The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2021-22048 | The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group. | MEDIUM | Nov 10, 2021 |
| CVE-2021-21701 | Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | MEDIUM | Nov 12, 2021 |
| CVE-2021-21528 | Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions. | MEDIUM | Nov 12, 2021 |
| CVE-2021-20119 | The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password. | MEDIUM | Nov 10, 2021 |
| CVE-2021-3945 | django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') | MEDIUM | Nov 13, 2021 |
| CVE-2021-3934 | ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command | MEDIUM | Nov 12, 2021 |
| CVE-2021-3932 | twill is vulnerable to Cross-Site Request Forgery (CSRF) | MEDIUM | Nov 13, 2021 |
| CVE-2021-3931 | snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | MEDIUM | Nov 13, 2021 |
| CVE-2021-3921 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | MEDIUM | Nov 13, 2021 |
| CVE-2021-3912 | OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash). | MEDIUM | Nov 12, 2021 |
| CVE-2021-3911 | If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. | MEDIUM | Nov 12, 2021 |
| CVE-2021-3910 | OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\\0) character). | MEDIUM | Nov 12, 2021 |
| CVE-2021-3909 | OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive. | MEDIUM | Nov 12, 2021 |
| CVE-2021-3908 | OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. | MEDIUM | Nov 12, 2021 |
| CVE-2021-3840 | A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi. | MEDIUM | Nov 12, 2021 |
| CVE-2021-3793 | An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware. | MEDIUM | Nov 12, 2021 |
| CVE-2021-3792 | Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker. | MEDIUM | Nov 12, 2021 |
| CVE-2021-3788 | An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device. | MEDIUM | Nov 12, 2021 |
| CVE-2021-3787 | A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services. | MEDIUM | Nov 12, 2021 |
| CVE-2021-3776 | showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | MEDIUM | Nov 13, 2021 |
| CVE-2021-3775 | showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | MEDIUM | Nov 13, 2021 |
| CVE-2021-3738 | In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called \'association groups\'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid \'struct session_info\'. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access. | MEDIUM | Nov 11, 2021 |
| CVE-2021-3718 | A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS. | MEDIUM | Nov 12, 2021 |
| CVE-2021-3683 | showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | MEDIUM | Nov 13, 2021 |
| CVE-2021-3577 | An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device. | MEDIUM | Nov 12, 2021 |
| CVE-2021-3519 | A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the BIOS Password At Boot Device List BIOS setting is Yes. | MEDIUM | Nov 12, 2021 |
| CVE-2021-3380 | Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality. | MEDIUM | Nov 10, 2021 |
| CVE-2021-1981 | Possible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | MEDIUM | Nov 12, 2021 |
| CVE-2020-28419 | During installation with certain driver software or application packages an arbitrary code execution could occur. | MEDIUM | Nov 10, 2021 |
| CVE-2020-25722 | Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. | MEDIUM | Nov 11, 2021 |
| CVE-2020-25721 | Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets. | MEDIUM | Nov 11, 2021 |
| CVE-2020-25718 | A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. | MEDIUM | Nov 11, 2021 |
| CVE-2020-23906 | FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity. | MEDIUM | Nov 11, 2021 |
| CVE-2020-23904 | A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states I cannot reproduce it and it is a demo program. | MEDIUM | Nov 12, 2021 |
| CVE-2020-23903 | A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. | MEDIUM | Nov 11, 2021 |
| CVE-2020-23902 | A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address may be used as a return value starting at Editor!TMethodImplementationIntercept+0x528a3. | MEDIUM | Nov 13, 2021 |
| CVE-2020-23901 | A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. | MEDIUM | Nov 13, 2021 |
| CVE-2020-23900 | A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b. | MEDIUM | Nov 13, 2021 |
| CVE-2020-23899 | A User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. | MEDIUM | Nov 13, 2021 |
| CVE-2020-23898 | A User Mode Write AV in Editor+0x5ea2 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. | MEDIUM | Nov 13, 2021 |
| CVE-2020-23897 | A User Mode Write AV in Editor!TMethodImplementationIntercept+0x54dcec of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. | MEDIUM | Nov 13, 2021 |
| CVE-2020-23896 | A User Mode Write AV in Editor+0x576b of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | MEDIUM | Nov 13, 2021 |
| CVE-2020-23895 | A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | MEDIUM | Nov 13, 2021 |
| CVE-2020-23894 | A User Mode Write AV in ntdll!RtlpCoalesceFreeBlocks+0x268 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | MEDIUM | Nov 13, 2021 |
| CVE-2020-23893 | A User Mode Write AV in Editor!TMethodImplementationIntercept+0x3c3682 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | MEDIUM | Nov 13, 2021 |
| CVE-2020-23891 | A User Mode Write AV in Editor+0x5cd7 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | MEDIUM | Nov 13, 2021 |
| CVE-2020-23890 | A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted JPG file. Related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at JPGCodec+0x753648. | MEDIUM | Nov 13, 2021 |
| CVE-2020-23889 | A User Mode Write AV starting at Editor!TMethodImplementationIntercept+0x4189c6 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted ico file. | MEDIUM | Nov 13, 2021 |
| CVE-2020-23888 | A User Mode Write AV in Editor!TMethodImplementationIntercept+0x53f6c3 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted psd file. | MEDIUM | Nov 13, 2021 |
| CVE-2020-23887 | XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33. | MEDIUM | Nov 11, 2021 |
