FILETAG ERRORTAG In file PATHTAG line NUMBERTAG ERRORTAG In file PATHTAG line NUMBERTAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43735",
- "Issue_Url_old": "https://github.com/arterli/CmsWing/issues/55",
- "Issue_Url_new": "https://github.com/arterli/cmswing/issues/55",
- "Repo_new": "arterli/cmswing",
- "Issue_Created_At": "2021-11-14T12:04:02Z",
- "description": "SQLi vulnerability in Cmswing NUMBERTAG Find a SQLi vulnerability in cmswing project version APITAG can be found in the analysis below. Local Test APITAG the background of the system, select update_channel module\uff0cthen edit it. FILETAG APITAG behavior rule APITAG FILETAG APITAG FILETAG APITAG anything, then save it.we can find sqli vulnerability. FILETAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43734",
- "Issue_Url_old": "https://github.com/kekingcn/kkFileView/issues/304",
- "Issue_Url_new": "https://github.com/kekingcn/kkfileview/issues/304",
- "Repo_new": "kekingcn/kkfileview",
- "Issue_Created_At": "2021-11-14T13:08:01Z",
- "description": "arbitrary file read vulnerability. APITAG arbitrary file read vulnerability APITAG APITAG APITAG APITAG NUMBERTAG has arbitrary file read vulnerability which may lead to sensitive file leak on related host\u3002 \u6f0f\u6d1e\u4f4d\u7f6evulerable code location PATHTAG APITAG The vulnerable code is located at line NUMBERTAG in PATHTAG . The value which passed through param APITAG supports file protocol. ERRORTAG APITAG APITAG URLTAG \u53ef\u5f97 The version of official demo site is NUMBERTAG isit URLTAG and the concept is proofed.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43736",
- "Issue_Url_old": "https://github.com/arterli/CmsWing/issues/56",
- "Issue_Url_new": "https://github.com/arterli/cmswing/issues/56",
- "Repo_new": "arterli/cmswing",
- "Issue_Created_At": "2021-11-14T13:13:32Z",
- "description": "RCE vulnerability in Cmswing NUMBERTAG Find a RCE vulnerability in cmswing project version APITAG can be found in the analysis below. Local Test APITAG the background of the system, select update_channel module\uff0cthen edit it. FILETAG APITAG log rule APITAG or APITAG FILETAG APITAG FILETAG APITAG anything, then save it. We can find that our code is executed FILETAG NUMBERTAG Get IP and open calc. FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43737",
- "Issue_Url_old": "https://github.com/hiliqi/xiaohuanxiong/issues/28",
- "Issue_Url_new": "https://github.com/hiliqi/xiaohuanxiong/issues/28",
- "Repo_new": "hiliqi/xiaohuanxiong",
- "Issue_Created_At": "2021-11-14T14:00:31Z",
- "description": "There is two CSRF vulnerability that can add the administrator account and modify administrator account's password. After the administrator logged in, open the following two page and Click the button, you can use javascript to create a APITAG that is triggered directly poc:one >add new administrator account CODETAG poc:two >modify administrator account's password CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-45711",
- "Issue_Url_old": "https://github.com/acw/simple_asn1/issues/27",
- "Issue_Url_new": "https://github.com/acw/simple_asn1/issues/27",
- "Repo_new": "acw/simple_asn1",
- "Issue_Created_At": "2021-11-14T14:37:35Z",
- "description": "Panic when decoding an invalid APITAG Hello, I hope this is the right place to report this; I didn't find any documentation for a preferred method for reporting security issues. The following code panics when trying to parse an invalid APITAG object: CODETAG The panic occurs because of these line in lib.rs: APITAG If the string is constructed in such a way that the first two bytes do not end on a character boundary, the slide operation will panic. Found by fuzzing a downstream library. I'll submit a patch ASAP.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43695",
- "Issue_Url_old": "https://github.com/IssabelFoundation/issabelPBX/issues/33",
- "Issue_Url_new": "https://github.com/issabelfoundation/issabelpbx/issues/33",
- "Repo_new": "issabelfoundation/issabelpbx",
- "Issue_Created_At": "2021-11-14T17:09:49Z",
- "description": "Possible XSS vilnerability. Hello, I would like to report for XSS vulnerability. The path of the vulnerability: In file FILETAG APITAG In file FILETAG FILETAG ERRORTAG $msg carry the value from $_REQUEST without sanitization. Then there is XSS vulnerability.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43696",
- "Issue_Url_old": "https://github.com/happyman/twmap/issues/57",
- "Issue_Url_new": "https://github.com/happyman/twmap/issues/57",
- "Repo_new": "happyman/twmap",
- "Issue_Created_At": "2021-11-14T23:34:42Z",
- "description": "Possible XSS vulnerability. Hello, I would like to report for XSS vulnerability. In file line NUMBERTAG APITAG exit function will terminate the script and print a message which has $_REQUEST. Then there is XSS vulnerability",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43697",
- "Issue_Url_old": "https://github.com/happyliu2014/Workerman-ThinkPHP-Redis/issues/1",
- "Issue_Url_new": "https://github.com/happyliu2014/workerman-thinkphp-redis/issues/1",
- "Repo_new": "happyliu2014/workerman-thinkphp-redis",
- "Issue_Created_At": "2021-11-14T23:42:27Z",
- "description": "Possible XSS vulnerability. Hello, I would like to report for XSS vulnerability. In file FILETAG line NUMBERTAG CODETAG exit function will terminate the script and print a message which has APITAG Then there is XSS vulnerability.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43698",
- "Issue_Url_old": "https://github.com/sparc/phpWhois.org/issues/21",
- "Issue_Url_new": "https://github.com/sparc/phpwhois.org/issues/21",
- "Repo_new": "sparc/phpwhois.org",
- "Issue_Created_At": "2021-11-15T00:27:17Z",
- "description": "Possible XSS vulnerability. Hello, I would like to report for XSS vulnerability. In file FILETAG CODETAG exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is XSS vulnerability.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-43745",
- "Issue_Url_old": "https://github.com/zadam/trilium/issues/2340",
- "Issue_Url_new": "https://github.com/zadam/trilium/issues/2340",
- "Repo_new": "zadam/trilium",
- "Issue_Created_At": "2021-11-15T01:40:53Z",
- "description": "Denial of Service. Preflight Checklist X] I have searched the [issue tracker URLTAG for a bug report that matches the one I want to file, without success. Trilium Version NUMBERTAG What operating system are you using? Windows What is your setup? Local (no sync) Operating System Version Windows NUMBERTAG APITAG Expected Behavior PATHTAG APITAG function NUMBERTAG lines: APITAG > APITAG Actual Behavior local sofeware listen NUMBERTAG send URLTAG similar DDOS FILETAG Additional Information _No response_",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44093",
- "Issue_Url_old": "https://github.com/94fzb/zrlog/issues/115",
- "Issue_Url_new": "https://github.com/94fzb/zrlog/issues/115",
- "Repo_new": "94fzb/zrlog",
- "Issue_Created_At": "2021-11-16T07:45:28Z",
- "description": "APITAG NUMBERTAG Remote command execution vulnerability. there is a remote command execution vulnerability at the upload avatar function on the background. APITAG upload pictures, then intercept data package, like this FILETAG then modify the file name to jsp , you can bypass the limit that cannot be uploaded by JSP files. FILETAG although JSP files have been uploaded, because of the existence of global interceptors, we cannot execute commands. it would return NUMBERTAG APITAG however, through my research, I found that the upload directory can be traversed. just modify the parameter dir , like this FILETAG then the file will be saved to the corresponding directory. APITAG access this file, successfully execute system command APITAG Code analysis. at APITAG APITAG APITAG CODETAG APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44079",
- "Issue_Url_old": "https://github.com/wazuh/wazuh/issues/10858",
- "Issue_Url_new": "https://github.com/wazuh/wazuh/issues/10858",
- "Repo_new": "wazuh/wazuh",
- "Issue_Created_At": "2021-11-16T09:26:07Z",
- "description": "Active response tools allow arbitrary code execution. APITAG APITAG APITAG APITAG NUMBERTAG Active response script | APITAG | Packages | APITAG NUMBERTAG This issue was reported by MENTIONTAG We found a command injection bug in the active response script FILETAG . The alert json data is put in the shell command line as POST body for curl : CODETAG However the raw log line which could be partially controlled by attacker is also included in the the json data. Single quote in json is not escaped and therefore could be used to truncate the command: APITAG Steps to reproduce as follows. First, we add the APITAG active response in the config: CODETAG Then we setup a web server on the client machine, and send request with crafted User Agent: APITAG The shellshock APITAG will trigger an alert, and the crafted User Agent value which is contained in web server access.log would also be included in the command line as follows: CODETAG Here we use the single quote to jump out of APITAG and inject the command APITAG with semicolons. We can verify that on the server where the APITAG is running(the wazuh manager machine in this case since we set the location as server in the active response config): APITAG Special thanks to MENTIONTAG for detecting and reporting this issue to the team.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43789",
- "Issue_Url_old": "https://github.com/PrestaShop/PrestaShop/issues/26623",
- "Issue_Url_new": "https://github.com/prestashop/prestashop/issues/26623",
- "Repo_new": "prestashop/prestashop",
- "Issue_Created_At": "2021-11-16T09:29:09Z",
- "description": "A. Prerequisites FILETAG X] I have already [searched in existing features request URLTAG and found no previous suggestion of this feature. Is your feature request related to a problem? s Describe the solution you'd like s Alternatives you've considered s Additional context s",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44094",
- "Issue_Url_old": "https://github.com/94fzb/zrlog/issues/116",
- "Issue_Url_new": "https://github.com/94fzb/zrlog/issues/116",
- "Repo_new": "94fzb/zrlog",
- "Issue_Created_At": "2021-11-16T11:45:07Z",
- "description": "APITAG NUMBERTAG has a remote command execution vulnerability at plugin download function. Just download a plugin and intercept your data package. APITAG data package like this APITAG modify the JAR just downloaded, join the malicious code in the startup class. APITAG then modify the parameter host to the malicious JAR file download address APITAG after download, malicious code will be executed APITAG Download Record APITAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44108",
- "Issue_Url_old": "https://github.com/open5gs/open5gs/issues/1247",
- "Issue_Url_new": "https://github.com/open5gs/open5gs/issues/1247",
- "Repo_new": "open5gs/open5gs",
- "Issue_Created_At": "2021-11-16T13:10:08Z",
- "description": "memory corruption and null pointer dereference. Thanks for the great project first. I have found some vulnerabilities during reading the source code. memory corruption in APITAG when nf receive sbi(http2) message with APITAG , APITAG in APITAG will try to parse all parts in the request, but the struct APITAG only have APITAG which is NUMBERTAG member, and this will cause a memory corruption to stack memory. below is a poc requests to crash the amfd(which listen on APITAG ERRORTAG null pointer dereference APITAG in amf will call APITAG in APITAG APITAG can parse a data without n2_info_container and return APITAG as null. This will skip the if on line NUMBERTAG ERRORTAG this case will not set APITAG , but on line NUMBERTAG APITAG is being dereferenced APITAG below is a poc crash amfd(this requires a live ue context, i was using ueransim to simulate a imsi NUMBERTAG here): CODETAG leommxj from Chaitin Security Research Lab.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44111",
- "Issue_Url_old": "https://github.com/s-cart/s-cart/issues/102",
- "Issue_Url_new": "https://github.com/s-cart/s-cart/issues/102",
- "Repo_new": "s-cart/s-cart",
- "Issue_Created_At": "2021-11-17T08:46:35Z",
- "description": "A bug that leads to Arbitrary file download. Describe the bug cod in PATHTAG CODETAG without any filter,can Splicing the path. poc: APITAG To Reproduce Steps to reproduce the behavior NUMBERTAG login in as admin NUMBERTAG isit the PATHTAG NUMBERTAG the file will be downloaded Screenshots FILETAG version newest NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.4,
- "impactScore": 3.6,
- "exploitabilityScore": 0.8
- },
- {
- "CVE_ID": "CVE-2021-44139",
- "Issue_Url_old": "https://github.com/alibaba/Sentinel/issues/2451",
- "Issue_Url_new": "https://github.com/alibaba/sentinel/issues/2451",
- "Repo_new": "alibaba/sentinel",
- "Issue_Created_At": "2021-11-18T05:38:15Z",
- "description": "Report a Sentinel Security Vulnerability about SSRF. \u4f60\u597d\uff0c\u6211\u662fthreedr3am of APITAG Security APITAG APITAG Issue Description Type: bug report \u7531\u4e8e\u8be5\u5f00\u6e90\u9879\u76ee\u7684sentinel dashboard PATHTAG APITAG APITAG APITAG APITAG dashboard\u53d1\u8d77\u4efb\u610fGET\u8bf7\u6c42\u3002 ERRORTAG NUMBERTAG APITAG ERRORTAG Describe what happened (or what feature you want) APITAG GET\u8bf7\u6c42\u7684SSRF\u653b\u51fb\u3002 APITAG Describe what you expected to happen SSRF How to reproduce it (as minimally and precisely as possible NUMBERTAG github\u62c9\u53d6\u5f00\u6e90\u4ee3\u7801 URLTAG NUMBERTAG PATHTAG NUMBERTAG nc lvvp NUMBERTAG localhost NUMBERTAG SSRF GET\u653b\u51fb\uff0ccurl XGET ' URLTAG \u53ef\u4ee5\u770b\u5230\uff0cnc\u76d1\u542c\u5230\u4e86GET\u8bf7\u6c42 CODETAG Tell us your environment Anything else we need to know?",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44273",
- "Issue_Url_old": "https://github.com/e2guardian/e2guardian/issues/707",
- "Issue_Url_new": "https://github.com/e2guardian/e2guardian/issues/707",
- "Repo_new": "e2guardian/e2guardian",
- "Issue_Created_At": "2021-11-20T21:40:29Z",
- "description": "NUMBERTAG Missing SSL hostname check. I tried e2guardian in a virtual machine today, running it as a standalone transparent proxy with SSL MITM, with the following iptables rules that redirect traffic to it (where NUMBERTAG is the uid of the user that e2guardian runs as): CODETAG I found that e2guardian enables browser connections to sites that it should not allow. One example is FILETAG This is very serious, because anyone on the path, who can intercept the connection or poison the DNS cache and thus redirect e2guardian's outgoing connection to a host under his control, now can perform a successful MITM attack. All he needs is any valid certificate e2guardian will accept it for any host. FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
- "severity": "HIGH",
- "baseScore": 7.4,
- "impactScore": 5.2,
- "exploitabilityScore": 2.2
- },
- {
- "CVE_ID": "CVE-2021-23803",
- "Issue_Url_old": "https://github.com/nette/latte/issues/279",
- "Issue_Url_new": "https://github.com/nette/latte/issues/279",
- "Repo_new": "nette/latte",
- "Issue_Created_At": "2021-11-21T07:06:14Z",
- "description": "There is a way to bypass APITAG Version NUMBERTAG Bug Description There is a way to bypass APITAG that will affect security. Steps To Reproduce ERRORTAG This will execute the system function. Expected Behavior Should throw an error not allowed by system function Possible Solution Use rigorous regular expression segmentation, or add more rigorous judgments in ERRORTAG function",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44255",
- "Issue_Url_old": "https://github.com/ccrisan/motioneyeos/issues/2843",
- "Issue_Url_new": "https://github.com/motioneye-project/motioneyeos/issues/2843",
- "Repo_new": "motioneye-project/motioneyeos",
- "Issue_Created_At": "2021-11-21T15:35:01Z",
- "description": "Lack of admin password leaves many publicly availble system vulnerable to RCE . As with many web based apps, the admin user can run arbitrary code on the underlying system via the web gui. While that may or may not be a security issue, and for meye use cases it probably isn\u2019t, I feel that the lack of password on the admin account has left many publicly available systems open to exploitation. I\u2019d suggest a feature to implement a random password on initial installation. Off hand, I don\u2019t really know how that would look. I may be able to implement something if I find time. Here is a link to my post about the code execution: URLTAG Long story short an admin can run arbitrary code via the option to run commands when motion is detected (obviously). Additionally, an admin can upload a backup that contains a malicious APITAG file that will execute arbitrary code.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.2,
- "impactScore": 5.9,
- "exploitabilityScore": 1.2
- },
- {
- "CVE_ID": "CVE-2021-44238",
- "Issue_Url_old": "https://github.com/loadream/AyaCMS/issues/2",
- "Issue_Url_new": "https://github.com/loadream/ayacms/issues/2",
- "Repo_new": "loadream/ayacms",
- "Issue_Created_At": "2021-11-22T03:02:39Z",
- "description": "APITAG NUMBERTAG has RCE vulnerability. vulnerability in PATHTAG Through code audit, it is found that the value of $code comes from the transfer parameters of form data. FILETAG Then through file_put ($file, $code) writes the passed parameters to the file. FILETAG The whole process does not filter the passed parameter $code, resulting in code execution. Reappearance NUMBERTAG login the admin and click the edit button FILETAG APITAG your malicious code FILETAG APITAG edited file is saved in PATHTAG access it. result FILETAG :",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.2,
- "impactScore": 5.9,
- "exploitabilityScore": 1.2
- },
- {
- "CVE_ID": "CVE-2021-32849",
- "Issue_Url_old": "https://github.com/Gerapy/Gerapy/issues/217",
- "Issue_Url_new": "https://github.com/gerapy/gerapy/issues/217",
- "Repo_new": "gerapy/gerapy",
- "Issue_Created_At": "2021-11-22T09:05:04Z",
- "description": "Security Issue: GHSL NUMBERTAG gerapy. The APITAG Security Lab reported a potential security vulnerability (GHSL NUMBERTAG gerapy) in your project on PATHTAG It has been NUMBERTAG days since our initial report and as per our coordinated disclosure policy, we intend to publish a public advisory detailing this issue. If you do wish to further coordinate a response to this issue with the APITAG Security Lab, please contact us at EMAILTAG within the next NUMBERTAG days in reference to GHSL NUMBERTAG gerapy and we would love to help you resolve these issues. If not, feel free to close this issue after which we will proceed with advisory publication.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-44150",
- "Issue_Url_old": "https://github.com/tusdotnet/tusdotnet/issues/157",
- "Issue_Url_new": "https://github.com/tusdotnet/tusdotnet/issues/157",
- "Repo_new": "tusdotnet/tusdotnet",
- "Issue_Created_At": "2021-11-22T11:42:09Z",
- "description": "Tus client uses a deprecated cryptographic function to calculate the file checksums. SHA NUMBERTAG is not collision resistant, which makes it easier for context dependent attackers to conduct tampering attacks and alter the checksum which makes it possible to alter the file being uploaded itself. For a long time, it has been possible \"to find collisions for SHA1 and that thus it is not secure to use for digital signatures, file integrity, and file identification purposes\". see: URLTAG Also: URLTAG CVETAG Finding: FILETAG URLTAG URLTAG URLTAG FILETAG URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44219",
- "Issue_Url_old": "https://github.com/flipped-aurora/gin-vue-admin/issues/813",
- "Issue_Url_new": "https://github.com/flipped-aurora/gin-vue-admin/issues/813",
- "Repo_new": "flipped-aurora/gin-vue-admin",
- "Issue_Created_At": "2021-11-23T08:05:36Z",
- "description": "APITAG Security Issues. gin vue admin NUMBERTAG Node \u7248\u672c APITAG Golang \u7248\u672c go NUMBERTAG bug\u63cf\u8ff0 \u53d1\u73b0\u4e86\u4e00\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u5df2\u7ecf\u901a\u8fc7\u90ae\u7bb1\u8054\u7cfb\u4f60\u3002 \u4fee\u6539\u5efa\u8bae \u5f88\u597d\u4fee\u590d",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45746",
- "Issue_Url_old": "https://github.com/WeBankPartners/wecube-platform/issues/2297",
- "Issue_Url_new": "https://github.com/webankpartners/wecube-platform/issues/2297",
- "Repo_new": "webankpartners/wecube-platform",
- "Issue_Created_At": "2021-11-23T08:43:10Z",
- "description": "Path Manipulation. URLTAG URLTAG URLTAG We found 'file' may be contaminated on line NUMBERTAG of APITAG of unfiltered data in selection of requested application file path could lead to sensitive data disclosure and potential theft of proprietary business logic.It will affect on line NUMBERTAG of APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-4021",
- "Issue_Url_old": "https://github.com/radareorg/radare2/issues/19436",
- "Issue_Url_new": "https://github.com/radareorg/radare2/issues/19436",
- "Repo_new": "radareorg/radare2",
- "Issue_Created_At": "2021-11-23T14:42:29Z",
- "description": "APITAG analysing ELF NUMBERTAG binary for MIPS architecture. Environment ERRORTAG Description We found with MENTIONTAG an ELF NUMBERTAG binary for MIPS architecture that hangs when analysed. We think this is caused by mapping a huge section that is interpreted as NOPs. If we modify the size of the section, the analysis doesn't hang. While this is not an infinite loop, it can be very long. And this has been acknowledged as a APITAG in the past (see NUMBERTAG Test CODETAG APITAG ERRORTAG ERRORTAG CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44686",
- "Issue_Url_old": "https://github.com/dwisiswant0/advisory/issues/18",
- "Issue_Url_new": "https://github.com/dwisiswant0/advisory/issues/18",
- "Repo_new": "dwisiswant0/advisory",
- "Issue_Created_At": "2021-11-23T15:34:30Z",
- "description": "APITAG in launchpad NUMBERTAG Description _TBD_ CVE ID : _N/A_ References _URL_",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44269",
- "Issue_Url_old": "https://github.com/dbry/WavPack/issues/110",
- "Issue_Url_new": "https://github.com/dbry/wavpack/issues/110",
- "Repo_new": "dbry/wavpack",
- "Issue_Created_At": "2021-11-23T17:17:36Z",
- "description": "A heap Out of bounds Read in APITAG (src/pack_utils.c). Hi, I have found a heap out of bounds read bug in function APITAG base on the commit APITAG code that caused crash shows below: APITAG CODETAG Crash file: FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2019-18413",
- "Issue_Url_old": "https://github.com/typestack/class-validator/issues/1422",
- "Issue_Url_new": "https://github.com/typestack/class-validator/issues/1422",
- "Repo_new": "typestack/class-validator",
- "Issue_Created_At": "2021-11-25T03:20:15Z",
- "description": "security: SNYK JS CLASSVALIDATOR NUMBERTAG Description APITAG URLTAG Affected versions of this package are vulnerable to Improper Input Validation via bypassing the input validation in APITAG which can lead to cross site scripting (XSS) or SQL injection. NOTE: There is an optional APITAG parameter that can be used to reduce the risk of this bypass.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2022-23389",
- "Issue_Url_old": "https://github.com/sanluan/PublicCMS/issues/59",
- "Issue_Url_new": "https://github.com/sanluan/publiccms/issues/59",
- "Repo_new": "sanluan/publiccms",
- "Issue_Created_At": "2021-11-25T10:38:25Z",
- "description": "Arbitrary command execution vulnerability\uff08\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff09. APITAG NUMBERTAG alue parameter has command execution vulnerability",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44351",
- "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/28",
- "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/28",
- "Repo_new": "navigatecms/navigate-cms",
- "Issue_Created_At": "2021-11-25T14:27:44Z",
- "description": "arbitrary file read vulnerability. exp after login ,we can see our sid in cookies FILETAG for example my sid is APITAG then you can get arbitrary file by APITAG FILETAG APITAG you can get some Sensitive information such as mysql user/password analysis FILETAG FILETAG and in PATHTAG FILETAG we can rewrite bypass this filter. suggest you can use APITAG \"hacker\") rather than APITAG \"\")",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44299",
- "Issue_Url_old": "https://github.com/NavigateCMS/Navigate-CMS/issues/29",
- "Issue_Url_new": "https://github.com/navigatecms/navigate-cms/issues/29",
- "Repo_new": "navigatecms/navigate-cms",
- "Issue_Created_At": "2021-11-25T17:38:20Z",
- "description": "Reflected XSS attack in PATHTAG with the theme parameter in APITAG NUMBERTAG EXPECTED BEHAVIOUR An authenticated malicious user can take advantage of a Reflected XSS vulnerability in the themes feature. exp APITAG FILETAG analysis PATHTAG line NUMBERTAG without any filter. CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-46790",
- "Issue_Url_old": "https://github.com/tuxera/ntfs-3g/issues/16",
- "Issue_Url_new": "https://github.com/tuxera/ntfs-3g/issues/16",
- "Repo_new": "tuxera/ntfs-3g",
- "Issue_Created_At": "2021-11-25T22:42:53Z",
- "description": "Heap overflow in ntfsck. Hello. I have found a vulnerability in the NTFS NUMBERTAG G driver, specifically in the ntfsck tool (see: FILETAG . In the _check_file_record_ function, the update sequence array is applied, but no proper boundary checks are implemented, so the function can write bytes from the update sequence array beyond the buffer being checked. The vulnerable code is here URLTAG : usa_ofs = le NUMBERTAG to_cpu(mft_rec >usa_ofs); usa_count = le NUMBERTAG to_cpu(mft_rec >usa_count); [...] // Remove update seq & check it. usa = (u NUMBERTAG buffer+usa_ofs); // The value that should be at the end of every sector. assert_u NUMBERTAG equal(usa_count NUMBERTAG buflen/NTFS_BLOCK_SIZE, \"USA length\"); for (i NUMBERTAG i<usa_count;i++) { u NUMBERTAG fixup = (u NUMBERTAG buffer+NTFS_BLOCK_SIZE i NUMBERTAG the value at the end of the sector. u NUMBERTAG saved_val = (u NUMBERTAG buffer+usa_ofs NUMBERTAG i); // the actual data value that was saved in the us array. assert_u NUMBERTAG equal( fixup, usa, \"fixup\"); fixup = saved_val; // remove it. } If _buflen_ is NUMBERTAG but the update sequence array contains NUMBERTAG entries (including the first one, which you call _usa_), the loop will replace bytes NUMBERTAG times, at the following offsets: APITAG (within the buffer), APITAG (within the buffer), APITAG (beyond the allocated buffer size). APITAG offset of the first attribute should be set to make room for additional entries in the update sequence array, so the _usa_ofs+usa_count <= attrs_offset_ check is passed.) Thus, bytes beyond the allocated buffer can be replaced, this is a heap overflow. It should be noted that the _assert_u NUMBERTAG equal_ function just reports the errors, it doesn\u2019t terminate the execution flow. Since the _ntfsck_ tool is used in some APITAG distributions (it\u2019s APITAG in Fedora), I strongly suggest implementing a fix. Report date (to _info at tuxera dot com NUMBERTAG No reply. Ping (to _info at tuxera dot com NUMBERTAG No reply.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44550",
- "Issue_Url_old": "https://github.com/stanfordnlp/CoreNLP/issues/1222",
- "Issue_Url_new": "https://github.com/stanfordnlp/corenlp/issues/1222",
- "Repo_new": "stanfordnlp/corenlp",
- "Issue_Created_At": "2021-11-26T09:00:27Z",
- "description": "Header Manipulation. URLTAG We found 'classifier' may be contaminated on line NUMBERTAG of APITAG unvalidated data in an HTTP response header can enable cache poisoning, cross site scripting, cross user defacement, page hijacking, cookie manipulation or open redirect..It will affect on line NUMBERTAG of APITAG NUMBERTAG and NUMBERTAG have similar problems.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45712",
- "Issue_Url_old": "https://github.com/pyros2097/rust-embed/issues/159",
- "Issue_Url_new": "https://github.com/pyrossh/rust-embed/issues/159",
- "Repo_new": "pyrossh/rust-embed",
- "Issue_Created_At": "2021-11-27T19:16:22Z",
- "description": "Directory traversal attack allowed when running in debug mode. ERRORTAG This code will (assuming you have the correct number of APITAG s), print out the contents of your APITAG .",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44347",
- "Issue_Url_old": "https://github.com/yeyinshi/tuzicms/issues/7",
- "Issue_Url_new": "https://github.com/yeyinshi/tuzicms/issues/7",
- "Repo_new": "yeyinshi/tuzicms",
- "Issue_Created_At": "2021-11-28T13:01:01Z",
- "description": "PATHTAG has APITAG PATHTAG line NUMBERTAG public function APITAG //dump($_POST); //exit; APITAG //\u6570\u636e\u5e93\u8868\uff0c\u914d\u7f6e\u6587\u4ef6\u4e2d\u5b9a\u4e49\u4e86\u8868\u524d\u7f00\uff0c\u8fd9\u91cc\u5219\u4e0d\u9700\u8981\u5199 $id = APITAG //dump($id); //exit; if ($id==null){ $this >error('\u8bf7\u9009\u62e9\u5220\u9664\u9879\uff01'); } //\u5224\u65adid\u662f\u6570\u7ec4\u8fd8\u662f\u4e00\u4e2a\u6570\u503c if(is_array($id)){ $where = 'id APITAG APITAG \u51fd\u6570\u8fd4\u56de\u4e00\u4e2a\u7531\u6570\u7ec4\u5143\u7d20\u7ec4\u5408\u6210\u7684\u5b57\u7b26\u4e32 }else{ $where = APITAG } //dump($where); //exit; $count=$m >where($where) APITAG //\u4fee\u6539\u8868\u5355\u7528save\u51fd\u6570 if ($count NUMBERTAG this >success(\"\u6210\u529f\u5220\u9664{$count}\u6761\uff01\"); } else { $this >error('\u6279\u91cf\u5220\u9664\u5931\u8d25\uff01'); } } } This's APITAG POC: URLTAG APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44349",
- "Issue_Url_old": "https://github.com/yeyinshi/tuzicms/issues/8",
- "Issue_Url_new": "https://github.com/yeyinshi/tuzicms/issues/8",
- "Repo_new": "yeyinshi/tuzicms",
- "Issue_Created_At": "2021-11-28T13:02:52Z",
- "description": "PATHTAG has APITAG PATHTAG line NUMBERTAG public function APITAG //\u67e5\u8be2\u6307\u5b9aid\u7684\u680f\u76ee\u4fe1\u606f APITAG APITAG >where(\"id=$id\") >order('column_sort') APITAG POC: URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44348",
- "Issue_Url_old": "https://github.com/yeyinshi/tuzicms/issues/9",
- "Issue_Url_new": "https://github.com/yeyinshi/tuzicms/issues/9",
- "Repo_new": "yeyinshi/tuzicms",
- "Issue_Created_At": "2021-11-28T13:04:16Z",
- "description": "PATHTAG PATHTAG line NUMBERTAG public function APITAG { //\u67e5\u8be2\u6307\u5b9aid\u7684\u680f\u76ee\u4fe1\u606f APITAG APITAG >where(\"id=$id\") APITAG POC: URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-32061",
- "Issue_Url_old": "https://github.com/sa7mon/S3Scanner/issues/122",
- "Issue_Url_new": "https://github.com/sa7mon/s3scanner/issues/122",
- "Repo_new": "sa7mon/s3scanner",
- "Issue_Created_At": "2021-11-28T21:06:52Z",
- "description": "CVETAG : Path Traversal via dump of malicious bucket. tl;dr In version NUMBERTAG and older of APITAG if a user attempts to dump the contents of a bucket which contains objects with special characters in their keys, those characters can be used to save the files outside of the folder specified with APITAG . Thanks I'd like to give a huge thanks to a security researcher named APITAG URLTAG for reporting this issue to me. They provided a detailed explanation and helped walk me through the steps to reproduce. Very excellent experience. The Bug The issue is what's commonly known as a \"path traversal\" vulnerability. In this case, though, it's the ability to save files outside the intended area as opposed to reading files. For example: this bucket was created by APITAG for demonstration purposes. APITAG See how the object keys contain APITAG ? When APITAG goes to download that file, it concatenates the dump directory and this key to form the file path the file should get downloaded to. So if a user ran the following command: APITAG they would end up with a file called APITAG in APITAG which is one level up from where they wanted it. By adding a bunch of these characters together ( APITAG ) an attacker could craft a malicious object key which would place their file anywhere on the APITAG user's system. You may be surprised (like I was) to learn that AWS allows such characters in object keys. Their documentation FILETAG that while you can do this, there are limitations: > ... > > In addition, be aware of the following prefix limitations: > > Objects with a prefix of \"./\" must uploaded or downloaded with the AWS Command Line Interface (AWS CLI), AWS SDKs, or REST API. You cannot use the Amazon S3 console. > > Objects with a prefix of \"../\" cannot be uploaded using the AWS Command Line Interface (AWS CLI) or Amazon S3 console. In the \"real world\" the chances of an APITAG user encountering a bucket with these \"malicious\" keys is very low especially considering I was not able to create such a bucket of my own. This threat poses a fairly low risk since the difficulty of pulling off the attack is a bit high and would only happen if a bad actor was purposely targeting users of this tool. APITAG has engaged MITRE who has reserved CVETAG CVETAG for this vulnerability. The CVE will be updated after this advisory has been posted. Remediation The good news is that I have already pushed the fix for this issue NUMBERTAG If an object to be downloaded has a key that would land outside of the APITAG , the file won't be downloaded. The user will get a message that looks like this: APITAG I'll be drafting the NUMBERTAG release to push out this update across the git repo, APITAG package, and Docker image.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44350",
- "Issue_Url_old": "https://github.com/top-think/framework/issues/2613",
- "Issue_Url_new": "https://github.com/top-think/framework/issues/2613",
- "Repo_new": "top-think/framework",
- "Issue_Created_At": "2021-11-29T01:27:44Z",
- "description": "SQL injection vulnerability. Version NUMBERTAG APITAG Finally, error injection is triggered\uff1a FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44554",
- "Issue_Url_old": "https://github.com/cybelesoft/virtualui/issues/1",
- "Issue_Url_new": "https://github.com/cybelesoft/virtualui/issues/1",
- "Repo_new": "cybelesoft/virtualui",
- "Issue_Created_At": "2021-11-29T09:16:36Z",
- "description": "Vulnerability User Enumeration Unauthenticated. Dear Cybele Software, My name is Daniel Morales, from the IT Security Team of ARHS Spikeseed. I recently found a vulnerability in Thinfinity APITAG that allows a malicious actor to enumerate users registered in the OS APITAG through APITAG How it works By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to the configuration of APITAG Common users are administrator, admin, guest and krgtbt Payload The vulnerable vector is \" URLTAG \" where \"USERNAME\" need to be brute forced. Vulnerable versions It has been tested in APITAG version NUMBERTAG and NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44585",
- "Issue_Url_old": "https://github.com/jeecgboot/jeecg-boot/issues/3223",
- "Issue_Url_new": "https://github.com/jeecgboot/jeecg-boot/issues/3223",
- "Repo_new": "jeecgboot/jeecg-boot",
- "Issue_Created_At": "2021-11-30T09:33:40Z",
- "description": "\u53cd\u5c04\u578bXSS NUMBERTAG URLTAG \u622a\u56fe&\u4ee3\u7801\uff1a FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-44586",
- "Issue_Url_old": "https://github.com/qinming99/dst-admin/issues/28",
- "Issue_Url_new": "https://github.com/qinming99/dst-admin/issues/28",
- "Repo_new": "qinming99/dst-admin",
- "Issue_Created_At": "2021-11-30T11:26:05Z",
- "description": "A security issue. Hi,guys! There is a serious security problem in your code. About a few weeks ago, I found a function point in your website background that can lead to arbitrary file download But it must use a account and password. However, I found a new way to download any file in unauth. That means I can download any file without authorization without using my account and password . Here is the example APITAG Target: URLTAG And the http data is: CODETAG poc: PATHTAG Remember to use burpsuite not browser Have a nice day!",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44591",
- "Issue_Url_old": "https://github.com/libming/libming/issues/235",
- "Issue_Url_new": "https://github.com/libming/libming/issues/235",
- "Repo_new": "libming/libming",
- "Issue_Created_At": "2021-12-01T05:31:44Z",
- "description": "Memory allocation failure caused by the missing boundary check in APITAG version: master(commit NUMBERTAG aee NUMBERTAG URLTAG ) command: listswf $FILE ERRORTAG The cause of this bug is the lack of boundary checks. Specifically, in the APITAG function, the size of end and APITAG is not compared when APITAG is called. As a result, APITAG may be a negative integer, which eventually leads to allocation failure. The detailed call chain analysis is as follows. Download poc URLTAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-44590",
- "Issue_Url_old": "https://github.com/libming/libming/issues/236",
- "Issue_Url_new": "https://github.com/libming/libming/issues/236",
- "Repo_new": "libming/libming",
- "Issue_Created_At": "2021-12-01T06:02:37Z",
- "description": "Memory allocation failure in cws2fws. version: master(commit NUMBERTAG aee NUMBERTAG command: listswf $FILE ERRORTAG A large integer passed to realloc, causing the allocation failure. The detailed call chain analysis is as follows. Download poc URLTAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-44608",
- "Issue_Url_old": "https://github.com/alexlang24/bloofoxCMS/issues/12",
- "Issue_Url_new": "https://github.com/alexlang24/bloofoxcms/issues/12",
- "Repo_new": "alexlang24/bloofoxcms",
- "Issue_Created_At": "2021-12-01T15:46:38Z",
- "description": "APITAG Cross Site Scripting (XSS) APITAG I found two Authenticated Cross Site Scripting in 'file' parameter and 'type' parameter Cross Site Scripting in the parameter 'file' APITAG FILETAG Cross Site Scripting in the parameter 'type' APITAG FILETAG Impact The attacker can execute a HTML/JS Code the attacker can stealing cookies",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-43801",
- "Issue_Url_old": "https://github.com/mercurius-js/mercurius/issues/677",
- "Issue_Url_new": "https://github.com/mercurius-js/mercurius/issues/677",
- "Repo_new": "mercurius-js/mercurius",
- "Issue_Created_At": "2021-12-01T16:53:59Z",
- "description": "Context can be undefined in the error handler. In production it's possible to see: ERRORTAG This can happen if an error is thrown in a hook. We should be adding back the check for Context in the error handler. APITAG posted by MENTIONTAG in URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-43857",
- "Issue_Url_old": "https://github.com/Gerapy/Gerapy/issues/219",
- "Issue_Url_new": "https://github.com/gerapy/gerapy/issues/219",
- "Repo_new": "gerapy/gerapy",
- "Issue_Created_At": "2021-12-02T12:51:31Z",
- "description": "Gerapy NUMBERTAG project_configure function exist remote code execute !!!. Hi, your project find a vulnerability source location: URLTAG POC\uff1a POST PATHTAG HTTP NUMBERTAG Host: x.x.x.x User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG APITAG (KHTML, like Gecko) APITAG Safari NUMBERTAG Accept: application/json, text/plain, / Authorization: Token $token Content Type: application/x www form urlencoded Content Length NUMBERTAG spider\": \" APITAG | APITAG \"} FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-44610",
- "Issue_Url_old": "https://github.com/alexlang24/bloofoxCMS/issues/13",
- "Issue_Url_new": "https://github.com/alexlang24/bloofoxcms/issues/13",
- "Repo_new": "alexlang24/bloofoxcms",
- "Issue_Created_At": "2021-12-02T13:03:52Z",
- "description": "Multiple SQL injection vulnerabilities . APITAG NUMBERTAG have no security filtering of user input parameters in the admin center page. resulting in a large number of sql injection vulnerabilities URLTAG We can use sqlmap to validate\uff1a ERRORTAG FILETAG URLTAG CODETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2022-22123",
- "Issue_Url_old": "https://github.com/halo-dev/halo/issues/1557",
- "Issue_Url_new": "https://github.com/halo-dev/halo/issues/1557",
- "Repo_new": "halo-dev/halo",
- "Issue_Created_At": "2021-12-02T14:09:30Z",
- "description": "\u5904\u7406\u540e\u53f0\u5404\u4e2a\u8f93\u5165\u6846\u7684 XSS \u5b89\u5168\u95ee\u9898. What is version of Halo has the issue NUMBERTAG What database are you using? H2 What is your deployment method? Fat Jar Your site address. _No response_ What happened? APITAG APITAG APITAG Relevant log output _No response_ Additional information _No response_",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-44667",
- "Issue_Url_old": "https://github.com/alibaba/nacos/issues/7359",
- "Issue_Url_new": "https://github.com/alibaba/nacos/issues/7359",
- "Repo_new": "alibaba/nacos",
- "Issue_Created_At": "2021-12-04T19:23:34Z",
- "description": "This is a XSS vulnerabilities. Nacos has xss vulnerability Trigger condition: no verification required version: Nacos NUMBERTAG payload: APITAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-44868",
- "Issue_Url_old": "https://github.com/ming-soft/MCMS/issues/58",
- "Issue_Url_new": "https://github.com/ming-soft/mcms/issues/58",
- "Repo_new": "ming-soft/mcms",
- "Issue_Created_At": "2021-12-05T17:24:31Z",
- "description": "MCMS NUMBERTAG PATHTAG hava a SQL Injection Vulnerability. Vulnerability file: PATHTAG Vulnerability tracking path: CODETAG poc ERRORTAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44866",
- "Issue_Url_old": "https://github.com/projectworldsofficial/Online-Movie-Ticket-Booking-System-in-php/issues/6",
- "Issue_Url_new": "https://github.com/projectworldsofficial/online-movie-ticket-booking-system-in-php/issues/6",
- "Repo_new": "projectworldsofficial/online-movie-ticket-booking-system-in-php",
- "Issue_Created_At": "2021-12-06T08:59:58Z",
- "description": "SQL Injection vulnerability via the \"id\" parameter in FILETAG . Hey,I think there is a SQL Injection vulnerability in this system. The file FILETAG does not perform input validation on the 'id' paramter. So An attacker can append SQL queries to the input to extract sensitive information from the database. APITAG to the about page: Example: URLTAG APITAG the request to file. Example: GET APITAG HTTP NUMBERTAG Host: APITAG User Agent: Mozilla NUMBERTAG APITAG NT NUMBERTAG Win NUMBERTAG r NUMBERTAG Gecko NUMBERTAG Firefo NUMBERTAG Accept: PATHTAG / ;q NUMBERTAG Accept Language: zh CN,zh; APITAG TW; APITAG HK; APITAG US; APITAG Accept Encoding: gzip, deflate Connection: close Cookie: APITAG Upgrade Insecure Requests NUMBERTAG APITAG APITAG on the file Example:sqlmap r FILETAG dbms=mysql threads NUMBERTAG APITAG sensitive information from the database FILETAG APITAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2022-22124",
- "Issue_Url_old": "https://github.com/halo-dev/halo/issues/1575",
- "Issue_Url_new": "https://github.com/halo-dev/halo/issues/1575",
- "Repo_new": "halo-dev/halo",
- "Issue_Created_At": "2021-12-06T12:01:50Z",
- "description": "\u4e0a\u4f20 SVG \u56fe\u7247\u53ef\u80fd\u5f15\u53d1\u7684 XSS NUMBERTAG H2 \u4f7f\u7528\u7684\u54ea\u79cd\u65b9\u5f0f\u90e8\u7f72\uff1f Fat Jar \u5728\u7ebf\u7ad9\u70b9\u5730\u5740 _No response_ \u53d1\u751f\u4e86\u4ec0\u4e48\uff1f SVG \u6587\u4ef6\u5305\u542b JS \u811a\u672c\u53ef\u80fd\u4f1a\u5f15\u53d1\u7684 XSS APITAG SVG \u6587\u4ef6\u793a\u4f8b\uff1a CODETAG \u76f8\u5173\u65e5\u5fd7\u8f93\u51fa _No response_ \u9644\u52a0\u4fe1\u606f _No response_",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-44960",
- "Issue_Url_old": "https://github.com/svgpp/svgpp/issues/101",
- "Issue_Url_new": "https://github.com/svgpp/svgpp/issues/101",
- "Repo_new": "svgpp/svgpp",
- "Issue_Created_At": "2021-12-06T16:55:10Z",
- "description": "New vulnerability. FILETAG APITAG The APITAG function in the APITAG function handled the APITAG object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the APITAG function. APITAG APITAG NUMBERTAG ERROR: APITAG SEGV on unknown address NUMBERTAG pc NUMBERTAG d NUMBERTAG e bp NUMBERTAG fffc6d NUMBERTAG dd0 sp NUMBERTAG fffc6d NUMBERTAG T0) APITAG signal is caused by a READ memory access. APITAG address points to the zero page NUMBERTAG d NUMBERTAG e in APITAG const PATHTAG NUMBERTAG d NUMBERTAG e in APITAG const APITAG const ) PATHTAG NUMBERTAG d NUMBERTAG e in bool APITAG APITAG APITAG double, svgpp::tag::length_units::mm> const> >, APITAG >, APITAG APITAG APITAG APITAG APITAG >, APITAG >, APITAG >, APITAG APITAG APITAG APITAG const , Canvas, APITAG const const&, Canvas&, svgpp::tag::element::svg) PATHTAG NUMBERTAG d NUMBERTAG e in bool APITAG APITAG APITAG double, svgpp::tag::length_units::mm> const> >, APITAG >, APITAG APITAG APITAG APITAG APITAG >, APITAG >, APITAG >, APITAG APITAG APITAG APITAG const , APITAG const const&, Canvas&) PATHTAG NUMBERTAG d NUMBERTAG e in APITAG APITAG PATHTAG NUMBERTAG d8b NUMBERTAG in main PATHTAG NUMBERTAG fb2c6bd3d NUMBERTAG in __libc_start_main PATHTAG NUMBERTAG bc9 in _start ( PATHTAG ) APITAG can not provide additional info. SUMMARY: APITAG SEGV PATHTAG in APITAG const NUMBERTAG ABORTING APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-44915",
- "Issue_Url_old": "https://github.com/taogogo/taocms/issues/8",
- "Issue_Url_new": "https://github.com/taogogo/taocms/issues/8",
- "Repo_new": "taogogo/taocms",
- "Issue_Created_At": "2021-12-07T08:51:23Z",
- "description": "There is SQL blind injection at APITAG APITAG administrator authority). Log in to the background as the default account admin. FILETAG We click in order and grab packets: FILETAG FILETAG FILETAG There is a time based blind SQL injection vulnerability in the location of id. FILETAG FILETAG POC: FILETAG APITAG AND (SELECT NUMBERTAG FROM APITAG AND APITAG sqlmap: Save the HTTP request package as a file . FILETAG Test using the APITAG tool : FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.2,
- "impactScore": 5.9,
- "exploitabilityScore": 1.2
- },
- {
- "CVE_ID": "CVE-2022-22890",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4847",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4847",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-12-07T08:52:59Z",
- "description": "Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != APITAG in js scanner util (scanner_pop_literal_pool). APITAG revision NUMBERTAG URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Execution steps & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2022-22888",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4848",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4848",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-12-07T10:36:37Z",
- "description": "Stack overflow in ecma objects (ecma_op_object_find_own). APITAG revision NUMBERTAG URLTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG Execution steps & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44892",
- "Issue_Url_old": "https://github.com/Stakcery/Web-Security/issues/1",
- "Issue_Url_new": "https://github.com/y4tacker/web-security/issues/1",
- "Repo_new": "y4tacker/web-security",
- "Issue_Created_At": "2021-12-07T13:08:51Z",
- "description": "APITAG has a remote command execution vulnerability. Some time ago I submitted a vulnerability in the Chinese APITAG are the details. You can find this in URLTAG This is due to the combination of two functions(thinkphp) resulting in the command execution ERRORTAG As you know, these two functions are related to template rendering, and this combination has been seen in Chinese APITAG are the utilization details; First we create the route according to the official documentation; At first\uff0ccreate APITAG ERRORTAG then create APITAG APITAG is no need for any content in this like this FILETAG then We need APITAG it can send payload without url encoded characters APITAG FILETAG thinkphp will save access logs APITAG with date FILETAG then we just need to type url below: ERRORTAG success\uff01\uff01\uff01we can contain malicious payloads\uff01\uff01\uff01 FILETAG Next I will explain how this vulnerability was created. The following simplifies my narrative with pictures instead of words FILETAG then We can override the parameters in $this APITAG FILETAG then follow the function display FILETAG follow FILETAG Default parsing engine value is Think FILETAG follow FILETAG Continue, APITAG FILETAG Go to the exec method and call the run method of the APITAG class to process the value of $params with the path to the log file after processing go to APITAG FILETAG in PATHTAG FILETAG Go to the fetch method in the APITAG class, get the path to the cache file, and then go to the load method in Storage FILETAG Follow up to the load method of Storage, the filename is the previously fetched cache storage Document Document path path and var is the array with _filename=path to the log file FILETAG Finally we can include log files with malicious code",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-44975",
- "Issue_Url_old": "https://github.com/radareorg/radare2/issues/19476",
- "Issue_Url_new": "https://github.com/radareorg/radare2/issues/19476",
- "Repo_new": "radareorg/radare2",
- "Issue_Created_At": "2021-12-07T21:05:25Z",
- "description": "Heap buffer overflow in function objc_build_refs while parsing mach o files.. Heap Buffer overflow in objc_build_refs I have discovered a heap buffer overflow while parsing mach o executables. Please refer bellow for further information. Environment CODETAG ASAN Stack Trace from an ASAN build while triggering the bug ERRORTAG APITAG APITAG ERRORTAG APITAG and APITAG theres an attempt to sanitize the APITAG variable as it has to be done. Based on the return value of the two macros which is stored in the maxsize ERRORTAG buf ERRORTAG APITAG variable instead of the maxsize one. In case where the APITAG is greater than the maxsize APITAG maxsize ERRORTAG APITAG to be called with the variable maxsize instead of the APITAG ERRORTAG APITAG ` I would highly appreciate if that bug qualifies for a CVE for you to request it for me.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44974",
- "Issue_Url_old": "https://github.com/radareorg/radare2/issues/19478",
- "Issue_Url_new": "https://github.com/radareorg/radare2/issues/19478",
- "Repo_new": "radareorg/radare2",
- "Issue_Created_At": "2021-12-07T22:50:34Z",
- "description": "NULL pointer dereference in APITAG . NULL pointer dereference in APITAG I have discovered a NULL / Invalid pointer dereference bug, that gets triggered while parsing the symbols of a binary. Environment ERRORTAG ASAN Stack Trace from an ASAN build while triggering the bug ERRORTAG APITAG symbols ERRORTAG APITAG array, is an array of symbols for an object of the file that is being loaded for analysis. In case were the pointer APITAG APITAG APITAG APITAG sym variable will be set to APITAG APITAG bf ERRORTAG APITAG ` I would highly appreciate if that bug qualifies for a CVE for you to request it for me. FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44912",
- "Issue_Url_old": "https://github.com/xpressengine/xe-core/issues/2433",
- "Issue_Url_new": "https://github.com/xpressengine/xe-core/issues/2433",
- "Repo_new": "xpressengine/xe-core",
- "Issue_Created_At": "2021-12-08T00:36:19Z",
- "description": "Unrestricted file upload vulnerability in Latest Release NUMBERTAG APITAG Affected version: XE before NUMBERTAG ulnerable file: PATHTAG menu_normal_btn Causes of vulnerability: FILETAG When uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML type files leads to stored XSS vulnerabilities. If the .htaccess configuration is improper, for example before the XE NUMBERTAG ersion, you can upload the PHP type file to GETSHELL. CODETAG FILETAG Repair suggestion: add the \\ html\\ file to the upload blacklist.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-44911",
- "Issue_Url_old": "https://github.com/xpressengine/xe-core/issues/2434",
- "Issue_Url_new": "https://github.com/xpressengine/xe-core/issues/2434",
- "Repo_new": "xpressengine/xe-core",
- "Issue_Created_At": "2021-12-08T00:38:20Z",
- "description": "Unrestricted file upload vulnerability in Latest Release NUMBERTAG Affected version: XE before NUMBERTAG ulnerable file: PATHTAG menu_active_btn Causes of vulnerability: FILETAG When uploading the Mouse over button and When selected button , there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML type files leads to stored XSS vulnerabilities. If the .htaccess configuration is improper, for example before the XE NUMBERTAG ersion, you can upload the PHP type file to GETSHELL. deny access to files that may contain sensitive information APITAG ^(. APITAG FILETAG Repair suggestion: add the html file to the upload blacklist.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-44935",
- "Issue_Url_old": "https://github.com/glFusion/glfusion/issues/482",
- "Issue_Url_new": "https://github.com/glfusion/glfusion/issues/482",
- "Repo_new": "glfusion/glfusion",
- "Issue_Created_At": "2021-12-08T08:13:57Z",
- "description": "Arbitrary user impersonation vulnerability. In the article comments\uff0cWe can impersonate any user to APITAG can even impersonate a system administrator FILETAG FILETAG )",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
- "severity": "CRITICAL",
- "baseScore": 9.1,
- "impactScore": 5.2,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2022-0749",
- "Issue_Url_old": "https://github.com/SinGooCMS/SinGooCMSUtility/issues/1",
- "Issue_Url_new": "https://github.com/singoocms/singoocmsutility/issues/1",
- "Repo_new": "singoocms/singoocmsutility",
- "Issue_Created_At": "2021-12-08T13:29:42Z",
- "description": "Vulnerability Report\uff1a APITAG security vulnerability. Risk PATHTAG FILETAG Set up socket communication server : FILETAG client : FILETAG Constructing the payload The APITAG method internally first calls the APITAG method to read the packet header NUMBERTAG bytes) of the socket object information, and then calls the APITAG method to read the length of the bytes in the packet header (int type) The APITAG method will first intercept NUMBERTAG bytes of information, so NUMBERTAG bytes must be added before the original payload when constructing the POC. The APITAG method reads the packet header information, i.e. the NUMBERTAG bytes of information needs to contain the byte length (int type) of the original payload, while intercepting the int data type before the ' ' ending. Also the Payload source code is converted to a byte array length of NUMBERTAG bytes. A local test of the APITAG method shows that the NUMBERTAG bytes of information could be NUMBERTAG Int NUMBERTAG is the byte length of the original payload. Simulating the transmission of messages to a socket client POC implementation using a controlled data transfer from the server to the socket client, i.e. a set payload. FILETAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44937",
- "Issue_Url_old": "https://github.com/glFusion/glfusion/issues/485",
- "Issue_Url_new": "https://github.com/glfusion/glfusion/issues/485",
- "Repo_new": "glfusion/glfusion",
- "Issue_Created_At": "2021-12-09T06:17:55Z",
- "description": "APITAG CMS NUMBERTAG Arbitrary user registration vulnerability. There is a logical problem with the user registration page After clicking the register button, the user does not need to confirm the email. The system directly saves the submitted content in the database. This leads to a problem. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied. FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.3,
- "impactScore": 1.4,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44942",
- "Issue_Url_old": "https://github.com/glFusion/glfusion/issues/486",
- "Issue_Url_new": "https://github.com/glfusion/glfusion/issues/486",
- "Repo_new": "glfusion/glfusion",
- "Issue_Created_At": "2021-12-09T07:11:09Z",
- "description": "APITAG CMS NUMBERTAG FILETAG CSRF vulnerability. Attackers can construct blacklist IP addresses. Using the CSRF vulnerability to trick the administrator to click, can add a blacklist poc CODETAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.3,
- "impactScore": 1.4,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2022-22891",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4871",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4871",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-12-09T07:38:01Z",
- "description": "SEGV in ecma_ref_object_inline of ecma gc.c. APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2022-22892",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4872",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4872",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-12-09T07:41:05Z",
- "description": "Assertion 'ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_is_value_object (value)' failed in ecma helpers APITAG APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44992",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4875",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4875",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-12-09T09:08:53Z",
- "description": "Assertion 'ecma_object_is_typedarray (obj_p)' failed in ecma typedarray APITAG APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Commit NUMBERTAG ba0d1b URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG \u200b Execution steps & Output Version NUMBERTAG ERRORTAG Version NUMBERTAG ERRORTAG `",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44993",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4876",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4876",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-12-09T09:48:50Z",
- "description": "Assertion 'ecma_is_value_boolean (base_value)' failed in ecma_op_get_value_object_base (ecma get put value).. APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG \u200b Execution steps & Output version NUMBERTAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44949",
- "Issue_Url_old": "https://github.com/glFusion/glfusion/issues/487",
- "Issue_Url_new": "https://github.com/glfusion/glfusion/issues/487",
- "Repo_new": "glfusion/glfusion",
- "Issue_Created_At": "2021-12-09T10:12:28Z",
- "description": "APITAG CMS NUMBERTAG user Login denied vulnerability. We can get username on this link: APITAG FILETAG So, attacker can get all username . Then they can always log in to all users with the wrong password, which will prevent all users from logging in to the website normally. FILETAG There are two solutions NUMBERTAG set the verification code on the login page NUMBERTAG The second is to display the user's nickname instead of the login name",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-44981",
- "Issue_Url_old": "https://github.com/QuickBox/QB/issues/202",
- "Issue_Url_new": "https://github.com/quickbox/qb/issues/202",
- "Repo_new": "quickbox/qb",
- "Issue_Created_At": "2021-12-09T10:22:21Z",
- "description": "Responsible disclosure policy. Hey there! I belong to an open source security research community, and a member ( APITAG has found an issue, but doesn\u2019t know the best way to disclose it. If not a hassle, might you kindly add a APITAG file with an email, or another contact method? APITAG recommends URLTAG this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future. Thank you for your consideration, and I look forward to hearing from you! (cc APITAG helper)",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-44969",
- "Issue_Url_old": "https://github.com/taogogo/taocms/issues/9",
- "Issue_Url_new": "https://github.com/taogogo/taocms/issues/9",
- "Repo_new": "taogogo/taocms",
- "Issue_Created_At": "2021-12-09T12:19:43Z",
- "description": "There is a storage type cross site scripting attack at APITAG APITAG administrator authority) . First, we enter the background and use the column administrator admin we created: FILETAG Let's click \"add article\" on the left: FILETAG Insert xss payload at the title \uff1a APITAG APITAG Return to the background management APITAG click \"edit article\" on the left: FILETAG Come back to the front APITAG it is the title of the article, the front desk is also affected FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.8,
- "impactScore": 2.7,
- "exploitabilityScore": 1.7
- },
- {
- "CVE_ID": "CVE-2022-22895",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4882",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4882",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-12-09T13:20:38Z",
- "description": "Heap buffer overflow in APITAG (ecma helpers conversion.c). APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG \u200b Another form of testcase Execution steps & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44988",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4890",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4890",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-12-09T14:27:01Z",
- "description": "Stack overflow in ecma_lcache_lookup (ecma lcache.c). APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case APITAG \u200b Execution steps & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44988",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4891",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4891",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-12-09T14:33:33Z",
- "description": "Stack overflow in ecma_find_named_property (ecma helpers.c). APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Build steps ERRORTAG Test case APITAG \u200b Execution steps & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44994",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4894",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4894",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-12-09T14:53:08Z",
- "description": "Assertion 'JERRY_CONTEXT (jmem_heap_allocated_size NUMBERTAG failed at PATHTAG (jmem_heap_finalize NUMBERTAG APITAG commit hash APITAG Build platform Ubuntu NUMBERTAG LTS Build steps ERRORTAG poc APITAG assert log ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44994",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4895",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4895",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-12-09T14:58:57Z",
- "description": "Assertion APITAG (obj_p)' failed at ecma APITAG APITAG revision Commit NUMBERTAG da NUMBERTAG URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case javascript \u200b Execution steps & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-43814",
- "Issue_Url_old": "https://github.com/rizinorg/rizin/issues/2083",
- "Issue_Url_new": "https://github.com/rizinorg/rizin/issues/2083",
- "Repo_new": "rizinorg/rizin",
- "Issue_Created_At": "2021-12-09T15:44:16Z",
- "description": "Heap based OOB write when parsing dwarf die info. Work environment | Questions | Answers | | | PATHTAG (mandatory) | Ubuntu NUMBERTAG amd NUMBERTAG File format of the file you reverse (mandatory) | ELF NUMBERTAG Architecture/bits of the file (mandatory) | amd NUMBERTAG APITAG full output, not truncated (mandatory) | rizin NUMBERTAG git @ linu NUMBERTAG commit: APITAG build NUMBERTAG Expected behavior Analyzing binaries shouldn't trigger an OOB memory write. Actual behavior There is a heap based out of bounds write in APITAG when reversing an amd NUMBERTAG elf binary with dwarf debug info, respectively. Steps to reproduce the behavior Analyze the binary attached below with aaa on an asan build to reproduce the crash. FILETAG Additional Logs, screenshots, source code, configuration dump, ... ERRORTAG The issue seems to be that at APITAG the line APITAG gets executed with APITAG equal to NUMBERTAG so this is equivalent to a APITAG (I think in this case a chunk with the smallest allocatable size is returned, which should be around NUMBERTAG or NUMBERTAG bytes, but in APITAG a die_attribute gets written, which is NUMBERTAG bytes in size). This happens because in APITAG the loop gets run APITAG times, but as APITAG is NUMBERTAG and is of type APITAG this results in an undeflow which then triggers the OOB write.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44983",
- "Issue_Url_old": "https://github.com/taogogo/taocms/issues/10",
- "Issue_Url_new": "https://github.com/taogogo/taocms/issues/10",
- "Repo_new": "taogogo/taocms",
- "Issue_Created_At": "2021-12-10T02:25:30Z",
- "description": "There is a Arbitrary file download attack at \" File Management column\"(administrator authority). First, we enter the background and use the administrator admin we created: FILETAG Let's click \"file management\" on the left: FILETAG Then use Burp Suite and click Download to grab the request package FILETAG FILETAG Changing the \u201cpath\u201d parameter FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.9,
- "impactScore": 3.6,
- "exploitabilityScore": 1.2
- },
- {
- "CVE_ID": "CVE-2021-45291",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1955",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1955",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T06:46:26Z",
- "description": "A segmentation fault in APITAG at APITAG . Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb information: ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45288",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1956",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1956",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T07:28:18Z",
- "description": "Double Free in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb information: ` Program received signal SIGABRT, Aborted. [ registers ] RA NUMBERTAG RB NUMBERTAG ffff NUMBERTAG ffff NUMBERTAG RC NUMBERTAG ffff NUMBERTAG d NUMBERTAG b ( APITAG : mov rax,QWORD PTR [rsp NUMBERTAG RD NUMBERTAG RSI NUMBERTAG fffffff6fd NUMBERTAG RDI NUMBERTAG RBP NUMBERTAG fffffff NUMBERTAG ffff NUMBERTAG b NUMBERTAG RSP NUMBERTAG fffffff6fd NUMBERTAG RIP NUMBERTAG ffff NUMBERTAG d NUMBERTAG b ( APITAG : mov rax,QWORD PTR [rsp NUMBERTAG R NUMBERTAG R NUMBERTAG fffffff6fd NUMBERTAG R NUMBERTAG R NUMBERTAG R NUMBERTAG fffffff NUMBERTAG R NUMBERTAG R NUMBERTAG ffff7ffb NUMBERTAG R NUMBERTAG EFLAGS NUMBERTAG carry PARITY adjust ZERO sign trap INTERRUPT direction overflow) [ code NUMBERTAG ffff NUMBERTAG d NUMBERTAG f APITAG : mov edi NUMBERTAG ffff NUMBERTAG d NUMBERTAG APITAG : mov ea NUMBERTAG e NUMBERTAG ffff NUMBERTAG d NUMBERTAG APITAG : syscall NUMBERTAG ffff NUMBERTAG d NUMBERTAG b APITAG : mov rax,QWORD PTR [rsp NUMBERTAG ffff NUMBERTAG d NUMBERTAG APITAG : xor rax,QWORD PTR fs NUMBERTAG ffff NUMBERTAG d NUMBERTAG c APITAG : jne NUMBERTAG ffff NUMBERTAG d NUMBERTAG c4 APITAG NUMBERTAG ffff NUMBERTAG d NUMBERTAG e APITAG : mov eax,r8d NUMBERTAG ffff NUMBERTAG d NUMBERTAG a1 APITAG : add rsp NUMBERTAG stack NUMBERTAG fffffff6fd NUMBERTAG fffffff6fd NUMBERTAG fffffff6fe NUMBERTAG ffff6b0ffca APITAG mov rax,QWORD PTR [rsp NUMBERTAG fffffff6fe NUMBERTAG fffffff6ff NUMBERTAG fffffff6ff NUMBERTAG fffffff NUMBERTAG a NUMBERTAG fffffff NUMBERTAG Legend: code, data, rodata, value Stopped reason: SIGABRT __GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG PATHTAG No such file or directory. gdb peda$ bt NUMBERTAG GI_raise (sig=sig APITAG at PATHTAG NUMBERTAG ffff NUMBERTAG b NUMBERTAG in __GI_abort () at APITAG NUMBERTAG ffff NUMBERTAG b3ee in __libc_message APITAG fmt=fmt APITAG \"%s \") at PATHTAG NUMBERTAG ffff NUMBERTAG c in malloc_printerr (str=str APITAG APITAG double free detected in tcache NUMBERTAG at APITAG NUMBERTAG ffff NUMBERTAG ed in _int_free (a NUMBERTAG ffff NUMBERTAG b NUMBERTAG APITAG , p NUMBERTAG have_lock NUMBERTAG at APITAG NUMBERTAG ffff6bf NUMBERTAG f5 in gf_odf_del_default () from PATHTAG NUMBERTAG ffff6f NUMBERTAG in gf_sm_load_run_isom () from PATHTAG NUMBERTAG c3a NUMBERTAG in dump_isom_scene (file=<optimized out>, APITAG APITAG PATHTAG is_final_name=GF_FALSE, dump_mode=GF_SM_DUMP_BT, do_log=GF_FALSE, no_odf_conv=GF_FALSE) at APITAG NUMBERTAG edd0 in APITAG (argc=<optimized out>, argv=<optimized out>) at APITAG NUMBERTAG ffff NUMBERTAG b NUMBERTAG b3 in __libc_start_main (main NUMBERTAG d NUMBERTAG APITAG , argc NUMBERTAG arg NUMBERTAG fffffffe NUMBERTAG init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end NUMBERTAG fffffffe NUMBERTAG at PATHTAG NUMBERTAG d5be in _start () at APITAG gdb peda$ '''",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44920",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1957",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1957",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T08:00:30Z",
- "description": "Invalid memory address dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45292",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1958",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1958",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T08:22:50Z",
- "description": "A segmentation fault in gf_isom_hint_rtp_read () , APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result APITAG GDB information ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44924",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1959",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1959",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T08:26:37Z",
- "description": "Infinite loop in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result CODETAG gdb CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44927",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1960",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1960",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T08:38:06Z",
- "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44926",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1961",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1961",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T09:26:26Z",
- "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44923",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1962",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1962",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T09:31:57Z",
- "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44919",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1963",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1963",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T09:54:17Z",
- "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44921",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1964",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1964",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T10:59:02Z",
- "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result CODETAG gdb CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45267",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1965",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1965",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T10:59:40Z",
- "description": "Invalid memory address dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result APITAG gdb ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45760",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1966",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1966",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T11:00:37Z",
- "description": "Invalid memory address dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44925",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1967",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1967",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T14:38:22Z",
- "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44918",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1968",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1968",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T14:52:20Z",
- "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result poc NUMBERTAG ERRORTAG poc NUMBERTAG ERRORTAG gdb poc NUMBERTAG CODETAG poc NUMBERTAG CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-44922",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1969",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1969",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T15:21:14Z",
- "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG APITAG CODETAG CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45258",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1970",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1970",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T15:36:08Z",
- "description": "Stack Overflow in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG APITAG CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45764",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1971",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1971",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T15:59:06Z",
- "description": "Invalid memory address dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45289",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1972",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1972",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T16:55:48Z",
- "description": "Program terminated with signal SIGKILL . Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG GDB Information ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45297",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1973",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1973",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-10T19:07:05Z",
- "description": "infinite loop in gf_get_bit_size\uff08\uff09. Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! APITAG ] I looked for a similar issue and couldn't find any. [ Yes] I tried with the latest version of GPAC. Installers available at URLTAG [ Yes] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command line ...). I can share files anonymously with this dropbox: URLTAG Detailed guidelines: URLTAG Version: ERRORTAG System information Ubuntu NUMBERTAG LTS, gcc version NUMBERTAG APITAG NUMBERTAG ubuntu NUMBERTAG command: APITAG Result APITAG GDB information CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2022-24613",
- "Issue_Url_old": "https://github.com/drewnoakes/metadata-extractor/issues/561",
- "Issue_Url_new": "https://github.com/drewnoakes/metadata-extractor/issues/561",
- "Repo_new": "drewnoakes/metadata-extractor",
- "Issue_Created_At": "2021-12-10T19:26:48Z",
- "description": "A list of bugs found NUMBERTAG bugs in total NUMBERTAG Unique Bugs Found Recently we ( Zhang Cen URLTAG and Huang Wenjie URLTAG discovered a series of bugs in latest metadta extractor NUMBERTAG Every bug we reported in the following is unique and reproducable. We sorted and refined them from thousands of crashes. Furthermore, they have been manually analyzed and triaged in removing the duplicates. APITAG Due to the lack of contextual knowledge in the metadta extractor library, we cannot thoroughly fix some bugs hence we look forward to any proposed plan from the developers in fixing these bugs NUMBERTAG Bug Report and Crash Seeds The bug report folder can be downloaded from URLTAG It contains both reports and crash seeds NUMBERTAG Test Program to Reproduce Crashes The test program can be downloaded from URLTAG Total NUMBERTAG bugs are reported in this pull request. A full list is provided below NUMBERTAG Folder Structure Level NUMBERTAG folder): exception type Level NUMBERTAG folder): error location Level NUMBERTAG files): POC file and FILETAG including reproducing steps NUMBERTAG FILETAG content NUMBERTAG Exception type NUMBERTAG Error location NUMBERTAG Bug cause and impact NUMBERTAG Crash thread's stacks NUMBERTAG Steps to reproduce NUMBERTAG Bug Full List etadata extractor_reported_crashes \u251c\u2500\u2500 ERRORTAG \u2502\u00a0\u00a0 \u2514\u2500\u2500 APITAG APITAG NUMBERTAG ERRORTAG \u2502\u00a0\u00a0 \u251c\u2500\u2500 APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG ERRORTAG \u2502\u00a0\u00a0 \u251c\u2500\u2500 APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG ERRORTAG \u2502\u00a0\u00a0 \u251c\u2500\u2500 APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG ERRORTAG \u2502\u00a0\u00a0 \u251c\u2500\u2500 APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG ERRORTAG \u2502\u00a0\u00a0 \u251c\u2500\u2500 ERRORTAG \u2502\u00a0\u00a0 \u251c\u2500\u2500 APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG ERRORTAG \u2502\u00a0\u00a0 \u251c\u2500\u2500 APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG ERRORTAG \u251c\u2500\u2500 APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG APITAG APITAG NUMBERTAG Any further discussion for these vulnerabilities including fix is welcomed and look forward to hearing from you. Feel free to contact me at EMAILTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45290",
- "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/4383",
- "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/4383",
- "Repo_new": "webassembly/binaryen",
- "Issue_Created_At": "2021-12-10T22:07:52Z",
- "description": "An assertion abort in wasm::handle_unreachable(char const , char const , unsigned int) () . Version: APITAG System information Ubuntu NUMBERTAG LTS, clang version NUMBERTAG ubuntu1 command: APITAG FILETAG Result APITAG GDB information ERRORTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45293",
- "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/4384",
- "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/4384",
- "Repo_new": "webassembly/binaryen",
- "Issue_Created_At": "2021-12-10T22:22:07Z",
- "description": "Invalid memory address dereference in APITAG ). Version: APITAG System information Ubuntu NUMBERTAG LTS, clang version NUMBERTAG ubuntu1 command: APITAG FILETAG Result APITAG GDB information CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45763",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1974",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1974",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-11T01:02:59Z",
- "description": "Invalid call in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG APITAG CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45263",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1975",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1975",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-11T01:07:09Z",
- "description": "Invalid free in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb ERRORTAG APITAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45762",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1978",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1978",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-11T09:10:17Z",
- "description": "Invalid memory address dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45260",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1979",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1979",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-11T09:14:24Z",
- "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result poc NUMBERTAG ERRORTAG poc NUMBERTAG ERRORTAG poc NUMBERTAG ERRORTAG gdb poc NUMBERTAG CODETAG poc NUMBERTAG CODETAG poc NUMBERTAG CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45262",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1980",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1980",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-11T09:14:52Z",
- "description": "Invalid free in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG APITAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-43579",
- "Issue_Url_old": "https://github.com/michaelrsweet/htmldoc/issues/456",
- "Issue_Url_new": "https://github.com/michaelrsweet/htmldoc/issues/456",
- "Repo_new": "michaelrsweet/htmldoc",
- "Issue_Created_At": "2021-12-11T09:15:18Z",
- "description": "Stack Buffer Overflow with BMP files Version NUMBERTAG The fix for the issue FILETAG does not completely protect against a stack buffer overflow in APITAG . It is possible to control the read in buffer colormap through the APITAG variable. The previous fix does not mitigate the issue as the APITAG is an integer , therefore, regardless of the ERRORTAG return of APITAG the buffer can be overflowed. CODETAG As an example, if APITAG is APITAG the if statement validates the variable and leads to a buffer overflow. Impact This buffer overflow can lead to modifying the instruction pointer and can therefore lead to remote code execution. FILETAG POC: FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45014",
- "Issue_Url_old": "https://github.com/taogogo/taocms/issues/11",
- "Issue_Url_new": "https://github.com/taogogo/taocms/issues/11",
- "Repo_new": "taogogo/taocms",
- "Issue_Created_At": "2021-12-11T13:20:17Z",
- "description": "There is SQL blind injection at APITAG article\". APITAG location of the vulnerability is line NUMBERTAG in PATHTAG and the incoming sql statement in the APITAG method does not use intval to process id The location of the vulnerability is line NUMBERTAG in PATHTAG and the incoming sql statement in the APITAG method does not use intval to process id FILETAG APITAG in to the background as the default account admin. FILETAG FILETAG APITAG can see action=cms&ctrl=update&id NUMBERTAG this id is the id in the update method in the FILETAG file FILETAG FILETAG FILETAG APITAG using the APITAG tool FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45015",
- "Issue_Url_old": "https://github.com/taogogo/taocms/issues/12",
- "Issue_Url_new": "https://github.com/taogogo/taocms/issues/12",
- "Repo_new": "taogogo/taocms",
- "Issue_Created_At": "2021-12-11T13:39:25Z",
- "description": "exist is an arbitrary file delete vulnerability. APITAG location of the vulnerability is in PATHTAG from line NUMBERTAG to line NUMBERTAG and line NUMBERTAG to determine whether the incoming folder is empty. Delete the empty folder. If it is not empty, it will not be deleted, but the incoming folder will not be deleted. File filtering.. And / although it is not possible to delete non empty folders, but you can delete any file FILETAG APITAG a new file on disk d to delete it FILETAG APITAG the background to find the file management function and find a file to delete FILETAG FILETAG FILETAG in the D drive directory and successfully deleted, it proves that you can indeed use ../ to jump to the directory to operate any file, but you need to pay attention to the folder can only delete empty folders FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.1,
- "impactScore": 5.2,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-4103",
- "Issue_Url_old": "https://github.com/Vanessa219/vditor/issues/1133",
- "Issue_Url_new": "https://github.com/vanessa219/vditor/issues/1133",
- "Repo_new": "vanessa219/vditor",
- "Issue_Created_At": "2021-12-12T01:41:08Z",
- "description": "XSS \u6f0f\u6d1e. APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 5.4,
- "impactScore": 2.7,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-45017",
- "Issue_Url_old": "https://github.com/xwlrbh/Catfish/issues/8",
- "Issue_Url_new": "https://github.com/xwlrbh/catfish/issues/8",
- "Repo_new": "xwlrbh/catfish",
- "Issue_Created_At": "2021-12-12T03:23:30Z",
- "description": "There is a csrf vulnerability in catfish APITAG FILETAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-45018",
- "Issue_Url_old": "https://github.com/xwlrbh/Catfish/issues/9",
- "Issue_Url_new": "https://github.com/xwlrbh/catfish/issues/9",
- "Repo_new": "xwlrbh/catfish",
- "Issue_Created_At": "2021-12-12T03:28:22Z",
- "description": "There is a stored xss vulnerability exists in catfish APITAG FILETAG FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-46335",
- "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/748",
- "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/748",
- "Repo_new": "moddable-opensource/moddable",
- "Issue_Created_At": "2021-12-13T06:47:02Z",
- "description": "APITAG Null pointer dereference in APITAG Build environment operating system: ubuntu NUMBERTAG cimmit hash: APITAG compile command: APITAG test command: APITAG poc ERRORTAG asan log ERRORTAG release log CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46332",
- "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/749",
- "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/749",
- "Repo_new": "moddable-opensource/moddable",
- "Issue_Created_At": "2021-12-13T06:51:03Z",
- "description": "APITAG SEGV PATHTAG in APITAG Build environment operating system: ubuntu NUMBERTAG cimmit hash: APITAG compile command: APITAG test command: APITAG poc ERRORTAG description asan log ERRORTAG release crash CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46338",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4900",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4900",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-12-13T08:54:30Z",
- "description": "Assertion 'ecma_is_lexical_environment (object_p)' failed at ecma helpers.c (ecma_get_lex_env_type).. APITAG revision Commit NUMBERTAG bd6 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG ASAN closed Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2022-22893",
- "Issue_Url_old": "https://github.com/jerryscript-project/jerryscript/issues/4901",
- "Issue_Url_new": "https://github.com/jerryscript-project/jerryscript/issues/4901",
- "Repo_new": "jerryscript-project/jerryscript",
- "Issue_Created_At": "2021-12-13T09:33:54Z",
- "description": "Stack overflow in APITAG of vm.c. APITAG revision Commit NUMBERTAG bd6 URLTAG Version NUMBERTAG Build platform Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps ERRORTAG Test case ERRORTAG \u200b Execution steps & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2022-25301",
- "Issue_Url_old": "https://github.com/metabench/jsgui-lang-essentials/issues/1",
- "Issue_Url_new": "https://github.com/metabench/jsgui-lang-essentials/issues/1",
- "Repo_new": "metabench/jsgui-lang-essentials",
- "Issue_Created_At": "2021-12-13T10:20:18Z",
- "description": "Prototype pollution in function jsgui lang APITAG jsgui lang essentials runs the risk of prototype contamination when using inherited attributes in the function APITAG the risk locate is in here URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45092",
- "Issue_Url_old": "https://github.com/cybelesoft/virtualui/issues/2",
- "Issue_Url_new": "https://github.com/cybelesoft/virtualui/issues/2",
- "Repo_new": "cybelesoft/virtualui",
- "Issue_Created_At": "2021-12-13T17:17:14Z",
- "description": "Vulnerability Improper Access Control. Dear Cybele Software, My name is Daniel Morales, from the IT Security Team of ARHS Spikeseed. I recently found a functionality in Thinfinity APITAG that could allow to a malicious actor to perform social engineering attacks such as phishing via the directory FILETAG reachable by default. How it works By accessing the following payload (URL) an attacker could iframe any external website (of course, only external endpoints that allows being iframed). The impact is a good phishing. Payload The vulnerable vector is \" FILETAG \" where \"vpath=//\" is the pointer to the external site to be iframed. Vulnerable versions It has been tested in APITAG version NUMBERTAG and NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45884",
- "Issue_Url_old": "https://github.com/brave/brave-browser/issues/20079",
- "Issue_Url_new": "https://github.com/brave/brave-browser/issues/20079",
- "Repo_new": "brave/brave-browser",
- "Issue_Created_At": "2021-12-13T20:42:44Z",
- "description": "Desktop] Release notes for APITAG . Improve formatting of input values (send and swap NUMBERTAG URLTAG Full Fiat Balance not showing with ERC NUMBERTAG tokens NUMBERTAG URLTAG Update default widget list for desktop NUMBERTAG URLTAG it is possible to delete the active network on PATHTAG NUMBERTAG URLTAG Changes to sync QR code NUMBERTAG URLTAG Make APITAG screen working on both APITAG devices NUMBERTAG URLTAG Double click by APITAG buttons for Trezor transactions closes wallet panel NUMBERTAG URLTAG We aren\u2019t displaying asset balances until we get prices for them, we should NUMBERTAG URLTAG Don't treat unknown balances as NUMBERTAG show N/A instead NUMBERTAG ERRORTAG URLTAG Make the front end use the default currency and default cryptocurrency from settings NUMBERTAG URLTAG Link for IPFS preference settings page is hidden for some window sizes NUMBERTAG URLTAG Update NTP Background Images component for Fall NUMBERTAG wallpapers on desktop NUMBERTAG URLTAG hackerone NUMBERTAG CNAME Uncloacking in SOCKS5 protocol NUMBERTAG URLTAG Brave reading PATHTAG NUMBERTAG URLTAG Add menu to allow to edit/remove networks on wallet page NUMBERTAG URLTAG Allow folks to enable File System API with a Flag NUMBERTAG URLTAG Clicking Solve on adaptive captcha Brave Ads paused modal sometimes yields no action NUMBERTAG URLTAG Add Google's new iOS URL parameters to the query string filter NUMBERTAG URLTAG Implement APITAG and in particular APITAG version of EIP NUMBERTAG URLTAG Implement Rewards settings section inside brave://settings NUMBERTAG URLTAG hackerone] Strip referrer and origin in cross origin requests from a .onion origin NUMBERTAG URLTAG Re enable the post uninstall survey on Windows NUMBERTAG URLTAG Implement new Rewards NTP Widget NUMBERTAG design NUMBERTAG URLTAG Use error modals in Brave Rewards settings page instead of error notifications for linking related errors (convert these notifications to error modals NUMBERTAG URLTAG Unable to go backwards on IPFS pages when automatic APITAG redirection is enabled NUMBERTAG URLTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2022-28101",
- "Issue_Url_old": "https://github.com/turtl/tracker/issues/404",
- "Issue_Url_new": "https://github.com/turtl/tracker/issues/404",
- "Repo_new": "turtl/tracker",
- "Issue_Created_At": "2021-12-13T21:49:44Z",
- "description": "Filter APITAG tags from notes. Notes allow APITAG tag injection. Ie, a note with the content APITAG opens a new browser window to Google. While this problem would happen over person to person sharing and thus the severity is limited (because you generally only share with those you trust) it remains high priority. Special thanks to Rafay Baloch and Muhammad Samak for this report.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.0,
- "impactScore": 6.0,
- "exploitabilityScore": 2.3
- },
- {
- "CVE_ID": "CVE-2021-46331",
- "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/750",
- "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/750",
- "Repo_new": "moddable-opensource/moddable",
- "Issue_Created_At": "2021-12-14T02:18:16Z",
- "description": "SEGV PATHTAG in APITAG Moddable XS revision Commit: db8f NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45767",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1982",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1982",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-14T02:23:22Z",
- "description": "Invalid memory address dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG CODETAG Result The result is omitted here. gdb The gdb result is omitted here.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45266",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1985",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1985",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-14T02:40:51Z",
- "description": "Null Pointer Dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result APITAG APITAG APITAG ERRORTAG gdb APITAG APITAG APITAG CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-46328",
- "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/751",
- "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/751",
- "Repo_new": "moddable-opensource/moddable",
- "Issue_Created_At": "2021-12-14T02:49:38Z",
- "description": "Heap buffer overflow in __libc_start_main. Moddable XS revision Commit: db8f NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45259",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1986",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1986",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-14T02:57:15Z",
- "description": "Invalid free in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result ERRORTAG gdb CODETAG ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45831",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1990",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1990",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-14T11:19:27Z",
- "description": "Null Pointer Dereference in __strlen_a NUMBERTAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result APITAG Gdb information CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46050",
- "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/4391",
- "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/4391",
- "Repo_new": "webassembly/binaryen",
- "Issue_Created_At": "2021-12-14T12:41:56Z",
- "description": "Invalid memory address dereference in __vfprintf_internal (). Version: APITAG System information command: APITAG FILETAG Result APITAG GDB information ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46053",
- "Issue_Url_old": "https://github.com/WebAssembly/binaryen/issues/4392",
- "Issue_Url_new": "https://github.com/webassembly/binaryen/issues/4392",
- "Repo_new": "webassembly/binaryen",
- "Issue_Created_At": "2021-12-14T12:53:22Z",
- "description": "Program terminated with signal SIGKILL, Killed.. Version: APITAG System information command: APITAG FILETAG Result Program terminated with signal SIGKILL, Killed.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-25987",
- "Issue_Url_old": "https://github.com/hexojs/hexo/issues/4838",
- "Issue_Url_new": "https://github.com/hexojs/hexo/issues/4838",
- "Repo_new": "hexojs/hexo",
- "Issue_Created_At": "2021-12-14T19:12:15Z",
- "description": "Announcement: About CVETAG . Hexo team is already aware of the CVETAG , and we have already implemented a fix APITAG PR URLTAG However, we will not release a minor version. The fix will be included in the next major version of Hexo (which will be NUMBERTAG The fix (which will enable HTML entities escaping by default) is considered as a breaking change and we notice that it could break many current themes. Also, you should be aware that, Hexo is only a static site generator. It only generates static HTML from the source from your local computer (or your server). It is impossible for anyone other than you to modify your hexo theme or your blog post without physical access to your computer or login to your server. That's to say, in order for anyone to perform an attack based on the CVETAG , the hacker will have to hack into your computer or your server to modify your blog posts . But if that really happens (your local computer or server being compromised), the hacker can basically do anything anyway. If you host the source code of your Hexo site on a server and use some kind of web editor (like APITAG ), it is possible for hackers to modify your post through such a web editor (without login to your server). We recommend you to use some kind of authentication to protect your web editor (which you should always have even without this CVE. You don't want anybody to modify your post, right?). APITAG we mentioned earlier has a built in username & password configuration in the first day (so you will not be affected if you use a strong password). In short, it is not a Stored XSS or a Reflect XSS. It is a Self XSS APITAG XSS yourself, or a hacker to hack into your computer or server to perform the XSS attack). And your website will work flawlessly and sound even without we release a fix.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.6,
- "impactScore": 2.7,
- "exploitabilityScore": 1.5
- },
- {
- "CVE_ID": "CVE-2021-45340",
- "Issue_Url_old": "https://github.com/libsixel/libsixel/issues/51",
- "Issue_Url_new": "https://github.com/libsixel/libsixel/issues/51",
- "Repo_new": "libsixel/libsixel",
- "Issue_Created_At": "2021-12-14T22:08:42Z",
- "description": "NULL pointer dereference in stb_image.h. This is a duplicate report of issue NUMBERTAG URLTAG in the original project. I'm not sure where best to report this, but it affects both projects. Vulnerable versions saitoha/libsixel at the latest APITAG commit libsixel/libsixel at the latest APITAG commit Steps to reproduce APITAG Input file (a malformed PICT format image) is FILETAG Cause Segmentation fault in APITAG at APITAG : CODETAG The src pointer is NULL , as passed in from APITAG . The source of the NULL pointer is the malloc at line APITAG : APITAG whose output is never checked for NULL . The x and y dimensions NUMBERTAG are read directly from the input file, and they pass the check in APITAG which only checks for integer overflow. The total size of the allocated buffer is APITAG and allocation fails. Impact Denial of service is the only obvious impact. Mitigation APITAG starting at version NUMBERTAG commit APITAG include a check for this condition. libsixel should be brought up to date with this version if possible. If not, backport the check URLTAG as well as similar error checks for other malloc calls.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-45100",
- "Issue_Url_old": "https://github.com/cifsd-team/ksmbd/issues/550",
- "Issue_Url_new": "https://github.com/cifsd-team/ksmbd/issues/550",
- "Repo_new": "cifsd-team/ksmbd",
- "Issue_Created_At": "2021-12-15T01:44:51Z",
- "description": "Plaintext connection despite encryption enabled. Hello. I am facing an error with the latest stable NUMBERTAG ersion, running on an APITAG machine. My configuration file is as follows: CODETAG Despite \"smb3 encryption\" set to yes, communications are still being made in plain text according to Wireshark. During the initial negotiation, both the client (a Windows NUMBERTAG machine running NUMBERTAG H1, compilation APITAG and the server agree on using NUMBERTAG and AES NUMBERTAG GCM: FILETAG On the the session setup request, however, the client decides to no longer flag it supports encryption, and thus request a plain text connection for unknown reasons: FILETAG Worse is, ksmbd agrees and goes on, ignoring the request to enforce encryption and just sending data on plain. The following screenshot displays a plain text ASCII message from opening a file which shouldn't be visible: FILETAG I am not sure if being made in plain text is an error on the Windows side or not, but at the very least ksmbd should probably deny connections if the user requested encryption in the settings. Attached here is a .zip file with a Wireshark log of the entire packet exchange, from the initial connection to the desconnection: FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45347",
- "Issue_Url_old": "https://github.com/forget-code/zzcms/issues/2",
- "Issue_Url_new": "https://github.com/forget-code/zzcms/issues/2",
- "Repo_new": "forget-code/zzcms",
- "Issue_Created_At": "2021-12-15T03:07:23Z",
- "description": "Authentication can be bypassed by changing the user name in the cookie to use any password. If the user name in the cookie is changed to an existing user, any password can be used to bypass authentication FILETAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-46332",
- "Issue_Url_old": "https://github.com/Moddable-OpenSource/moddable/issues/752",
- "Issue_Url_new": "https://github.com/moddable-opensource/moddable/issues/752",
- "Repo_new": "moddable-opensource/moddable",
- "Issue_Created_At": "2021-12-15T05:06:41Z",
- "description": "Heap buffer overflow PATHTAG in APITAG Moddable XS revision Commit: db8f NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG microsoft standard NUMBERTAG Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46325",
- "Issue_Url_old": "https://github.com/espruino/Espruino/issues/2114",
- "Issue_Url_new": "https://github.com/espruino/espruino/issues/2114",
- "Repo_new": "espruino/espruino",
- "Issue_Created_At": "2021-12-15T08:17:55Z",
- "description": "stack buffer overflow APITAG in vcbprintf. Espruino revision Commit NUMBERTAG a9f NUMBERTAG a0 URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-4146",
- "Issue_Url_old": "https://github.com/pimcore/pimcore/issues/11024",
- "Issue_Url_new": "https://github.com/pimcore/pimcore/issues/11024",
- "Repo_new": "pimcore/pimcore",
- "Issue_Created_At": "2021-12-15T10:48:42Z",
- "description": "APITAG Pricing Rules Do not allow negative discounts. Expected behavior Not possible to set negative discounts Actual behavior It is possible to set negative discounts for Cart & Product discount actions, then adds it to to total amount. Steps to reproduce NUMBERTAG Login to the application URLTAG NUMBERTAG Navigate to Online shop > Pricing Rules > Voucher Discount > Actions NUMBERTAG Enter Negative amount in Cart Discount and click on save.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.3,
- "impactScore": 1.4,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-45357",
- "Issue_Url_old": "https://github.com/Piwigo/Piwigo/issues/1582",
- "Issue_Url_new": "https://github.com/piwigo/piwigo/issues/1582",
- "Repo_new": "piwigo/piwigo",
- "Issue_Created_At": "2021-12-15T13:48:11Z",
- "description": "FILETAG it just handle GET, POST, COOKIE\uff0cthen we can think whether it can be broken through other parameters Then I found out that piwigo records the user's login and logout process Take the exit process as an APITAG login is also the same)\uff0cin ERRORTAG ERRORTAG After that, let's see what the APITAG function does in ERRORTAG in this APITAG is no filter parameter APITAG FILETAG then execute serialize and pwg_db_real_escape_string functions respectively FILETAG look at APITAG just prevent sql injection ERRORTAG then we register a user APITAG FILETAG then we click logout FILETAG then we just post like this\uff0cIt is best to send more packages FILETAG CODETAG Next, after the system administrator has logged in\uff0cand visit APITAG FILETAG and look it FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-45429",
- "Issue_Url_old": "https://github.com/VirusTotal/yara/issues/1616",
- "Issue_Url_new": "https://github.com/virustotal/yara/issues/1616",
- "Repo_new": "virustotal/yara",
- "Issue_Created_At": "2021-12-15T18:01:26Z",
- "description": "Possible insecure pointer conversion in APITAG leading to global buffer overflow. version: master (commit URLTAG command: yara $FILE strings APITAG is a file that can contain any string, such as \"hello\". Here is the trace reported by ASAN: ERRORTAG Commit APITAG introduced a configuration case called APITAG , which will treat the APITAG pointer as a APITAG pointer NUMBERTAG bit). The dereferece operation after this will read NUMBERTAG bits from src. URLTAG Note that, in cli/yara.c, a pointer to the NUMBERTAG bit integer APITAG is passed to APITAG . As a result, APITAG will read NUMBERTAG bits from a NUMBERTAG bit variable. This caused the ERROR reported by ASAN. URLTAG URLTAG A potential damage of this is that an attacker who obtains control of APITAG 's next NUMBERTAG bytes in the memory can further set the higher NUMBERTAG bits of APITAG to arbitrary values and launch exhaustive attacks.",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45380",
- "Issue_Url_old": "https://github.com/source-trace/appcms/issues/8",
- "Issue_Url_new": "https://github.com/source-trace/appcms/issues/8",
- "Repo_new": "source-trace/appcms",
- "Issue_Created_At": "2021-12-16T01:16:21Z",
- "description": "XSS injection vulnerability exists in PATHTAG FILETAG APITAG $_GET FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.1,
- "impactScore": 2.7,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-45385",
- "Issue_Url_old": "https://github.com/rockcarry/ffjpeg/issues/47",
- "Issue_Url_new": "https://github.com/rockcarry/ffjpeg/issues/47",
- "Repo_new": "rockcarry/ffjpeg",
- "Issue_Created_At": "2021-12-16T03:01:01Z",
- "description": "SEGV in APITAG at APITAG This segment fault error is because in APITAG , when bmp's size is out of range, it returns without assign memory buffer to APITAG and did not exit the program. So the program crashes when it tries to access the APITAG , which is a invalid memory address. Test Environment Ubuntu NUMBERTAG bit ffjpeg (master d5cfd NUMBERTAG How to trigger APITAG POC FILE URLTAG Details gdb report CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 3.6,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-45364",
- "Issue_Url_old": "https://github.com/Stakcery/Web-Security/issues/2",
- "Issue_Url_new": "https://github.com/y4tacker/web-security/issues/2",
- "Repo_new": "y4tacker/web-security",
- "Issue_Created_At": "2021-12-16T11:50:04Z",
- "description": "FILETAG look at APITAG It allows us to pass in any parameter and has no filter FILETAG FILETAG After that we just need to find a place to upload the file we visist APITAG \uff0cand upload APITAG with APITAG in APITAG look at funtion APITAG FILETAG Just the postfix checksum from the configuration file we just modified\uff0cI think you should add a separate blacklist that doesn't allow php files to be uploaded and then click upload wo find , successfully upload! FILETAG you must know what it is. FILETAG then we exploit it. FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-46703",
- "Issue_Url_old": "https://github.com/Antaris/RazorEngine/issues/585",
- "Issue_Url_new": "https://github.com/antaris/razorengine/issues/585",
- "Repo_new": "antaris/razorengine",
- "Issue_Created_At": "2021-12-16T16:06:38Z",
- "description": "Anouncement: Security with APITAG . This issue is to inform everyone that APITAG , which uses CAS internally, should not be considered 'secure' anymore for various reasons: CAS was obsoleted quite a while now URLTAG CAS Is not supported on latest platform updates URLTAG (.NET NUMBERTAG APITAG Core) Microsoft will no longer provide patches for security issues URLTAG In addition to the above the following code sample was reported to me as an issue of APITAG itself (thanks APITAG ERRORTAG If you depend on APITAG for security I'd urge you to redesign your security. If you need a fast fix, you can use the FILETAG and compile APITAG yourself (however, you will not longer be able to use 'dynamic' with this patch). Just to clarify, you are only affected by this IF: you currently use APITAG and use CAS to control the template permissions if users can externally control the template contents If you use APITAG for E Mail generation or templating Engine (documentation generation, ...) you are most likely not directly affected by this issue, even if you use APITAG as long as you use APITAG 'correctly'. Correct usage means that you don't allow direct user input to parts of the template. This mistake can happen if you use for example by string concatenation instead of using APITAG Syntax Elements. Just to remind you: If you use string concatenation to build your template with untrusted user inputs, you allow your users to execute code on your system. This is most likely not what you want with or without Isolation!",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45386",
- "Issue_Url_old": "https://github.com/appneta/tcpreplay/issues/687",
- "Issue_Url_new": "https://github.com/appneta/tcpreplay/issues/687",
- "Repo_new": "appneta/tcpreplay",
- "Issue_Created_At": "2021-12-17T07:24:34Z",
- "description": "Bug] Two reachable assertions in APITAG and APITAG Describe the bug There are two reachable assertions in APITAG APITAG and APITAG APITAG when the user uses tcpprep to open a crafted pcap file. To Reproduce Steps to reproduce the behavior NUMBERTAG get the tcpreplay source code (master NUMBERTAG ca NUMBERTAG e3) and build it NUMBERTAG run the cmd: APITAG The poc file could be downloaded in here: [POC_add_tree_ip NUMBERTAG URLTAG POC_add_tree_ip NUMBERTAG URLTAG Expected behavior Program reports assertion failure and is terminated. Screenshots GDB report of POC_add_tree_ip NUMBERTAG ERRORTAG GDB report of POC_add_tree_ip NUMBERTAG ERRORTAG System (please complete the following information): OS: Ubuntu OS version NUMBERTAG Tcpreplay Version NUMBERTAG master NUMBERTAG ca NUMBERTAG e3)",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46701",
- "Issue_Url_old": "https://github.com/PreMiD/PreMiD/issues/790",
- "Issue_Url_new": "https://github.com/premid/premid/issues/790",
- "Repo_new": "premid/premid",
- "Issue_Created_At": "2021-12-17T21:25:29Z",
- "description": "APITAG Server (socket.io) is possible to be accessed from socket.io client. Explanation Some time ago, there was fix for allowing only chrome extension to connect to server APITAG app), but, after researching socket.io NUMBERTAG documentation, I noticed that I can still access server by just selecting transport as websocket . It works on localhost and can be done on websites. It allows to receive and emit events to socket. Steps to reproduce Go to FILETAG Open Console You should get two things from app: Version Discord User and APITAG app should open file dialog to \"select local presence\" Code how to access socket CODETAG How to fix that? No information on it for now. I may look for fix, but I want to report it first because I respect some people here and some, I don't. I bet someone will find way to fix it before me finding a way. Regards, ririxi.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 2.5,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45833",
- "Issue_Url_old": "https://github.com/HDFGroup/hdf5/issues/1313",
- "Issue_Url_new": "https://github.com/hdfgroup/hdf5/issues/1313",
- "Repo_new": "hdfgroup/hdf5",
- "Issue_Created_At": "2021-12-18T13:08:16Z",
- "description": "stack buffer overflow at APITAG PATHTAG Version: APITAG System information APITAG command: APITAG FILETAG ASAN information ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45830",
- "Issue_Url_old": "https://github.com/HDFGroup/hdf5/issues/1314",
- "Issue_Url_new": "https://github.com/hdfgroup/hdf5/issues/1314",
- "Repo_new": "hdfgroup/hdf5",
- "Issue_Created_At": "2021-12-18T13:32:06Z",
- "description": "heap buffer overflow APITAG PATHTAG Version: APITAG System information APITAG command: APITAG FILETAG result segmentation fault ASAN information ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45832",
- "Issue_Url_old": "https://github.com/HDFGroup/hdf5/issues/1315",
- "Issue_Url_new": "https://github.com/hdfgroup/hdf5/issues/1315",
- "Repo_new": "hdfgroup/hdf5",
- "Issue_Created_At": "2021-12-18T13:38:31Z",
- "description": "stack overflow at PATHTAG Version: APITAG System information APITAG command: APITAG FILETAG result segmentation fault ASAN information ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45829",
- "Issue_Url_old": "https://github.com/HDFGroup/hdf5/issues/1317",
- "Issue_Url_new": "https://github.com/hdfgroup/hdf5/issues/1317",
- "Repo_new": "hdfgroup/hdf5",
- "Issue_Created_At": "2021-12-18T13:57:17Z",
- "description": "segmentation fault in h5stat. Version: APITAG System information APITAG command: APITAG FILETAG result segmentation fault ASAN information CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45341",
- "Issue_Url_old": "https://github.com/LibreCAD/LibreCAD/issues/1462",
- "Issue_Url_new": "https://github.com/librecad/librecad/issues/1462",
- "Repo_new": "librecad/librecad",
- "Issue_Created_At": "2021-12-18T19:01:27Z",
- "description": "Remote Code Execution vulnerability in APITAG NUMBERTAG rc3. Vulnerable Products APITAG NUMBERTAG rc3 and older Jw_cad NUMBERTAG a and older Steps to reproduce or sample file NUMBERTAG Start APITAG NUMBERTAG rc3 in a debugger NUMBERTAG APITAG NUMBERTAG Unzip and open the attached FILETAG NUMBERTAG Observe APITAG crash, with APITAG (AAAA) Screenshot: FILETAG Cause The APITAG entity deserialization at APITAG is vulnerable to a stack buffer overflow. APITAG declared in APITAG on line NUMBERTAG URLTAG is of fixed size NUMBERTAG Some varieties of APITAG provide their own size, e.g. APITAG on line NUMBERTAG URLTAG and no bounds checking is performed. This allows an attacker to overflow buf and overwrite other stack variables, including the return address. The attached APITAG file is tuned to trigger this behavior in the latest windows release of APITAG but the same bug is also present in older versions and on other platforms. Impact An attacker can craft a JW CAD input file and thereby gain control over execution flow (EIP controlled directly). This allows an attacker to run arbitrary code on the system running APITAG with the privileges of the current user. Proposed Mitigation NUMBERTAG Perform bounds checking in APITAG , and refuse to load the file if it would overflow buf NUMBERTAG Enable stack smashing protection in the windows build of APITAG Operating System and APITAG version info Version NUMBERTAG rc3 Compiler: GNU GCC NUMBERTAG Compiled on: No NUMBERTAG Qt Version NUMBERTAG Boost Version NUMBERTAG System: Windows NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2021-45342",
- "Issue_Url_old": "https://github.com/LibreCAD/LibreCAD/issues/1464",
- "Issue_Url_new": "https://github.com/librecad/librecad/issues/1464",
- "Repo_new": "librecad/librecad",
- "Issue_Created_At": "2021-12-18T22:48:34Z",
- "description": "Remote Code Execution vulnerability in APITAG NUMBERTAG rc3 (JWW APITAG Vulnerable Products APITAG NUMBERTAG rc3 and older Steps to reproduce or sample file NUMBERTAG Start APITAG NUMBERTAG in a debugger NUMBERTAG APITAG NUMBERTAG Unzip and open the FILETAG NUMBERTAG Observe APITAG crash, with APITAG (AAAA) Screenshot: FILETAG Cause The APITAG entity deserialization in APITAG is vulnerable to a stack buffer overflow. APITAG declared in APITAG on line NUMBERTAG URLTAG is of fixed size NUMBERTAG One variety of APITAG provides its own size field, as seen on line NUMBERTAG URLTAG and no bounds checking is performed. This allows an attacker to overflow buf and overwrite other stack variables, including the return address. The attached APITAG file is tuned to trigger this behavior in the latest windows release of APITAG but the same bug is also present in older versions and on other platforms. Note : This is similar to, but distinct from issue NUMBERTAG Impact An attacker can craft a JW CAD input file and thereby gain control over execution flow (EIP controlled directly). This allows an attacker to run arbitrary code on the system running APITAG with the privileges of the current user. Proposed Mitigation NUMBERTAG Perform bounds checking in APITAG , and refuse to load more data to buf than actually supported NUMBERTAG Enable stack smashing protection in the windows build of APITAG Operating System and APITAG version info Version NUMBERTAG rc3 Compiler: GNU GCC NUMBERTAG Compiled on: No NUMBERTAG Qt Version NUMBERTAG Boost Version NUMBERTAG System: Windows NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45343",
- "Issue_Url_old": "https://github.com/LibreCAD/LibreCAD/issues/1468",
- "Issue_Url_new": "https://github.com/librecad/librecad/issues/1468",
- "Repo_new": "librecad/librecad",
- "Issue_Created_At": "2021-12-19T17:00:48Z",
- "description": "NULL pointer dereference in DXF parser, HATCH code NUMBERTAG Steps to reproduce or sample file NUMBERTAG Unzip and load the FILETAG in APITAG NUMBERTAG rc3 Cause The APITAG APITAG is written to when loading a HATCH entity with code NUMBERTAG If this occurs before a code NUMBERTAG the pointer is still NULL , leading to a crash. Impact Denial of service. Proposed Mitigation Ensure that APITAG is not NULL before dereferencing at APITAG Operating System and APITAG version info Version NUMBERTAG rc3 Compiler: GNU GCC NUMBERTAG Compiled on: No NUMBERTAG Qt Version NUMBERTAG Boost Version NUMBERTAG System: Windows NUMBERTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46463",
- "Issue_Url_old": "https://github.com/nginx/njs/issues/447",
- "Issue_Url_new": "https://github.com/nginx/njs/issues/447",
- "Repo_new": "nginx/njs",
- "Issue_Created_At": "2021-12-20T05:07:22Z",
- "description": "Control flow hijack caused by Type Confusion of Promise object. Env CODETAG Poc ERRORTAG Analysis The output of the above poc is as follows: APITAG If I comment out APITAG ERRORTAG Then the output will be normal as follows: APITAG This is because APITAG has Type Confusion vuln when dealing with promise objects. The code APITAG will write the integer APITAG to APITAG field of data that has been confused as APITAG , although data may be of other types actually. CODETAG Therefore, when we try to change the data to the Symbol type: ERRORTAG The following error will be reported as expected: ERRORTAG We deliberately introduce the non writable APITAG to prove the validity of the vulnerability. Of course, this primitive can be used to confuse OTHER types of objects, and combined with heap spray technology to achieve control flow hijacking. Found by P1umer, Kotori, afang NUMBERTAG IIE Varas",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-4133",
- "Issue_Url_old": "https://github.com/keycloak/keycloak/issues/9247",
- "Issue_Url_new": "https://github.com/keycloak/keycloak/issues/9247",
- "Repo_new": "keycloak/keycloak",
- "Issue_Created_At": "2021-12-20T12:37:38Z",
- "description": "Incorrect authorization allows unpriviledged users to create other users. Describe the bug A incorrect authorization flaw was found in Keycloak NUMBERTAG the flaw allows an attacker with any existing user account to create new default user accounts via the administrative REST API even where new user registration is disabled. URLTAG Version NUMBERTAG Expected behavior _No response_ Actual behavior _No response_ How to Reproduce? _No response_ Anything else? _No response_",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2020-8927",
- "Issue_Url_old": "https://github.com/bitemyapp/brotli2-rs/issues/45",
- "Issue_Url_new": "https://github.com/bitemyapp/brotli2-rs/issues/45",
- "Repo_new": "bitemyapp/brotli2-rs",
- "Issue_Created_At": "2021-12-20T21:10:45Z",
- "description": "Packaged version of brotli is affected by CVETAG . Brotli versions prior NUMBERTAG are affected by CVETAG . URLTAG This is an integer overflow and I believe it is reachable from the rust bindings, but that's just based on a quick perusal of the source code.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
- "severity": "MEDIUM",
- "baseScore": 6.5,
- "impactScore": 2.5,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45791",
- "Issue_Url_old": "https://github.com/slims/slims8_akasia/issues/200",
- "Issue_Url_new": "https://github.com/slims/slims8_akasia/issues/200",
- "Repo_new": "slims/slims8_akasia",
- "Issue_Created_At": "2021-12-21T07:05:29Z",
- "description": "Security Bugs] Multiple Sql Injection. Hello, I found some serious bugs in Slims8 Akasia NUMBERTAG latest version). First of all, there is a SQL injection bug. This injection exists in multiple files, and the file where the search keyword $_GET['dir'] is located all has SQL injection. url:[ URLTAG url CODETAG '.urldecode($_GET $_fld_sort]).' CODETAG You have escaped the dir string. But in fact it just appends a backslash \\ before', \"or \\. Reference from PHP mysql_real_escape_string Therefore, if my GET variable dir does not contain these characters, sql injection will be triggered. SQL injection demonstration APITAG SQL injection demonstration APITAG Example: [ URLTAG url APITAG APITAG List some pages with SQL injection: CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- },
- {
- "CVE_ID": "CVE-2022-23094",
- "Issue_Url_old": "https://github.com/libreswan/libreswan/issues/585",
- "Issue_Url_new": "https://github.com/libreswan/libreswan/issues/585",
- "Repo_new": "libreswan/libreswan",
- "Issue_Created_At": "2021-12-21T07:39:17Z",
- "description": "xfrm interface ipsec1 exist after core dump and blocking restart of ipsec service clean. After setting up plutodebug=base, I got the packet which may cause core dump when ike NUMBERTAG is not accept APITAG NUMBERTAG localhost pluto NUMBERTAG received NUMBERTAG bytes from APITAG on eth0 APITAG using UDP Dec NUMBERTAG localhost pluto NUMBERTAG fc b NUMBERTAG e NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG cc NUMBERTAG d NUMBERTAG c ...............\\ Dec NUMBERTAG localhost pluto NUMBERTAG P.... Dec NUMBERTAG localhost pluto NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG b NUMBERTAG c NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG e NUMBERTAG fc b NUMBERTAG e NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG cc ................ Dec NUMBERTAG localhost pluto NUMBERTAG d NUMBERTAG c NUMBERTAG P Dec NUMBERTAG localhost pluto NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG b NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG c NUMBERTAG e NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG b NUMBERTAG c NUMBERTAG e NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG parse ISAKMP Message: Dec NUMBERTAG localhost pluto NUMBERTAG initiator SPI NUMBERTAG fc b NUMBERTAG e NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG responder SPI NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG next payload type: ISAKMP_NEXT_SA NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG ISAKMP version: ISAKMP Version NUMBERTAG rfc NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG exchange type: ISAKMP_XCHG_IDPROT NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG flags: none NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG Message ID NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG length NUMBERTAG cc) Dec NUMBERTAG localhost pluto NUMBERTAG processing version NUMBERTAG packet with exchange type=ISAKMP_XCHG_IDPROT NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG State DB: IKE NUMBERTAG state not found (find_state_ike NUMBERTAG init) Dec NUMBERTAG localhost pluto NUMBERTAG null state always idle Dec NUMBERTAG localhost pluto NUMBERTAG got payload NUMBERTAG ISAKMP_NEXT_SA) needed NUMBERTAG opt NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG parse ISAKMP Security Association Payload: Dec NUMBERTAG localhost pluto NUMBERTAG next payload type: ISAKMP_NEXT_VID NUMBERTAG d) Dec NUMBERTAG localhost pluto NUMBERTAG length NUMBERTAG c) Dec NUMBERTAG localhost pluto NUMBERTAG DOI: ISAKMP_DOI_IPSEC NUMBERTAG Dec NUMBERTAG localhost pluto NUMBERTAG got payload NUMBERTAG ISAKMP_NEXT_VID) needed NUMBERTAG opt NUMBERTAG Dec NUMBERTAG localhost systemd NUMBERTAG APITAG Main process exited, code=dumped, status NUMBERTAG SEGV Dec NUMBERTAG localhost systemd NUMBERTAG APITAG Failed with result 'core dump'. Dec NUMBERTAG localhost systemd NUMBERTAG APITAG Consumed NUMBERTAG s CPU time. Dec NUMBERTAG localhost systemd NUMBERTAG APITAG Scheduled restart job, restart counter is at NUMBERTAG Dec NUMBERTAG localhost systemd NUMBERTAG Stopped Internet Key Exchange (IKE) Protocol Daemon for APITAG Dec NUMBERTAG localhost systemd NUMBERTAG APITAG Consumed NUMBERTAG s CPU time. Dec NUMBERTAG localhost systemd NUMBERTAG Starting Internet Key Exchange (IKE) Protocol Daemon for APITAG normally after core dump the APITAG service restart by unfortunately the original xfrm interface was not clear and cause below: APITAG NUMBERTAG localhost pluto NUMBERTAG ike NUMBERTAG cp\": conflict ipsec1 already exist cannot support xfrm interface. May be leftover from previous pluto? Dec NUMBERTAG localhost pluto NUMBERTAG ike NUMBERTAG cp\": failed to add connection: ipsec interface NUMBERTAG not supported. device name conflict in APITAG This cause the VPN server not accept any connection request and need manual restart the service. Any workaround?",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45863",
- "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/509",
- "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/509",
- "Repo_new": "justdan96/tsmuxer",
- "Issue_Created_At": "2021-12-21T08:06:40Z",
- "description": "heap buffer overflow in APITAG APITAG Hi, I found a heap buffer overflow error. Some Info APITAG To reproduce NUMBERTAG Compile APITAG NUMBERTAG run tsmuxer APITAG Asan output ERRORTAG POC FILETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45860",
- "Issue_Url_old": "https://github.com/justdan96/tsMuxer/issues/510",
- "Issue_Url_new": "https://github.com/justdan96/tsmuxer/issues/510",
- "Repo_new": "justdan96/tsmuxer",
- "Issue_Created_At": "2021-12-21T08:53:16Z",
- "description": "An Integer Overflow in APITAG Hi, I found a integer overflow in APITAG URLTAG POC FILETAG With this poc, the buffer is too small but the condition on line NUMBERTAG results true. gdb ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46324",
- "Issue_Url_old": "https://github.com/espruino/Espruino/issues/2121",
- "Issue_Url_new": "https://github.com/espruino/espruino/issues/2121",
- "Repo_new": "espruino/espruino",
- "Issue_Created_At": "2021-12-21T13:15:35Z",
- "description": "Stack buffer overflow APITAG in APITAG Espruino revision Commit NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 7.8,
- "impactScore": 5.9,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45809",
- "Issue_Url_old": "https://github.com/yuezk/GlobalProtect-openconnect/issues/113",
- "Issue_Url_new": "https://github.com/yuezk/globalprotect-openconnect/issues/113",
- "Repo_new": "yuezk/globalprotect-openconnect",
- "Issue_Created_At": "2021-12-21T13:35:33Z",
- "description": "Trivially Exploitable Priviledge Escalation Vulnerability. The way APITAG Openconnect is set up enables arbitrary users to execute commands as root NUMBERTAG Install the payload; in this case, a demonstration payload installing itself to PATHTAG echo e ' PATHTAG NUMBERTAG PATHTAG a NUMBERTAG PATHTAG > /tmp/groot; bash /tmp/groot NUMBERTAG Specify openconnect parameters: APITAG NUMBERTAG Log into any VPN service This vulnerability can be executed by any user, even a \"nobody\" user covertly by sending commands to the APITAG . This vulnerability can be executed by a user with keyboard access to install a rootkit using the GUI you provided. This vulnerability can be executed as soon as openconnect globalprotect is installed; even if the APITAG systemd service has not been started as the unit file specifies: APITAG . I had to explicitly mask the service to mitigate the vulnerability. As such, it leaves any host who even has the program installed highly vulnerable; this is the worst case among privilege escalation vulnerabilities. For a secure by default configuration, openconnect global needs to be updated, so administrator approval is needed to allow specific globalprotect servers or a change in command line parameters. I propose a root editable configuration file /etc/openconnect APITAG with the following syntax karolin . APITAG i cupdev PATHTAG This entry allows the user karolin to connect to any vpn servers with a domain suffix APITAG and the specified openconnect parameters. Groups may be specified by prefixing the user with APITAG . The app could implement a config editing feature, allowing users to edit the configuration graphically after specifying the administrator password. I would also suggest disabling systemd dbus activation altogether just to avoid the entire issue of a security bug sticking around even with a stopped unit. Thank you for all your hard work!",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "severity": "CRITICAL",
- "baseScore": 9.8,
- "impactScore": 5.9,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-45810",
- "Issue_Url_old": "https://github.com/yuezk/GlobalProtect-openconnect/issues/114",
- "Issue_Url_new": "https://github.com/yuezk/globalprotect-openconnect/issues/114",
- "Repo_new": "yuezk/globalprotect-openconnect",
- "Issue_Created_At": "2021-12-21T13:37:56Z",
- "description": "Easy to exploit host traffic redirection vulnerability. Joining a VPN does not require administrator access; a malicious party hosting any openconnect server can redirect the host's network traffic over via their own server. This vulnerability is executed by\u2026simply logging into their own server. The same preconditions apply as to NUMBERTAG Note that hosting a global protect server is not necessary, if commands are sent directly to the DBUS service. In this case, hosting any openconnect supported VPN server will suffice. Proposed Fix See NUMBERTAG as both vulnerabilities have the same fix.",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-46323",
- "Issue_Url_old": "https://github.com/espruino/Espruino/issues/2122",
- "Issue_Url_new": "https://github.com/espruino/espruino/issues/2122",
- "Repo_new": "espruino/espruino",
- "Issue_Created_At": "2021-12-21T14:03:50Z",
- "description": "SEGV APITAG in APITAG Espruino revision Commit NUMBERTAG URLTAG Version NUMBERTAG Build environment Ubuntu NUMBERTAG LTS APITAG NUMBERTAG generic NUMBERTAG Build steps APITAG Test case ERRORTAG Execution & Output ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45792",
- "Issue_Url_old": "https://github.com/slims/slims9_bulian/issues/122",
- "Issue_Url_new": "https://github.com/slims/slims9_bulian/issues/122",
- "Repo_new": "slims/slims9_bulian",
- "Issue_Created_At": "2021-12-22T08:39:34Z",
- "description": "APITAG APITAG cross site script attacks\uff08xss\uff09. Describe the bug Storage type xss exists in Custom Field Editor in PATHTAG file. There is no effective defense against the NOTE field, leading to cross site script attacks. To Reproduce Steps to reproduce the behavior: Storage type xss exists in Custom Field Editor in PATHTAG file. There is no effective defense against the NOTE field, leading to cross site scripting attacks. Administrator login \"system\" add new \"field> fill in cross site scripting in the NOTE field APITAG It will take effect after saving. Expected behavior You can insert js scripts to attack. Screenshots APITAG APITAG Desktop : OS: APITAG M1] Browser APITAG Version APITAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
- "severity": "MEDIUM",
- "baseScore": 4.8,
- "impactScore": 2.7,
- "exploitabilityScore": 1.7
- },
- {
- "CVE_ID": "CVE-2021-45793",
- "Issue_Url_old": "https://github.com/slims/slims9_bulian/issues/123",
- "Issue_Url_new": "https://github.com/slims/slims9_bulian/issues/123",
- "Repo_new": "slims/slims9_bulian",
- "Issue_Created_At": "2021-12-22T09:49:53Z",
- "description": "APITAG Bugs] Sql Injection. SQL injection exists in the FILETAG file. There is no effective defense against the comment field, leading to SQL injection attacks. Ordinary user login \"find a book\" SQL injection attack in the comments (example: APITAG ) APITAG APITAG CODETAG CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-46039",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/1999",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/1999",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-22T12:55:57Z",
- "description": "untrusted pointer dereference in APITAG (). Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault. bt CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45794",
- "Issue_Url_old": "https://github.com/slims/slims9_bulian/issues/124",
- "Issue_Url_new": "https://github.com/slims/slims9_bulian/issues/124",
- "Repo_new": "slims/slims9_bulian",
- "Issue_Created_At": "2021-12-22T14:29:35Z",
- "description": "APITAG Bugs] SQL Injection. SQL injection exists in the PATHTAG file. There is no effective defense against the comment field, leading to SQL injection attacks. The link is: APITAG Vulnerable parameter id SQL injection payload CODETAG CODETAG APITAG The problematic code CODETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-46038",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/2000",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/2000",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-22T15:49:42Z",
- "description": "untrusted pointer dereference APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result segmentation fault bt ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46043",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/2001",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/2001",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-22T16:04:39Z",
- "description": "Untrusted Pointer Dereference in gf_list_count (). Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result segmentation fault bt CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46042",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/2002",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/2002",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-22T16:16:38Z",
- "description": "Untrusted pointer dereference in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault. bt ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46040",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/2003",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/2003",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-22T16:27:40Z",
- "description": "Untrusted pointer dereference in APITAG (). Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault bt CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45848",
- "Issue_Url_old": "https://github.com/nicotine-plus/nicotine-plus/issues/1777",
- "Issue_Url_new": "https://github.com/nicotine-plus/nicotine-plus/issues/1777",
- "Repo_new": "nicotine-plus/nicotine-plus",
- "Issue_Created_At": "2021-12-22T17:11:07Z",
- "description": "Just crashed on Win NUMBERTAG insider ring. Type: <class ERRORTAG Value: access: embedded null character in path Traceback: File APITAG line NUMBERTAG in network_event File APITAG line NUMBERTAG in queue_upload File APITAG line NUMBERTAG in queue_upload File APITAG line NUMBERTAG in file_is_shared",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "severity": "HIGH",
- "baseScore": 7.5,
- "impactScore": 3.6,
- "exploitabilityScore": 3.9
- },
- {
- "CVE_ID": "CVE-2021-46041",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/2004",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/2004",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-22T17:31:48Z",
- "description": "Untrusted pointer dereference in co NUMBERTAG box_new (). Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault bt CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46046",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/2005",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/2005",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-22T17:52:53Z",
- "description": "Untrusted pointer dereference in gf_isom_box_size () . Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault. bt CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46044",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/2006",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/2006",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-22T18:20:11Z",
- "description": "Untrusted pointer dereference in APITAG (). Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Segmentation fault bt CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46045",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/2007",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/2007",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-22T18:37:49Z",
- "description": "Abort failed in APITAG Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Abort bt CODETAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-46047",
- "Issue_Url_old": "https://github.com/gpac/gpac/issues/2008",
- "Issue_Url_new": "https://github.com/gpac/gpac/issues/2008",
- "Repo_new": "gpac/gpac",
- "Issue_Created_At": "2021-12-22T18:56:01Z",
- "description": "Untrusted pointer dereference in gf_hinter_finalize (). Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue thank you! FILETAG Result Abort bt ERRORTAG",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "severity": "MEDIUM",
- "baseScore": 5.5,
- "impactScore": 3.6,
- "exploitabilityScore": 1.8
- },
- {
- "CVE_ID": "CVE-2021-45821",
- "Issue_Url_old": "https://github.com/btiteam/xbtit-3.1/issues/6",
- "Issue_Url_new": "https://github.com/btiteam/xbtit-3.1/issues/6",
- "Repo_new": "btiteam/xbtit-3.1",
- "Issue_Created_At": "2021-12-22T20:18:47Z",
- "description": "Blind SQL Injection affecting Xbtit NUMBERTAG and APITAG NUMBERTAG Description A blind SQL Injection vulnerability exists in Xbtit NUMBERTAG and APITAG NUMBERTAG ia the sid parameter (GET) in FILETAG file that is accessible by a simple registered user with default privileges. As a result a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to gain remote code execution. FILETAG APITAG NUMBERTAG FILETAG sid parameter) affecting Xbtit NUMBERTAG and APITAG NUMBERTAG Login as a simple user make a comment in the chat box. The sid parameter is vulnerable to an authenticated blind SQL injection. Use the following APITAG and cause a sleep delay for NUMBERTAG seconds to manually test if the vulnerability exists. Note that you must be logged in as a simple user and the sid parameter must be a valid chat message id you have already generated! APITAG FILETAG FILETAG FILETAG FILETAG APITAG APITAG APITAG NUMBERTAG is also affected by the same issue. APITAG NUMBERTAG FILETAG msgid parameter) affecting only APITAG NUMBERTAG APITAG NUMBERTAG has additionally functionality on the file named ( FILETAG ) that has a vulnerable GET\u00a0id parameter (msgid) that offers almost similar functionality. So we can apply the same on /chatedit.php instead of FILETAG and msgid (GET) instead of sid (GET) parameter. The following APITAG will cause a sleep delay for NUMBERTAG seconds to manually test if the vulnerability exists. Note that you must be logged in as a simple user and the msgid parameter must be a valid chat message id you have already generated. APITAG FILETAG",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "severity": "HIGH",
- "baseScore": 8.8,
- "impactScore": 5.9,
- "exploitabilityScore": 2.8
- }
- ]
|
