Commits 10/30/2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Entry

Field

source_cve_nvd_summary136
vulnerability_cvss3_meta_tempscore94
vulnerability_cvss3_meta_basescore90
vulnerability_cvss2_nvd_basescore88
vulnerability_cvss2_nvd_ai88

Commit Conf

70%1308
90%963
50%261

Approve Conf

70%1308
90%963
80%261

IDUserEntryFieldChangeRemarksAcceptedReasonC
11799359VulD...185445cvss3_nvd_basescore7.8nist.gov10/30/2021accepted
90
11799358VulD...185445cvss2_nvd_basescore9.3nist.gov10/30/2021accepted
90
11799357VulD...185445cvss3_meta_tempscore7.9see CVSS documentation10/30/2021accepted
90
11799356VulD...185445cvss3_meta_basescore8.3see CVSS documentation10/30/2021accepted
90
11799355VulD...185445cvss2_nvd_aiCnist.gov10/30/2021accepted
70
11799354VulD...185445cvss2_nvd_iiCnist.gov10/30/2021accepted
70
11799353VulD...185445cvss2_nvd_ciCnist.gov10/30/2021accepted
70
11799352VulD...185445cvss2_nvd_auNnist.gov10/30/2021accepted
70
11799351VulD...185445cvss2_nvd_acMnist.gov10/30/2021accepted
70
11799350VulD...185445cvss2_nvd_avNnist.gov10/30/2021accepted
70
11799349VulD...185445cvss3_nvd_aHnist.gov10/30/2021accepted
70
11799348VulD...185445cvss3_nvd_iHnist.gov10/30/2021accepted
70
11799347VulD...185445cvss3_nvd_cHnist.gov10/30/2021accepted
70
11799346VulD...185445cvss3_nvd_sUnist.gov10/30/2021accepted
70
11799345VulD...185445cvss3_nvd_uiRnist.gov10/30/2021accepted
70
11799344VulD...185445cvss3_nvd_prNnist.gov10/30/2021accepted
70
11799343VulD...185445cvss3_nvd_acLnist.gov10/30/2021accepted
70
11799342VulD...185445cvss3_nvd_avLnist.gov10/30/2021accepted
70
11799341VulD...185445cve_nvd_summaryAn Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.cve.org10/30/2021accepted
70
11799340VulD...185444cvss3_nvd_basescore5.4nist.gov10/30/2021accepted
90
11799339VulD...185444cvss2_nvd_basescore3.5nist.gov10/30/2021accepted
90
11799338VulD...185444cvss3_meta_tempscore4.8see CVSS documentation10/30/2021accepted
90
11799337VulD...185444cvss3_meta_basescore4.9see CVSS documentation10/30/2021accepted
90
11799336VulD...185444cvss2_nvd_aiNnist.gov10/30/2021accepted
70
11799335VulD...185444cvss2_nvd_iiPnist.gov10/30/2021accepted
70
11799334VulD...185444cvss2_nvd_ciNnist.gov10/30/2021accepted
70
11799333VulD...185444cvss2_nvd_auSnist.gov10/30/2021accepted
70
11799332VulD...185444cvss2_nvd_acMnist.gov10/30/2021accepted
70
11799331VulD...185444cvss2_nvd_avNnist.gov10/30/2021accepted
70
11799330VulD...185444cvss3_nvd_aNnist.gov10/30/2021accepted
70
11799329VulD...185444cvss3_nvd_iLnist.gov10/30/2021accepted
70
11799328VulD...185444cvss3_nvd_cLnist.gov10/30/2021accepted
70
11799327VulD...185444cvss3_nvd_sCnist.gov10/30/2021accepted
70
11799326VulD...185444cvss3_nvd_uiRnist.gov10/30/2021accepted
70
11799325VulD...185444cvss3_nvd_prLnist.gov10/30/2021accepted
70
11799324VulD...185444cvss3_nvd_acLnist.gov10/30/2021accepted
70
11799323VulD...185444cvss3_nvd_avNnist.gov10/30/2021accepted
70
11799322VulD...185444cve_nvd_summaryShopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file will protect against cross-site scripting in this case. There is also a config for those using nginx as a server. The plugin and the configs can be found on the GitHub Security Advisory page for this vulnerability.cve.org10/30/2021accepted
70
11799321VulD...185444confirm_urlhttps://github.com/shopware/shopware/security/advisories/GHSA-4p3x-8qw9-24w9github.com10/30/2021accepted
70
11799320VulD...185443cvss2_nvd_basescore3.5nist.gov10/30/2021accepted
90
11799319VulD...185443cvss2_nvd_aiPnist.gov10/30/2021accepted
70
11799318VulD...185443cvss2_nvd_iiNnist.gov10/30/2021accepted
70
11799317VulD...185443cvss2_nvd_ciNnist.gov10/30/2021accepted
70
11799316VulD...185443cvss2_nvd_auSnist.gov10/30/2021accepted
70
11799315VulD...185443cvss2_nvd_acMnist.gov10/30/2021accepted
70
11799314VulD...185443cvss2_nvd_avNnist.gov10/30/2021accepted
70
11799313VulD...185443cve_nvd_summaryGo Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.cve.org10/30/2021accepted
70
11799312VulD...185443confirm_urlhttps://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7vgithub.com10/30/2021accepted
70
11799311VulD...185442cvss3_nvd_basescore5.4nist.gov10/30/2021accepted
90
11799310VulD...185442cvss2_nvd_basescore3.5nist.gov10/30/2021accepted
90
11799309VulD...185442cvss3_meta_tempscore5.1see CVSS documentation10/30/2021accepted
90
11799308VulD...185442cvss3_meta_basescore5.1see CVSS documentation10/30/2021accepted
90
11799307VulD...185442cvss2_nvd_aiNnist.gov10/30/2021accepted
70
11799306VulD...185442cvss2_nvd_iiPnist.gov10/30/2021accepted
70
11799305VulD...185442cvss2_nvd_ciNnist.gov10/30/2021accepted
70
11799304VulD...185442cvss2_nvd_auSnist.gov10/30/2021accepted
70
11799303VulD...185442cvss2_nvd_acMnist.gov10/30/2021accepted
70
11799302VulD...185442cvss2_nvd_avNnist.gov10/30/2021accepted
70
11799301VulD...185442cvss3_nvd_aNnist.gov10/30/2021accepted
70
11799300VulD...185442cvss3_nvd_iLnist.gov10/30/2021accepted
70
11799299VulD...185442cvss3_nvd_cLnist.gov10/30/2021accepted
70
11799298VulD...185442cvss3_nvd_sCnist.gov10/30/2021accepted
70
11799297VulD...185442cvss3_nvd_uiRnist.gov10/30/2021accepted
70
11799296VulD...185442cvss3_nvd_prLnist.gov10/30/2021accepted
70
11799295VulD...185442cvss3_nvd_acLnist.gov10/30/2021accepted
70
11799294VulD...185442cvss3_nvd_avNnist.gov10/30/2021accepted
70
11799293VulD...185442cve_nvd_summaryAS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for AntSword prior to version 0.5 is vulnerable to Self-XSS due to due to insufficient input validation and sanitization via redis server configuration. Self-XSS in the plugin configuration leads to code execution. This issue is patched in version 0.5.cve.org10/30/2021accepted
70
11799292VulD...185442confirm_urlhttps://github.com/Medicean/AS_Redis/security/advisories/GHSA-j8j6-f829-w425github.com10/30/2021accepted
70
11799291VulD...185441cve_nvd_summaryFreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. Abuse of this vulnerability allows attackers to potentially recover gateway passwords by performing a fast offline password cracking attack on the challenge response. The attacker does not require special network privileges, such as the ability to sniff the FreeSWITCH's network traffic, to exploit this issue. Instead, what is required for this attack to work is the ability to cause the victim server to send SIP request messages to the malicious party. Additionally, to exploit this issue, the attacker needs to specify the correct realm which might in some cases be considered secret. However, because many gateways are actually public, this information can easily be retrieved. The vulnerability appears to be due to the code which handles challenges in `sofia_reg.c`, `sofia_reg_handle_sip_r_challenge()` which does not check if the challenge is originating from the actual gateway. The lack of these checks allows arbitrary UACs (and gateways) to challenge any request sent by FreeSWITCH with the realm of the gateway being targeted. This issue is patched in version 10.10.7. Maintainers recommend that one should create an association between a SIP session for each gateway and its realm to make a check be put into place for this association when responding to challenges.cve.org10/30/2021accepted
70
11799290VulD...185441cvss3_nvd_basescore7.5nist.gov10/30/2021accepted
90
11799289VulD...185441cvss2_nvd_basescore5.0nist.gov10/30/2021accepted
90
11799288VulD...185441cvss3_meta_tempscore6.1see CVSS documentation10/30/2021accepted
90
11799287VulD...185441cvss3_meta_basescore6.2see CVSS documentation10/30/2021accepted
90
11799286VulD...185441cvss2_nvd_aiNnist.gov10/30/2021accepted
70
11799285VulD...185441cvss2_nvd_iiNnist.gov10/30/2021accepted
70
11799284VulD...185441cvss2_nvd_ciPnist.gov10/30/2021accepted
70
11799283VulD...185441cvss2_nvd_auNnist.gov10/30/2021accepted
70
11799282VulD...185441cvss2_nvd_acLnist.gov10/30/2021accepted
70
11799281VulD...185441cvss2_nvd_avNnist.gov10/30/2021accepted
70
11799280VulD...185441cvss3_nvd_aNnist.gov10/30/2021accepted
70

2452 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!