Vulnerability Summary for the Week of June 28, 2021

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by Ug-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of Ug-CERT analysis.

High Vulnerabilities

CV Source Primary Publish SS Description & Patch Vendor -- Product ed Scor Info e

Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element CVE- vulnerability. An unauthenticated attacker could exploit 2021- 2021- adobe -- after_effects 9.3 this to to plant custom binaries and execute them with 06-28 28570 System permissions. Exploitation of this issue requires MISC user interaction.

After Effects version 18.0 (and earlier) are affected by 2021- CVE- adobe -- after_effects 9.3 an out-of-bounds write vulnerability that could result in 06-28 2021- CV Source Primary Publish SS Description & Patch Vendor -- Product ed Scor Info e

arbitrary code execution in the context of the current 28586 user. Exploitation of this issue requires user interaction MISC in that a victim must open a malicious file.

Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when CVE- parsing a crafted HTTP POST request. An authenticated 2021- 2021- adobe -- robohelp_server attacker could leverage this vulnerability to achieve 9 06-28 28588 arbitrary code execution in the context of the current MISC user. Exploitation of this issue does not require user interaction.

CVE- 2021- main/inc/ajax/model.ajax.php in Chamilo through 34187 2021- chamilo -- chamilo 1.11.14 allows SQL Injection via the searchField, 7.5 MISC 06-28 filters, or filters2 parameter. MISC MISC MISC

CVE- A vulnerability of Helpcom could allow an 2021- 2020- cnesty -- helpcom unauthenticated attacker to execute arbitrary command. 7.5 06-29 7871 This vulnerability exists due to insufficient validation of MISC CV Source Primary Publish SS Description & Patch Vendor -- Product ed Scor Info e

the parameter. This issue affects: Cnesty Helpcom 10.0 versions prior to.

CVE- In Eclipse BIRT versions 4.8.0 and earlier, an attacker 2021- can use query parameters to create a JSP file which is 2021- eclipse -- birt 7.5 34427 accessible from remote (current BIRT viewer dir) to 06-25 CONFIR inject JSP code into the running instance. M

FATEK Automation WinProladder Versions 3.30 and CVE- prior do not properly restrict operations within the 2021- 2021- fatek -- winproladder 7.5 bounds of a memory buffer, which may allow an 06-29 32992 attacker to execute arbitrary code. MISC

CVE- FATEK Automation WinProladder Versions 3.30 and 2021- 2021- fatek -- winproladder prior are vulnerable to an out-of-bounds write, which 7.5 06-29 32988 may allow an attacker to execute arbitrary code. MISC

CVE- FATEK Automation WinProladder Versions 3.30 and 2021- 2021- fatek -- winproladder prior are vulnerable to an out-of-bounds read, which 7.5 06-29 32990 may allow an attacker to execute arbitrary code. MISC CV Source Primary Publish SS Description & Patch Vendor -- Product ed Scor Info e

Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception CVE- enables an attacker with user level access to the CLI to 2021- inject root level commands into the component and 2021- fidelissecurity -- deception 9 35047 neighboring Fidelis components. The vulnerability is 06-25 CONFIR present in Fidelis Network and Deception versions prior M to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection CVE- through the web interface. The vulnerability could lead 2021- to exposure of authentication tokens in some versions of 2021- fidelissecurity -- deception 7.5 35048 Fidelis software. The vulnerability is present in Fidelis 06-25 CONFIR Network and Deception versions prior to 9.3.7 and in M version 9.4. Patches and updates are available to address this vulnerability.

A remote code execution vulnerability exists in CVE- helpUS(remote administration tool) due to improper 2021- 2020- helpu -- helpu 10 validation of parameter of ShellExecutionExA function 06-29 7868 used for login. MISC CV Source Primary Publish SS Description & Patch Vendor -- Product ed Scor Info e

There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a CVE- specific request to exploit this vulnerability. 2021- 2021- huawei -- anyoffice 9.3 Successfully exploiting this vulnerability, the attacker 06-29 22439 can execute remote malicious code injection and to MISC control the device.

CVE- Inkdrop versions prior to v5.3.1 allows an attacker to 2021- execute arbitrary OS commands on the system where it 2021- 20745 inkdrop -- inkdrop 9.3 runs by loading a file or code snippet containing an 06-28 MISC invalid iframe into Inkdrop. MISC MISC

An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a CVE- remote attacker to create arbitrary file. The ZOOK 2021- 2020- mastersoft -- zook viewer has the "Tight file CMD" function to create file. 9 06-29 7869 An attacker could create and execute arbitrary file in the MISC ZOOK agent program using "Tight file CMD" without authority.

A command injection vulnerability in MVISION EDR 2021- CVE- mcafee -- mvision_edr 9 (MVEDR) prior to 3.4.0 allows an authenticated 06-29 2021- CV Source Primary Publish SS Description & Patch Vendor -- Product ed Scor Info e

MVEDR administrator to trigger the EDR client to 31838 execute arbitrary commands through PowerShell using CONFIR the EDR functionality 'execute reaction'. M

CVE- Miniaudio 0.10.35 has a Double free vulnerability that 2021- 2021- miniaudio_project -- miniaudio could cause a buffer overflow in 7.5 34184 06-25 ma_default_vfs_close__stdio in miniaudio.h. CONFIR M

CVE- app/View/Elements/genericElements/IndexTable/Fields 2021- 2021- misp -- misp /generic_field.ctp in MISP 2.4.144 does not sanitize 7.5 06-25 35502 certain data related to generic-template:index. MISC

CVE- 2021- Narou (aka Narou.rb) before 3.8.0 allows Ruby Code 2021- narou_project -- narou 7.5 35514 Injection via the title name or author name of a novel. 06-28 MISC MISC

SQL Injection vulnerability in NavigateCMS 2.9 via the 2021- CVE- naviwebs -- navigate_cms 7.5 URL encoded GET input category in navigate.php. 06-28 2020- CV Source Primary Publish SS Description & Patch Vendor -- Product ed Scor Info e

23711 MISC

CVE- online_pet_shop_web_applicati 2021- on_project -- Online Pet Shop We App 1.0 is vulnerable to remote 2021- 7.5 35456 online_pet_shop_web_applicati SQL injection and shell upload 06-28 MISC on MISC

PandoraFMS <=7.54 allows arbitrary file upload, it CVE- leading to remote command execution via the File 2021- 2021- pandorafms -- pandora_fms 7.5 Manager. To bypass the built-in protection, a relative 06-25 34074 path is used in the requests. MISC

CVE- In certain devices of the Phoenix Contact AXL F BK 2021- phoenixcontact -- 2021- and IL BK product families an undocumented password 7.5 33540 axl_f_bk_pn_tps_xc_firmware 06-25 protected FTP access to the root directory exists. CONFIR M

In Phoenix Contact FL SWITCH SMCS series products CVE- phoenixcontact -- 2021- in multiple versions if an attacker sends a hand-crafted 7.8 2021- fl_switch_smcs_16tx_firmware 06-25 TCP-Packet with the Urgent-Flag set and the Urgent- 21005 CV Source Primary Publish SS Description & Patch Vendor -- Product ed Scor Info e

Pointer set to 0, the network stack will crash. The CONFIR device needs to be rebooted afterwards. M

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial- of-Service vulnerability. The communication protocols CVE- and device access do not feature authentication 2021- phoenixcontact -- measures. Remote attackers can use specially crafted IP 2021- 7.8 33541 ilc1x0_firmware packets to cause a denial of service on the PLC's 06-25 CONFIR network communication module. A successful attack M stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected.

CVE- Securepoint SSL VPN Client v2 before 2.0.32 on 2021- Windows has unsafe configuration handling that 35523 enables local privilege escalation to NT 2021- MISC securepoint -- openvpn-client AUTHORITY\SYSTEM. A non-privileged local user 7.2 06-28 MISC can modify the OpenVPN configuration stored under FULLDI "%APPDATA%\Securepoint SSL VPN" and add a SC external script file that is executed as privileged user. MISC CV Source Primary Publish SS Description & Patch Vendor -- Product ed Scor Info e

Nessus versions 8.13.2 and earlier were found to CVE- contain a privilege escalation vulnerability which could 2021- 2021- tenable -- nessus allow a Nessus administrator user to upload a specially 7.2 06-29 20079 crafted file that could lead to gaining administrator MISC privileges on the Nessus host.

In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials CVE- vulnerability exists in multiple iw_* utilities. The 2021- weidmueller -- ie-wl-bl-ap-cl- device operating system contains an undocumented 2021- 9 33531 eu_firmware encryption password, allowing for the creation of 06-25 CONFIR custom diagnostic scripts. An attacker can send M diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability.

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation CVE- vulnerability exists in the iw_console functionality. A 2021- weidmueller -- ie-wl-bl-ap-cl- specially crafted menu selection string can cause an 2021- 9 33528 eu_firmware escape from the restricted console, resulting in system 06-25 CONFIR access as the root user. An attacker can send commands M while authenticated as a low privilege user to trigger this vulnerability. CV Source Primary Publish SS Description & Patch Vendor -- Product ed Scor Info e

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability CVE- exists in encrypted diagnostic script functionality of the 2021- weidmueller -- ie-wl-bl-ap-cl- devices. A specially crafted diagnostic script file can 2021- 9 33530 eu_firmware cause arbitrary busybox commands to be executed, 06-25 CONFIR resulting in remote control over the device. An attacker M can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability CVE- exists in the hostname functionality. A specially crafted 2021- weidmueller -- ie-wl-bl-ap-cl- entry to network configuration information can cause 2021- 9 33534 eu_firmware execution of arbitrary system commands, resulting in 06-25 CONFIR full control of the device. An attacker can send various M requests while authenticated as a high privilege user to trigger this vulnerability.

In Weidmueller Industrial WLAN devices in multiple CVE- versions an exploitable command injection vulnerability 2021- weidmueller -- ie-wl-bl-ap-cl- exists in the iw_webs functionality. A specially crafted 2021- 9 33532 eu_firmware diagnostic script file name can cause user input to be 06-25 CONFIR reflected in a subsequent iw_system call, resulting in M remote control over the device. An attacker can send CV Source Primary Publish SS Description & Patch Vendor -- Product ed Scor Info e

commands while authenticated as a low privilege user to trigger this vulnerability.

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability CVE- exists in the iw_webs functionality. A specially crafted 2021- weidmueller -- ie-wl-bl-ap-cl- iw_serverip parameter can cause user input to be 2021- 9 33533 eu_firmware reflected in a subsequent iw_system call, resulting in 06-25 CONFIR remote control over the device. An attacker can send M commands while authenticated as a low privilege user to trigger this vulnerability.

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings CVE- functionality. A specially crafted user name entry can 2021- weidmueller -- ie-wl-bl-ap-cl- 2021- cause the overwrite of an existing user account 9 33538 eu_firmware 06-25 password, resulting in remote shell access to the device CONFIR as that user. An attacker can send commands while M authenticated as a low privilege user to trigger this vulnerability.

This affects all versions of package wincred. If attacker- 2021- CVE- wincred_project -- wincred 7.5 controlled user input is given to the getCredential 06-28 2021- CV Source Primary Publish SS Description & Patch Vendor -- Product ed Scor Info e

function, it is possible for an attacker to execute 23399 arbitrary commands. This is due to use of the MISC child_process exec function without input sanitization. MISC

CVE- zohocorp -- Zoho ManageEngine ADSelfService Plus through 6101 2021- 2021- manageengine_adselfservice_pl is vulnerable to unauthenticated Remote Code 7.5 28958 06-25 us Execution while changing the password. MISC MISC

CVE- 2021- zohocorp -- Zoho ManageEngine ServiceDesk Plus MSP before 2021- 31531 manageengine_servicedesk_plu 10521 is vulnerable to Server-Side Request Forgery 7.5 06-29 CONFIR s_msp (SSRF). M MISC

Medium Vulnerabilities CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

After Effects versions 18.0 (and earlier) are affected by an out- of-bounds read vulnerability that could lead to disclosure of CVE- sensitive memory. An attacker could leverage this vulnerability 2021- 2021- adobe -- after_effects 4.3 to bypass mitigations such as ASLR. Exploitation of this issue 06-28 28587 requires user interaction in that a victim must open a malicious MISC file.

Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially CVE- crafted file. An unauthenticated attacker could leverage this 2021- 2021- adobe -- animate 4.3 vulnerability to disclose sensitive information in the context of 06-28 28573 the current user. Exploitation of this issue requires user MISC interaction in that a victim must open a malicious file.

Adobe Connect version 11.2.1 (and earlier) is affected by an CVE- Improper access control vulnerability that can lead to the 2021- 2021- adobe -- connect 4 elevation of privileges. An attacker with 'Learner' permissions 06-28 28579 can leverage this scenario to access the list of event participants. MISC

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and CVE- adobe -- below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected 2021- 2021- 5 experience_manager by an Improper Access Control vulnerability. An 06-28 21083 unauthenticated attacker could leverage this vulnerability to MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

cause an application denial-of-service in the context of the current user.

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected CVE- by a stored Cross-Site Scripting (XSS) vulnerability that could adobe -- 2021- 2021- be abused by an attacker to inject malicious scripts into 4.3 experience_manager 06-28 21084 vulnerable form fields. Malicious JavaScript may be executed in MISC a victim’s browser when they browse to the page containing the vulnerable field.

Improper Input Validation vulnerability in HTTP/2 of Apache CVE- Traffic Server allows an attacker to DOS the server. This issue 2021- 2021- apache -- traffic_server 5 affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 06-30 32567 9.0.0 to 9.0.1. MISC

Improper Input Validation vulnerability in HTTP/2 of Apache CVE- Traffic Server allows an attacker to DOS the server. This issue 2021- 2021- apache -- traffic_server 5 affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 06-30 32566 9.0.0 to 9.0.1. MISC

The Auth0 Next.js SDK is a library for implementing user 2021- CVE- auth0 -- nextjs-auth0 4.3 authentication in Next.js applications. Versions before and 06-25 2021- CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

including `1.4.1` are vulnerable to reflected XSS. An attacker 32702 can execute arbitrary code by providing an XSS payload in the MISC `error` query parameter which is then processed by the callback CONF handler as an error message. You are affected by this IRM vulnerability if you are using `@auth0/nextjs-auth0` version MISC `1.4.1` or lower **unless** you are using custom error handling that does not return the error message in an HTML response. Upgrade to version `1.4.1` to resolve. The fix adds basic HTML escaping to the error message and it should not impact your users.

CVE- A maliciously crafted DWG file can be forced to read beyond 2021- 2021- autodesk -- advance_steel allocated boundaries when parsing the DWG file. This 6.8 06-25 27040 vulnerability can be exploited to execute arbitrary code. MISC

CVE- A maliciously crafted DWG file can be used to write beyond the 2021- 2021- autodesk -- advance_steel allocated buffer while parsing DWG files. This vulnerability can 6.8 06-25 27041 be exploited to execute arbitrary code. MISC

A maliciously crafted DWG file can be used to write beyond the 2021- CVE- autodesk -- advance_steel allocated buffer while parsing DWG files. The vulnerability 6.8 06-25 2021- exists because the application fails to handle a crafted DWG CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

file, which causes an unhandled exception. An attacker can 27042 leverage this vulnerability to execute arbitrary code. MISC

An Arbitrary Address Write issue in the Autodesk DWG CVE- application can allow a malicious user to leverage the 2021- 2021- autodesk -- advance_steel application to write in unexpected paths. In order to exploit this 4.3 06-25 27043 the attacker would need the victim to enable full page heap in MISC the application.

An arbitrary code execution vulnerability was discovered in CVE- avaya -- Avaya Aura Device Services that may potentially allow a local 2021- 2021- 4.6 aura_device_services user to execute specially crafted scripts. Affects 7.0 through 06-25 25654 8.1.4.0 versions of Avaya Aura Device Services. MISC

A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an CVE- incomplete validation of the X.509 certificate used when 2021- 2021- cisco -- dna_center 5.8 establishing a connection between DNA Center and an ISE 06-29 1134 server. An attacker could exploit this vulnerability by supplying CISCO a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

the ISE maintains about clients that are connected to the network.

CVE- SQL Injection vulnerability in Zhong Bang Technology Co., Ltd 2021- 2020- crmeb -- crmeb CRMEB mall system V2.60 and V3.1 via the tablename 6.5 06-29 21394 parameter in SystemDatabackup.php. MISC

CVE- 2020- The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled 2021- 28200 dovecot -- dovecot Resource Consumption, as demonstrated by a situation with a 4 06-28 MISC complex regular expression for the regex extension. CONF IRM

CVE- 2021- The submission service in Dovecot before 2.3.15 allows 2021- 33515 dovecot -- dovecot STARTTLS command injection in lib-smtp. Sensitive 5.8 06-28 MISC information can be redirected to an attacker-controlled address. CONF IRM CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- Cross Site Scripting vulnerability in Enhancesoft osTicket 2020- 2021- enhancesoft -- osticket before v1.12.6 via the queue-name parameter to 4.3 22608 06-28 include/ajax.search.php. CONF IRM

CVE- Cross Site Scripting (XSS) vulnerability in Enhancesoft 2020- 2021- enhancesoft -- osticket osTicket before v1.12.6 via the queue-name parameter in 4.3 22609 06-28 include/class.queue.php. CONF IRM

User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an CVE- attacker gains access to the CommandPost, these values could 2021- 2021- fidelissecurity -- deception be decoded and used to login to the application. The 5 35050 06-25 vulnerability is present in Fidelis Network and Deception CONF versions prior to 9.3.3. This vulnerability has been addressed in IRM version 9.3.3 and subsequent versions.

Vulnerability in Fidelis Network and Deception CommandPost CVE- enables authenticated command injection through the web 2021- fidelissecurity -- deception 6.5 2021- interface. The vulnerability could allow a specially crafted 06-25 35049 HTTP request to execute system commands on the CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CommandPost and return results in an HTTP response in an CONF authenticated session. The vulnerability is present in Fidelis IRM Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.

An attacker can craft a specific IdaPro *.i64 file that will cause CVE- the BinDiff plugin to load an invalid memory offset. This can 2021- 2021- google -- bindiff 4.6 allow the attacker to control the instruction pointer and execute 06-29 22545 arbitrary code. It is recommended to upgrade BinDiff 7 MISC

There is an XXE injection vulnerability in eCNS280 CVE- V100R005C00 and V100R005C10. A module does not perform huawei -- 2021- 2021- the strict operation to the input XML message. Attacker can 5 ecns280_firmware 06-29 22338 send specific message to exploit this vulnerability, leading to the MISC module denial of service.

CVE- There is an Information Disclosure Vulnerability in Huawei 2021- 2021- huawei -- emui Smartphone. Successful exploitation of this vulnerability may 6.4 06-30 22354 cause out-of-bounds read. MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. This can lead to memory leak. Affected product versions include:IPS Module V500R005C00SPC100,V500R005C00SPC200;NGFW Module CVE- huawei -- V500R005C00SPC100,V500R005C00SPC200;NIP6300 2021- 2021- 4 ips_module_firmware V500R005C00SPC100,V500R005C10SPC200;NIP6600 06-29 22341 V500R005C00SPC100,V500R005C00SPC200;Secospace MISC USG6300 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6500 V500R005C00SPC100,V500R005C10SPC200;Secospace USG6600 V500R005C00SPC100,V500R005C00SPC200.

CVE- IBM Business Automation Workflow 19.0.03 and 20.0 and IBM 2021- Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are 29775 ibm -- vulnerable to cross-site scripting. This vulnerability allows users 2021- CONF business_automation_work 4.3 to embed arbitrary JavaScript code in the Web UI thus altering 06-28 IRM flow the intended functionality potentially leading to credentials CONF disclosure within a trusted session. IBM X-Force ID: 203029. IRM XF CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a 2021- remote attacker to obtain sensitive information when a detailed ibm -- 2021- 20413 technical error message is returned in the browser. This 5 guardium_data_encryption 06-28 XF information could be used in further attacks against the system. CONF IBM X-Force ID: 196212. IRM

CVE- IBM Planning Analytics 2.0 could be vulnerable to cross-site 2021- request forgery (CSRF) which could allow an attacker to 2021- 20580 ibm -- planning_analytics 4.3 execute malicious and unauthorized actions transmitted from a 06-29 CONF user that the website trusts. IBM X-Force ID: 198241. IRM XF

CVE- IBM Security Identity Manager Adapters 6.0 and 7.0 are 2021- ibm -- vulnerable to a heap-based buffer overflow, caused by improper 2021- 20573 security_identity_manager_ bounds checking. A remote authenticated attacker could 4 06-28 CONF adapter overflow the and cause the server to crash. IBM X-Force ID: IRM 199249. XF ibm -- IBM Security Identity Manager Adapters 6.0 and 7.0 are CVE- 2021- security_identity_manager_ vulnerable to a stack-based buffer overflow, caused by improper 4 2021- 06-28 adapter bounds checking. A remote authenticated attacker could 20572 CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

overflow the and cause the server to crash. IBM X-Force ID: CONF 199247. IRM XF

CVE- IBM Security Identity Manager Adapters 6.0 and 7.0 are 2021- ibm -- vulnerable to a heap based buffer overflow, caused by improper 2021- 20494 security_identity_manager_ 4 bounds. An authenticared user could overflow the buffer and 06-28 CONF adapter cause the service to crash. IBM X-Force ID: 197882. IRM XF

CVE- IBM Security Verify (IBM Security Verify Privilege Vault 2021- 10.9.66) could disclose sensitive information through an HTTP 2021- 20583 ibm -- security_verify 4 GET request by a privileged user due to improper input 06-25 XF validation.. IBM X-Force ID: 199396. CONF IRM

IBM Security Verify (IBM Security Verify Privilege Vault CVE- 10.9.66) is vulnerable to link injection. By persuading a victim 2021- to click on a specially-crafted URL link, a remote attacker could 2021- 29676 ibm -- security_verify 5.8 exploit this vulnerability to conduct various attacks against the 06-25 XF vulnerable system, including cross-site scripting, cache CONF poisoning or session hijacking IRM CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- 2020- ibm -- IBM Security Sevret Server (IBM Security Verify Privilege 2021- 4610 security_verify_privilege_ Manager 10.8.2 ) could allow a local user to execute code due to 4.6 06-25 XF manager improper integrity checks. IBM X-Force ID: 184919. CONF IRM

CVE- IBM Security Sevret Server (IBM Security Verify Privilege 2020- ibm -- Manager 10.8.2) is vulnerable to a buffer overflow, caused by 2021- 4609 security_verify_privilege_ improper bounds checking. A local attacker could overflow a 4.6 06-25 XF manager buffer and execute arbitrary code on the system or cause the CONF system to crash. IBM X-Force ID: 184917. IRM

CVE- ImageMagick 7.0.11-14 has a memory leak in 2021- imagemagick -- 2021- AcquireSemaphoreMemory in semaphore.c and 5 34183 imagemagick 06-25 AcquireMagickMemory in memory.c. CONF IRM

CVE- Infoblox NIOS before 8.5.2 allows entity expansion during an 2021- infoblox -- nios 4 2020- XML upload operation, a related issue to CVE-2003-1564. 06-28 15303 CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

MISC MISC

CVE- Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the 2021- 2020- ipfire -- ipfire 4.3 IPfire web UI in the mail.cgi. 06-28 21142 MISC

CVE- 2021- Istio before 1.9.6 and 1.10.x before 1.10.2 has Incorrect Access 2021- istio -- istio 6.5 34824 Control. 06-29 MISC MISC

CVE- Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 2020- via the (1) name and (2) description parameters in 2021- limesurvey -- limesurvey 4.3 22607 application/controllers/admin/PermissiontemplatesController.ph 06-28 CONF p. IRM

Machform prior to version 16 is vulnerable to stored cross-site 2021- CVE- machform -- machform scripting due to insufficient sanitization of file attachments 4.3 06-29 2021- uploaded with forms through upload.php. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

20103 MISC

CVE- Machform prior to version 16 is vulnerable to an open redirect 2021- 2021- machform -- machform 5.8 in Safari_init.php due to an improperly sanitized 'ref' parameter. 06-29 20105 MISC

CVE- Machform prior to version 16 is vulnerable to HTTP host header 2021- 2021- machform -- machform injection due to improperly validated host headers. This could 5.8 06-29 20101 cause a victim to receive malformed content. MISC

CVE- Machform prior to version 16 is vulnerable to cross-site request 2021- 2021- machform -- machform 6.8 forgery due to a lack of CSRF tokens in place. 06-29 20102 MISC

CVE- Machform prior to version 16 is vulnerable to unauthenticated 2021- 2021- machform -- machform remote code execution due to insufficient sanitization of file 6.8 06-29 20104 attachments uploaded with forms through upload.php. MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper Authorization CVE- vulnerability via the 'Create Customer' endpoint. Successful 2021- 2021- magento -- magento 6.4 exploitation could lead to unauthorized modification of 06-28 28563 customer data by an unauthenticated attacker. Access to the MISC admin console is required for successful exploitation.

CVE- 2021- mermaid_project -- Mermaid before 8.11.0 allows XSS when the antiscript feature 2021- 35513 4.3 mermaid is used. 06-27 MISC MISC MISC

CVE- Miniaudio 0.10.35 has an integer-based buffer overflow caused 2021- miniaudio_project -- 2021- by an out-of-bounds left shift in drwav_bytes_to_u32 in 6.8 34185 miniaudio 06-25 miniaudio.h CONF IRM

GlobalNewFiles is a mediawiki extension. All existing versions CVE- of GlobalNewFiles are affected by an uncontrolled resource 2021- 2021- miraheze -- globalnewfiles 4 consumption vulnerability. A large amount of page moves 06-28 32722 within a short space of time could overwhelm Database servers CONF CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

due to improper handling of load balancing and a lack of an IRM appropriate index. No patches are currently available. As a MISC workaround, one may avoid use of the extension unless additional rate limit at the MediaWiki level or via PoolCounter / MySQL is enabled.

NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability where, if a user clicks on a maliciously CVE- formatted link that opens the GeForce Experience login page in 2021- nvidia -- a new browser tab instead of the GeForce Experience 2021- 6.8 1073 geforce_experience application and enters their login information, the malicious site 06-25 CONF can get access to the token of the user login session. Such an IRM attack may lead to these targeted users' data being accessed, altered, or lost.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or CVE- open a malicious file. The specific flaw exists within the parsing 2021- 2021- opentext -- brava\!_desktop 6.8 of CGM files. The issue results from the lack of proper 06-29 31514 validation of user-supplied data, which can result in a write past MISC the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13679. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or CVE- open a malicious file. The specific flaw exists within the parsing 2021- 2021- opentext -- brava\!_desktop 6.8 of CGM files. The issue results from the lack of proper 06-29 31507 validation of the length of user-supplied data prior to copying it MISC to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12653.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or CVE- open a malicious file. The specific flaw exists within the parsing 2021- 2021- opentext -- brava\!_desktop 4.3 of PDF files. The issue results from the lack of proper validation 06-29 31506 of user-supplied data, which can result in a read past the end of MISC an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13674.

This vulnerability allows remote attackers to execute arbitrary 2021- CVE- opentext -- brava\!_desktop code on affected installations of OpenText Brava! Desktop 6.8 06-29 2021- 16.6.3.84. User interaction is required to exploit this CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

vulnerability in that the target must visit a malicious page or 31508 open a malicious file. The specific flaw exists within the parsing MISC of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13306.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or CVE- open a malicious file. The specific flaw exists within the parsing 2021- 2021- opentext -- brava\!_desktop 6.8 of BMP files. The issue results from the lack of proper 06-29 31513 validation of user-supplied data, which can result in a write past MISC the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13678.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop CVE- Build 16.6.4.55. User interaction is required to exploit this 2021- 2021- opentext -- brava\!_desktop 6.8 vulnerability in that the target must visit a malicious page or 06-29 31512 open a malicious file. The specific flaw exists within the parsing MISC of TIF files. The issue results from the lack of proper validation CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI- CAN-13677.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or CVE- open a malicious file. The specific flaw exists within the parsing 2021- 2021- opentext -- brava\!_desktop 6.8 of DXF files. The issue results from the lack of proper 06-29 31509 validation of user-supplied data, which can result in a write past MISC the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13309.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this CVE- vulnerability in that the target must visit a malicious page or 2021- 2021- opentext -- brava\!_desktop 6.8 open a malicious file. The specific flaw exists within the parsing 06-29 31510 of TIF files. The issue results from the lack of proper validation MISC of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

to execute code in the context of the current process. Was ZDI- CAN-13675.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or CVE- open a malicious file. The specific flaw exists within the parsing 2021- 2021- opentext -- brava\!_desktop 6.8 of PDF files. The issue results from the lack of proper validation 06-29 31511 of user-supplied data, which can result in a write past the end of MISC an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI- CAN-13676.

** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can CVE- cause an administrator user to supply dangerous content to the 2021- vulnerable page, which is then reflected back to the user and 2021- oracle -- glassfish_server 4.3 3314 executed by the web browser. The most common mechanism for 06-25 MISC delivering malicious content is to include it as a parameter in a MISC URL that is posted publicly or e-mailed directly to victims. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker CVE- needs to get access to an original bus configuration file (*.bcp) 2021- to be able to manipulate data inside. After manipulation the 2021- phoenixcontact -- config\+ 5.1 33542 attacker needs to exchange the original file by the manipulated 06-25 CONF one on the application programming workstation. Availability, IRM integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.

CVE- phoenixcontact -- In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a 2021- 2021- fl_comserver_uni_232\/422 invalid Modbus exception response can lead to a temporary 5 21002 06-25 \/485_firmware denial of service. CONF IRM

In Phoenix Contact FL SWITCH SMCS series products in phoenixcontact -- CVE- multiple versions fragmented TCP-Packets may cause a Denial 2021- fl_switch_smcs_16tx_firm 5 2021- of Service of Web-, SNMP- and ICMP-Echo services. The 06-25 ware 21003 switching functionality of the device is not affected. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CONF IRM

CVE- In Phoenix Contact FL SWITCH SMCS series products in phoenixcontact -- 2021- multiple versions an attacker may insert malicious code via 2021- fl_switch_smcs_16tx_firm 4.3 21004 LLDP frames into the web-based management which could then 06-25 ware CONF be executed by the client. IRM

PostSRSd before 1.11 allows a denial of service (subprocess CVE- hang) if Postfix sends certain long data fields such as multiple 2021- concatenated email addresses. NOTE: the PostSRSd maintainer 2021- 35525 postsrsd_project -- postsrsd acknowledges "theoretically, this error should never occur ... I'm 5 06-28 MISC not sure if there's a reliable way to trigger this condition by an MISC external attacker, but it is a security bug in PostSRSd MISC nevertheless."

A memory corruption vulnerability exists in the DMG File CVE- Format Handler functionality of PowerISO 7.9. A specially 2021- 2021- poweriso -- poweriso crafted DMG file can lead to an out-of-bounds write. An 6.8 06-29 21871 attacker can provide a malicious file to trigger this vulnerability. MISC The vendor fixed it in a bug-release of the current version. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

Prism is a syntax highlighting library. Some languages before CVE- 1.24.0 are vulnerable to Regular Expression Denial of Service 2021- (ReDoS). When Prism is used to highlight untrusted (user- 32723 given) text, an attacker can craft a string that will take a very 2021- prismjs -- prism 4.3 CONF very long time to highlight. This problem has been fixed in 06-28 IRM Prism v1.24. As a workaround, do not use ASCIIDoc or ERB to MISC highlight untrusted text. Other languages are not affected and MISC can be used to highlight untrusted text.

CVE- An issue was discovered in urllib3 before 1.26.5. When 2021- provided with a URL containing many @ characters in the 33503 authority component, the authority regular expression exhibits 2021- python -- urllib3 5 CONF catastrophic backtracking, causing a denial of service if a URL 06-29 IRM were passed as a parameter or redirected to via an HTTP CONF redirect. IRM

Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to CVE- security filtering issues, in the user.php file, we can use the html 2021- 2020- shopex -- ecshop 4.3 entity encoding to bypass the security policy of the safety.php 06-28 20640 file, triggering the xss vulnerability. MISC siemens -- The Telnet service of the SIMATIC HMI Comfort Panels 2021- CVE- 6.8 sinamics_sl150_firmware system component in affected products does not require 06-28 2021- CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

authentication, which may allow a remote attacker to gain 31337 access to the device if the service is enabled. Telnet is disabled MISC by default on the SINAMICS Medium Voltage Products (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).

Sylius is an Open Source eCommerce platform on top of Symfony. In versions of Sylius prior to 1.9.5 and 1.10.0-RC.1, part of the details (order ID, order number, items total, and token value) of all placed orders were exposed to unauthorized users. If exploited properly, a few additional information like the number of items in the cart and the date of the shipping may be fetched as well. This data seems to not be crucial nor is CVE- personal data, however, could be used for sociotechnical attacks 2021- or may expose a few details about shop condition to the third 2021- 32720 sylius -- sylius parties. The data possible to aggregate are the number of 5 06-28 CONF processed orders or their value in the moment of time. The IRM problem has been patched at Sylius 1.9.5 and 1.10.0-RC.1. MISC There are a few workarounds for the vulnerability. The first possible solution is to hide the problematic endpoints behind the firewall from not logged in users. This would put only the order list under the firewall and allow only authorized users to access it. Once a user is authorized, it will have access to theirs orders only. The second possible solution is to decorate the `\Sylius\Bundle\ApiBundle\Doctrine\QueryCollectionExtension CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

\OrdersByLoggedInUserExtension` and throw `Symfony\Component\Security\Core\Exception\AccessDeniedE xception` if the class is executed for unauthorized user.

Nessus Agent 8.2.4 and earlier for Windows were found to CVE- contain multiple local privilege escalation vulnerabilities which 2021- 2021- tenable -- nessus could allow an authenticated, local administrator to run specific 4.6 06-28 20100 Windows executables as the Nessus host. This is different than MISC CVE-2021-20099.

Nessus Agent 8.2.4 and earlier for Windows were found to CVE- contain multiple local privilege escalation vulnerabilities which 2021- 2021- tenable -- nessus could allow an authenticated, local administrator to run specific 4.6 06-28 20099 Windows executables as the Nessus host. This is different than MISC CVE-2021-20100.

CVE- Umbraco CMS before 7.15.7 is vulnerable to Open Redirection 2021- 2021- umbraco -- umbraco_cms 5.8 due to insufficient url sanitization on booting.aspx. 06-28 34254 MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- A memory corruption vulnerability exists when ezPDF 2021- 2020- unidocs -- ezpdf_editor improperly handles the parameter. This vulnerability exists due 6.5 06-29 7870 to insufficient validation of the parameter. MISC

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to CVE- exploit this vulnerability in that the target must visit a malicious 2021- page or open a malicious file. The specific flaw exists within the 2021- vector35 -- binary_ninja 6.8 31516 parsing of BNDB files. The issue results from the lack of 06-29 MISC validating the existence of an object prior to performing MISC operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13670.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja CVE- 2.3.2660 (Build ID 88f343c3). User interaction is required to 2021- exploit this vulnerability in that the target must visit a malicious 2021- vector35 -- binary_ninja 6.8 31515 page or open a malicious file. The specific flaw exists within the 06-29 MISC parsing of BNDB files. The issue results from the lack of proper MISC validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13668.

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the CVE- Authorization Request in an OAuth 2.0 Client Web and 2021- 2021- vmware -- spring_security 5 WebFlux application. A malicious user or attacker can send 06-29 22119 multiple requests initiating the Authorization Request for the MISC Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.

CVE- webport_cms_project -- Directory Traversal vulnerability in Webport CMS 2021- 2020- 5 webport_cms 1.19.10.17121 via the file parameter to file/download. 06-28 23715 MISC

In Weidmueller Industrial WLAN devices in multiple versions CVE- an exploitable denial-of-service vulnerability exists in 2021- weidmueller -- ie-wl-bl-ap- ServiceAgent functionality. A specially crafted packet can cause 2021- 5 33536 cl-eu_firmware an integer underflow, triggering a large memcpy that will access 06-25 CONF unmapped or out-of-bounds memory. An attacker can send this IRM packet while unauthenticated to trigger this vulnerability. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the CVE- iw_console conio_writestr functionality. A specially crafted 2021- weidmueller -- ie-wl-bl-ap- 2021- time server entry can cause an overflow of the time server 6.5 33535 cl-eu_firmware 06-25 buffer, resulting in remote code execution. An attacker can send CONF commands while authenticated as a low privilege user to trigger IRM this vulnerability.

CVE- In Weidmueller Industrial WLAN devices in multiple versions 2021- weidmueller -- ie-wl-bl-ap- the usage of hard-coded cryptographic keys within the service 2021- 5 33529 cl-eu_firmware agent binary allows for the decryption of captured traffic across 06-25 CONF the network from or to the device. IRM

In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the CVE- hostname processing. A specially configured device hostname 2021- weidmueller -- ie-wl-bl-ap- 2021- can cause the device to interpret selected remote traffic as local 6.5 33539 cl-eu_firmware 06-25 traffic, resulting in a bypass of web authentication. An attacker CONF can send authenticated SNMP requests to trigger this IRM vulnerability. weidmueller -- ie-wl-bl-ap- In Weidmueller Industrial WLAN devices in multiple versions 2021- CVE- 6.5 cl-eu_firmware an exploitable remote code execution vulnerability exists in the 06-25 2021- CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

iw_webs configuration parsing functionality. A specially crafted 33537 user name entry can cause an overflow of an error message CONF buffer, resulting in remote code execution. An attacker can send IRM commands while authenticated as a low privilege user to trigger this vulnerability.

CVE- Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows 2021- remote attackers to execute arbitrary web script or HTML via 2021- zammad -- zammad 4.3 35298 multiple models that contain a 'note' field to store additional 06-28 CONF information. IRM

CVE- Text injection/Content Spoofing in 404 page in Zammad 1.0.x 2021- 2021- zammad -- zammad up to 4.0.0 could allow remote attackers to manipulate users into 4.3 35300 06-28 visiting the attackers' page. CONF IRM

CVE- Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows 2021- 2021- zammad -- zammad remote attackers to execute arbitrary web script or HTML via 4.3 35303 06-28 the User Avatar attribute. CONF IRM CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- 2021- Incorrect Access Control for linked Tickets in Zammad 1.0.x up 2021- zammad -- zammad 5 35302 to 4.0.0 allows remote attackers to obtain sensitive information. 06-28 CONF IRM

CVE- Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows 2021- 2021- zammad -- zammad remote attackers to obtain sensitive information via the Ticket 5 35301 06-28 Article detail view. CONF IRM

CVE- Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows 2021- 2021- zammad -- zammad attackers to obtain sensitive information via email connection 5 35299 06-28 configuration probing. CONF IRM

CVE- 2021- zohocorp -- Zoho ManageEngine ServiceDesk Plus MSP before 10521 2021- 31160 manageengine_servicedesk 5 allows an attacker to access internal data. 06-29 CONF _plus IRM MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- zohocorp -- 2021- Zoho ManageEngine ServiceDesk Plus MSP before 10522 is 2021- manageengine_servicedesk 5 31530 vulnerable to Information Disclosure. 06-29 _plus_msp CONF IRM

CVE- Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) 2021- 2020- zrlog -- zrlog 4.3 userName and (2) email parameters in post/addComment. 06-29 18066 MISC

Low Vulnerabilities

Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

Adobe Photoshop Elements version 5.2 (and CVE- earlier) is affected by an insecure temporary file 2021-06- 2021- adobe -- photoshop_elements creation vulnerability. An unauthenticated attacker 2.1 28 28597 could leverage this vulnerability to call functions MISC against the installer to perform high privileged Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

actions. Exploitation of this issue does not require user interaction.

Adobe Premiere Elements version 5.2 (and earlier) is affected by an insecure temporary file creation CVE- vulnerability. An unauthenticated attacker could 2021-06- 2021- adobe -- premiere_elements leverage this vulnerability to call functions against 2.1 28 28623 the installer to perform high privileged actions. MISC Exploitation of this issue does not require user interaction.

Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the CVE- listening device before the transmitting device 2021- bluetooth -- initiates its packet transmission to achieve full 2021-06- 2.9 31615 bluetooth_core_specification MITM status without terminating the link. When 25 MISC applied against devices establishing or using MISC encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.

Cross-site scripting vulnerability in WordPress 2021-06- CVE- cabrerahector -- popular_posts 3.5 Popular Posts 5.3.2 and earlier allows a remote 28 2021- Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

authenticated attacker to inject an arbitrary script 20746 via unspecified vectors. MISC MISC MISC MISC

Dovecot before 2.3.15 allows ../ Path Traversal. CVE- An attacker with access to the local filesystem can 2021- trick OAuth2 authentication into using an HS256 2021-06- dovecot -- dovecot 2.1 29157 validation key from an attacker-controlled 28 MISC location. This occurs during use of local JWT CONFIRM validation with the posix fs driver.

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a CVE- local user that is in the with elevated group 2021- 2021-06- ibm -- aix privileges to cause a denial of service due to a 2.1 29693 28 vulnerability in the lpd daemon. IBM X-Force ID: XF 200255. CONFIRM

IBM Business Automation Workflow 18.0, 19.0, CVE- and 20.0 and IBM Business Process Manager 8.5 2021- ibm -- and 8.6 could allow an authenticated user to obtain 2021-06- 29751 3.5 business_automation_workflow sensitive information about another user under 28 CONFIRM nondefault configurations. IBM X-Force ID: CONFIRM 201779. XF Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

IBM Planning Analytics 2.0 is vulnerable to cross- CVE- site scripting. This vulnerability allows users to 2021- embed arbitrary JavaScript code in the Web UI 2021-06- ibm -- planning_analytics 3.5 20477 thus altering the intended functionality potentially 29 CONFIRM leading to credentials disclosure within a trusted XF session. IBM X-Force ID: 196949.

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site CVE- scripting. This vulnerability allows users to embed 2021- 2021-06- ibm -- security_verify arbitrary JavaScript code in the Web UI thus 3.5 29677 25 altering the intended functionality potentially CONFIRM leading to credentials disclosure within a trusted XF session.

CVE- IBM Spectrum Protect Plus 10.1.0 through 10.1.8 2021- could allow a local user to cause a denial of 2021-06- ibm -- spectrum_protect_plus 2.1 20490 service due to insecure file permission settings. 29 CONFIRM IBM X-Force ID: 197791. XF

CVE- Cross Site Scripting (XSS) vulneraiblity in 2021-06- 2020- limesurvey -- limesurvey LimeSurvey 4.2.5 on textbox via the Notifications 3.5 28 23710 & data feature. MISC Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a CVE- DOM-based Cross-Site Scripting vulnerability on 2021-06- 2021- magento -- magento mage-messages cookies. Successful exploitation 3.5 28 28556 could lead to arbitrary JavaScript execution by an MISC unauthenticated attacker. User interaction is required for successful exploitation.

PandoraFMS <=7.54 allows Stored XSS by CVE- placing a payload in the name field of a visual 2021-06- 2021- pandorafms -- pandora_fms 3.5 console. When a user or an administrator visits the 25 35501 console, the XSS payload will be executed. MISC

CVE- In Plone 5.0 through 5.2.4, Editors are vulnerable 2021- to XSS in the folder contents view, if a 2021-06- plone -- plone 3.5 35959 Contributor has created a folder with a SCRIPT 30 MISC tag in the description field. MLIST

CVE- SAS Environment Manager 2.5 allows XSS 2021- through the Name field when creating/editing a 2021-06- 35475 sas -- environment_manager 3.5 server. The XSS will prompt when editing the 25 MISC Configuration Properties. MISC MISC Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it CVE- sick -- visionary- easier for an attacker to break the security that 2021-06- 2021- 3.5 s_cx_firmware protects information transmitted from the client to 28 32496 the SSH server, assuming the attacker has access MISC to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks.

A stored cross-site scripting (XSS) vulnerability CVE- was discovered in /Forms/device_vars_1 on 2020- tripplite -- TrippLite SU2200RTXL2Ua with firmware 2021-06- 26801 3.5 su2200rtxl2ua_firmware version 12.04.0055. This vulnerability allows 25 MISC authenticated attackers to obtain other users' MISC information via a crafted POST request. MISC

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new CVE- user being added via management UI could lead to 2021- 2021-06- vmware -- rabbitmq the user's bane being rendered in a confirmation 3.5 32718 28 message without proper `