Commits 10/10/2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Entry

Field

Commit Conf

Approve Conf

IDUserEntryFieldChangeRemarksModeratedReasonC
11696809VulD...184135price_0day$0-$5ksee exploit price documentation10/10/2021accepted
90
11696808VulD...184135cvss3_meta_tempscore7.4see CVSS documentation10/10/2021accepted
90
11696807VulD...184135cvss3_meta_basescore7.5see CVSS documentation10/10/2021accepted
90
11696806VulD...184135cvss3_vuldb_tempscore6.0see CVSS documentation10/10/2021accepted
90
11696805VulD...184135cvss3_vuldb_basescore6.3see CVSS documentation10/10/2021accepted
90
11696804VulD...184135cvss2_vuldb_tempscore6.5see CVSS documentation10/10/2021accepted
90
11696803VulD...184135cvss2_vuldb_basescore7.5see CVSS documentation10/10/2021accepted
90
11696802VulD...184135cvss3_cna_basescore8.8see CVSS documentation10/10/2021accepted
90
11696801VulD...184135cvss3_vuldb_eXderived from historical data10/10/2021accepted
80
11696800VulD...184135cvss2_vuldb_eNDderived from historical data10/10/2021accepted
80
11696799VulD...184135cvss2_vuldb_rlOFderived from vuldb v3 vector10/10/2021accepted
80
11696798VulD...184135cvss2_vuldb_rcCderived from vuldb v3 vector10/10/2021accepted
80
11696797VulD...184135cvss2_vuldb_aiPderived from vuldb v3 vector10/10/2021accepted
80
11696796VulD...184135cvss2_vuldb_iiPderived from vuldb v3 vector10/10/2021accepted
80
11696795VulD...184135cvss2_vuldb_ciPderived from vuldb v3 vector10/10/2021accepted
80
11696794VulD...184135cvss2_vuldb_auNderived from vuldb v3 vector10/10/2021accepted
80
11696793VulD...184135cvss2_vuldb_acLderived from vuldb v3 vector10/10/2021accepted
80
11696792VulD...184135cvss2_vuldb_avNderived from vuldb v3 vector10/10/2021accepted
80
11696791VulD...184135typeContent Management System10/10/2021accepted
90
11696790VulD...184135date1633816800 (10/10/2021)10/10/2021accepted
90
11696789VulD...184135cve_cnaWhiteSourcemitre.org10/10/2021accepted
90
11696788VulD...184135cve_assigned1611270000mitre.org10/10/2021accepted
90
11696787VulD...184135cveCVE-2021-25966mitre.org10/10/2021accepted
90
11696786VulD...184135patch_urlhttps://github.com/OrchardCMS/OrchardCore/blob/v1.0.0/src/OrchardCore.Modules/OrchardCore.Users/Controllers/ResetPasswordController.cs#L123github.com10/10/2021accepted
90
11696785VulD...184135namePatch10/10/2021accepted
90
11696784VulD...184135urlhttps://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25966whitesourcesoftware.com10/10/2021accepted
90
11696783VulD...184135cvss3_cna_aHsee CVSS documentation10/10/2021accepted
90
11696782VulD...184135cvss3_cna_iHsee CVSS documentation10/10/2021accepted
90
11696781VulD...184135cvss3_cna_cHsee CVSS documentation10/10/2021accepted
90
11696780VulD...184135cvss3_cna_sUsee CVSS documentation10/10/2021accepted
90
11696779VulD...184135cvss3_cna_uiRsee CVSS documentation10/10/2021accepted
90
11696778VulD...184135cvss3_cna_prNsee CVSS documentation10/10/2021accepted
90
11696777VulD...184135cvss3_cna_acLsee CVSS documentation10/10/2021accepted
90
11696776VulD...184135cvss3_cna_avNsee CVSS documentation10/10/2021accepted
90
11696775VulD...184135cvss3_vuldb_rcCsee CVSS documentation10/10/2021accepted
90
11696774VulD...184135cvss3_vuldb_rlOsee CVSS documentation10/10/2021accepted
90
11696773VulD...184135cvss3_vuldb_aLsee CVSS documentation10/10/2021accepted
90
11696772VulD...184135cvss3_vuldb_iLsee CVSS documentation10/10/2021accepted
90
11696771VulD...184135cvss3_vuldb_cLsee CVSS documentation10/10/2021accepted
90
11696770VulD...184135cvss3_vuldb_sUsee CVSS documentation10/10/2021accepted
90
11696769VulD...184135cvss3_vuldb_uiRsee CVSS documentation10/10/2021accepted
90
11696768VulD...184135cvss3_vuldb_prNsee CVSS documentation10/10/2021accepted
90
11696767VulD...184135cvss3_vuldb_acLsee CVSS documentation10/10/2021accepted
90
11696766VulD...184135cvss3_vuldb_avNsee CVSS documentation10/10/2021accepted
90
11696765VulD...184135cwe613 (weak authentication)10/10/2021accepted
90
11696764VulD...184135componentPassword Change Handler10/10/2021accepted
90
11696763VulD...184135version<=1.0.0see version documentation10/10/2021accepted
90
11696762VulD...184135nameCMS10/10/2021accepted
90
11696761VulD...184135vendorOrchard10/10/2021accepted
90
11696194VulD...184068cve_nvd_summaryZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.mitre.org10/10/2021accepted
70
11696193VulD...184067cve_nvd_summaryZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.mitre.org10/10/2021accepted
70
11696192VulD...184066cve_nvd_summaryZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.mitre.org10/10/2021accepted
70
11696191VulD...184065cve_nvd_summaryZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.mitre.org10/10/2021accepted
70
11696190VulD...184064cve_nvd_summaryZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.mitre.org10/10/2021accepted
70
11696189VulD...184063cve_nvd_summaryZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.mitre.org10/10/2021accepted
70
11696188VulD...184062cve_nvd_summaryZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.mitre.org10/10/2021accepted
70
11696187VulD...184061cve_nvd_summaryZoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.mitre.org10/10/2021accepted
70
11696186VulD...184060cve_nvd_summaryAn issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.mitre.org10/10/2021accepted
70
11696185VulD...184059cve_nvd_summaryApache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.mitre.org10/10/2021accepted
70
11696184VulD...184058cve_nvd_summaryWhile working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packaging should upgrade to the latest version of Apache OpenOffice.mitre.org10/10/2021accepted
70
11696183VulD...184057cve_nvd_summaryIntegria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).mitre.org10/10/2021accepted
70
11696182VulD...184057confirm_urlhttps://integriaims.com/en/services/updates/integriaims.com10/10/2021accepted
70
11696181VulD...184056cve_nvd_summaryOpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter.mitre.org10/10/2021accepted
70
11696180VulD...184055cve_nvd_summaryOpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter.mitre.org10/10/2021accepted
70
11696179VulD...184054cve_nvd_summaryIBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.mitre.org10/10/2021accepted
70
11696178VulD...184054confirm_urlhttps://www.ibm.com/support/pages/node/6496749ibm.com10/10/2021accepted
70
11696177VulD...184053cve_nvd_summaryIBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.mitre.org10/10/2021accepted
70
11696176VulD...184053confirm_urlhttps://www.ibm.com/support/pages/node/6496785ibm.com10/10/2021accepted
70
11696175VulD...184052cve_nvd_summaryIBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567.mitre.org10/10/2021accepted
70
11696174VulD...184052confirm_urlhttps://www.ibm.com/support/pages/node/6496803ibm.com10/10/2021accepted
70
11696173VulD...184051cve_nvd_summaryIBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246.mitre.org10/10/2021accepted
70
11696172VulD...184051confirm_urlhttps://www.ibm.com/support/pages/node/6496753ibm.com10/10/2021accepted
70
11696171VulD...184050cve_nvd_summaryIBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230.mitre.org10/10/2021accepted
70
11696170VulD...184050confirm_urlhttps://www.ibm.com/support/pages/node/6496759ibm.com10/10/2021accepted
70
11696169VulD...184049cve_nvd_summaryIBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.mitre.org10/10/2021accepted
70
11696168VulD...184049confirm_urlhttps://www.ibm.com/support/pages/node/6496777ibm.com10/10/2021accepted
70
11696167VulD...184048cve_nvd_summaryIBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503.mitre.org10/10/2021accepted
70
11696166VulD...184048confirm_urlhttps://www.ibm.com/support/pages/node/6496781ibm.com10/10/2021accepted
70
11696165VulD...184047cve_nvd_summaryIBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397.mitre.org10/10/2021accepted
70
11696164VulD...184047confirm_urlhttps://www.ibm.com/support/pages/node/6496751ibm.com10/10/2021accepted
70
11696163VulD...184046cve_nvd_summaryIBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.mitre.org10/10/2021accepted
70
11696162VulD...184046confirm_urlhttps://www.ibm.com/support/pages/node/6496771ibm.com10/10/2021accepted
70
11696161VulD...184045cve_nvd_summaryIBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568.mitre.org10/10/2021accepted
70
11696160VulD...184045confirm_urlhttps://www.ibm.com/support/pages/node/6496789ibm.com10/10/2021accepted
70
11696159VulD...184044cve_nvd_summaryIBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user&#039;s service due to insufficient permission checking. IBM X-Force ID: 195518.mitre.org10/10/2021accepted
70
11696158VulD...184044cve_nvd_summaryIBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518.mitre.org10/10/2021accepted
70
11696157VulD...184044confirm_urlhttps://www.ibm.com/support/pages/node/6496805ibm.com10/10/2021accepted
70
11696156VulD...184043cve_nvd_summaryThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha.mitre.org10/10/2021accepted
70
11696155VulD...184042cve_nvd_summaryIt was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.mitre.org10/10/2021accepted
70
11696154VulD...184041cve_nvd_summaryIn LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. (However, changing the password of the root user via LANconfig does change the password of the root user for SNMPv3 access.)mitre.org10/10/2021accepted
70
11696153VulD...184040cve_nvd_summaryImproper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.mitre.org10/10/2021accepted
70
11696152VulD...184039cve_nvd_summaryImproper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.mitre.org10/10/2021accepted
70
11696151VulD...184038cve_nvd_summaryImproper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.mitre.org10/10/2021accepted
70
11696150VulD...184037cve_nvd_summaryImproper Handling of Exceptional Conditions vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.mitre.org10/10/2021accepted
70
11696149VulD...184036cve_nvd_summaryAssuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.mitre.org10/10/2021accepted
70
11696148VulD...184035cve_nvd_summaryAssuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.mitre.org10/10/2021accepted
70
11696147VulD...184034cve_nvd_summaryMyucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method.mitre.org10/10/2021accepted
70
11696146VulD...184033cve_nvd_summaryMyucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method.mitre.org10/10/2021accepted
70
11696145VulD...184032cve_nvd_summaryMyucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method.mitre.org10/10/2021accepted
70
11696144VulD...184031cve_nvd_summaryA vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting and modifying specific internode communications from one ISE persona to another ISE persona. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying operating system. To exploit this vulnerability, the attacker would need to decrypt HTTPS traffic between two ISE personas that are located on separate nodes.mitre.org10/10/2021accepted
70

Want to stay up to date on a daily basis?

Enable the mail alert feature now!