CVE Catalog

A cross-site scripting vulnerability has been identified in the Datepicker widget of jQuery UI, versions prior to 1.13.0. This issue arises from the altField option, which can execute untrusted code if the value is sourced from untrusted inputs. The vulnerability is present in various applications and products that bundle jQuery UI, including Drupal 7, OTRS 6, and several NetApp products. The issue has been acknowledged in the jQuery UI blog and is part of a larger set of vulnerabilities addressed in the 1.13.0 release.

A vulnerability exists in Juniper Networks CTPView server versions 7.3 prior to 7.3R7 and 9.1 prior to 9.1R3, due to the server not enforcing HTTP Strict Transport Security (HSTS). This lack of HSTS can leave the system open to downgrade attacks, SSL-stripping man-in-the-middle attacks, and reduces protections against cookie hijacking.

A memory corruption vulnerability has been identified in the IOMobileFrameBuffer component of multiple Apple operating systems, including macOS Big Sur, iOS, iPadOS, and watchOS. This vulnerability may allow an application to execute arbitrary code with kernel privileges. Apple is aware of reports suggesting that this issue may have been actively exploited.

A use-after-free vulnerability has been identified in the Portals feature of Google Chrome and Chromium, prior to version 94.0.4606.61. This vulnerability allows a remote attacker who has compromised the renderer process to potentially escape the sandbox by using a crafted HTML page. The issue arises because the renderer can manipulate frame-bound Mojo interfaces, bypassing normal security restrictions.

A path traversal vulnerability allowing remote code execution has been identified in Apache HTTP Server versions 2.4.49 and 2.4.50. The issue arises from an insufficient fix for a previous vulnerability (CVE-2021-41773), which allowed attackers to map URLs to files outside the designated directories. If these files are not protected by the default 'require all denied' configuration, the requests can succeed. The vulnerability is particularly concerning when CGI scripts are enabled for the affected paths, as it could lead to arbitrary code execution.

A path traversal vulnerability allowing remote code execution has been identified in Apache HTTP Server versions 2.4.49 and 2.4.50. The vulnerability arises from an improper handling of path normalization, which allows attackers to map URLs to files outside the designated document root. If these files are not secured by the default 'require all denied' directive, the requests may succeed. Additionally, if CGI scripts are enabled for the affected paths, this could lead to arbitrary code execution.

A vulnerability exists in the Akamai Enterprise Application Access (EAA) Client for Windows, specifically in versions prior to 2.3.1, 2.4.x prior to 2.4.1, and 2.5.x prior to 2.5.3. The issue arises from an unquoted service path that can be exploited to hijack the execution flow. This unquoted path vulnerability, a type of path interception, takes advantage of how Windows processes paths with spaces when launching applications or services. If not properly quoted, the operating system may misinterpret the path, leading to the execution of unintended applications. In the case of the EAA Client, this could allow a malicious actor to place a harmful executable that would be run with administrative privileges, potentially escalating privileges on the system.

A cross-site scripting (XSS) vulnerability exists in the DataTables library versions prior to 1.11.3. The issue arises because the HTML escape entities function does not properly escape the contents of an array if one is passed, leading to potential injection of malicious scripts.

A server-side request forgery (SSRF) vulnerability has been identified in the Apache HTTP Server's mod_proxy component. This vulnerability allows an attacker to craft a request that is forwarded to an arbitrary origin server of their choice. The issue affects Apache HTTP Server versions 2.4.48 and earlier.

A denial-of-service vulnerability has been identified in the Vuelidate library, specifically within the URL validation function of the @vuelidate/validators package. This vulnerability arises from inefficient regular expression processing, which can be exploited by providing crafted input that causes excessive CPU consumption. The issue has been fixed in version 2.0.4 of the @vuelidate/validators package.

A vulnerability in Cloudflare's OctoRPKI RPKI validator, prior to version 1.3.0, allows any CA issuer in the RPKI to manipulate the validator into accepting an invalid VRP 'MaxLength' value. This manipulation causes RTR sessions to terminate, disrupting RPKI Origin Validation. As a result, networks relying on this validation, such as AS 13335 (Cloudflare), could inadvertently accept BGP routes that would normally be rejected due to RPKI invalidity. Furthermore, the resulting flapping of RTR sessions could create additional BGP routing instability, leading to availability issues.

A permissions vulnerability in the Transparency, Consent, and Control (TCC) framework of Apple macOS has been identified, allowing a malicious application to bypass privacy preferences. This issue is present in macOS Big Sur 11.4 and was actively exploited, according to Apple.

A buffer overflow vulnerability has been identified in the WebKit component of Apple iOS, specifically in versions 12.5.3 and prior. This vulnerability arises from improper memory handling, which can be exploited by processing maliciously crafted web content, leading to arbitrary code execution. There are reports suggesting that this issue may have been actively exploited.

A memory corruption vulnerability has been identified in the WebKit component of multiple Apple operating systems, including iOS, iPadOS, macOS, watchOS, and tvOS. This vulnerability arises from improper state management, which can be exploited by processing maliciously crafted web content, leading to arbitrary code execution. Notably, there are reports suggesting that this vulnerability may have been actively exploited in the wild.

An integer overflow vulnerability has been identified in the WebKit component of multiple Apple products, including iOS, iPadOS, macOS, tvOS, and Safari. This vulnerability arises from inadequate input validation, which can be exploited by processing maliciously crafted web content, leading to arbitrary code execution. The issue has been actively exploited in the wild.

A use-after-free vulnerability has been identified in the WebKit Storage component of multiple Apple products, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari. This vulnerability arises from improper memory management, which can be exploited by processing maliciously crafted web content, leading to arbitrary code execution. Notably, this issue may have been actively exploited in the wild.

A logic vulnerability has been identified in the System Preferences component of Apple macOS. This issue allows a malicious application to bypass Gatekeeper checks, which are designed to prevent the execution of untrusted software. The vulnerability arises from an unspecified logic issue that could be exploited to manipulate the state management of the application. It affects multiple versions of macOS, including Big Sur and Catalina.

A use-after-free vulnerability has been identified in the WebKit component of Apple iOS. This issue affects iOS devices including the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). The vulnerability arises from a memory corruption issue in the ASN.1 decoder, which was addressed by removing the vulnerable code. However, the vulnerability could still be exploited by processing maliciously crafted web content, leading to arbitrary code execution. Apple is aware of reports suggesting that this issue may have been actively exploited.

A memory corruption vulnerability has been identified in the WebKit component of Apple iOS. This issue affects iOS devices including the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). The vulnerability arises from improper state management, which can be exploited by processing maliciously crafted web content, leading to arbitrary code execution. Apple is aware of reports suggesting that this vulnerability may have been actively exploited.

A stored cross-site scripting vulnerability exists in the WordPress plugin Simply Gallery Blocks with Lightbox, in versions through 2.2.0. This vulnerability allows users with low privileges to execute arbitrary script code within the application context. The issue arises from inadequate validation of image parameters in the metadata, particularly in the Lightbox feature.

A stored cross-site scripting vulnerability has been identified in the WP Video Lightbox WordPress plugin, affecting versions prior to 1.9.3. The issue arises because the plugin does not properly escape the attributes of its shortcodes. This flaw allows users with a minimum role of contributor to execute cross-site scripting attacks.

A reflected cross-site scripting vulnerability has been identified in the ShareThis Dashboard for Google Analytics WordPress plugin, affecting versions prior to 2.5.2. The issue arises because the plugin fails to properly sanitize or escape the 'ga_action' parameter in the stats view before rendering it in an attribute. This vulnerability is triggered when the plugin is linked to a Google Analytics account, allowing an attacker to execute malicious scripts in the context of a logged-in administrator.

A deserialization vulnerability in the Core Telephony framework of Apple iOS, macOS, and watchOS allows a sandboxed process to bypass sandbox restrictions. This issue was addressed with improved validation and is fixed in multiple Apple software updates. At the time of the release, Apple was aware of reports suggesting that this vulnerability may have been actively exploited.

A buffer overflow vulnerability has been identified in Apple iOS and iPadOS, specifically in versions prior to 15.2. This vulnerability allows an application to execute arbitrary code with kernel privileges. The issue arises from improper memory handling, which creates an opportunity for exploitation.

A vulnerability exists in the WebKit component of multiple Apple products, including iOS, iPadOS, macOS Monterey, tvOS, and watchOS. This vulnerability is an integer overflow that was introduced through the processing of maliciously crafted web content. The issue has been addressed with improved input validation. However, the vulnerability could be exploited to execute arbitrary code on the affected device.

A vulnerability exists in the GPU drivers of Apple iOS, iPadOS, and macOS Big Sur. This out-of-bounds write issue could enable a malicious application to execute arbitrary code with kernel privileges. The vulnerability has been addressed with improved bounds checking. Notably, Apple is aware of reports suggesting that this vulnerability may have been actively exploited.

A type confusion vulnerability has been identified in the XNU component of Apple iOS, iPadOS, and macOS. This vulnerability may allow a malicious application to execute arbitrary code with kernel privileges. It affects multiple versions of iOS, iPadOS, and macOS, including iOS 12.5.5, iOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, and Security Update 2021-001 Mojave. Apple is aware of reports that an exploit for this issue exists in the wild.

A vulnerability exists in the CoreGraphics component of multiple Apple products, including iOS 14.8, iPadOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2. This vulnerability arises from an integer overflow that was introduced with JBIG2 image processing. It allows for arbitrary code execution when a maliciously crafted PDF is processed. Apple has acknowledged reports of active exploitation of this vulnerability.

A cross-site scripting (XSS) vulnerability exists in ReCaptcha Solver version 5.7. When the extension receives a response from various captcha-solving services, including Anti-Captcha.com, RuCaptcha.com, 2captcha.com, DEATHbyCAPTCHA.com, ImageTyperz.com, and BestCaptchaSolver.com, the data is inserted into the DOM as HTML. This flaw allows these services to gain full control over the user's browser.

A vulnerability exists in Amazon AWS CloudFront's TLSv1.2_2019 security policy, which allows the use of ciphers TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384. These ciphers are considered weak by some security standards. While CloudFront offers a newer security policy, TLSv1.2_2020, that does not include these ciphers, it is not clear when or if this policy will be available to all users.

A vulnerability in Sitecore versions through 10.1, when the Update Center is enabled, allows remote authenticated users to upload arbitrary files. This could lead to remote code execution by accessing the uploaded .aspx file through the admin/Packages URL.

A denial-of-service vulnerability has been identified in the jszip package, affecting versions prior to 3.7.0. The issue arises when a zip file is created with filenames that correspond to Object prototype values, such as __proto__ or toString. This manipulation results in an object with a altered prototype, which can disrupt normal functionality. The vulnerability can be exploited by crafting a zip file that includes these prototype-related filenames, causing the jszip library to process the file in a way that modifies the object's prototype and potentially leads to application errors or crashes.

A denial-of-service vulnerability has been identified in gRPC Swift versions through 1.1.1. The issue arises in the HTTP2ToRawGRPCServerCodec component, where remote attackers can cause stack consumption and uncontrolled recursion by sending numerous small messages within a single HTTP/2 frame.

A vulnerability in Shopware versions prior to 6.4.1.1 allows private files to be publicly accessible when stored with certain Cloud Storage providers, provided the hashed URL is known. This issue arises from incorrect visibility settings in the application's configuration. When using Amazon AWS for storage, public access to the bucket containing private files can exacerbate the problem.

A command injection vulnerability has been identified in elFinder versions through 2.1.58. This issue allows attackers to execute arbitrary commands on the server via the PHP connector, even with minimal configuration. The vulnerability arises in the archive command, where the name parameter, although sanitized, can still be manipulated to include command execution arguments. Exploitation is possible by uploading a file, creating a zip archive with a crafted name that includes command injection payloads, and then executing the archive command.

A stored cross-site scripting vulnerability has been identified in the WP Prayer WordPress plugin, affecting versions prior to 1.6.2. The vulnerability allows authenticated users to submit prayer requests containing malicious JavaScript, which is then executed when the requests are displayed on the site. This issue arises because the plugin's input fields for prayer and praise requests lack proper validation, enabling the injection of XSS payloads.

A denial-of-service vulnerability exists in Envoy version 1.14.0. When an empty METADATA map is sent in an HTTP/2 request, it triggers a reachable assertion, causing the application to crash. This issue is remotely exploitable.

A denial-of-service vulnerability has been identified in the ProtonMail Web Client, specifically in versions prior to 3.16.60. This vulnerability arises from a regular expression that can be exploited to cause exponential backtracking, leading to a significant performance degradation. The issue occurs in the Autocrypt public key extraction process, where the regular expression improperly handles certain input patterns, allowing for crafted strings to disrupt normal operation.

A vulnerability exists in multiple WordPress plugins by WP-Buy, specifically in the Captchinoo, Google reCAPTCHA for Admin Login Page plugin, prior to version 2.4. Low privileged users can exploit this vulnerability using the AJAX action 'cp_plugins_do_button_job_later_callback' to install any plugin, including specific versions, from the WordPress repository. Additionally, the same AJAX action can be used to activate installed plugins, potentially leading to the exploitation of vulnerable plugins and more critical issues such as remote code execution.

A vulnerability exists in the WPBakery Page Builder Clipboard WordPress plugin in versions prior to 4.5.8. An AJAX action registered by the plugin lacked proper capability checks, enabling low-privilege users, such as subscribers, to unauthorizedly update license options, including the license key and email.

A stored cross-site scripting vulnerability has been identified in the WPBakery Page Builder Clipboard WordPress plugin, affecting versions prior to 4.5.6. The vulnerability arises from an AJAX action that lacked proper capability checks and data sanitization. This oversight allows low-privilege users (subscribers and above) to inject XSS payloads that are executed on all backend pages.

An integer overflow vulnerability has been identified in the kernel of Amazon Web Services FreeRTOS, affecting versions prior to 10.4.3. The issue arises in queue.c during the queue creation process.

A prototype pollution vulnerability exists in the Swiper package, specifically in versions prior to 6.5.1. This vulnerability allows attackers to inject properties into the Object prototype, potentially leading to unauthorized modifications that could be exploited within the application. The issue arises from the 'extendDefaults' function, which recursively merges objects without proper validation, allowing manipulation of the prototype chain.

A universal cross-site scripting vulnerability has been identified in the WebKit component of Apple iOS, iPadOS, and watchOS. This issue arises from improper management of object lifetimes, allowing maliciously crafted web content to be processed in a way that could lead to cross-site scripting. The vulnerability has been reported to be actively exploited.

A logic vulnerability allowing remote code execution has been identified in the WebKit component of Apple iOS, iPadOS, and macOS. This issue arises from insufficient restrictions in the handling of web content, which could be exploited by a remote attacker. The vulnerability affects WebKitGTK, the version of WebKit used in GTK applications, including those on macOS and iOS. The flaw has been addressed in multiple Apple software updates, including macOS Big Sur 11.2, Security Update 2021-001 for Catalina, Security Update 2021-001 for Mojave, iOS 14.4, and iPadOS 14.4.

A logic vulnerability in the WebKit component of Apple iOS, iPadOS, and macOS was addressed with improved restrictions. This vulnerability allows remote code execution and could have been actively exploited. It affects WebKitGTK+ versions prior to 2.30.6, as well as several different components in WebKit, including the WebKit framework itself, which is used by Safari and other applications.

A race condition vulnerability has been identified in multiple Apple products, including iOS, iPadOS, macOS, watchOS, and tvOS. This vulnerability allows a malicious application to elevate privileges. The issue arises from a race condition that was not properly managed, creating an opportunity for privilege escalation.

A request smuggling vulnerability has been identified in Netty versions prior to 4.1.61.Final, specifically in the 'io.netty:netty-codec-http2' component. The issue arises because the content-length header is not properly validated when a single Http2HeaderFrame is used with the endStream flag set to true. This lack of validation can lead to request smuggling when the HTTP/2 request is proxied to a remote peer and converted to HTTP/1.1. The vulnerability is particularly concerning because it follows a related issue (CVE-2021-21295) that was not fully addressed. Exploitation of this vulnerability allows an attacker to smuggle requests by manipulating the content-length header, taking advantage of the improper handling of HTTP/2 streams during the conversion to HTTP/1.1.

A vulnerability exists in MinIO, an open-source object storage service compatible with Amazon S3, prior to version RELEASE.2021-03-17T02-33-02Z. The issue allows for man-in-the-middle (MITM) attacks by modifying request bodies that should have integrity protected by chunk signatures. In PUT requests using aws-chunked encoding, MinIO typically verifies signatures at the end of each chunk. However, this verification can be bypassed if the client sends a misleading chunk size that is significantly larger than the actual data. As a result, the server completes the request without checking the chunk signature, creating a potential security risk.

A stored cross-site scripting vulnerability has been identified in Wiki.js versions prior to 2.5.190. This issue arises from mustache expressions in code blocks being processed by Vue during content injection, despite being enclosed within `<pre>` elements. A malicious user can exploit this vulnerability by crafting a wiki page that executes harmful JavaScript when viewed by others.