The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2021-37470 | In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript. | -- | Jul 25, 2021 |
| CVE-2021-37469 | In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem. | -- | Jul 25, 2021 |
| CVE-2021-37468 | NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files. | -- | Jul 25, 2021 |
| CVE-2021-37467 | In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). | -- | Jul 25, 2021 |
| CVE-2021-37466 | In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). | -- | Jul 25, 2021 |
| CVE-2021-37465 | In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). | -- | Jul 25, 2021 |
| CVE-2021-37464 | In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). | -- | Jul 25, 2021 |
| CVE-2021-37463 | In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). | -- | Jul 25, 2021 |
| CVE-2021-37462 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). | -- | Jul 25, 2021 |
| CVE-2021-37461 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). | -- | Jul 25, 2021 |
| CVE-2021-37460 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). | -- | Jul 25, 2021 |
| CVE-2021-37459 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). | -- | Jul 25, 2021 |
| CVE-2021-37458 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored). | -- | Jul 25, 2021 |
| CVE-2021-37457 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored). | -- | Jul 25, 2021 |
| CVE-2021-37456 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored). | -- | Jul 25, 2021 |
| CVE-2021-37455 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored). | -- | Jul 25, 2021 |
| CVE-2021-37454 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored). | -- | Jul 25, 2021 |
| CVE-2021-37453 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored). | -- | Jul 25, 2021 |
| CVE-2021-37452 | NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files. | -- | Jul 25, 2021 |
| CVE-2021-37451 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected). | -- | Jul 25, 2021 |
| CVE-2021-37450 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected). | -- | Jul 25, 2021 |
| CVE-2021-37449 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected). | -- | Jul 25, 2021 |
| CVE-2021-37448 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored). | -- | Jul 25, 2021 |
| CVE-2021-37447 | In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion. | -- | Jul 25, 2021 |
| CVE-2021-37446 | In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading. | -- | Jul 25, 2021 |
| CVE-2021-37445 | In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading. | -- | Jul 25, 2021 |
| CVE-2021-37444 | NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element\'s pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function. | -- | Jul 25, 2021 |
| CVE-2021-37443 | NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. | -- | Jul 25, 2021 |
| CVE-2021-37442 | NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files. | -- | Jul 25, 2021 |
| CVE-2021-37441 | NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. | -- | Jul 25, 2021 |
| CVE-2021-37440 | NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring. | -- | Jul 25, 2021 |
| CVE-2021-37439 | NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability. | -- | Jul 25, 2021 |
| CVE-2021-26699 | OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. | -- | Jul 25, 2021 |
| CVE-2021-26698 | OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. | -- | Jul 25, 2021 |
| CVE-2021-23413 | This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance. | -- | Jul 25, 2021 |
| CVE-2021-3663 | firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts | -- | Jul 25, 2021 |
| CVE-2021-37436 | Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations. | -- | Jul 24, 2021 |
| CVE-2021-33910 | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | -- | Jul 24, 2021 |
| CVE-2021-36747 | Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form. | LOW | Jul 23, 2021 |
| CVE-2021-36746 | Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor. | LOW | Jul 23, 2021 |
| CVE-2021-34268 | An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet. | -- | Jul 23, 2021 |
| CVE-2021-34267 | An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint. | -- | Jul 23, 2021 |
| CVE-2021-34262 | A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | -- | Jul 23, 2021 |
| CVE-2021-34261 | An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature. | -- | Jul 23, 2021 |
| CVE-2021-34260 | A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | -- | Jul 23, 2021 |
| CVE-2021-34259 | A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | -- | Jul 23, 2021 |
| CVE-2021-33909 | fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | -- | Jul 23, 2021 |
| CVE-2021-32786 | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to redirect with slashes to address a particular breaking change between the different specifications (RFC2396 / RFC3986 and WHATWG). As a workaround, this vulnerability can be mitigated by configuring `mod_auth_openidc` to only allow redirection whose destination matches a given regular expression. | -- | Jul 23, 2021 |
| CVE-2021-32785 | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled. | -- | Jul 23, 2021 |
| CVE-2021-32783 | Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy\'s admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy remotely (a denial of service), or to expose the existence of any Secret that Envoy is using for its configuration, including most notably TLS Keypairs. However, it *cannot* be used to get the *content* of those secrets. Since this attack allows access to the administration interface, a variety of administration options are available, such as shutting down the Envoy or draining traffic. In general, the Envoy admin interface cannot easily be used for making changes to the cluster, in-flight requests, or backend services, but it could be used to shut down or drain Envoy, change traffic routing, or to retrieve secret metadata, as mentioned above. The issue will be addressed in Contour v1.18.0 and a cherry-picked patch release, v1.17.1, has been released to cover users who cannot upgrade at this time. For more details refer to the linked GitHub Security Advisory. | -- | Jul 23, 2021 |
