See a list of the latest CVEs we send weekly to subscribers.
NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.
nvidia:gpu_driver
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-1717.
microsoft:sharepoint_enterprise_server microsoft:sharepoint_foundation microsoft:sharepoint_server
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later)
qnap:quts_hero qnap:qts
In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious object can be submitted to the server via an authenticated attacker to execute commands on the underlying system.
smartbear:collaborator
The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.4.2 and below.
tibco:ebx_add-ons
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1685.
microsoft:windows_server_2016 microsoft:windows_10 microsoft:windows_server_2019
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.
sudo_project:sudo
** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The database component runs as root.) NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
medicalexpo:ecs_imaging
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
golang:protobuf
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.
open-xchange:open-xchange_appsuite
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.
open-xchange:open-xchange_appsuite
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.
open-xchange:open-xchange_appsuite
OX App Suite through 7.10.4 allows XSS via the subject of a task.
open-xchange:open-xchange_appsuite
OX App Suite through 7.10.4 allows XSS via an inline binary file.
open-xchange:open-xchange_appsuite
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.
open-xchange:open-xchange_appsuite
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/
open-xchange:open-xchange_appsuite
A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored in HasMap will be executed after a series of program calls, however, those special functions may cause remote command execution. For example, the hashCode() function of the EqualsBean class in rome-1.7.0.jar will cause the remotely load malicious classes and execute malicious code by constructing a malicious request. This issue was fixed in Apache Dubbo 2.6.9 and 2.7.8.
apache:dubbo
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
apache:dolphinscheduler
The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.
apache:traffic_server
Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.
microsoft:skype
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.
redcarpet_project:redcarpet
Microsoft SQL Elevation of Privilege Vulnerability
microsoft:sql_server
Windows DNS Query Information Disclosure Vulnerability
microsoft:windows_server_2016 microsoft:windows_10 microsoft:windows_server_2012 microsoft:windows_8.1 microsoft:windows_rt_8.1
Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1683, CVE-2021-1684.
microsoft:windows_server_2016 microsoft:windows_10 microsoft:windows_server_2019
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1644.
microsoft:hevc_video_extensions
Microsoft Defender Remote Code Execution Vulnerability
microsoft:windows_defender microsoft:system_center_endpoint_protection microsoft:security_essentials
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
microsoft:windows_server_2019 microsoft:windows_7 microsoft:windows_8.1 microsoft:windows_server_2008 microsoft:windows_server_2016 microsoft:windows_rt_8.1 microsoft:windows_10 microsoft:windows_server_2012
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.
open-xchange:open-xchange_appsuite
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
microsoft:windows_server_2019 microsoft:windows_7 microsoft:windows_8.1 microsoft:windows_server_2008 microsoft:windows_server_2016 microsoft:windows_rt_8.1 microsoft:windows_10 microsoft:windows_server_2012
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
microsoft:windows_server_2019 microsoft:windows_7 microsoft:windows_8.1 microsoft:windows_server_2008 microsoft:windows_server_2016 microsoft:windows_rt_8.1 microsoft:windows_10 microsoft:windows_server_2012
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
microsoft:windows_server_2019 microsoft:windows_7 microsoft:windows_8.1 microsoft:windows_server_2008 microsoft:windows_server_2016 microsoft:windows_rt_8.1 microsoft:windows_10 microsoft:windows_server_2012
Windows Fax Compose Form Remote Code Execution Vulnerability
microsoft:windows_server_2019 microsoft:windows_7 microsoft:windows_8.1 microsoft:windows_server_2008 microsoft:windows_server_2016 microsoft:windows_rt_8.1 microsoft:windows_10 microsoft:windows_server_2012
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1714.
microsoft:excel microsoft:office microsoft:office_online_server microsoft:365_apps microsoft:office_web_apps_server
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1713.
microsoft:office_online_server microsoft:excel_services microsoft:excel microsoft:sharepoint_enterprise_server microsoft:office_web_apps_server microsoft:office microsoft:365_apps
Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1716.
microsoft:office_online_server microsoft:sharepoint_enterprise_server microsoft:office_web_apps_server microsoft:office microsoft:365_apps microsoft:word microsoft:office_web_apps microsoft:sharepoint_server
Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1715.
microsoft:office_online_server microsoft:sharepoint_enterprise_server microsoft:office_web_apps_server microsoft:office microsoft:365_apps microsoft:word microsoft:office_web_apps microsoft:sharepoint_server
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
open-xchange:open-xchange_appsuite
OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.
open-xchange:open-xchange_appsuite
A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection).
zzcms:zzcms
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.
qoppa:pdf_studio_viewer_2018 iskysoft:pdfelement6 foxitsoftware:foxit_reader iskysoft:pdf_editor_6 libreoffice:libreoffice foxitsoftware:phantompdf soft-xpansion:perfect_pdf_reader soft-xpansion:perfect_pdf_10 code-industry:master_pdf_editor nuance:power_pdf_standard gonitro:nitro_pro gonitro:nitro_reader qoppa:pdf_studio
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.
rockwellautomation:rslinx
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
redhat:ceph redhat:ceph_storage
A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from this vulnerability is to data integrity.
redhat:jboss_core_services_httpd
REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session information or borrow user rights to perform unauthorized acts.
evms:redcap
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process.
siemens:teamcenter_visualization siemens:jt2go
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd.
siemens:teamcenter_visualization siemens:jt2go
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.
siemens:teamcenter_visualization siemens:jt2go
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.
siemens:teamcenter_visualization siemens:jt2go
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.
siemens:teamcenter_visualization siemens:jt2go
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.
siemens:teamcenter_visualization siemens:jt2go