IS Security CERT Global

• CVE-2021-36513
  An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value. ... read more
• CVE-2021-29878
  IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the ... read more
• CVE-2021-42055
  ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker. ... read more
• CVE-2021-23449
  This affects the package vm2 before 3.9.4. Prototype Pollution attack vector can lead to sandbox escape and execution of arbitrary code on the host machine. ... read more
• CVE-2021-33734 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted ... read more
• CVE-2020-22674 (gpac)
  An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via ... read more
• CVE-2021-32028 (postgresql)
  A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server ... read more
• CVE-2021-26588 (3par_os, alletra_9060_firmware, alletra_9080_firmware, primera_630_firmware, primera_650_firmware, primera_670_firmware)
  A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity ... read more
• CVE-2021-3321 (zephyr)
  Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99 ... read more
• CVE-2021-24576 (easy_accordion)
  The Easy Accordion WordPress plugin before 2.0.22 does not properly sanitize inputs when adding new items to an accordion. ... read more
• CVE-2021-33736 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted ... read more
• CVE-2020-22675 (gpac)
  An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. ... read more
• CVE-2020-22677 (gpac)
  An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. ... read more
• CVE-2020-22678 (gpac)
  An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. ... read more
• CVE-2021-37734 (aruba_instant)
  A remote unauthorized read access to files vulnerability was discovered in Aruba Instant version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.19 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; ... read more
• CVE-2021-37735 (aruba_instant)
  A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. ... read more
• CVE-2021-33735 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted ... read more
• CERTFR-2021-ACT-045 : Bulletin d’actualité CERTFR-2021-ACT-045 (18 octobre 2021)
  Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas ... read more
• CERTFR-2021-AVI-794 : Vulnérabilité dans Check Point Mobile Access Portal Agent (18 octobre 2021)
  Une vulnérabilité a été découverte dans Check Point Mobile Access Portal Agent. Elle permet à un attaquant de provoquer une exécution de code arbitraire. ... read more
• CVE-2021-33728 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due ... read more
• CVE-2021-33725 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path ... read more
• CVE-2021-33733 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted ... read more
• CVE-2021-33730 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted ... read more
• CVE-2021-33731 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted ... read more
• CVE-2021-0583 (android)
  In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User ... read more
• CVE-2021-33726 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does ... read more
• CVE-2021-33729 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could ... read more
• CVE-2021-33727 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker ... read more
• CVE-2021-33732 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted ... read more
• CVE-2021-24754
  The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an ... read more
• CVE-2021-41990
  The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed ... read more
• CVE-2021-24752
  Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the ... read more
• CVE-2021-32609
  Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious ... read more
• CVE-2021-42576
  The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. ... read more
• CVE-2021-42575
  The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. ... read more
• CVE-2021-41971
  Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom ... read more
• CVE-2021-24760
  The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site ... read more
• CVE-2021-41991
  The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of ... read more
• CVE-2021-42098
  An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell. ... read more
• GhiHorn: Path Analysis in Ghidra Using SMT Solvers
  We believe that many common challenges in malware analysis and reverse engineering can be framed in terms of finding a path to a specific point in a program. ... read more
• Vulnerability Summary for the Week of October 11, 2021
  ... read more
• CVE-2021-40542 (opensis)
  Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php. ... read more
• CVE-2021-33722 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this ... read more
• CVE-2021-33723 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With ... read more
• CVE-2021-40888 (projectsend)
  Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function ... read more
• CVE-2021-40887 (projectsend)
  Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any ... read more
• CVE-2021-33724 (sinec_nms)
  A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an ... read more
• CVE-2021-40543 (opensis)
  Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file. ... read more
• CVE-2021-27002 (cloud_manager)
  NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy. ... read more
• CVE-2021-40191 (dzzoffice)
  Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in ... read more
Older posts