CVE Catalog

A vulnerability in Shopware versions prior to 6.4.1.1 allows private files to be publicly accessible when stored with certain Cloud Storage providers, provided the hashed URL is known. This issue arises from incorrect visibility settings in the application's configuration. When using Amazon AWS for storage, public access to the bucket containing private files can exacerbate the problem.

A command injection vulnerability has been identified in elFinder versions through 2.1.58. This issue allows attackers to execute arbitrary commands on the server via the PHP connector, even with minimal configuration. The vulnerability arises in the archive command, where the name parameter, although sanitized, can still be manipulated to include command execution arguments. Exploitation is possible by uploading a file, creating a zip archive with a crafted name that includes command injection payloads, and then executing the archive command.

A stored cross-site scripting vulnerability has been identified in the WP Prayer WordPress plugin, affecting versions prior to 1.6.2. The vulnerability allows authenticated users to submit prayer requests containing malicious JavaScript, which is then executed when the requests are displayed on the site. This issue arises because the plugin's input fields for prayer and praise requests lack proper validation, enabling the injection of XSS payloads.

A denial-of-service vulnerability exists in Envoy version 1.14.0. When an empty METADATA map is sent in an HTTP/2 request, it triggers a reachable assertion, causing the application to crash. This issue is remotely exploitable.

A denial-of-service vulnerability has been identified in the ProtonMail Web Client, specifically in versions prior to 3.16.60. This vulnerability arises from a regular expression that can be exploited to cause exponential backtracking, leading to a significant performance degradation. The issue occurs in the Autocrypt public key extraction process, where the regular expression improperly handles certain input patterns, allowing for crafted strings to disrupt normal operation.

A vulnerability exists in multiple WordPress plugins by WP-Buy, specifically in the Captchinoo, Google reCAPTCHA for Admin Login Page plugin, prior to version 2.4. Low privileged users can exploit this vulnerability using the AJAX action 'cp_plugins_do_button_job_later_callback' to install any plugin, including specific versions, from the WordPress repository. Additionally, the same AJAX action can be used to activate installed plugins, potentially leading to the exploitation of vulnerable plugins and more critical issues such as remote code execution.

A vulnerability exists in the WPBakery Page Builder Clipboard WordPress plugin in versions prior to 4.5.8. An AJAX action registered by the plugin lacked proper capability checks, enabling low-privilege users, such as subscribers, to unauthorizedly update license options, including the license key and email.

A stored cross-site scripting vulnerability has been identified in the WPBakery Page Builder Clipboard WordPress plugin, affecting versions prior to 4.5.6. The vulnerability arises from an AJAX action that lacked proper capability checks and data sanitization. This oversight allows low-privilege users (subscribers and above) to inject XSS payloads that are executed on all backend pages.

An integer overflow vulnerability has been identified in the kernel of Amazon Web Services FreeRTOS, affecting versions prior to 10.4.3. The issue arises in queue.c during the queue creation process.

A prototype pollution vulnerability exists in the Swiper package, specifically in versions prior to 6.5.1. This vulnerability allows attackers to inject properties into the Object prototype, potentially leading to unauthorized modifications that could be exploited within the application. The issue arises from the 'extendDefaults' function, which recursively merges objects without proper validation, allowing manipulation of the prototype chain.

A universal cross-site scripting vulnerability has been identified in the WebKit component of Apple iOS, iPadOS, and watchOS. This issue arises from improper management of object lifetimes, allowing maliciously crafted web content to be processed in a way that could lead to cross-site scripting. The vulnerability has been reported to be actively exploited.

A logic vulnerability allowing remote code execution has been identified in the WebKit component of Apple iOS, iPadOS, and macOS. This issue arises from insufficient restrictions in the handling of web content, which could be exploited by a remote attacker. The vulnerability affects WebKitGTK, the version of WebKit used in GTK applications, including those on macOS and iOS. The flaw has been addressed in multiple Apple software updates, including macOS Big Sur 11.2, Security Update 2021-001 for Catalina, Security Update 2021-001 for Mojave, iOS 14.4, and iPadOS 14.4.

A logic vulnerability in the WebKit component of Apple iOS, iPadOS, and macOS was addressed with improved restrictions. This vulnerability allows remote code execution and could have been actively exploited. It affects WebKitGTK+ versions prior to 2.30.6, as well as several different components in WebKit, including the WebKit framework itself, which is used by Safari and other applications.

A race condition vulnerability has been identified in multiple Apple products, including iOS, iPadOS, macOS, watchOS, and tvOS. This vulnerability allows a malicious application to elevate privileges. The issue arises from a race condition that was not properly managed, creating an opportunity for privilege escalation.

A request smuggling vulnerability has been identified in Netty versions prior to 4.1.61.Final, specifically in the 'io.netty:netty-codec-http2' component. The issue arises because the content-length header is not properly validated when a single Http2HeaderFrame is used with the endStream flag set to true. This lack of validation can lead to request smuggling when the HTTP/2 request is proxied to a remote peer and converted to HTTP/1.1. The vulnerability is particularly concerning because it follows a related issue (CVE-2021-21295) that was not fully addressed. Exploitation of this vulnerability allows an attacker to smuggle requests by manipulating the content-length header, taking advantage of the improper handling of HTTP/2 streams during the conversion to HTTP/1.1.

A vulnerability exists in MinIO, an open-source object storage service compatible with Amazon S3, prior to version RELEASE.2021-03-17T02-33-02Z. The issue allows for man-in-the-middle (MITM) attacks by modifying request bodies that should have integrity protected by chunk signatures. In PUT requests using aws-chunked encoding, MinIO typically verifies signatures at the end of each chunk. However, this verification can be bypassed if the client sends a misleading chunk size that is significantly larger than the actual data. As a result, the server completes the request without checking the chunk signature, creating a potential security risk.

A stored cross-site scripting vulnerability has been identified in Wiki.js versions prior to 2.5.190. This issue arises from mustache expressions in code blocks being processed by Vue during content injection, despite being enclosed within `<pre>` elements. A malicious user can exploit this vulnerability by crafting a wiki page that executes harmful JavaScript when viewed by others.

A vulnerability exists in MinIO, an open-source object storage service compatible with Amazon S3, prior to version RELEASE.2021-03-04T00-53-13Z. The issue allows users to bypass a readOnly policy by generating a temporary 'mc share upload' URL. This vulnerability affects all users of MinIO's multi-user feature.

A command injection vulnerability has been identified in the System Information Library for Node.js, specifically in versions prior to 5.3.1. This vulnerability allows attackers to inject malicious commands that could be executed in the application's environment. The issue arises from insufficient validation of service parameters in several library functions, including 'inetLatency', 'inetChecksite', 'services', and 'processLoad'.

A privilege escalation vulnerability has been identified in Cloudflare WARP for Windows, in versions prior to 1.2.2695.1. The issue arises from an unquoted service path, which allows a malicious user or process with non-administrative privileges to gain administrative rights by exploiting this flaw. The vulnerability has been addressed in version 1.2.2695.1 by adding quotes around the service's binary path.

A remote code execution vulnerability exists in the angular-expressions package, prior to version 1.1.2. This vulnerability allows an attacker to execute arbitrary code by passing user-controlled input to the expressions.compile() function. The issue can be exploited in both browser and server environments. In the browser, any script can be executed, while on the server, any JavaScript expression can be run, leading to remote code execution.

A prototype pollution vulnerability exists in the GSAP package, specifically in versions prior to 3.6.0. This vulnerability allows an attacker to inject properties into JavaScript object prototypes, potentially leading to various impacts such as denial of service or remote code execution. The issue arises from the library's handling of JSON input, which can be manipulated to overwrite prototype properties. Exploitation of this vulnerability is possible in web applications, web servers, and certain application server environments.

A remote code execution vulnerability exists in Ignition versions prior to 2.5.2, which is used in Laravel and other products. This vulnerability allows unauthenticated remote attackers to execute arbitrary code due to the insecure handling of file_get_contents() and file_put_contents(). It is exploitable on Laravel versions prior to 8.4.2 when the application is in debug mode.

A cross-site scripting (XSS) vulnerability has been identified in the Advanced Custom Fields (ACF) WordPress plugin, specifically in versions prior to 5.8.12. The issue arises from improper escaping of strings in Select2 dropdowns, which could be exploited to inject malicious scripts.

A directory traversal vulnerability has been identified in Apache Flink versions 1.11.0, 1.11.1, and 1.11.2. This vulnerability allows attackers to read any file on the local filesystem of the JobManager through the REST interface, accessing files that are accessible by the JobManager process.

A vulnerability in the Pearson VUE VTS Installer version 2.3.1911 allows local users to gain administrative privileges. This issue arises from the Application Wrapper component, which has an unquoted service path vulnerability and insecure file permissions in the 'C:\Pearson VUE' directory. The permissions grant full control to all users, enabling them to overwrite files and execute a Trojan horse application that could be run as the VUEService user, who has administrative rights.

A prototype pollution vulnerability has been identified in all versions of the DataTables.net package. This issue arises from an incomplete fix for a previous vulnerability, allowing for the injection of properties into JavaScript object prototypes. Such pollution can be exploited to overwrite fundamental attributes, potentially leading to denial-of-service conditions or unauthorized code execution.

A remote code execution vulnerability exists in Apache Struts versions 2.0.0 through 2.5.25. This issue arises from improper validation of user input in tag attributes, allowing for forced evaluation of Object-Graph Navigation Language (OGNL) expressions. When raw user input is evaluated, it can lead to arbitrary code execution on the server.

A memory initialization vulnerability has been identified in the XNU kernel, affecting multiple Apple operating systems, including macOS Big Sur, High Sierra, Mojave, iOS 12.4.9, iOS 14.2, iPadOS 14.2, and watchOS 6.2.9. This vulnerability may allow a malicious application to disclose kernel memory, with reports of an active exploit.

A type confusion vulnerability has been identified in the XNU kernel's turnstile management, which could allow a malicious application to execute arbitrary code with kernel privileges. This vulnerability affects multiple Apple operating systems, including macOS Big Sur, High Sierra, Mojave, iOS 12, iOS 14, iPadOS 14, and various versions of watchOS. The issue arises from improper state handling, which has been addressed in the latest updates for each affected platform.

A memory corruption vulnerability has been identified in the FontParser component of multiple Apple products, including macOS, iOS, iPadOS, and watchOS. This vulnerability allows for arbitrary code execution when processing maliciously crafted font files. It affects several different versions and ranges across these operating systems.

A vulnerability exists in October CMS versions 1.0.319 prior to 1.0.469, allowing authenticated backend users with certain permissions to bypass the Twig sandbox and execute arbitrary PHP code. This issue arises when 'cms.enableSafeMode' is enabled, as it should prevent such actions. The vulnerability can be exploited by users with 'cms.manage_pages', 'cms.manage_layouts', or 'cms.manage_partials' permissions who are not trusted to write and execute PHP code. The problem has been addressed in version 1.0.469 and 1.1.0.

A local file inclusion vulnerability has been identified in October CMS versions 1.0.421 prior to 1.0.469. This vulnerability allows unauthenticated users to read local files on the server by sending a specially crafted request. The issue arises from inadequate validation of file paths in the Halcyon Builder component, which manages file queries and template rendering.

A remote code execution vulnerability exists in Drupal Core due to improper sanitization of certain filenames in uploaded files. This flaw allows files to be misinterpreted as different extensions, potentially leading to incorrect MIME types being served or files being executed as PHP, depending on the hosting configuration. The vulnerability affects multiple Drupal versions: 9.0 (prior to 9.0.8), 8.9 (prior to 8.9.9), 8.8 (prior to 8.8.11), and 7 (prior to 7.74).

A stored cross-site scripting vulnerability has been identified in the WPBakery plugin for WordPress, affecting versions prior to 6.4.1. This vulnerability allows authenticated users with contributor or author roles to inject malicious JavaScript into posts. The issue arises because the plugin disables WordPress's standard XSS protection for these user roles, enabling the injection of unfiltered HTML and JavaScript.

A vulnerability exists in Apache Airflow versions prior to 1.10.11, where the Experimental API allowed unauthenticated access by default. This default setting posed security risks, as users could inadvertently make unprotected API requests. Although the default has been changed to deny all requests in version 1.10.11, existing users must manually update their configuration to reflect this change. The vulnerability can be exploited by creating a malicious DAG that executes arbitrary commands, leveraging the authentication bypass to gain unauthorized access.

A vulnerability exists in the CFNetwork component of multiple Apple products, including iOS, iPadOS, macOS, watchOS, and iTunes for Windows. This vulnerability allows an attacker in a privileged network position to bypass HTTP Strict Transport Security (HSTS) for certain top-level domains that are not included in the HSTS preload list. The issue arises from a configuration flaw that has now been addressed with additional restrictions.

A vulnerability exists in the CoreFoundation component of Apple iOS 13.6, iPadOS 13.6, and macOS Catalina 10.15.6. The issue arises from improper handling of environment variables, which could allow a local user to access sensitive information. This vulnerability has been addressed with improved validation of environment variables.

A memory corruption vulnerability has been identified in Apple iOS 13.6, iPadOS 13.6, and tvOS 13.4.8. This vulnerability allows an application to execute arbitrary code with kernel privileges. The issue was addressed by removing the vulnerable code.

A directory traversal vulnerability has been identified in Wiki.js versions prior to 2.5.151. This issue arises when a storage module with local asset cache fetching is enabled, such as the Local File System or Git modules. Under these conditions, a malicious user could craft a URL that exploits directory traversal, potentially allowing access to any file on the server's file system. This vulnerability could be exacerbated if no web application firewall, like Cloudflare, is in place to strip harmful URLs.

A remote code execution vulnerability exists in the WordPress File Manager plugin, specifically in versions 6.0 through 6.8. The issue arises because the plugin renames an example elFinder connector file to have a .php extension, allowing remote attackers to upload and execute arbitrary PHP code. Exploitation involves using the elFinder upload command to write PHP scripts into a directory where they can be executed.

A vulnerability exists in Laravel versions prior to 6.18.35 and in the 7.x branch prior to 7.24.0. The issue arises from improper handling of the $guarded property in certain situations involving requests with JSON column nesting expressions. This can lead to unexpected mass assignment of model attributes.

A vulnerability exists in Laravel versions prior to 6.18.34 and in the 7.x branch prior to 7.23.2, allowing unvalidated data to be saved to the database under certain conditions. This issue arises during mass assignment when table names are automatically removed, creating a potential for unexpected values to be recorded without proper validation.

A stored cross-site scripting vulnerability has been identified in the Lara Google Analytics WordPress plugin, versions through 2.0.4. This vulnerability allows authenticated users to inject malicious scripts that are stored and executed later.

A Cross-Site Request Forgery (CSRF) vulnerability exists in Hoosk Codeigniter CMS versions prior to 1.7.2. This issue allows an attacker to trick an authenticated admin user into visiting a malicious webpage, where any user accounts could be deleted without the admin's consent.

A remote code execution vulnerability exists in vBulletin versions 5.5.4 prior to 5.6.2. This issue arises from an incomplete fix for a previous vulnerability (CVE-2019-16759) and allows execution of arbitrary PHP code through manipulated subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request.

A vulnerability exists in the Auth0 Node.js client library (npm package) in versions prior to 2.27.1. The issue arises in Machine to Machine applications authorized to use Auth0's management API. When an error occurs, the Authorization header is not properly sanitized before being logged, potentially exposing bearer tokens. This vulnerability could be exploited if the logged token is intercepted or accessed by an unauthorized party.

A vulnerability exists in the kramdown gem, specifically in versions prior to 2.3.0, within the default processing of the 'template' option in Kramdown documents. This behavior can lead to unintended read access to sensitive files, such as '/etc/passwd', or unauthorized execution of embedded Ruby code. The vulnerability is triggered when the '{::options}' extension is used with the 'template' option, allowing crafted input to be processed in a way that could execute arbitrary code or access restricted files. Kramdown is a Markdown parser and converter written in Ruby, and this vulnerability affects multiple NetApp products that incorporate Ruby.

A remote code execution vulnerability has been identified in Apache Airflow versions 1.10.10 and prior. This issue arises from a command injection vulnerability in the 'example_trigger_target_dag' that is included with Airflow. It allows authenticated users to execute arbitrary commands as the user running the Airflow worker or scheduler, depending on the executor in use. However, if the 'load_examples' option is set to 'False' in the configuration, the vulnerability does not exist.

A vulnerability allowing limited information disclosure to low-privileged users exists in Citrix ADC and Citrix Gateway versions prior to 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18. Additionally, several Citrix SD-WAN WANOP appliance models prior to 11.1.1a, 11.0.3d, and 10.2.7 are affected. The vulnerability arises from improper access control, which could be exploited to bypass authorization and access sensitive information.